StaffSavvy
StaffSavvy is comprehensive staff management software particularly suited to the arts, cultural & leisure sectors plus scheduled council activities. A powerful, automated and customisable system that includes staff scheduling, time sheets, a complete HR suite, training management, communication tools and recruitment management.
We offer both schedule-only and full HRIS editions.
Features
- Automated & detailed scheduling for staff
- Easy time sheets and approval processes
- Streamlined HRIS processes and tools
- Training management with full LMS features
- Variety of different communication options
- Optional recruitment (ATS) portal
- Powerful support for permanent, casual, freelance, volunteers and external agencies
- Compliance automation for right to work and staff qualifications
- Staff-led shift swapping and availability setting
Benefits
- Highly customisable to suit your organisation
- Self-service led approach reducing admin time
- Powerful template and automation tools reduce repeat actions
- Huge range of features available
- Easily customisable for different departments
- Massively reduce admin time throughout the organisation
Pricing
£1.98 to £4.95 a user a month
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 4 3 5 0 7 3 1 1 1 5 4 4 0 3
Contact
SmartBlue Ltd
Andrew Treadwell
Telephone: 01202 03 03 66
Email: andrew@staffsavvy.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None to note
- System requirements
- Modern Internet Browsers
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Usually within 1 business day
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
We offer excellent standard support within our plan prices. This includes unlimited manager training and support. This does not have a fixed SLA but response times are usually one business day.
Enhanced Support with an SLA is also available from £495 per month. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide unlimited remote manager training and support via screen share software. We'll guide you through the training and provide advice and support as the requirements are built into the system.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
Most data can be extracted using custom reports that the user can build to meet their needs. This is in standard CSV or Excel formats.
We also have the ability to export all documents the system holds into zip files for easy migration to new suppliers. - End-of-contract process
- We'll assist you in exporting the data you require from the system into either the original format (in the case of uploaded documents) or CSV/Excel files for easy migration to a new supplier.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There are some reports and management screens that are not available on mobile devices due to their limited screen sizes. The majority of features are available on all devices.
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
-
The API allows access to important data points such as staff, shifts, time entries and more. Staff accounts, absences, shifts and time entries can be added, updated and removed via the API.
New features are added to the API within our usual release cycles. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The service is highly configurable and customisable. All templates, policies and settings can be added, removed and updated as needed to match the requirements of the organisation. This is available within the service; no additional costs or support team involvement is needed.
Scaling
- Independence of resources
- Our infrastrucure is designed to automatically scale when under increased demand. We also expand horizontally when needed, creating dedicated clusters of clients with particular load profiles. This is all backed up with automated monitoring and proactive changes to infrastructure.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Via our custom reports feature and pre-build data export tools
- Data export formats
-
- CSV
- Other
- Other data export formats
- Excel
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We aim for, and have archived 99.99% availability over the last 3 years. Our standard agreement has no guaranteed SLA but this is available as an Enhance Support SLA. This includes service credits if we do not meet the stated SLA response times.
- Approach to resilience
- In summary, our service is provided across multiple physical data centres with multiple redundancies at each level. Fuller details on request.
- Outage reporting
- There is a public status dashboard available. This also allows for email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Each support staff member has unique, tracked login details so every action can be audited. They only have access to the client list they support, which is regularly reviewed. Any actions requested via our support team are checked to ensure the staff member making a request has access to complete that action in their system before the action is completed. No private information is sent via our support system and redaction tools are in place if any are received.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International Ltd
- ISO/IEC 27001 accreditation date
- 04/11/2018
- What the ISO/IEC 27001 doesn’t cover
- All of our services are covered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We have a comprehensive set of InfoSec policies that are followed at all levels within the organisation as part of our ISO 27001 certification. This is internally audited quarterly and externally audited as part of the ISO certification. All results of these audits, including non-conformance incidents, are reported to our director, who monitors all remedial actions closely.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All changes to configurations are made as change requests which are reviewed and approved before being actioned.
All requests are checked for potential security impacts. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Our Managed Detection and Response partner, Sophos, monitor all threats across all of our company infrastructure and provides threat analysis and alerts. This is connected to our infrastructure management partner, ANS, who will action patches and mitigation actions on our behalf across our global infrastructure.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our Managed Detection and Response partner, Sophos, monitor all systems across all of our company infrastructure. They proactively review all log activities and have access to intervene immediately if there is evidence of a compromise. This response team is global and active 24/7/365. Their service conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our Managed Detection and Response partner, Sophos, are contracted to support us in all incident management processes. They will investigate reports of breaches, complete any mitigation actions and provide detailed reports. Users are able to report issues directly via our usual support teams, where they will be escalated promptly. All clients provide data breach notification email addresses where we can centrally communicate to all affected clients should any incident occur.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
StaffSavvy helps improve staff wellbeing by automating many manual and mundane tasks. This helps to reduce workload and stress. It also support staff by providing them with more details about their work and how they can improve or contribute more.
Pricing
- Price
- £1.98 to £4.95 a user a month
- Discount for educational organisations
- No
- Free trial available
- No