Work Wallet

Work Wallet Health & Safety Platform

Work Wallet helps transform Heath & Safety Management with our all-in-one software platform. Easily manage workplace safety and look after your teams with our full suite of modules including Incident Reporting, Audits, Contractor Management, Inductions, Permit to Work and much more.

Features

• Incident Reporting
• Site Audits & Inspections
• Digital Permit to Work
• Site Inductions
• Contractor Management
• Risk Assessments
• Asset Inspections
• Worker Competency Management
• Clock In & Out with Lone Working
• Toolbox Talks & Safety Briefings

Benefits

• Mobile & Onsite Access
• Improve Employee & Contractor Engagement
• Central, shared data and reporting
• Easy to use system interface
• Powerful reporting and KPIs

£12 to £240 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.rowe@work-wallet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

635732095592916

Contact

Matthew Rowe
01332505252
matthew.rowe@work-wallet.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Work Wallet supports most modern desktop web browsers for accessing and managing data through the web portal. ; We aim to support a range of OS versions to support a wide user base for the mobile app. Our current support includes: ; iOS & iPadOS 14 - 17, Android 8 - 14
• System requirements:
  • Modern Web Browser with latest updates (Edge, Chrome, Safari, Firefox)
  • IOS / iPadOS device running min. v14
  • Android device running min. Android 8

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our help desk is open Monday - Friday, 08.30 - 17.00. Tickets are initially responded to no longer than 4 working hours from receipt.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can access our web chat from any page on our website
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Our in-house support team provide a range of support services to assist users with troubleshooting and basic user guidance. Our Enterprise customers have a dedicated account manager who support account leads in their usage of the platform.; ; Other support can include data entry and training sessions which are available on request and quoted based on requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The onboarding process is driven by customer requirements and our teams are flexible to provide the level of support required. Training can be delivered both in-person and online and we help with initial digitisation of any existing forms and processes as part of the onboarding process. ; ; User Documentation is available through our support portal at https://support.work-wallet.com and cover a range of topics and guides.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At end of contract, a customer may request all compiled reports in PDF format.; ; If a customer uses Power BI Integration, they retain all data collected within their environment for historic reporting purposes.
• End-of-contract process: Access to the services would cease after the contract end date. Unless other arrangements or requests are made, the data held will be scheduled for deletion under our data retention policy.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Optimised interface for mobile devices and use cases for using the mobile service vs the desktop service. KPIs, Reporting and Core Settings are all only available on the desktop.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Account administrators can generate an API through the admin portal of the system. This allows configuration of which modules provide data over the API key. ; ; Our full integrations API documentation is available at https://integrations.work-wallet.com/ ; ; In addition, a BI API provides data for reporting purposes. Full documentation and starter project files can be found at https://github.com/work-wallet/BIClient
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The system provides account administrators with a wide range of customisation options within the service. For example, custom workflows and questions can be configured for items such as Issue Reporting, Permit to Work and Audits. ; ; These customisations are available through our easy to use workflow builder, along with a wide range of other system configuration options.; ; Document layout templates can also be configured for Audit reports and Risk Assessments. These are Word Document formatted, allowing a range of layout options for the report output to be generated in.

Scaling

• Independence of resources: Work Wallet uses the Microsoft Azure infrastructure for service delivery. As such, our core cloud services have auto scale-out capability to add additional server resource when a specified usage level is reached.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export completed, compiled reports as PDFs and summarised record lists in XLSX format. Access to the data users are able to export is controlled through their user permissions.
• Data export formats: Other
• Other data export formats:
  • PDF
  • XLSX
• Data import formats: Other
• Other data import formats: XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: If the Supplier does not achieve and maintain the Service Levels, the Customer will be eligible for a credit. The service credit varies depending on Downtime, as outlined below.; ; Monthly Uptime Percentage: < 99.8% (10%) / < 99% (25%); ; Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Monthly Uptime % = (Maximum Available Minutes within the calendar month -Downtime)/(Maximum Available Minutes within the calendar month) x 100
• Approach to resilience: Our cloud infrastructure has multiple areas to support wider system resilience, including:; - Azure Functions for task processing: Spin up specific compute units based on demand for various activities in the system; - Auto Scale-Out: Additional Cloud Services can be brought online when a threshold of capacity is reached; - Failover geo-redundant datacentre location: In the event of a complete failure in the primary datacenter, a failover location will fall back to take system traffic.
• Outage reporting: Outages are recorded on our public dashboard at https://status.work-wallet.com. Admins can also subscribe to email alerts through this portal.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Support Team access to an account is controlled by the account administrator through their security centre within the portal. The support team are unable to access the account without this authorisation.; ; Further administrator interface access is regulated by the role-based access control (RBAC) method, based on the Principle of Least Privilege.; The level of security assigned to a user to the organization's information systems is based on the minimum necessary amount of data access required to carry out legitimate job responsibilities assigned to a user's job classification.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 02/09/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials PLUS
• Information security policies and processes: Work Wallet's security policies and processes align with ISO27001. Our security review team include Senior Developers and Directors of the company to ensure that reporting and review of policies are presented at all levels of the business.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and Change of the modules within the services a consists of a defined set of phases:; Determine System Need Phase; Define System Requirements Phase; Design System Component Phase; Build System Component Phase; Evaluate System Readiness Phase; System Deployment Phase; ; Information security implications will be addressed and reviewed regularly, and responsibilities for information security will be defined and allocated to the roles defined in the project management methods.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The protection, scanning and identification of Work Wallet’s system vulnerabilities is performed by:; ; SentinelOne security agent installed on all employees' machines; Automated Drata security agent installed on all employees’ machines.; Mimecast S2 Email Scanning; Cisco Umbrella DNS Filtering; Azure Defender; Azure Application Insights; ; Threat signatures, and compromise indicators are automatically updated through the systems update process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proactive system access is reviewed by our security team through a mixture of analysis of the system's direct security centre, along with logs stored within Azure Application Insights. In addition to system alert notifications, our teams monitor system status for any potential compromise. ; ; All users must report any system vulnerability, incident, or event pointing to a possible incident to the Security Officer as quickly as possible but no later than 24 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: A key objective of Work Wallet’s Information Security Program is to focus on detecting information security weaknesses and vulnerabilities so that incidents and breaches can be prevented wherever possible. ; ; Under the guidance of our Incident Response Plan, all users must report any system vulnerability, incident, or event pointing to a possible incident to the Security Officer as quickly as possible but no later than 24 hours. Incidents must be reported by sending an email message with details of the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  The system has multiple functions to support positive environmental engagement within a workforce, including reporting environmental concerns or incidents and conducting environmental assessments of sites or areas.; ; The system is provided as a fully digital solution and often replaces existing paper based processes which will save 100s of trees during a project's lifetime.

  Wellbeing

  Supporting physical and mental health wellbeing is a central purpose of the system's implementation within a project. All modules help contribute towards this well being for the contract workforce.

Pricing

• Price: £12 to £240 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.rowe@work-wallet.com. Tell them what format you need. It will help if you say what assistive technology you use.