StaffCircle Performance Management Software
StaffCircle is an employee engagement platform combining performance management, communications and culture into a single system which can be used by both office and remote / front-line workers. This provides feedback, objectives, one2one check-in, 360 appraisals, values, behaviours, one2one recognition, skills and personal development using either desktop browser or mobile.
Features
- Performance Management with realtime Conversations, Reviews, One2One, Objectives, 360 Appraisals
- Communications & Culture with Internal News-Feed, Social-Feeds, Values, Behaviours, Awards
- HR &Time-Off with Holidays and sickness, skills matrix and achievements
- Multi-channel critical alerts and notifications using sms, email, push, teams
- Create digital forms with e-signatures using built in worksheet builder
- Fully customisable app with changeable branding, images, icons and text
- Realtime conversations and feedback linked on values and behaviours
- Data encrypted and hosted in UK Microsoft Data-Centres
- Microsoft Teams integration and Office 365 Single sign-on SSO
- eNPS - employee net promotor Surveys and Employee Sentiment
Benefits
- Combines Performance Management with Culture, Comms and Values
- Embeds your competency framework into Feedback, Objectives and Appraisals
- Provides Communications&Culture for both Office and Front line workers
- Unify office, home and front line workers into one system
- Easy to use Manager screen for communicating and managing workers
- Gives all employees access using mobile or desktop login
- Multi-channel alerts on SMS, Email ensures no-one is left out
- Critical Alerts gets messages to front-line and home workers fast
- Logging & tracking analysis content views and overall engagement
- A low cost single source of truth for all employees
Pricing
£3,900 to £46,440 a unit a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 9 2 7 1 9 6 2 4 6 2 4 9 1 5
Contact
StaffCircle Ltd
Mark Seemann
Telephone: 02039003443
Email: mark.seemann@staffcircle.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Microsoft Teams
- Cloud deployment model
- Public cloud
- Service constraints
- No constraints
- System requirements
-
- Google Chrome or Microsoft Edge Web-browser
- Internet Access on either desktop or mobile
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
8.30am to 6pm Monday to Friday 3 hour response time
Out of Hours - Evenings and Weekends 12 hour response time - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Web chat is available through our support section which is in our product. Users can click on the help icon and select support chat which opens up a support chat channel.
- Web chat accessibility testing
- None as yet
- Onsite support
- Yes, at extra cost
- Support levels
- Onsite support can be provided at extra cost of £500 per half day for one on-site customer success manager. Onsite support is used primarily for launching the software and team training.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide online training, end user documentation and hands-on platform configuration of platform by our Customer Success Managers.
We also provide a best practice communication plan to support the rollout and adoption of the software. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Users can access their data from the system at any time, If the contract ends the customer will create a data access and removal request whereby we will extract the user and system data into a suitable storage device and then send the device by courier to the specified data controller contact.
- End-of-contract process
-
At the end of the contact the customer will inform StaffCircle of their intention to not to renew or continue to use the service and will either request their data and employee data is removed from our platform or removed with a single backup instance of the data to be delivered to the data controller.
The contract price includes a license to use the product for the duration of the contract and also customer support during this time. The contract price also includes new features which are released every 8-12 weeks.
Additional cost items would include any professional services requested by the customer such as additional training, system integration or additional feature development which have previously not been agreed or priced.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- On mobile, the application is accessed as a PWA (progressive web app). All end user and manager functions are available on mobile. Administrator configuration can only be done on a full web browser.
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
- The open API is available for Enterprise Customers and provides a RESTful interface for performing many of our platform functions using 3rd party code. Our knowledge-base for operating and developing using our API is available at https://staffcircle.com/api
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Customisation can be performed by admin users with suitable permissions. Our platform can be customisation in the following ways:
1) Branding / logos / colours - controls are built into the system
2) Menu names and icons - controls are built into the system
3) Which menu items appear- controls are built into the system
4) Information channels can be accessed- create/edit/remove - controls are built into the system
5) appraisal templates - create/edit/remove- controls are built into the system
6) appraisal questions - create/edit/remove- controls are built into the system
7) appraisal scoring templates - create/edit/remove- controls are built into the system
8) Performance Review Templates - create/edit/remove- controls are built into the system
9) Performance Objective Templates - create/edit/remove- controls are built into the system
10) Worksheets - create/edit/remove- controls are built into the system
11) skills - create/edit/remove- controls are built into the system
12) roles - create/edit/remove- controls are built into the system
13) awards - create/edit/remove- controls are built into the system
Scaling
- Independence of resources
- StaffCircle is built natively on Microsoft Azure cloud using a micro-service architecture which enables us to scale different parts of the service independently of others depending on demand. The Microsoft Azure cloud combined with our architecture gives us almost infinite scaling capabilities.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide several service usage metrics:
1. Dashboards and reports showing end user activations, logins and activities including articles reads, likes, comments and which users are not using the platform or receiving communications.
2. Dashboards and reports showing which users have objectives, reviews, awards, tasks, messages and feedback.
3. Dashboard and reports showing which users have holiday booking, sickness bookings. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
User data can be exported in 2 ways:
1. Customer administrators have access to export end user data from the platform.
2. The Customer Data Controller can provide StaffCircle with a data access request and subsequent data removal request. - Data export formats
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
- Using the Office 365 synchronisation feature built into StaffCircle
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
99.9% uptime for core services which are monitored by a third party.
Uptime stats are available to customers at https://status.staffcircle.com
SLA under-performance
In the event we do not meet or surpass these uptime metrics, a service credit will be available as follows:
0.2% over uptime target = 5% refund of your monthly service credit*
0.3% over uptime target = 10% refund of your monthly service credit*
0.4% over uptime target = 20% refund of your monthly service credit*
0.5% over uptime target = 30% refund of your monthly service credit*
0.6% over uptime target = 40% refund of your monthly service credit*
0.7% over uptime target = 50% refund of your monthly service credit*
Support service level and escalation process
*All service credits are given as percentage discounts from the monthly service charge; charges for successful phone calls made by customers are not included in the service credits and will still need to be paid. SLA service credit claims must be made in writing to sla@staffcircle.com within 30 days of the end of the month in which the outage/SLA failure occurred. Service Credits will be credited to the customer’s account within 30 days once the claim has been verified. - Approach to resilience
- Our platform uses Micorosft Azure Datacentres and adhere to their standards which are available at https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-home?view=o365-worldwide
- Outage reporting
- We offer a public dashboard which includes email alerts which is available at https://status.staffcircle.com
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- The system contains a security model which specify which groups of users have access to management interfaces and support channels.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International
- ISO/IEC 27001 accreditation date
- 13/10/2021
- What the ISO/IEC 27001 doesn’t cover
- All items with the ISO 27001 framework are covered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Penetration Test Certificate
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We follow ISO/IEC 27001 for security. Escalation Procedures are Support->Manager->Director->CEO (12-hour-response)
We adhere strictly to relevant UK and European data protection laws including GDPR.
All employees sign a confidentiality agreement to protect customer data.
Application and Platform is externally tested (Pen Tested) with annual certification.
Our code base has a high level of unit testing and we conduct peer-reviews on code changes.
We separate our development, test, uat (user acceptance testing) and production environments.
We implement automated builds and continuous integration.
We operate in an Agile Scrum development environment.
We pioneered “Secure Field” technology enabling two-factor authentication on individual fields.
Intrusion detection and prevention processes are performed by our hosting providers Microsoft Azure to ensure the maximum security of the StaffCircle platform. Distributed Denial of service (DDoS) is mitigated by our hosting provider Microsoft Azure to ensure the maximum uptime of the StaffCircle platform.
Logical and physical access to platform
Logical access to the StaffCircle production systems are restricted to our core operations team and we log and monitor access to the systems on a regular basis. Our systems are protected by various layers of security including VPN access gateways and authorised personnel are granted access only using 2-factor authentication.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
We use Agile Development process with fortnightly sprints. Our head of development is designated as our chief security officer who assesses each sprint for potential security issues. In addition to this each developer is responsible for having and performing code reviews on their code and others - assessing for security impact and general reliability.
Each release to UAT is signed off by our internal UAT testing team where there are a number of manual regression tests and automated selenium tests which cover the integrity of our security. Our versioning and build numbering tracks code and developer timelines - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We use realtime monitoring of all our services to identify anomalous usage.
We have a hot patch system to deploy service/security affecting bugs within 12 hours.
We use Azure App insights and API management console as well as Sentry which is built into our codebase.
We use 3rd party CREST accredited PEN testers on a regular basis. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
We use Microsoft Azure own monitoring tools to identify potential compromises. We also use AppInsights to see anomalous usage of our platform and APIs.
Our security protocols dictate we respond within 3 hours to reported incidents. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
All Incidents (outages, security breaches) are categorised into level of severity andwith security breaches being the highest level - 5 (Critical).
Common events are also categorised so specific workflows can be assigned.
We use linked ticket systems (Zendesk and Jira) linked to both our customer support team and our development team.
Incidents can be reported using email to support@staffcircle.com or by telephone or instant message through our support portal.
Incident reports are provided in monthly report on PDF to both customers and the senior management team within the business.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
our service assists organisations wanting employees to work remotely from home which reduces carbon emissions for both the organisation and the individual employee. - Covid-19 recovery
-
Covid-19 recovery
Our software helps organisations manage employees working remotely, StaffCircle as a built in COVID test worksheet which helps organisations safeguard their employees when conducting face to face events. - Wellbeing
-
Wellbeing
Our software includes wellbeing tools for employees such as eNPS (employee net promoter) and Sentiment Pulse Surveys
Pricing
- Price
- £3,900 to £46,440 a unit a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
14 Free trial of our platform for up to 10 selected users.
Free trial on-boarding call and 1 hour online training session. - Link to free trial
- https://www.staffcircle.com/trial