Cezanne HR Ltd

Cezanne HR

Cezanne is a modular, cloud-based HR and UK payroll solution designed to streamline and automate people processes. It's scalable and configurable to fit your business needs. With regular updates and UK-based support, Cezanne is one of the most trusted HR & UK Payroll software providers in the UK today.

Features

• User-friendly, configurable HR software covering the entire employee lifecycle.
• Integrated recruitment and onboarding to smooth talent acquisition.
• Role-specific, branded dashboards with news feeds and quick actions.
• 24/7 cloud access via desktop browser or mobile app.
• Employee self-service to manage documents, holidays, and training.
• Advanced, real-time reporting on people data, exportable to Excel.
• Outlook/MS Teams integrations to streamline processes and notifications.
• Seamless integrations via open APIs.
• Dedicated UK-based implementation and support services.

Benefits

• Easily manage the entire employee lifecycle in one platform.
• Intuitive, user-friendly software that’s configurable to your specific needs.
• Maximise operational effectiveness with automated workflows and seamless integrations.
• Advanced reporting includes all data with custom and out-of-box reports.
• Integration service for unified data transfers across multiple software.
• HMRC-recognised payroll software, offered in-house or as managed service.
• Modular platform where you only pay for modules you use.
• Improved employee engagement with kudos, news feed, and workspaces.
• Advanced analytics with natural language query to understand workforce insights.
• Expansive learning catalogue to help workforce upskilling and career planning.

£300 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cezannehr.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

729239184801251

Contact

John Hixon
020 7202 2720
info@cezannehr.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Planned maintenance of Cezanne HR which will include updates, installation of new versions and the implementation of lower severity patches will be undertaken on Saturdays during the hours of 9am-12noon. A message will be delivered to the customer by the Service at login, or by email at least 24 hours in advance. Urgent patches to Cezanne HR will be notified to the customer as per our T&Cs.
• System requirements:
  • Operating system requirements for end users is a web browser.
  • Cezanne is supported on Firefox, Chrome, Safari, Edge, Chrome, Google.
  • Cezanne’s mobile apps are available for iOS and Android devices.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions can be submitted 24/7/365 via our support desk- they are responded to based upon ticket priority and team availability across business hours 09:00-17:30 (excl. weekends and bank holidays). On average it takes around 3 hours for an initial response to a query.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our different levels of support are dependent upon what is included in client orders when they initially sign with Cezanne. As standard, we provide dedicated Implementation consultancy and training to help clients configure the system to their requirements. This includes both set up and training time (depending upon which modules a client has ordered) with a dedicated project team available to them. Additional services, for example on-site training and additional availability, can be ordered at £120 per hour, or £900 per day.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is online. User guides can be downloaded and our Learning Management System has courses for new starters.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: CSV
• End-of-contract data extraction: At the end of the subscription period, Cezanne (data processor) at the choice of the customer (data controller) will delete or return personal data please refer to Clause 34 of our T&Cs for full details https://cezannehr.com/legal/hr-service-terms-and-conditions/.; Customer Database (clause 34.3) will be returned in the form of multiple flat-files in a comma separated value (.csv) format of Cezanne’s choice, along with the Customer Supplementary Files.
• End-of-contract process: Customer Database (clause 34.3) will be returned in the form of multiple flat-files in a comma separated value (.csv) format of Cezanne’s choice, along with the Customer Supplementary Files. If the Customer requires Customer Data to be returned in any different format Cezanne will charge for this additional service on a time and materials basis at its standard professional services fee rates.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Native mobile apps provide a subset of the employee and line manager functionality (absence requests and appoval, timesheet submission and approval, company directory, absence calendar, clock in and clock out). All desktop features are still available to mobile users via the responsive web interface.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: For this question has been answered with reference to the service interface being our customer support portal which is provided by a third-party provider Freskworks Inc.; Cezanne’s Support Portal (Freshdesk) is always open, and tickets can be entered at any time, 365x7x24.; The time that the support team is committed to looking into tickets and work on the response is from 9:00 to 17:30, UK time, Monday to Friday, excluding days that are bank holidays in England.
• Accessibility standards: None or don’t know
• Description of accessibility: Unknown
• Accessibility testing: Unknown
• API: Yes
• What users can and can't do using the API: Cezanne HR comes with an open API; https://api.cezannehr.com
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All areas of Cezanne HR is customisable. Users can be configured with specific Security Roles and permissions to determine what modules they have access to. Fields can be updated or view. Unlimited dashboards, fields and reporting can be can be configured for employee, manager & HR Administrator levels. This also includes what the user is able to edit themselves or if the change needs to go through an approval process for another team to approve.

Scaling

• Independence of resources: "All data is stored off-site at AWS datacentres, in multiple AWS availability zones in the EU behind an ELB (Elastic Load Balancer). In each availability zone there is one or more web / application servers in an auto scaling group, and we utilise AWS RDS SQL Server in high availability mode, which has a mirror copy in another availability zone with automatic fall-back to an available resource in case of failure of a resource or a physical machine. ; Therefore the risk of disruption to the service is considered low in risk and appropriate controls are in place."

Analytics

• Service usage metrics: Yes
• Metrics types: Cezanne HR offers an open API integration where data can be synchronized from one system to another to eliminate any manual intervention. Cezanne HR also has a customer support portal, which allows for the submission of queries as tickets, provides knowledge base articles and video on common questions or tasks within the statement and allows users to submit ideas for future product enhancements.
• Reporting types: API access

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Litmos, Active8, Intervieweb

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The Cezanne HR system has been designed from the outset with data security as one of its key goals. Both the technological framework and the application architecture underpinning the service were specifically designed for a SaaS multi-tenanted service intended to process personal data. ; Data confidentiality, integrity and availability are key aspects at the basis of the design.; Amongst the many organisational and technical measures implemented all devices (physical or virtual) used for processing operations have their storage encrypted at rest using AES 256 method."
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can run reports to export their data into a CSV format. The ability to do this would depend on the Security Level which has been assigned to the user.
• Data export formats:
  • CSV
  • ODF
  • Other
• Data import formats:
  • CSV
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Cezanne will take appropriate measures in terms of redundancy, monitoring and platform management with the goal of providing 100% Availability of the Service. The events set out in section 39 (T&Cs) and Planned Maintenance will be excluded from the calculation of Availability. The discount will be calculated as 1% for each calendar day in which the Service has been unavailable for more than 60 minutes, plus an additional 5% if the aggregate total of unavailable time in the month has exceeded 1%.; Please refer to clause 22 of our T&Cs https://cezannehr.com/legal/hr-service-terms-and-conditions/.
• Approach to resilience: Cezanne HR has a high level of built-in resilience which is achieved through the parallel usage of mirrored resources in multiple AWS data centres (located in Ireland) and mirrored database copies, with automatic fall-back to an available resource in case of failure of a resource or a physical machine. ; Cezanne HR uses AWS’s RDS feature, that provides automatic backup and recovery in case of failure, with loss of data limited to the updates of the last few minutes.; We have a full back-up recovery mechanism in place with daily back-up copies taken every night and retained for 31 days. ; In case of general failure of the Service, if no more expedited method is reasonably available to resume the service safely and securely with no data loss or corruption, Cezanne shall restore the Customer Database from Data Backups, and then reprocess the transactions that have occurred since the last backup was taken, Cezanne’s target RTO (Recovery Time Objective) is 24 hours; the target RPO (Recovery Point Objective) is 15 minutes. ; The recovery process is thoroughly tested at each new release (every 6-8 weeks) in order to ensure readiness should it become necessary to activate the recovery process.
• Outage reporting: This will be dependent on the outage or incident, however a message will be delivered to the customer by the Service at login, or by email to the Customer’s Primary Service Contact. If considered appropriate, additional communication, for example by telephone, may also be used in addition to the email to the Customer’s Primary Service Contact.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: The Cezanne HR SaaS and our networks are designed by default to be secure, to prevent access or interference by persons or devices not authorised to do so.; Cezanne HR operate a role-based access control methodology, that permits access to business related information based upon the business role of the individual. This restricts access to Networks and Network Services on a need to know and need to use basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Group
• ISO/IEC 27001 accreditation date: 04/12/2019
• What the ISO/IEC 27001 doesn’t cover: The selling and marketing of the Cezanne HR Service provided by Cezanne HR to customers.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "Cezanne has implemented a security framework that outlines our pledge to protect the security, integrity, confidentiality and availability of all information under its control. This will be communicated through the implementation of appropriate policies, procedures and controls through an Information Security Management System (ISMS) certified to the ISO/IEC 27001:2013 standard and will also reflect legal and regulatory requirements.; ; The Manging Director, R&D Director, Network Administrator, Compliance Manager (DPO) Framework & Operations Manager and QA Manager will be regarded as the ISMS steering group. The group will be chaired by the Managing Director therefore have high level management and budgetary authority."

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As part of the code review process a senior engineer assesses the changes in the branch against a checklist that includes checks for changes that have a potential security impact. ; Key decisions made during the development of new features are tracked in a project summary that includes a decision log and risk register.; These are reviewed by Engineering Managers and other stakeholders at regular intervals throughout the project lifecycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: "Cezanne HR is developed in-house, a new release is scheduled every 6-8 weeks, patches will be prioritised depending on severity and will be scheduled into the development roadmap and applied when appropriate. ; Planned maintenance which include updates, new versions and the implementation of patches will be undertaken on Saturdays between 9am-12noon. Clients will be notified as per our T&Cs.; Potential threats could be highlighted through vulnerabilities raised by Outpost 24, a product issue affecting many clients or feedback from a client.; There are several key checks that will be completed within the review, decision and implementation of an emergency patch."
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: "To ensure early detection of potential hacking attempts and availability issues, the service is under constant monitoring through various methods:; • Continuous penetration testing by automated means and periodic (quarterly) penetration testing by a specialised human team Outpost24.; • Monitoring of machines and datacentre availability ; • Machine capacity e.g. disk utilization over a period, disk space, memory utilization etc. ; • Database availability, failover and backups; • NodePing monitoring ; • Managed Detection and Response (MDR) solution from Alertlogic; • Internal monitoring ; ; Please refer to Clause 27 of our T&Cs (https://cezannehr.com/legal/hr-service-terms-and-conditions/)"
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: "As stated in clause 27 of our T&Cs and in compliance with art 33 (paragraph 2) of GDPR, Cezanne HR Limited will inform the Data Controller without undue delay (no more than 72 hours since we became aware).; Clause 27.3, a customer can report a data breach through the Support Portal ticketing solution (Freshdesk).; All incidents are logged and managed through our ISMS security incident log, a through investigation is completed, appropriate amendments to procedures or lessons learnt are implemented when required. ; Clause 27.2 a customer will be notified by email and a detailed report provided."

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cezanne is committed to minimizing our environmental footprint through the efficient use of resources, reduction of emissions, and the promotion of sustainable practices throughout our supply chain.

  Covid-19 recovery

  Since April 2020 with the closing of all business offices due to the pandemic, all staff shifted to working from home. This was a seamless transition and did not have a negative effect on the services provided to customers or any other aspect the business. ; Cezanne has continued to operate a working from home environment for all staff since the lifting of government pandemic restrictions and all business offices are open and available for staff to use if required.

  Tackling economic inequality

  At Cezanne, we value diversity and believe that an inclusive workplace fosters creativity and innovation. We are dedicated to creating an environment where all individuals are treated with respect and have equal opportunities for growth and success.

  Equal opportunity

  At Cezanne, we value diversity and believe that an inclusive workplace fosters creativity and innovation. We are dedicated to creating an environment where all individuals are treated with respect and have equal opportunities for growth and success.

  Wellbeing

  Employee wellbeing is all about the mental and physical health of your employees. As an employer, it is our job to do what we can to support this. This can include promoting a better work-life balance, reducing stress and creating positive work environments.​

Pricing

• Price: £300 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to a pre-populate environment to test the user experience. Logins for HR Admin, Line Managers and Employees Self-Service Users. You can not add your own data. We offer access to the demo site usually for a week or two.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cezannehr.com. Tell them what format you need. It will help if you say what assistive technology you use.