STRICTLY EDUCATION LIMITED

EduPeople

With one employee record at its core, EduPeople is a single HR, payroll and pensions system that saves time, saves costs and improves strategic decision making. Designed specifically for the education sector, EduPeople eliminates duplication of data entry and improves accuracy through automation.

Features

• One employee record centralises HR, payroll and pensions data
• Real time reporting
• Remote access
• Employee and manager self service
• Open API
• Modular system
• Customised workflows

Benefits

• Has been built specifically for the education sector
• Provides greater insight from data and management reports
• Enables fully joined up employee management and communication
• Empowers employees with control over their data
• Integrates with third-party school business systems
• Modular functionality will scale and grow with school or trust
• Eliminates duplication of data entry
• Improves accuracy through automation
• Identifies trends in absence and retention
• Talent modules to manage employee lifecycle

£43.20 to £80.40 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at barry.smith@strictlyeducation.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

618628054410768

Contact

Barry Smith
07514630597
barry.smith@strictlyeducation.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Live Environments: Routine maintenance is carried out six times annually over pre-determined weekends: From 18:00 on Friday to 09.00 on Monday.; ; We will publish the maintenance schedule to Clients prior to the start of the calendar year. Details and timings of each maintenance window will be communicated to Clients prior to each occurrence.
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times:; ; Priority 1: 1 hour ; Priority 2: 2 hours ; Priority 3: 4 hours; Priority 4: 8 hours ; Priority 5: 8 hours ; ; Example of P1: EduPeople platform unavailable or there is a critical deadline that would be missed e.g., missing statutory deadlines or pay dates, same day leaver. ; ; Example of P2: Supporting module failed - e.g., Strictly Education Portal.; ; Example of P3: A leaver request with a notice period.; ; Example of P4: A new starter request.; ; Example of P5: Request for information or training material.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Day-to-day support for payroll and pensions enquiries is provided by our Payroll Officers and Pensions Officers and is included in the licence fee.; ; Our Service desk provides technical support. The purpose of the Service Desk is to investigate suspected software defects and provide technical support and where necessary correct user-defined errors. Where users continually raise tickets (3 or more occurrences in a 6-month period) to resolve the same input issues Strictly Education reserves the right to provide 1 to 1 training for that user at additional charges OR charge for the necessary work to correct the error, applying consultancy rates.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The mobilisation phase is supported by a comprehensive project plan and follows our quality assured implementation process. ; ; Months 1-2: project initiation, data migration and the start of our comprehensive online training programme for users.; ; Months 2-3: parallel runs; the client will input payroll data for the chosen month and provide us with relevant payslips to allow a complete end-to-end test to ensure accuracy of net pay. A further test will produce test-out files for FPS, BACS and EPS. Where necessary, system modifications will be made to ensure accuracy rate.; ; Month 4: following acceptance by the client we will “Go Live”. The client will be introduced to the Business-as-Usual Team at Strictly Education, ongoing training will be provided and pro-active support through our EduPeople specialists and system administration team will ensure a timely response to any enquiries.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the point of termination, Strictly Education will contact the client to understand their requirements for exit data. Our data portability plan ensures that any data we hold can be easily transferred to another system. ; ; EduPeople allows us to hold all data on behalf of our clients and as such, we can extract the data at a time and in a format that suits the client. We actively work with our clients when a contract comes to an end by providing a project specialist to work with the client during the notice period.; ; In line with data portability guidelines, Strictly Education ensures that all data provided to clients at the end of their contracts are in a structured, commonly used, and machine-readable format. All data will be provided in a timely manner as agreed between both parties.
• End-of-contract process: Strictly Education can provide the client with a payroll exit data file which is provided in our standard template file, in excel format. The exit data file is produced after the final payroll is completed to ensure that it contains all up-to-date contract and year to date information. ; ; Should bespoke exit data be required our Implementation Team will work with the client to understand their requirements and how they can best be met as part of the exit from our service. We are happy to provide data in an agreed format to ensure migration to a new supplier is as smooth as possible.; ; Please note that we will continue to provide pensions support up to the client's contract end date, but after this date, any queries requiring our assistance to resolve will be charged per query, payable in advance of us completing the work. Alternatively, the client can elect to receive our pensions exit data file that will enable them to manage any queries themselves per establishment. ; ; The following charges would apply:; ; • £350 admin fee to close records ; • £500 for payroll exit data ; • £500 for pension exit data

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Edupeople has a responsive design and there are no differences between the mobile and desktop services.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We provide API integration on behalf of the client.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: In terms of the infrastructure, the system is modular, so if we require additional disk space or memory, our third-party provider (MHR) will provide this on our behalf. MHR continually monitor the system to ensure it isn't overloaded and not affecting users. The proactive monitoring of the system usage allows us to add more resources if required.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: MHR

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export functionality within the system, which outputs as CSV.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: EduPeople environment availability 99.8% 24 x 7 x 365; Recovery Time Objective (RTO) 12 Hours; Recovery Point Objective (RPO) 4 Hours; ; Live Business Objects Environment availability 99.8% 24 x 7 x 365; RTO 12 Hours; RPO 4 Hours; ; As the service is billed monthly, the opportunity will exist to refund monthly charges, but this has never happened due to the fact it is a payroll system with robust business continuity and disaster recovery protocols.
• Approach to resilience: All the physical hosting environments including ITC equipment and storage are wholly owned and managed by MHR. The physical hosting environment is accredited to ISO27001, Cyber Essentials and SOC2.; ; There is an up-to-date physical inventory of all items in the hosting environment that is used to handle customer data. MHR actively monitors and alerts on all customer environments for performance and ; availability. ; ; The physical hosting environment is checked regularly for compliance with GDPR. This is achieved by regular monitoring of controls in place based on MHR’s ISO27001 and SOC2 compliance. ; ; Compellent Replications run asynchronously between the primary and secondary sites.; ; LIVE: Full database backups are taken nightly using RMAN, which are kept on disk for 30 days; ; A full export of the database is taken nightly which is kept on disk for 2 days and written to tape which is kept for 30 days. ; ; NON-LIVE: Full database backups are taken on Sunday and Wednesday using RMAN, incremental backups are taken on the other days. These are kept on disk for 10 days.; ; A full export of the database is taken nightly which is kept on disk for 2 days and written to tape which is kept for 30 days.
• Outage reporting: Via our website and email notification.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Separate logins for management interfaces, segregated by access control and dependant on the role.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 26/2/2021
• What the ISO/IEC 27001 doesn’t cover: The additional support services provided by Strictly Education e.g payroll and HR admin services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MHR is accredited with the ISO27001 and the SOC2 security standard which forms the basis for their governance framework.; ; All personal customer data processed within MHR and through its software located within MHR’s own data centre complies with both the UK Data Protection and GDPR legislation. This is evidenced by annual SOC2 AND ISO 27001 audits.; ; All StrictlyEducation employees have access to E-Learning modules relating to safe data handling practices and breach reporting.; ; Appointed Data Protection Lead: a member of the business has a proportion of their role dedicated to leading on data protection; ; Third party Data Protection Advisors: we back up the knowledge of our data protection lead with a dedicated third-party service which provides our Data Protection Officer services and advises on all matters related to data protection and potential issues/breaches.; ; Breach reporting and escalation: any potential data protection breaches are managed via an escalation process and given visibility at the highest level within the group through our data protection reporting/logging processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A full change control management system is in place with all changes authorised, tracked and managed through the lifecycle of the software/hardware components in line with MHR’s internal ; change process.; ; The following controls are in place to protect against malicious code.; ; Endpoint protection software is installed on workstations and servers and performs real-time anti-malware scanning of files and monitors applications for malicious behaviour (HIPS) to identify and block malware. Signature files are automatically updated daily.; ; E-mails are scanned for malicious software through a cloud service prior to entering the MHR network.; ; Exchange server-specific anti-virus software installed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vendor communications are monitored by the IT team to identify when patches are released to address security vulnerabilities. The security risk of patches is assessed in conjunction with the Security Team and the patches are applied following a timeline commensurate with the risk.; ; Vulnerability scanning is undertaken by the Security Team on a regular basis across the internal and external infrastructure to identify vulnerabilities within the IT estate. The security risk of ; vulnerabilities are assessed by the Security Team and reported to the IT Team for remediation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: A third-party Managed Security Service Provider is employed to provide a 24/7 Security Operations Centre to monitor for suspicious activity on our network perimeter and alert the Security team of any potential security incidents based on MHR’s set requirements. ; ; Potential security incidents are investigated and remediated by the Security team. An Intrusion Prevention System is in place on the perimeter and internal firewalls to monitor and block malicious activity.; ; As part of the incident response process, any incidents involving customers' assets will be reported within the time stated in the customer's contract but not later than 48 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: MHR has an incident response policy and process that all staff are required to read, understand and follow in line with ISO:27001.; ; As part of the incident response process, any incidents involving customers' assets will be reported within the time stated in the customers' contract but not later than 48 hours.; ; The Service Desk will provide documentation to customers when configuration issues are identified; professional service consultancy will be offered where appropriate.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The use of Edupeople greatly reduces paper administration helping schools to reduce their carbon footprint.
• Covid-19 recovery:

  Covid-19 recovery

  N/A
• Tackling economic inequality:

  Tackling economic inequality

  N/A
• Equal opportunity:

  Equal opportunity

  N/A
• Wellbeing:

  Wellbeing

  N/A

Pricing

• Price: £43.20 to £80.40 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at barry.smith@strictlyeducation.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.