Cello Software Limited

Online Leave Management and Staff Development System - tracker2

tracker2 Online Leave Management System is used by numerous hospitals to monitor all types of Leave (Annual, Study, Special, Sick Leave). It monitors attendance at courses, mandatory and in-house training with e Portfolio for employee's appraisal, an Expenses module and a Trainer Accreditation module. It allows multiple levels of access.

Features

• Online Leave management, remote access, Secure login, secure backup
• Attendance record, mandatory training record, real-time analytics
• Calendar view, multiple level of access, leave clash alert
• Multiple types of Leave, annual, study, special, sick
• Trainer Accreditation module
• Financial governance and budget allocation per group of employees
• Course evaluation analytics
• Local Meeting Attendance Monitoring, QR code scanning
• e-Portfolio to support employee mandatory appraisal
• Expenses module, submission of receipts, notifications and authorisation of expenses

Benefits

• Remote Leave application, multiple levels of approval,
• All Leave recorded in one place, online free flexible reports
• Calendar view by department or section, connects the whole organisation
• Trainers are accredited to GMC standards
• Secure audit trail for application process saving thousands of hours
• Manages budget allocation, live financial information and limitless reports
• Empowers employees to exercise governance managing their own leave
• Electronic record of in-house meetings through advance technology
• Employees benefit from integral e-Portfolio module to prepare appraisal
• Employees benefit from integrated expenses claim application process

£6 to £14 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cellosoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

552826503729235

Contact

Hani Zakhour
0151 348 4035
info@cellosoftware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Internet connection must be of reasonable speed. Up to date device hardware. Occasional service downtime for updates and maintenance. Although intuitive, the system manager will require training.
• System requirements:
  • Internet or 3G/4G/5G link
  • Works on Windows and Mac OS X platforms
  • Works on tablets, smartphones and other mobile devices
  • Requires minimum input from System administrator
  • Requires Annual software and support licence
  • Requires a cloud hosting (provided by Cello Software partner)
  • Requires a reasonable level of computer literacy
  • Buyer hardware needs to be of reasonable specifications
  • Access is granted via a valid logon issued by admin

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1st Response is immediate, 2nd response is within 24 hours. Same response at weekend.; Support Services shall be provided primarily to the Client’s Systems Administrator. The Company will provide support and advice through the following channels:; 1. By email/telephone during normal working hours ; 9.00 – 17.00 Monday-Friday excluding public holidays; 2. On-line support at weekend; 3. On-site visits (Chargeable); Further details are outlined in the Service level agreement
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Contact by the Client should in the first instance be by email to support@cellosoftware.co.uk; Requests for support by the Client will be classified in the following categories: ; A Urgent (Red) eg: if the server is down; ; B High Priority (Amber) eg: non-server software errors; ; C Medium Priority (Green) eg: problems that can wait up to 5 days for resolution; ; D Low Priority (Black) eg: requests for new functionality and software upgrades.; Support is charged annually and is included in the price of the licence. ; A technical account manager is available to provide support in cases where first line support is not sufficient. ; Escalating is done automatically by our company’s first line support when it’s deemed necessary.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The system manager is supported extensively in the period leading to the launch of the product. We work closely with the client to set up the system, starting with demographic data import. We continue with customisation and setting of the software to on site training. The length of the session depends on the number of users attending. We normally train system managers and system administrators. Standard users require minimal training as the System is intuitive. User documentation is online in the form of help files which open in separate tabs. Online advice and telephone support with instructions are provided to all admin users once the system is purchased.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted via running a multitude of reports in commonly known format. This can be done on an individual basis or for an entire group or section of users.
• End-of-contract process: The cost of the contract includes the import of demographic data of the users of the client organisation. It includes the first year license, support by email and for urgent matters as agreed with client by telephone. The contract price includes any updates for the year of the contract. Major updates are offered free for the remainder of the year but may be charged for at the anniversary of the contract.; At the end of the contract the user can either renew the contract or not renew the contract upon which the service and the access to the system is discontinued. Data will be available to extract within the period of the contract but not after the contract has terminated. The client data is destroyed by Cello Software after the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Staff users can use mobile devices for full access of service; Admin users can use the vast majority of features on mobile devices and full features on desktop devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Part of our software is reliant on an API technology but it is invisible to users. The main service is not provided via an API; One of the services modules (Local Meeting Attendance Monitoring System API) relies on users downloading our special App on their mobile device to record attendance at meetings. The users access the App through a login. The initial setup to the Local Meeting App is provided by the System Administrator. The user has full access to all system features
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: System administrators can customise access to the system. This is far too complex to describe in detail but customisation is extensive for the purpose of accessing various levels of the software. Normally users must apply to System administrator for a variety of customised access views and functions depending on the level they are working at.; An approver has a separate set of customised access in comparison with a financial support individual or a section Manager, the combinations are vast. Top level admin can customise access and any one else who is given permission by the Senior Admin System Manager.

Scaling

• Independence of resources: The system has vast capacity, the sole limiting factor is internet speed and connectivity. Each organisation runs a separate account and therefore the strain on the system is somewhat distributed. Our largest organisation has 1800 employees. The total number of users is over 10 thousand. The server capacity is vastly in excess of the current requirement.

Analytics

• Service usage metrics: Yes
• Metrics types: All admin users are able to view basic usage metrics on the dashboard. Other metrics are available by running reports. We use metrics to analyse popularity of courses for various groups of users in various specialties.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: By running a report in either Standard MS Word format or Excel spreadsheet format. Other format such as CSV can be made available after discussion with the company
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MS word
  • MS excel
  • CSV can be reinstated currently inactive in the software
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Excel
  • CSV
  • MS Word

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: The buyer network is not used to store data. Clients data are stored on a secure dedicated servers by our hosting company. All connections are standard https secure connections. All files are first zipped and encrypted with a defined encrypting key before they are sent to the Backup server. The algorithm that is used to encrypt the files is Advanced Encryption Standard (AES), with 256-bit block ciphers. All communications between Backup Server and the Data Server are transported in a 128-bit SSL (Secure Socket Layer) channel. Our website is protected by a 2048-bit key security certificate from Digicert.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We do not have an internal network. Dropbox is used for sharing documents. Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES). To protect data in transit between Dropbox apps (currently desktop, mobile, API, or web) and our servers, Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption. Similarly, data in transit between our hosting company and the clients are encrypted via SSL/TLS version 1.2 or above

Availability and resilience

• Guaranteed availability: The Company will make all reasonable endeavours to respond to incidents as follows: ; i an acknowledgement of receipt of the message within 1 working hour; ; ii an initial response within 24 hours; ; iii a detailed response within 48 hours from the initial response including an estimated time for fixing the problem. If no fault is found, the user will be contacted to ascertain the nature of the fault to decide whether the fault can be attributed to an element of the software or its environment. ; The Company is not responsible for problems caused by matters outside its control; this includes local network problems, misuse of software, inappropriate use of the software, lack of assistance from the Client and matters of force majeure. The problem generating the support call shall be deemed resolved once the Client Systems Administrator and the Company has declared it so.
• Approach to resilience: Available on request
• Outage reporting: The company subscribes to a server Management system "Uptime Robot", which monitors our servers 24/7. There is an API, Email alerts and text messages alerts in addition to website news alert. Outages are investigated immidietly. Minor outages less than 5 min are left to run their course moderate and severe outages are communicated to clients via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The system is standalone. It does not currently interact with other interfaces or other support channels. Access to management channels within the company is restricted to certain individuals on need to know basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Security Essentials
  • GDPR compliance for data security
  • GDPR Compliance of data protection by design
  • NHS Data Security and Protection Toolkit Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber security essentials issued by IASME. The NHS Data Security and Protection Toolkit (DSPT). Conformed to National Data Guardian’s (NDG) data security standards.
• Information security policies and processes: We are registered with the Information Commissioner's Office (ICO). We comply with the ICO GDPR criteria for security breach reporting. The company Data Protection Officer, Board level, ensures that policies are adhered to. The details are outlined in a document called "Data Breach Policy - Cello Software". See Below an extract paragraph 4 from this document. (4. The Data protection officer will first ascertain if the breach is still occurring. If so, appropriate steps will be taken immediately to minimise the effects of the breach. An assessment will be carried out to establish the severity of the breach and the nature of further investigation required. Consideration will be given as to whether the police should be informed. Advice from appropriate experts will be sought if necessary. A suitable course of action will be taken to ensure a resolution to the breach.)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cello Software is and has been conversant with the concept of Privacy by Design. Our software is accessed only via secure connections. Updates are tested on secure devices. Our service and support is monitored through its lifecycle. Any change to service will need to meet our security criteria and the approval of our DPO
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Any unusual activities attempts to login, visible through our log. ; ‘Critical’ patches are deployed within hours.; ‘Important’ patches are deployed within 2 weeks of a patch becoming available.; ‘Other’ patches are deployed within 8 weeks of a patch becoming available.; This is part of our declaration for attaining the Cyber security essential level.; Information about threats is obtained from IT blogs and our antivirus software news bulletins
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Any multiple attempts of unauthorised access to the system such as brute-force password guessing, will result in throttling and account locking after 3 attempts. Suspicious activities appear on the log.; We investigate against all users' record. We respond urgently to potential threats and incidents
• Incident management type: Supplier-defined controls
• Incident management approach: We have a routine reporting process described in our Business Contingency Plan. Our users may report by email or in major breaches they would contact us by phone. We write to our users and inform them in a report what has taken place and how we addressed the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  We rarely travel to provide our services. Most of our support and commissioning for new clients, hosting services and training is done online. All our support is provided online and our staff work from home obviating the need for office space and travel.

  Equal opportunity

  We firmly believe in equal opportunity throughout the company, which has resulted in range of ethnic and gender representation at board level.

Pricing

• Price: £6 to £14 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cellosoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.