Skip to main content

Help us improve the Digital Marketplace - send your feedback

SmartBlue Ltd

StaffSavvy

StaffSavvy is comprehensive staff management software particularly suited to the arts, cultural & leisure sectors plus scheduled council activities. A powerful, automated and customisable system that includes staff scheduling, time sheets, a complete HR suite, training management, communication tools and recruitment management.

We offer both schedule-only and full HRIS editions.

Features

  • Automated & detailed scheduling for staff
  • Easy time sheets and approval processes
  • Streamlined HRIS processes and tools
  • Training management with full LMS features
  • Variety of different communication options
  • Optional recruitment (ATS) portal
  • Powerful support for permanent, casual, freelance, volunteers and external agencies
  • Compliance automation for right to work and staff qualifications
  • Staff-led shift swapping and availability setting

Benefits

  • Highly customisable to suit your organisation
  • Self-service led approach reducing admin time
  • Powerful template and automation tools reduce repeat actions
  • Huge range of features available
  • Easily customisable for different departments
  • Massively reduce admin time throughout the organisation

Pricing

£1.98 to £4.95 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew@staffsavvy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 4 3 5 0 7 3 1 1 1 5 4 4 0 3

Contact

SmartBlue Ltd Andrew Treadwell
Telephone: 01202 03 03 66
Email: andrew@staffsavvy.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None to note
System requirements
Modern Internet Browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Usually within 1 business day
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
We offer excellent standard support within our plan prices. This includes unlimited manager training and support. This does not have a fixed SLA but response times are usually one business day.
Enhanced Support with an SLA is also available from £495 per month.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide unlimited remote manager training and support via screen share software. We'll guide you through the training and provide advice and support as the requirements are built into the system.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Most data can be extracted using custom reports that the user can build to meet their needs. This is in standard CSV or Excel formats.
We also have the ability to export all documents the system holds into zip files for easy migration to new suppliers.
End-of-contract process
We'll assist you in exporting the data you require from the system into either the original format (in the case of uploaded documents) or CSV/Excel files for easy migration to a new supplier.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are some reports and management screens that are not available on mobile devices due to their limited screen sizes. The majority of features are available on all devices.
Service interface
No
User support accessibility
WCAG 2.1 A
API
Yes
What users can and can't do using the API
The API allows access to important data points such as staff, shifts, time entries and more. Staff accounts, absences, shifts and time entries can be added, updated and removed via the API.
New features are added to the API within our usual release cycles.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service is highly configurable and customisable. All templates, policies and settings can be added, removed and updated as needed to match the requirements of the organisation. This is available within the service; no additional costs or support team involvement is needed.

Scaling

Independence of resources
Our infrastrucure is designed to automatically scale when under increased demand. We also expand horizontally when needed, creating dedicated clusters of clients with particular load profiles. This is all backed up with automated monitoring and proactive changes to infrastructure.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Via our custom reports feature and pre-build data export tools
Data export formats
  • CSV
  • Other
Other data export formats
Excel
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We aim for, and have archived 99.99% availability over the last 3 years. Our standard agreement has no guaranteed SLA but this is available as an Enhance Support SLA. This includes service credits if we do not meet the stated SLA response times.
Approach to resilience
In summary, our service is provided across multiple physical data centres with multiple redundancies at each level. Fuller details on request.
Outage reporting
There is a public status dashboard available. This also allows for email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Each support staff member has unique, tracked login details so every action can be audited. They only have access to the client list they support, which is regularly reviewed. Any actions requested via our support team are checked to ensure the staff member making a request has access to complete that action in their system before the action is completed. No private information is sent via our support system and redaction tools are in place if any are received.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
04/11/2018
What the ISO/IEC 27001 doesn’t cover
All of our services are covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have a comprehensive set of InfoSec policies that are followed at all levels within the organisation as part of our ISO 27001 certification. This is internally audited quarterly and externally audited as part of the ISO certification. All results of these audits, including non-conformance incidents, are reported to our director, who monitors all remedial actions closely.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to configurations are made as change requests which are reviewed and approved before being actioned.
All requests are checked for potential security impacts.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our Managed Detection and Response partner, Sophos, monitor all threats across all of our company infrastructure and provides threat analysis and alerts. This is connected to our infrastructure management partner, ANS, who will action patches and mitigation actions on our behalf across our global infrastructure.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our Managed Detection and Response partner, Sophos, monitor all systems across all of our company infrastructure. They proactively review all log activities and have access to intervene immediately if there is evidence of a compromise. This response team is global and active 24/7/365. Their service conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management type
Supplier-defined controls
Incident management approach
Our Managed Detection and Response partner, Sophos, are contracted to support us in all incident management processes. They will investigate reports of breaches, complete any mitigation actions and provide detailed reports. Users are able to report issues directly via our usual support teams, where they will be escalated promptly. All clients provide data breach notification email addresses where we can centrally communicate to all affected clients should any incident occur.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Wellbeing

Wellbeing

StaffSavvy helps improve staff wellbeing by automating many manual and mundane tasks. This helps to reduce workload and stress. It also support staff by providing them with more details about their work and how they can improve or contribute more.

Pricing

Price
£1.98 to £4.95 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew@staffsavvy.com. Tell them what format you need. It will help if you say what assistive technology you use.