WorkInConfidence Limited

WorkInConfidence: Case Management

WorkInConfidence: Case Management provides a secure, easy-to-use
place to collect, track and report on HR, performance management,
grievance, speaking up or whistleblowing cases, whether raised with
you directly by email, phone, WorkInConfidence: Anonymous Speak
Up or other route. Includes encrypted storage of cases, easily updated fields and multiple user access.

Features

• Easily store and update HR, whistleblowing and Speak Up cases
• Easily add your own fields of other required information
• Create templates to prompt your team about information/steps required
• Sophisticated reporting so you always know where you are
• Highly flexible privacy controls/sharing options
• Web app mobile optimised for phone and tablet too
• Admin panel gives you high level of administrative control
• Cloud based, highly secure (meets all privacy & security guidelines)
• Multiple Sharing Options to give appropriate confidentiality of cases
• System prompts / reminders to actions do not get overlooked

Benefits

• Provides easy, secure central storage and tracking of cases
• Gives organisations ability to record cases consistently and efficiently
• Comprehensive solution for problems, grievances, behaviour and whistleblowing
• More efficient case handling enhances staff experience and reduces risk
• Clear central reporting, dashboards, reports, admin panel for actionable insights
• Helps legal/regulatory compliance and regulatory reporting – like the NGO
• Easier to ensure consistent handling and to identify recurring issues
• Enables a collaborative approach among managers
• Gives a structured approach while ensuring transparency and compliance
• More secure than spreadsheets / internally designed processes

£19 to £99 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim@workinconfidence.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

575641509197966

Contact

Tim Martin
0845 383 1013
tim@workinconfidence.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Users have internet access (PC, tablet or phone)
  • Browser access (Edge, Chrome, Safari, Firefox, Opera)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response usually within 1 business hour but always within one business day (9-5 business days). ; Weekends and holidays usually picked up within 24 hrs.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The web chat widget is Level one (A) compliant and satisfies some Level two (AA) requirements. Testing has been done on the plug in.
• Onsite support: Yes, at extra cost
• Support levels: We provide a single level of support for all clients which includes phone, email and online chat support. ; ; The cost of support is included within the user licence fee with the only additional costs being any site visits requested by the client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: When a new client starts using WorkInConfidence they are allocated an account manager who works with them through the on-boarding process to ensure a successful launch. This includes providing materials to guide them through the pre-launch process, online administration training, and marketing collateral. The client also gets access to our comprehensive online support area with resources for administrators, managers and users. The account manager then works with the client regularly post-launch to ensure that they continue to get the best out of WorkInConfidence.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: For case management key details of all cases can be downloaded as .csv. ; by managers and admins with appropriate permissions. Downloads can include details of all appropriate fields. ; Detailed case notes can be downloaded for any case as PDF including any manager notes and case details.; System use metrics and reports can also be downloaded as PDF or csv.
• End-of-contract process: If any organisation ceases to be a client of WorkInConfidence, we will remove all of its data and that of its staff/users within three months of their ceasing to be a client. Alternatively, the client may choose to have a paid 12 months run off period after which the data would be deleted three months post that.; Clients can access data per above.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Yes the service is mobile optimised. When accessed from a mobile device (smartphone or tablet) the pages reformat to fit the size of the device in question. Core functionality is the same.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Case Management Users: Who has administration rights and management rights. ; Security: You can decide whether to force 2 factor authentication on managers/admin users. ; Fields: Creation of your own fields (Text: Date: Single select picklist: Email: Telephone: Numbers). ; Creation of templates to prompt managers on questions to ask / answer and steps to go through. ; Confidentiality & Sharing: Whether cases are shared or can be locked down to an individual manager. ; Reports: As well as pre built system reports, you can configure and save your own reports templates within the system.; System reminders.

Scaling

• Independence of resources: The WorkInConfidence service is automatically monitored to ensure that there is always sufficient capacity to meet the needs of all clients. Any potential issues are highlighted and additional capacity can be added within 30 minutes.

Analytics

• Service usage metrics: Yes
• Metrics types: You have a clear online dashboard and an extensive range of reports. ; How many users are on the system. ; Details of number of cases over any time period. Status - open:closed. ; Cases by any selected fields (such as case type, manager, stage, outcome, location, case age, length of time at a stage). ; Admins can apply filters to reports and save them as new reports. Clients can request additional bespoke reports from support.; You can also trigger a mini survey as the end of a case to check back with staff members how they found case handling, if appropriate.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: All personal identifiable information and dialogues are encrypted.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export approach ; Details can be extracted via the online interface by managers and admins with the appropriate rights. ; For case management key details of cases including case, manager, status, other required fields, can be downloaded as .csv.; Full details of any cases can be downloaded as PDF.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Csv
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We aim to be available at least 99.5% of the time, apart from reasonable scheduled maintenance (either outside normal business hours or up to 1 day per quarter). Historically we have exceeded 99.9% availability. If we exceed this downtime, clients are entitled to 7 days free for each day we have been down as long as they request it within 28 days of the outage.
• Approach to resilience: WorkInConfidence is hosted on Amazon's AWS infrastructure used by many large organisations. We chose to partner with Amazon because of their work in this area. More details are available from the AWS website or directly from WorkInConfidence.
• Outage reporting: There is a public dashboard at: https://status.workinconfidence.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access restrictions in management interfaces and support channels ; The administration areas of all clients instances of WorkInConfidence are protected via username and password. The system insists on strong passwords of at least eight characters with upper and lower case letters and numbers. Users of the system have the ability to set up Multi Factor Authentication. We recommend this for Admin Users and Managers. Users can choose to mandate MFA for either all users or Manager/admin users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • IASME Governance standard
  • NHS Digital Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IASME Governance standard
• Information security policies and processes: WorkInConfidence has: ; 1. Clarity on what is collected, what purposes and how stored. This is clearly documented in Privacy policies and a further internal policy; ; 2. Technical measures to guard security and privacy. The CTO is in charge of this, and has close oversight of all aspects of the build and operations of the Company’s services. This is discussed regularly with the CEO and also in every board report there is an update, also highlighting any areas of security risk;; 3. Organisational measures. All staff are required to be aware of the organisation’s security policies and processes, and are trained and are regularly updated on these. Any third parties working with us have to sign up to and adhere to these. ; Any security risk is required to be notified to the CEO and COO immediately. ; To support each of these the Company and has clearly documented policies and procedures, a log of who has been trained and when last updated. These include User Privacy Policy, Password Policy, Mobile Device Policy, Retention Policy, Incident Response Policy, Confidential Data Policy. ; The above are reviewed and updated at least semi-annually and any key changes highlighted to the Board.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of the service are under configuration control (source control via git) and all changes are reviewed and tested with a view on security before being applied to the live service.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threat information comes from a variety of sources such as our hosting provider for hardware and OS information, the providers of the development language and framework we use. These and other sources are used to determine the priority and the speed with which any are implement. For OS related patches these are typically applied weekly and for framework changes at the next major release unless it is considered a security risk in which case it would be hot-fixed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Many steps are taken to ensure that the service cannot be compromised but we actively monitor the logs for unusual activity or activity from outside of known parameters. If an anomaly is detected it is flagged up via both email and instant notification to support staff. This is then investigated immediately to see if there has been an issue and steps taken accordingly.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents flagged up during routine monitoring will be dealt with through company policy. User can report incidents either through our website or via our dedicated email address: security@workinconfidence.com.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  As part of ensuring equal opportunities, it is critical that organisations understand the problems different parts of the workforce face, whether and how those vary by different group and whether all groups feel treated fairly and have access to equal opportunities. ; ; Having more consistent case handling and a clearer picture across the whole organisation of whether different groups are disproportionately affected by Speak Up, HR issues, wellness problems, bullying and harassment and grievance cases delivers better understanding. This understanding is key to delivering equal opportunities. ; ; WorkInConfidence helps organisations handle cases more consistently and understand patterns across cases, providing a powerful boost to ensuring equal opportunities.

  Wellbeing

  WorkInConfidence is designed to deliver more respectful, more engaged organisations. There is a major problem with staff who have problems in areas like respect, bullying, harassment and poor behaviours often feeling unable to raise them. These problems contribute in turn to hugely diminished wellbeing for both those who experience the problems and colleagues who witness them. ; Our case management ensures that cases can be properly recorded and tracked ultimately leading to a greater likelihood of a satisfactory conclusion - and better staff experience. This contributes to organisational and individual health. ; Clear central reporting gives organisations a more joined up picture of problems, how they are dealt with and what learnings have been made and shared to minimise problems going forward.

Pricing

• Price: £19 to £99 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim@workinconfidence.com. Tell them what format you need. It will help if you say what assistive technology you use.