FAT POTATO LIMITED

Chinchill.hr

Chinchill.hr is a cutting-edge human resources and client management software. It aims to streamline HR processes, improve employee management, and enhance organisational efficiency through user-friendly features and customisable solutions.

Features

• Timesheets
• Holiday
• Reporting
• Integration with enterprise apps
• Expenses
• Employee Management
• Customer Management

Benefits

• quick and intuitive for staff
• integrates with enterprise apps
• produce customised reports
• accessible for everyone
• easy to approve timesheets
• easy to manage holiday requests
• streamlined onboarding process
• scales with you
• user guard rails to minimise errors

£6 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew@fat-potato.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

585999376972913

Contact

Andrew Walsh
07866551176
andrew@fat-potato.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: As the service is under active development more features will be added over time and based on user requests.
• System requirements:
  • Internet Access
  • Supported Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets will be triaged Monday - Friday within 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Multiple support levels are available upon request as part of licensing negotiation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Documentation and support staff will be available as part of on-boarding process.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data can be exported as a CSV
• End-of-contract process: Access is restricted except for data extraction which is available for 1 month after end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Visual differences to account for different screen sizes.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service interface is a website through which various aspects of the application can be reached. This is connected to via an internet connected web browser on either desktop or mobile device.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Accessibility is verified through software testing tools that ensure compliance to WCAG 2.1 AA
• API: No
• Customisation available: Yes
• Description of customisation: Visual customisation options are available upon request. Full details of service and customisation/usage options are available upon request.; ; Reports can be customised by the user and standard exporting templates can be requested.; ; As standard, admin users can add their own users and customise properties for users/activities. For full details please see service description document.

Scaling

• Independence of resources: Service is Cloud (AWS) hosted and can scale horizontally as per user demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Cloud based access controls and encryption
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: On relevant pages, there is an export to X format button. We use CSVs as standard, however custom export formats can be created.
• Data export formats:
  • CSV
  • Other
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Guarantee of availability is on a per-customer agreement and can be negotiated at time of purchase.
• Approach to resilience: Service is Cloud Hosted (AWS), further information around software architecture available upon request.
• Outage reporting: Service will display information accordingly

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Admin users have separate controls and interface.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have security controls documented, which is supported through training. The use of security technology helps enforce these controls.
• Information security policies and processes: Our policies/processes are aligned with ISO 27001. Technology is used to support the polices and processes and senior leadership are responsible for organisation security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Use of internal ticketing system and code based version control with regular review of proposed changes
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Use of automated tooling for vulnerability scanning across static code as part of the CI/CD process to ensure all deliveries are free of known vulnerabilities at specified risk levels.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cloud provisioned security controls and anti-virus deployed to protect environments and minimise attack surface of application. Support are automatically notified of any incidents and can respond in real time.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined process for incidents. These are reported via email or through telephone services.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Fat Potato, we integrate environmental sustainability into our operations and service delivery. We give precedence to energy-efficient practices not only in our cloud-native architectures and software solutions but also in our coding practices. By employing low carbon software engineering approaches, such as optimising algorithms, reducing computational complexity, and minimising resource-intensive processes, we aim to further reduce carbon emissions associated with software development and operation. Through influencing our staff, suppliers, and clients, we advocate for eco-friendly practices throughout the software development lifecycle, fostering environmental protection and improvement. Additionally, we actively seek out and promote the use of green data centres and renewable energy sources for hosting our solutions, further aligning our technology infrastructure with our commitment to fighting climate change.

  Tackling economic inequality

  As a small organisation ourselves, we are deeply committed to fostering economic growth and social mobility within our community. Our training programmes and employment initiatives are tailored to individuals facing barriers to employment or located in deprived areas, aiming to provide them with opportunities for economic empowerment. By focusing on high-growth sectors and addressing skills gaps, we aim to create employment and training opportunities that promote economic inclusion and equality. Additionally, we actively engage with local communities and stakeholders to identify and address challenges related to economic inequality, working collaboratively to create a more inclusive and prosperous society.

  Equal opportunity

  We proactively address inequality in employment, skills, and pay within our organisation and supply chain. Our recruitment and training initiatives prioritise diversity and inclusion, providing pathways for individuals from disadvantaged backgrounds to access opportunities and develop relevant skills. Additionally, we implement policies to ensure ethical sourcing and fair labour practices, mitigating modern slavery risks and promoting equality throughout our operations.

  Wellbeing

  We prioritise the health and wellbeing of our workforce, offering employee assistance programmes, wellness initiatives, and flexible work arrangements. By fostering a positive work environment that supports physical and mental health, we promote employee wellbeing and resilience. Furthermore, we advocate for health and wellbeing in the broader community, influencing stakeholders to prioritise wellness in their practices and policies, fostering a broad culture of wellbeing.

Pricing

• Price: £6 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Available upon request and based on use-case

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew@fat-potato.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.