Retinue Solutions

Ryalto

Ryalto is a mobile app for workers in the public sector, to stay connected to their organisations peers. They pick up news and protocol information direct in the app and complete satisfaction surveys. There is a powerful shift booking tool that can standalone or be connected to a rostering system.

Features

• News feed targeted to different user groups
• WhatsApp style messenger contains no personal data
• Shift booker presenting worker shifts. Standalone or rostering system connection
• Survey tool for bespoke surveys to complete in app
• Push notifications sent to individuals/groups of workers in emergencies
• Mobile and desktop enabled
• Customer success team who upgrade the app continuously

Benefits

• Integration support
• Customer success team on hand for support
• Mobile enabled for use on the go
• Targeted or non-targeted surveys and notifications
• Drives retention of the workforce through engagement
• Shift booking tailored to the client requirements
• MI data to inform decision makers strategies
• No personal data is available, fully GDRP compliant
• In-app support and a help bot.

£1 to £20 a unit a month

Service documents

• Pricing document

  ODS

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@retinue-solutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

621048257241058

Contact

Retinue Sales Team
0845 521 9481
enquiries@retinue-solutions.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Can link to a customers VMS, ATS or rostering system
• Cloud deployment model: Public cloud
• Service constraints: None applicable
• System requirements:
  • App download
  • Wifi/Internet connection
  • Up to date internet browsers required
  • IOS version 12 minimum requirement
  • Android 5 Lollipop minimum requirement

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The below refers to standard response times: ; ; If requested the same Business day our SLAs are as follows:; In App support- 4 hours; Email Support- 4 hours ; Shift booking issues- 2 hours ; Admin panel support- withing 4 hours .; ; If requested in the evening, or overnight (out of working UK hours)- these will be responded to the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Ryalto offers, as standard, a complete package of after sales support including:; ; • Dedicated help desk access via phone and email. Phones are managed by a person between 9am and 5pm on usual UK working days and outside of that an answer phone is supplied. Emails are responded to within 24 working hours.; • In-app support and a help bot.; • A dedicated Customer Success Team that run regular service reviews, provide management information and can be a point of contact should the service need to change (expend or shrink).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Ryalto offers a fully managed onboarding experience. Managed under PRINCE2, Ryalto run a tried and tested programme with all buyers that follows these steps:; ; • Current process mapping; • Process re-mapping to the desired new ways of working; • Configuration of Ryalto to meet the new processes; • User Acceptance Testing (UAT); • Communication / change management support; • Managed roll-out to all users; • Stabilisation phase support; • Handover to BAU.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Ppt
  • Excel
• End-of-contract data extraction: The customer can request all or a subset of data upon exit in a csv format. Additional data formatting can be requested at additional cost
• End-of-contract process: Ryalto offers a fully managed offboarding experience. Including:; ; • Documenting all processes and data access points that need offboarding.; • Communications planning and implementation.; • Supply back of all data in pre-agreed formats and in a secure way.; • Sign-off to ensure all stakeholders are satisfied.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Functionality remains the same for mobile and desktop. There are additional features for organisation Admins on the desktop version.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: All API requests require a token that is generated on a secure authenticated user and can be revoked remotely when needed.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Once in the app, clients can have white labelled/branded pages so that workers/users view the functionality in the clients own branding.; ; Admin users/Super Users will have the functionality to create news feeds/chats/post shifts for workers/create bespoke surveys. ; ; However, only Ryalto can control the UX components.

Scaling

• Independence of resources: This is created with collaboration of the Cloud service provider Amazon Web Services. Snapshots of the database are taken every hour and have a 24-hour life. In addition, daily backups are taken and stored on different servers and have a time to live of 7 days.; ; Business Continuity is assured through the use of replication services within AWS. If the EC2 instance fails, it immediately switches to the replicated service without any interruption to the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Detailed user usage analytics on key features and functionality, to provide relevant insights on user engagement within the application
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The customer can request all or a subset of data in a csv format. Additional data formatting can be requested at additional cost.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability system uptime – 99%. Maintenance updates will be notified with at least 7 days-notice. Where emergency maintenance is required only limited notice may be possible. ; ; The service uptime is targeted at 99.5%. ; Ryalto provides the Services so that they are available twenty-four (24) hours a day, seven (7) days a week, except for: ; (a) Planned maintenance carried out during the maintenance window where Ryalto has provided a minimum of seven (7) Business Days’ notice in writing of such planned maintenance; and ; (b) During any period of emergency downtime arising due to an urgent maintenance requirement to address faults, defects or any other significant issues immediately, providing that such issue(s) are not a result of the acts, omissions or negligent performance of Ryalto.
• Approach to resilience: Ryalto technology operates the highest security standards. These include:; ; • Wildcard SSL certificate for all connections using the SHA-2 algorithm. ; • All API requests require a token that is generated on a secure authenticated user and can be revoked remotely when needed.; • All data is secured at rest on the server using AES-256 encryption, passwords are stored ‘hashed’.; • Mobile phone numbers, if entered by the app user, are stored as a hash and never readable by another human in the app or the Ryalto databases.
• Outage reporting: Availability system uptime – 99%. Maintenance updates will be notified with at least 7 days-notice in writing. Where emergency maintenance is required only limited notice may be possible.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: User cannot access software unless profile is created by an Administrator in the system. User is then provided with a unique username (e-mail address) and password to access the system. When logging in technology will use Captcha technology to authenticate user. All actions completed by that user when logged in is time and date stamped for audit trail.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 27/03/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have ISO27001 and Security Policies are managed and audited in line with the requirements for continued certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We employ a robust configuration and change management process adhering to modern software development best practices. Each change has several stages of review. At the planning stage we review potential security, performance and user experience impact. We have automated testing, automated security scanning, manual code review and QA on every change. We also implement a versioning and deployment system that allows for easy and quick reversion of changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process is proactive and systematic. We assess potential threats by conducting regular security audits and utilizing threat intelligence platforms. Patches are deployed swiftly, usually within 14 hours of identification, depending on the severity. We source information on potential threats from reputable industry databases, security bulletins, and partnerships with cybersecurity experts. This multi-faceted approach ensures our services remain resilient against emerging vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring process is designed to swiftly identify and mitigate potential compromises. We utilise a combination of real-time analytics, threat intelligence, and behavioural monitoring to detect unusual activities indicative of a security breach. Upon detection, our incident response team is alerted immediately, and we follow a predefined protocol to assess and contain the threat. Our response time to incidents is typically within one hour, ensuring rapid resolution and minimal impact. We continuously refine our monitoring processes to adapt to evolving cyber threats.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents reported by user to the client technical support. If they cannot resolve then escalated to Ryalto technical support team. This is raised through our helpdesk portal and a ticket number assigned to each issue. When raising ticket must define if impact is to individual user, group of users, system wide etc. and issue is applied priority status. Dependant on severity of issue will define course of action i.e. time in which it is addressed, communication to whole client or individual user. All fixes always reported within release notes.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Ryalto is proud to be a Carbon Neutral business, certified as such by Carbon Neutral Britain. We have set rigorous emissions reduction targets, aiming to be net-zero by 2050, and to have halved our emissions output by 2030. Our most recent Carbon Reduction Plan for FY 2022/23 can be found on our website (https://www.ryaltogroup.com/ ) which outlines the areas of our business we are focused on reducing our emissions output. These are as follows:; • Business Travel – we commit to recruiting as locally as possible to our office sites, and also to reducing business travel by arranging virtual meetings, rather than face-to-face meetings where possible, promoting ride sharing and sustainable transport methods where we can (i.e. train travel); • Mains Gas Combustion – mains gas can be avoided altogether by adopting more sustainable options such as heat pumps, biomass systems, and solar thermal heating systems where possible. All of our offices are leased site but despite this, we will endeavour to put pressure on our property providers to switching to these alternative heating methods. If this is unsuccessful, we will explore moving to sites that offer more suitable and sustainable heating sources.; • Electricity Consumption – we will, where possible, reduce our electricity consumption through energy efficient alternatives such as low voltage lighting, and low energy monitors for our office sites. We have already adopted a hybrid working pattern with some of our employees working remotely. We will consider limiting the number of staff within each office site and downsizing on renewal of our leases and so significantly reducing our electricity consumption as a business.; Further to this, we hold both the ISO 14001 and ISO 9001 certificates, showcasing our commitment to protecting the surrounding environment and fighting climate change.

  Covid-19 recovery

  Ryalto has adopted a hybrid working policy with all its staff, with a portion working fully remotely meaning staff are not obligated to work full time from a Ryalto office site. This ensures opportunities to a wider range of candidate, but also ensures a working pattern where we are able to travel to client sites as and when is needed, or through virtual online meeting. As a result of this, Ryalto is continuing to ensure opportunities and flexible work patterns so to open up communities, while making sure the economy is rebuilding through greater working relationships.; Furthermore, we actively champion and look to work with SMEs within our supply chain. This therefore drives and promotes opportunities in diverse SMEs, so ensuring economic and community stability following the COVID 19 pandemic.

  Tackling economic inequality

  We are committed to hiring locally as possible to our sites, both for internal roles, but also for those roles advertised within client contracts. This ensures we are championing local talent and so building the local economy, rather than bringing in external talent to fill the advertised roles. ; Ryalto is proud to be promoting SMEs within our supply chain. This ensures promoting local opportunities and as such, reduces economic inequality through championing smaller businesses.

  Equal opportunity

  We are actively working to ensure all communities have equal opportunities to employment. Ryalto ensure this by posting to jobs boards focussed at attracting groups such as BAME communities, ex-offenders, military veterans etc. On top of this, we hold a number of business partnerships and accolades with organisations looking to provide employment opportunities. These include:; • The Armed Forces Covenant – as a signatory, we are committed to providing interviews and advertising roles to ex- military veterans and their partners; • Neurodiversity in Business Charity: Corporate Member – educating our hiring managers and internal staff on reasonable adjustments for neurodiverse candidates, language to use in adverts, and the benefits of hiring neurodiverse talent and incorporating them into our employee pool; • Prince’s Responsible Business Network: Race at Work Charter Signatory – by being a signatory, Ryalto has made a public commitment to ensuring employment and progression opportunities to BAME communities in the hiring process, both for external, and internal talent; • Disability Confident Employer – as a Disability Confident Employer, Ryalto ensures that, as long as the minimum criteria of the role is met, we will guarantee an interview and not overlook disabled talent. This includes providing reasonable adjustments to both physical and non-physical disabilities throughout the hiring process.; On top of this, we have a well defined business relationship with the Bridge of Hope, a business looking to drive social value by ensuring employment opportunities for marginalised communities in society. They do this by partnering with corporations to promote roles, so both providing a pathway for diverse, often overlooked talent, and allowing businesses to deliver an inclusive workforce and deliver social value.

  Wellbeing

  We are actively working to ensure all communities have equal opportunities to employment. Ryalto ensure this by posting to jobs boards focussed at attracting groups such as BAME communities, ex-offenders, military veterans etc. On top of this, we hold a number of business partnerships and accolades with organisations looking to provide employment opportunities. These include:; • The Armed Forces Covenant – as a signatory, we are committed to providing interviews and advertising roles to ex- military veterans and their partners; • Neurodiversity in Business Charity: Corporate Member – educating our hiring managers and internal staff on reasonable adjustments for neurodiverse candidates, language to use in adverts, and the benefits of hiring neurodiverse talent and incorporating them into our employee pool; • Prince’s Responsible Business Network: Race at Work Charter Signatory – by being a signatory, Ryalto has made a public commitment to ensuring employment and progression opportunities to BAME communities in the hiring process, both for external, and internal talent; • Disability Confident Employer – as a Disability Confident Employer, Ryalto ensures that, as long as the minimum criteria of the role is met, we will guarantee an interview and not overlook disabled talent. This includes providing reasonable adjustments to both physical and non-physical disabilities throughout the hiring process.; On top of this, we have a well defined business relationship with the Bridge of Hope, a business looking to drive social value by ensuring employment opportunities for marginalised communities in society. They do this by partnering with corporations to promote roles, so both providing a pathway for diverse, often overlooked talent, and allowing businesses to deliver an inclusive workforce and deliver social value.

Pricing

• Price: £1 to £20 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODS

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@retinue-solutions.com. Tell them what format you need. It will help if you say what assistive technology you use.