StaffCircle Ltd

StaffCircle Performance Management Software

StaffCircle is an employee engagement platform combining performance management, communications and culture into a single system which can be used by both office and remote / front-line workers. This provides feedback, objectives, one2one check-in, 360 appraisals, values, behaviours, one2one recognition, skills and personal development using either desktop browser or mobile.

Features

Performance Management with realtime Conversations, Reviews, One2One, Objectives, 360 Appraisals
Communications & Culture with Internal News-Feed, Social-Feeds, Values, Behaviours, Awards
HR &Time-Off with Holidays and sickness, skills matrix and achievements
Multi-channel critical alerts and notifications using sms, email, push, teams
Create digital forms with e-signatures using built in worksheet builder
Fully customisable app with changeable branding, images, icons and text
Realtime conversations and feedback linked on values and behaviours
Data encrypted and hosted in UK Microsoft Data-Centres
Microsoft Teams integration and Office 365 Single sign-on SSO
eNPS - employee net promotor Surveys and Employee Sentiment

Benefits

Combines Performance Management with Culture, Comms and Values
Embeds your competency framework into Feedback, Objectives and Appraisals
Provides Communications&Culture for both Office and Front line workers
Unify office, home and front line workers into one system
Easy to use Manager screen for communicating and managing workers
Gives all employees access using mobile or desktop login
Multi-channel alerts on SMS, Email ensures no-one is left out
Critical Alerts gets messages to front-line and home workers fast
Logging & tracking analysis content views and overall engagement
A low cost single source of truth for all employees

£3,900 to £46,440 a unit a year

Education pricing available
Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.seemann@staffcircle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

Contact

StaffCircle Ltd Mark Seemann
Telephone: 02039003443
Email: mark.seemann@staffcircle.com

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Microsoft Teams
Cloud deployment model: Public cloud
Service constraints: No constraints
System requirements: Google Chrome or Microsoft Edge Web-browser

Internet Access on either desktop or mobile

User support

Email or online ticketing support: Email or online ticketing
Support response times: 8.30am to 6pm Monday to Friday 3 hour response time
Out of Hours - Evenings and Weekends 12 hour response time
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Web chat is available through our support section which is in our product. Users can click on the help icon and select support chat which opens up a support chat channel.
Web chat accessibility testing: None as yet
Onsite support: Yes, at extra cost
Support levels: Onsite support can be provided at extra cost of £500 per half day for one on-site customer success manager. Onsite support is used primarily for launching the software and team training.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We provide online training, end user documentation and hands-on platform configuration of platform by our Customer Success Managers.
We also provide a best practice communication plan to support the rollout and adoption of the software.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Users can access their data from the system at any time, If the contract ends the customer will create a data access and removal request whereby we will extract the user and system data into a suitable storage device and then send the device by courier to the specified data controller contact.
End-of-contract process: At the end of the contact the customer will inform StaffCircle of their intention to not to renew or continue to use the service and will either request their data and employee data is removed from our platform or removed with a single backup instance of the data to be delivered to the data controller.

The contract price includes a license to use the product for the duration of the contract and also customer support during this time. The contract price also includes new features which are released every 8-12 weeks.

Additional cost items would include any professional services requested by the customer such as additional training, system integration or additional feature development which have previously not been agreed or priced.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: On mobile, the application is accessed as a PWA (progressive web app). All end user and manager functions are available on mobile. Administrator configuration can only be done on a full web browser.
Service interface: No
User support accessibility: WCAG 2.1 A
API: Yes
What users can and can't do using the API: The open API is available for Enterprise Customers and provides a RESTful interface for performing many of our platform functions using 3rd party code. Our knowledge-base for operating and developing using our API is available at https://staffcircle.com/api
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Customisation can be performed by admin users with suitable permissions. Our platform can be customisation in the following ways:

1) Branding / logos / colours - controls are built into the system
2) Menu names and icons - controls are built into the system
3) Which menu items appear- controls are built into the system
4) Information channels can be accessed- create/edit/remove - controls are built into the system
5) appraisal templates - create/edit/remove- controls are built into the system
6) appraisal questions - create/edit/remove- controls are built into the system
7) appraisal scoring templates - create/edit/remove- controls are built into the system
8) Performance Review Templates - create/edit/remove- controls are built into the system
9) Performance Objective Templates - create/edit/remove- controls are built into the system
10) Worksheets - create/edit/remove- controls are built into the system
11) skills - create/edit/remove- controls are built into the system
12) roles - create/edit/remove- controls are built into the system
13) awards - create/edit/remove- controls are built into the system

Scaling

Independence of resources: StaffCircle is built natively on Microsoft Azure cloud using a micro-service architecture which enables us to scale different parts of the service independently of others depending on demand. The Microsoft Azure cloud combined with our architecture gives us almost infinite scaling capabilities.

Analytics

Service usage metrics: Yes
Metrics types: We provide several service usage metrics:

1. Dashboards and reports showing end user activations, logins and activities including articles reads, likes, comments and which users are not using the platform or receiving communications.

2. Dashboards and reports showing which users have objectives, reviews, awards, tasks, messages and feedback.

3. Dashboard and reports showing which users have holiday booking, sickness bookings.
Reporting types: API access

Real-time dashboards

Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: User data can be exported in 2 ways:
1. Customer administrators have access to export end user data from the platform.
2. The Customer Data Controller can provide StaffCircle with a data access request and subsequent data removal request.
Data export formats: CSV
Data import formats: CSV

Other
Other data import formats: Using the Office 365 synchronisation feature built into StaffCircle

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.9% uptime for core services which are monitored by a third party.
Uptime stats are available to customers at https://status.staffcircle.com

SLA under-performance
In the event we do not meet or surpass these uptime metrics, a service credit will be available as follows:

0.2% over uptime target = 5% refund of your monthly service credit*
0.3% over uptime target = 10% refund of your monthly service credit*
0.4% over uptime target = 20% refund of your monthly service credit*
0.5% over uptime target = 30% refund of your monthly service credit*
0.6% over uptime target = 40% refund of your monthly service credit*
0.7% over uptime target = 50% refund of your monthly service credit*

Support service level and escalation process
*All service credits are given as percentage discounts from the monthly service charge; charges for successful phone calls made by customers are not included in the service credits and will still need to be paid. SLA service credit claims must be made in writing to sla@staffcircle.com within 30 days of the end of the month in which the outage/SLA failure occurred. Service Credits will be credited to the customer’s account within 30 days once the claim has been verified.
Approach to resilience: Our platform uses Micorosft Azure Datacentres and adhere to their standards which are available at https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-home?view=o365-worldwide
Outage reporting: We offer a public dashboard which includes email alerts which is available at https://status.staffcircle.com

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: The system contains a security model which specify which groups of users have access to management interfaces and support channels.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: QMS International
ISO/IEC 27001 accreditation date: 13/10/2021
What the ISO/IEC 27001 doesn’t cover: All items with the ISO 27001 framework are covered.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: Penetration Test Certificate

Cyber Essentials

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: We follow ISO/IEC 27001 for security. Escalation Procedures are Support->Manager->Director->CEO (12-hour-response)
We adhere strictly to relevant UK and European data protection laws including GDPR.
All employees sign a confidentiality agreement to protect customer data.
Application and Platform is externally tested (Pen Tested) with annual certification.
Our code base has a high level of unit testing and we conduct peer-reviews on code changes.
We separate our development, test, uat (user acceptance testing) and production environments.
We implement automated builds and continuous integration.
We operate in an Agile Scrum development environment.
We pioneered “Secure Field” technology enabling two-factor authentication on individual fields.
Intrusion detection and prevention processes are performed by our hosting providers Microsoft Azure to ensure the maximum security of the StaffCircle platform. Distributed Denial of service (DDoS) is mitigated by our hosting provider Microsoft Azure to ensure the maximum uptime of the StaffCircle platform.

Logical and physical access to platform
Logical access to the StaffCircle production systems are restricted to our core operations team and we log and monitor access to the systems on a regular basis. Our systems are protected by various layers of security including VPN access gateways and authorised personnel are granted access only using 2-factor authentication.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: We use Agile Development process with fortnightly sprints. Our head of development is designated as our chief security officer who assesses each sprint for potential security issues. In addition to this each developer is responsible for having and performing code reviews on their code and others - assessing for security impact and general reliability.
Each release to UAT is signed off by our internal UAT testing team where there are a number of manual regression tests and automated selenium tests which cover the integrity of our security. Our versioning and build numbering tracks code and developer timelines
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We use realtime monitoring of all our services to identify anomalous usage.
We have a hot patch system to deploy service/security affecting bugs within 12 hours.
We use Azure App insights and API management console as well as Sentry which is built into our codebase.
We use 3rd party CREST accredited PEN testers on a regular basis.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: We use Microsoft Azure own monitoring tools to identify potential compromises. We also use AppInsights to see anomalous usage of our platform and APIs.

Our security protocols dictate we respond within 3 hours to reported incidents.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: All Incidents (outages, security breaches) are categorised into level of severity andwith security breaches being the highest level - 5 (Critical).
Common events are also categorised so specific workflows can be assigned.

We use linked ticket systems (Zendesk and Jira) linked to both our customer support team and our development team.

Incidents can be reported using email to support@staffcircle.com or by telephone or instant message through our support portal.

Incident reports are provided in monthly report on PDF to both customers and the senior management team within the business.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Pricing

Price: £3,900 to £46,440 a unit a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: 14 Free trial of our platform for up to 10 selected users.
Free trial on-boarding call and 1 hour online training session.
Link to free trial: https://www.staffcircle.com/trial

Service documents

Request an accessible format

Cookies on Digital Marketplace

StaffCircle Performance Management Software

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents