VISION33 LIMITED

SAP SuccessFactors (SFSF)

Total workforce management system in the cloud. This is industry-leading cloud based human capital management (HCM) suite uses the latest technologies to help you win the war for top talent, connect people to purpose, and drive results across your business, optimising the employee experience.

Features

• Actionable insights with all workforce data
• Optimizing workforce performance by getting the right people
• Full LMS to deploy learning strategy incl. SAP Content Stream
• Goal development and management
• SMART goal library, with Writing and coaching assistants
• Multiple Currency Views, Personal Compensation Statements
• Engage employees with development plans and career opportunities
• Enable strategic succession management to drive better outcomes
• Forecasting, Budgeting & Accrual automation

Benefits

• Reduce operational costs Reduce compliance costs Lower risk
• Streamline hiring with centrally managed global hiring processes
• Gain actionable insights throughout the hiring process
• Reducing ramp time to faster time for productivity
• Increased employee engagement Improved compliance and consistency
• Improve employee engagement and retention Develop top future leaders
• Out Perform your competition by driving better business results
• Improve employee engagement and retention Identify top talent
• Improve project management with better communication
• Align workforce compensation with the HR and business strategies

£140.00 to £250.00 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at john.palmer@vision33.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

510739004982035

Contact

John Palmer
07771964312
john.palmer@vision33.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SAP SuccessFactors can integrate with many other software providers
• Cloud deployment model: Public cloud
• Service constraints: SAP SuccessFactors have ongoing maintenance updates that are mostly completed out of hours. Customer will be notified as and when maintenance is carried out and what impact this could cause.
• System requirements:
  • Activity Monitoring
  • Network Parameters to monitor traffic and identity anomalies
  • Role based Permissions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Urgent - 1-2 hours High - 8 hours Medium - 2 business days Low - 3 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Dedicated Relationship Manager Annual Health Reviews Providing regular updates on new products and features Delivering refresher training Adhoc internal admin "how to" support Managing issues and all your support cases with SAP SuccessFactors Quarterly business reviews All of the above are priced depending on the size of the customer - price range is from £17,955. 00 - £37,945.00 We provide technical account manager support and will liaise with Cloud Support engineers on your behalf if we need to.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: During the Prepare/onboarding phase, the Vision33 project team performs project planning and process / system design. The Customer Project team attends Project Team Orientation, participates in the Kick-off Meeting, and provides feedback during the Configuration Workshops. Also, during this time, the Project team develops key strategies for Communication Planning, Change Management, Training and Testing, and starts to develop plans for providing end-user support.
• Service documentation: No
• End-of-contract data extraction: All data contained in the platform can be extracted in civ/xlsx/xml format
• End-of-contract process: The Agreement shall commence on the Commencement Date and subject to earlier termination as set out in this Agreement, shall continue for a period of years after which it shall automatically terminate.; No cost is incurred

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The SAP SuccessFactors app is available on iOS and Android operating systems at no additional cost. The majority of functionality that is available on the desktop is also available within the mobile app. More and more mobile functionality is being released during the bi-annual releases. The app has been designed in conjunction with Apple and Google to optimise the mobile user experience. The design principle been applied to both the IOS and Android app.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: With the SAP SuccessFactors suite you have the ability to use our Integration Center which is a built-in tool offered for creating, testing and monitoring inbound and outbound integrations. Multiple output file types can be used (from simple CSV to XML or JSON). The storing of the output can be done in a secure way on SFTP servers and various scheduling options can be implemented (from fixed time scheduling to event-driven triggers through Intelligent Services). Integration Center also has a catalog of prepackaged integrations which can be deployed and used in your instance. SAP Cloud Platform Integration (CPI) is cloud middleware solution which allows creation, deployment and monitoring of integrations. These integrations can be between SAP solutions and third-party applications. It offers an extensive set of options for connectivity, message transformation, authentication and even offers pre-packaged integrations to integrate SAP solutions with other SAP Solution and third-party products.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: SAP use proprietary technology to ensure system performance is not impacted by increased usage by other users on the service. This includes balance loading, proactive load monitoring, workload prioritisation and monitoring.

Analytics

• Service usage metrics: Yes
• Metrics types: Daily Active User Count, Login Count, Search terms, locations, browsers, System performance, Transactions, Page Performance, Module response times, session time
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: SAP

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We have a global policy that outlines a standard for handling personal data. This policy helps us comply with applicable data protection and privacy laws. It defines requirements for processing and accessing personal data, and it establishes clear responsibilities and organisational structures. Our data protection and privacy policy and data processing agreements with our sub-processors help us act on our values and abide by all relevant laws, worldwide.
• Data export formats:
  • CSV
  • ODF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: System Availability - 99.5% System Availability percentage during each Month for productive versions; ; 24x7 Mission Critical Support for P1 and P2; P1 Initial Response: Within one hour of case submission. P2 Initial Response: Within four hours of case submission for SAP Enterprise Support, cloud edition customers and within two hours of case; submission for SAP Preferred Success customers.; ; Non-Mission Critical Support for P3 and P4 issues during business hours (English only)P3 Initial Response: Within one business day of case submission for SAP Enterprise Support, cloud edition customers, and within four business hours of case being received for SAP Preferred Success customers. P4 Initial Response: Within two business days of case submission for SAP Enterprise Support, cloud editions customers and within one business day of case submission for SAP Preferred Success customers
• Approach to resilience: SAP Cloud uses SAP owned Data Centers in combination with rented private space (Co-Location) at external Data Center providers (Co-Location provider) as well as Infrastructure as a Service (IaaS) Cloud providers around the world. This enables a global reach and fast growth into various countries. SAP only uses Co-Location or IaaS Providers that can fulfill the minimum SAP Data Center service availability (at least SAP Data Center Level III) and baseline physical security measures. Additionally, SAP demands industry standard attestations and certifications to support the external Cloud business and to show our Customers the secure and reliable operations and control framework of our Co-Location and IaaS Providers. Independent of the situation (owned Data Center or Co-Location) the same or very similar procedures, standards etc. do apply. SAP does not transfer Customer data outside the pre-defined region unless Customer has been notified or such transfer is a feature of the solution. Furthermore, SAP does not share Customer data with unauthorized third parties. The Co-Location provider has no administrative access to the SAP Cloud servers; the Co-Location provider services focus only on provisioning of power, cooling, and Data Center space.
• Outage reporting: A public dashboard is available to show the current status of the service and any known incidents. Impacted customers will also receive direct email alerts notifying of any incidents impacting the service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: SSO (Single sign on)
• Access restrictions in management interfaces and support channels: Access granted to SAP information systems from internal and external parties requires the implementation of authorization and authentication access controls that are proportional to the associated risk.; ; Formal processes must be established to:; - Prevent unauthorized access.; - Detail user access registration and deregistration.; - Detail user access provisioning.; - Restrict and control privileged access rights.; - Establish the intervals for user access rights reviews.; - Ensure removal of access rights upon users’ termination of employment, contract, or agreement.; - Restrict and control the use of utility programs that override system application controls.; - Restrict access to program source code.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: PWC
• ISO/IEC 27001 accreditation date: 03/02/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Standards Council
• PCI DSS accreditation date: 15/10/2018
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC1
  • SOC2
  • ISO 22301
  • ISO 27018
  • ISO 27017

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SAP has developed the Integrated Information Security Management System (IISMS) Framework. The IISMS Framework is based on SAP's corporate quality and security policy as well as the corporate security standards and guidelines relating to information security and business continuity.; ; This IISMS Framework was adapted to SAP Cloud Security Services as SAP Cloud Security Framework (CSF) SAP's security, process and compliance team conducts technical security audits to validate that security concepts have been implemented successfully and to safeguard the usage of newly developed tools.; ; SAP have comprehensive, approved Incident Management Policies and Processes. Upon the occurrence of a security incident, initial communication is distributed to the appropriate individuals and an escalation process is followed.; Customers are informed as soon as SAP become aware of a serious disruption of processing operations or any security breach in connection with the processing of personal data. Following incident resolution, follow-up is required to ensure that the incident has been resolved effectively and that the threat is no longer present.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change Management related to the implementation of the Solution is the responsibility of Customer. No change management services will be provided by Vision33.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scans are performed at a minimum four (4) times a year, to ensure controls are met in compliance and certification audits. SAP prioritizes vulnerability remediation to reduce risk and impact to customers' data and business processes. The assessed and prioritized vulnerabilities are followed-up within the security patch and change management processes. In addition, vulnerability scans are performed during the application build pipeline process to enable a secure cloud service. The results of such activities are categorized as “Internal SAP Information”. Due to security reasons vulnerability scanning details may not be shared with the customer.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SAP has Security Information and Event Management (SIEM) systems to alert, monitor, analyze and verify potential security attacks on and technical disruptions of SAPs Cloud and Corporate environment. All critical systems and infrastructure components within the SAP Cloud need to log relevant data, which is stored for a minimum of seven months (exactly 201 days). enabled via the security configuration compliance checks and event monitoring across the complete service stack. General security monitoring is performed 24x7 for all activities. Resulting warnings and alerts are processed via ticketing system and critical events are handled according to the security incident management process.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: In cases where a Customer reports a Security Incident, the Customer will be informed on the progress, with the exception that in case SAP became aware of a Security Incident, which does not impact the Customer, the Customer might not necessarily be informed. The SAP Security Incident management process is aligned with ISO/IEC 27035 principles. Security Incidents are monitored and tracked by security specialists in cooperation with defined communication channels until resolved. A “Security Breach” means a confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or unauthorized third-party access to Customer Data including Personal Data.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  1. All of our services support organisations in the quest to deliver a carbon neutral existence by promoting removal of unnecessary infrastructure, remote working and a flexible working environment. Our services are digital with a default paperless principle. As a company, we have chosen a work from home environment. Our only major supplier (SAP) is actively pursuing intentions to become carbon-neutral in its own operations.; 2. Since 2017, SAP has been pursuing a science-based climate target certified by the Science Based Targets initiative (SBTi) to make its own contribution to limiting global warming to 1.5°C above preindustrial levels. While its zero-carbon goal applies chiefly to its own operations, SAP’s science-based climate target also encompasses the upstream and downstream value chain. SAP has been using 100% renewable energy to power all of its data centers since 2014. Thanks to its green cloud, SAP can offer customers cloud solutions that are carbon-neutral.; 3. SAP supports the Sustainable Development Goals set in 2015 by the United Nations General Assembly, focusing particularly on goal 13, Climate Action. Here, SAP’s greatest strength lies in its ability to help its more than 400,000 customers worldwide implement climate protection measures through offerings such as the Climate 21 program.

  Covid-19 recovery

  Vision33 and its services promote organisations in their digital revolution and this includes supporting organisations in their recovery from the COVID19 pandemic by enabling remote working, remote implementation, remote support and training of business operations. The result of these services supports organisations in a more agile workplace ensuring flexible working arrangements can be fully supported in a post pandemic world.

  Equal opportunity

  As an organisation we recognise the difference in everyone and support all candidates and employees to fulfil their potential. All employees are supported in training appropriate to their needs through the provision of self paced training and certifications. Our services enable organisations to meet the needs of all employees. As a cloud provider we encourage a flexible employment engagement ensuring that employees can operate flexibly around their needs such as flexible hours, flexible locations etc. All our training materials are self paced and supported by our team ensuring that users are able to realise and be recognised for their potential.

Pricing

• Price: £140.00 to £250.00 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at john.palmer@vision33.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.