Pretium Workforce Management

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: Access To Internet & Webrowers version: Microsoft Edge or IE11, Firefox, Google Chrome, Safari 10+.

Maintenance by Pretium's VMS preferably takes place at the following times and would be announced in advance :-
Maintenance infrastructure, back-up/other regular maintenance. Out of office hours as much as possible
- Monthly Releases - According to yearly release calendar
- Maxium file size - When integrating with external systems, such as for exporting identification documents, there is a limitation on the maximum file size that can be set for each document type due to limitations imposed by the platform provider on exporting documents
System requirements: Microsoft Edge/IE11/Firefox/Google Chrome/Safari 10+

HTTPS connections to ensure data security

API authentication needs a web service user account

Specific permissions for web service users.

User support

Email or online ticketing support: Email or online ticketing
Support response times: Response time, solving time and possible interval for a status report are displayed per incident and priority, after the Service Request has been submitted to the system. Typically a response time of between <2 hrs -< 16hrs on a priority/complexity 1 to 5 scale. An expected solving time of <8 hrs - <24hrs with regular status reports (hourly, daily to 3 working days)
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), 7 days a week
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: The manual chatbot (beta) in the VMS is a semi-public beta feature that is still undergoing optimization. The chatbot is designed to provide answers to questions, although it is not yet fully trained and may sometimes miss context or provide too much detail on seemingly irrelevant information. Despite these limitations, the chatbot's answers are considered promising, which is why it has been shared with partners.

The chatbot is expected to assist with inquiries related to the VMS, potentially offering support and guidance on how to use the system, answering frequently asked questions, and helping users navigate through various functionalities of the VMS. However, users are advised to use the chatbot with care, as it is still in the beta stage and may not always provide accurate or complete information. There is no liability accepted for the answers given by the chatbot at this stage of its development
Onsite support: Yes, at extra cost
Support levels: Pretium provide support during business hours 8.30 – 6pm. The platform is available for access 24x7x365 service depending on client requirements.

For the software platform
• 99.5% up time
• Redundancy by design including regular data backups, deployable to multiple availability regions, automated hot fail over.
Training is provided to designated Super Users within Pretium who have an enhanced level of administration rights to the system and who can provided 1st & 2nd line support to their client users (managers, supplier & workers). Initial super user training is provided as part of the first implementation and further training can then be provided.
Super Users have access to the VMS portal where they can log tickets for support with issues they cannot resolve. Tickets are picked up by Pretium's desk and if need to be escalated further are allocated to the accounts designated consultant to resolve
- Partner Manager is assigned and have regular review meetings to understand any concerns, requests and provide strategic support
- If additional services are required a project is scoped and priced with the need for integration consultants, VMS consultants and developers
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Implementation of neutral managed service framework, technology platform and compliance service are 6-9 weeks dependent on scope, scale, and complexity of the client requirements. Implementation is bespoke to each client and our collaborative approach ensures that joint plans objectives and outcomes are delivered. Engagement with Executive and high-level stakeholder engagement (Legal, Tax, Finance, IT, Procurement and HR) is crucial to successful implementation.
After formal ‘go ahead’ from the client, the Pretium Account management starts at the implementation with our 4-phase approach of Design, Build, Launch, Evolve. We involve all the key Pretium team members, so they fully understand the drivers, pressures and concerns of the customer hiring managers. If the whole team understands the issues, we can create a solution to stop them happening. The people involved in creating those solutions are the same people who will be managing the day to day running of the account.We encourage and enable direct communication between customers and the Pretium Supply Partners through a controlled and tracked environment. This creates a tri-party community for the hiring manager, Supply Partner, and Pretium, meaning vacancy management is as effective as possible, and nobody is left in the dark.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: If required, data can be provided to the customer and can be deleted from the platform. This will be based on each individual customer's needs.With regard to client or their suppliers' data held within the VMS software platform we will ensure such data is transferred to the client or supplier(as relevant) within 30 days of the date of termination and such data will be in .csv format. The data will be subsequently deleted from our servers and the software platform (see service definition document for further details) subject to data protection legislation requirements.
End-of-contract process: At the end of the contract a client can have customised data extracts. We agree the exit plan with the client at the outset of the contract as to what they will require so we can inform them and also agree any additional relevant costs (see service definition document).

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Pretium's VMS provides both mobile and desktop services, each optimized for different user needs. Desktop service features a comprehensive/detailed interface, ideal for managing complex tasks/large volumes of data & well-suited for in-depth management/ administration, offering a full range of features. In contrast, the mobile service offers a streamlined interface focused on quick access and on-the-go interactions. It prioritizes core and urgent tasks, favouring quick access over advanced configuration.

Both platforms share the same infrastructure, ensuring consistent data and a seamless user experience across devices. Mobile/desktop services are designed to complement each other, effectively meeting varied needs of contingent workforce management.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: The VMS service interface is intuitive and user-friendly, focusing on efficient contingent workforce management. It features a clear layout with easily navigable tabs, menus, and dashboards. The platform is highly customizable, allowing users to tailor workflows, templates, branding to meet specific needs. It offers functional modules for managing various tasks, such as vacancies, candidates, timesheets, invoices, which align with typical business processes. The interface includes robust reporting/analytics tools for data-driven decision-making. Access control and security are enhanced through role-based permissions and features like multi-factor authentication. The service is available on both mobile/desktop versions, maintaining a consistent user experience across devices.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: Pretium's VMS runs on the Salesforce Hyperforce infrastructure, which includes compliance with global standards and regulations, including WCAG 2.1 AA. This means the system aligns with common accessibility guidelines, helping users with disabilities navigate the interface effectively.
API: Yes
What users can and can't do using the API: To set up the service through Pretium's VMS API, partners or clients' users can integrate it with other systems, like HR platforms and accounting software. The API facilitates initial configurations, such as importing organizational data and creating user accounts. This flexibility allows users to customize the platform and integrate it with their existing systems.

The API also permits customization of workflows and templates, adapting the system’s functionality to specific business needs. Additionally, users can extract data for reporting and analytics, integrating Pretium's VMS data into business intelligence tools.

However, setting up or changing certain aspects of the service can sometimes be complex. Although the API offers broad capabilities, partners or clients' users often need support from Pretium's VMS consultants to navigate this complexity. Certain high-level administrative tasks, like modifying core system settings, may be restricted to prevent unauthorized changes.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Pretium's VMS offers robust customization options tailored for our clients' branding and operational needs. Here’s an overview:

Customizable Features:

Branding: Modify the interface to reflect corporate identities with customizable colors and logos.

Email Templates: Tailor email communications with specific terminology and style.

Workflows and Processes: Adapt workflows and processes, including approval flows and notification rules.

Reports: Generate reports focusing on crucial business metrics.
Customization Tools:

User Interface (UI): Pretium's VMS provides tools for clients to modify templates and layouts directly through the system settings.
Access to Customization:

Administrators and Authorized Users: Customization is typically reserved for administrators or designated users who have the necessary permissions to ensure controlled, secure adjustments.

Role-Based Access: Pretium's VMS utilizes role-based access control (RBAC), allowing detailed management over customization permissions.

These customization capabilities ensure that Pretium’s VMS can be precisely adapted to meet and exceed our clients' specific requirements, boosting user engagement and operational efficiency.

Scaling

Independence of resources: Pretium's VMS ensures consistent performance using Salesforce's Hyperforce infrastructure for a robust, scalable multi-tenant architecture. Key strategies include:

Scalable Infrastructure: Capacity planning with cloud providers ensures timely resource scaling.
Redundancy: Redundant critical components manage load and maintain performance.
Performance Monitoring: Salesforce's READS methodology prevents system overload and optimizes performance.
Regional Data Centers: Multiple data centers distribute the load, minimizing performance impacts due to geography or peak times.
These strategies ensure a scalable service that provides a seamless user experience, regardless of user demand.

Analytics

Service usage metrics: Yes
Metrics types: 99.5% up time
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Netive.B.V

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Functionality within the platform to export data
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Pretium's VMS offers a high standard of system availability, typically maintaining over 99.5% uptime. Our formal Service Level Agreement (SLA) guarantees a minimum availability of 99% uptime on a monthly basis. This commitment ensures that our application remains highly reliable and accessible, supporting our users’ business operations effectively.

In the event that we fail to meet this guaranteed level of availability, our SLA specifies compensation for users through service credits. These credits are calculated based on the monthly service fee paid by the user, adjusted proportionally to the extent of the downtime experienced beyond the 99% threshold. Detailed information about the calculation of service credits, including specific percentages, is clearly outlined in our contractual agreements to ensure transparency and fairness.

This policy reinforces our dedication to maintaining high availability and provides our users with financial redress in the unlikely event of significant downtime, aligning our interests with those of our clients in maintaining continuous, reliable service.
Approach to resilience: Pretium and its VMS partner has both BC and DR plans in place these ensure minimal disruption to service, clients and supply chain. These are available on request
Outage reporting: Pretium's VMS employs a comprehensive approach to reporting service outages, ensuring that all stakeholders are informed promptly and accurately through various channels:

Publicly Accessible Dashboard: Leveraging Salesforce's Hyperforce infrastructure, Pretium's VMS provides a public dashboard that is always available. This dashboard displays real-time and historical data regarding system status, including any outages or disruptions. It allows users to monitor the service's health transparently and continuously.
Email Alerts: Pretium's VMS support team proactively sends email alerts to all stakeholders in the event of a potential or actual service disruption. These alerts provide timely updates on the nature of the issue, the expected resolution time, and any necessary steps users may need to take.
This multi-faceted strategy ensures that users and stakeholders of Pretium's VMS are well-informed about the system's status at all times, promoting reliability and trust in the service.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Pretium's VMS secures and restricts access to management interfaces and support channels through role-based access control (RBAC). Administrators assign permissions based on organizational roles, limiting users to data and functions pertinent to their responsibilities. This granularity minimizes misuse and enhances security by restricting sensitive operations to authorized personnel. Additionally, the system includes audit trails and monitoring mechanisms to log and review activities, ensuring transparency and accountability. Support channels require authenticated sessions, with users verifying their identity before access. This robust approach safeguards against unauthorized access, maintaining the integrity and confidentiality of sensitive information.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Both Pretium's VMS and Salesforce are ISO/IEC 27001 certified.
ISO/IEC 27001 accreditation date: Pretium's VMS 29/06/2023
What the ISO/IEC 27001 doesn’t cover: N/A (report available if needed)
ISO 28000:2007 certification: No
CSA STAR certification: Yes
CSA STAR accreditation date: Salesforce 1/11/23
CSA STAR certification level: Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover: N/A (report available if needed)
PCI certification: Yes
Who accredited the PCI DSS certification: Tenable.io
PCI DSS accreditation date: 25/01/2024
What the PCI DSS doesn’t cover: N/A (report available if needed)
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: CSA CCM version 3.0
Information security policies and processes: Pretium's VMS has a structured security governance model by ensuring data protection throughout its clients’ operations. Brief summary of the model: Risk Management: conducts regular risk assessments and implements control measures to mitigate identified security risks, including adjustments due to emerging threats or operational changes. Policies and Procedures: security policies are regularly reviewed and updated, including compliance with ISO/IEC 27001, GDPR, SOC 2 and other standards and regulations, which reflect best practices. Compliance: complies with international standards including ISO/IEC 27001, GDPR and US SOC 2 (annual audits and recertification). Employee Training: employees are required to participate in periodic training regarding security policies, data protection policies, specific threat scenarios, actions, reporting practices and other elements as established by security policies. Access Control: maintains strict access control/identity management enhanced by multi-factor authentication/role-based access, ensuring only authorised and qualified individuals access sensitive data. Incident Response: maintains an incident response plan to reduce the impact of security breaches. Continuous Improvement: continuously adjusts its control measures based on feedback from incidents/new technologies. Stakeholder Communication: communication channels with its stakeholders regarding its security practice/incident management to maintain stakeholders’ trust in security governance. Pretium’s VMS ensures secure storage of data and maintains stakeholders’ trust in security governance.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Pretium's VMS utilises a rigorous configuration and change management process with a "Secure by Design" approach, ensuring security/stability from the outset. All components are meticulously catalogued/tracked from acquisition to decommissioning.

Proposed changes undergo a structured review, starting with a detailed proposal assessing potential security impacts, adhering to "Secure by Design" principles. A Change Advisory Board evaluates each change for security risks/operational impacts. Approval requires thorough testing to confirm no negative effects on functionality or security.

Changes are implemented during specific maintenance windows to minimize disruption, followed by continuous monitoring and a post-implementation review to ensure compliance with security standards.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Pretium's VMS features a robust vulnerability management process within its ISO27001-certified security framework:

Threat Assessment:

Identification: Continuous threat detection using internal tools and external sources, including automated application and infrastructure scans.
Risk Evaluation: Vulnerabilities are assessed for severity, impact, and exploitation likelihood to prioritize remediation.
Patch Deployment:

Urgency and Prioritization: Critical vulnerabilities are addressed within 24 hours, while less urgent ones are handled during routine maintenance to minimize disruption.
Testing and Implementation: All patches undergo rigorous testing in a controlled environment to ensure effectiveness.
Threat Information Sources:

Notifications: We gather threat intelligence through alerts from partners, clients, and employees.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Pretium's VMS has a structured response protocol for potential security breaches, ensuring effective collaboration between our DevOps and Support teams:

Response Protocol:

Initial Response: Detection by employees or clients using various methods triggers immediate incident handling.
Second Line Support: Our Support team assesses and contains the incident, implementing interim solutions to mitigate risks.
Third Line Support: Complex cases are escalated to our DevOps team for detailed responses, including deploying patches and making infrastructure adjustments.
Response Speed: We respond to urgent incidents within hours, prioritizing based on severity to minimize disruption and maintain service integrity.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Pretium's VMS employs a structured incident management process designed to handle common events efficiently and ensure rapid response:

Pre-defined Processes for Common Events: We have established protocols for common types of incidents such as unauthorized access, data breaches, and service disruptions. These protocols allow our team to respond swiftly and effectively, minimizing impact and restoring services promptly.

Reporting Incidents: Users can report incidents through our dedicated support platform. This tool allows users to easily raise issues or service requests directly. Our support team is immediately notified and can begin addressing the incident based on the severity and type.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Public Services Network (PSN)

Social Value

Equal opportunity

In accordance with the Social Value Act, Pretium is dedicated to creating training programs that bridge skills gaps and promote diversity within its client organisations' workforce.
Pretium aims to develop training schemes in partnership with its client organisations, aligning with their Social Value objectives. These schemes will prioritise opportunities for underrepresented and disadvantaged groups, fostering an inclusive and skilled talent pool.
Targeted Training: Tailored training will be developed for groups such as NEETs, ex-military, and ex-offenders, focusing on essential skills needed in Pretium's client organisations. Partnering with agencies specialising in vocational rehabilitation, these programs will provide comprehensive support from mentorship to career development skills.
Upskilling and Reskilling: Pretium will launch initiatives to enhance both technical and soft skills, ensuring employees and recruits are equipped to meet the demands of the dynamic work environment of its client organisations.
Inclusive Practices: Recruitment and onboarding processes will be revisited to prioritise diversity, with a focus on attracting candidates from marginalised groups. Collaborations with platforms connecting these individuals to work will be explored, fostering a culture of inclusivity.
Sector-Specific Training: Working with SMEs, Pretium will help create industry-relevant training, addressing specific skill requirements and preparing the workforce for diverse sectoral challenges.
Monitoring and Evaluation: Clear KPIs will be set for training initiatives, with regular assessments to gauge their impact on workforce development and diversity.
Community Engagement: Pretium will organise events to connect with potential talent and raise awareness of opportunities for underrepresented communities, enhancing talent acquisition and community involvement.
Pretium commits to these strategies to help its client organisations cultivate a capable, diverse workforce that embodies their social value and equality, diversity, and inclusion goals. This commitment extends beyond service enhancement to making a meaningful contribution to the broader community.

Pricing

Price: £25,000 a transaction a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Pretium Workforce Management

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents