IRIS SOFTWARE LIMITED

Staffology HR by IRIS

Staffology HR brings together the heart and science of a happy business to help you grow and maintain a positive culture whilst achieving your business goals.
With packages for small businesses up to larger complex companies, we have a choice that can help you to handle it all with ease.

Features

• HR management and personal, contract and organisational details
• Employee and Manager Self Service, including iOS and Android mobile
• Searchable Directory and easy to navigate Organisation Chart
• Screen Builder to design new forms and Configurable Workflow
• Management of Absence, Holidays & Sickness and Overtime
• Working Patterns, Rotas & Time and Attendance capability
• Payroll integration with Staffology Payroll and other IRIS Payrolls
• Position Management module, Recruitment & onboarding module
• Training & Development plans, Performance Management, Kudos feature
• Reporting and Dashboard Analytics, Bulk Upload Tool, Mail Merge

Benefits

• Help employees feel better connected, engaged, and rewarded
• Show staff you care, Staffology = heart of your business
• Empower employees with information, from reviews to rewards
• Gain clear visibility of HR successes and required improvements
• Enhance your culture - people feeling better connected and rewarded
• Prioritise employee happiness – from onboarding to development
• Achieve business goals – grow satisfaction and next generation leaders
• Rapid implementation – setup and support included in each package
• Highly secure and resilient cloud solution, fully GDPR compliant

£566.50 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

804498122114901

Contact

Bid Team
0344 225 1525
BidTeam@iris.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Latest versions of modern web browsers
  • Mobile runs on iOS and Android

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support KPIs are: 90% of inbound calls answered within 30 seconds, 88% of tickets resolved within 48 working hours (tickets worked in order of priority) 92% ticket satisfaction
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via Community Portal (web based)
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: P1. Response = 30 mins, Resolve = 4.5 hours; P2. Response = 60 mins, Resolve = 8 hours; P3. Response = 4.5 hours, Resolve = 6.2 days; P4. Response = 8 hours, Resolve = To be advised
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Each Staffology HR 'package' has the required onboarding, training and setup bundled as part of the price and our Professional Services team will guide you through the starightforward configuration and data tasks to launch the application and go live. In addition to this we have a quick start setup wizard along with in product help guides.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Staffology HR has a dedicated online customer Help Centre
  • Videos are also available.
• End-of-contract data extraction: The customer can extract data using Reports or Quick Queries (query writing tool)
• End-of-contract process: Once data has been extracted, customer information is destroyed per GDPR requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service is designed primarily for business users (employees and managers) to access personal information, book absence and holidays, check payslips and manage tasks such as timesheet and other workflows. The desktop service has all of this capability as well as the full administration and reporting access required by HR users.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Outbound and inbound
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The API exposes the extensive data model (Employee, Expense, Time etc.) using various methods for outbound and inbound data consumption.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There are a range of configuration options to add branding and colours, create new forms and adapt workflows. Customers can influence the product roadmap by raising (and voting for) enhancements requests in our suggestion forum called "Big Ideas".

Scaling

• Independence of resources: The platform is highly scalable and load/volume testing has been conducted. Server usage is proactively monitored to avoid operational issues.

Analytics

• Service usage metrics: Yes
• Metrics types: General Service Availability is monitored via Datadog, Audit Logs and End User Adoption via Gainsight
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The following are available: Inbuilt Exports, Reports or Quick Queries (query writing tool)
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Via API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Azure employs redundancy across various aspects of its infrastructure. This includes:; Availability zones: These are physically separate data centers within a region, with independent power, cooling, and networking. If one zone has an issue, your application or data can be automatically switched to another zone with minimal disruption.; Virtual Machine Availability Sets: Grouping your VMs within an availability set ensures they reside in separate fault domains within a zone. If a hardware failure affects one domain, your VMs in other domains remain operational.
• Approach to resilience: Staffology HR is hosted in Azure this means any problems with the service can quickly and easily be moved to another location geographically similar. Azure also has built in disaster recovery tools.
• Outage reporting: Customers would be notified directly for any significant outages

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only the necessary departments at IRIS can access the cloud services data. We have a role-based access policy in place for these departments. We work with the principle of least privilege.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institution (BSI)
• ISO/IEC 27001 accreditation date: 13/10/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: IRIS operates using a full suite of internal policies and processes - including but not limited to:; ISMS Acceptable use policy; ISMS Access control; ISMS Anti-virus; ISMS Communication and mobile devices; ISMS Computer systems and equipment use; ISMS Cybercrime and security incidents; ISMS Email policy; ISMS Information management; ISMS Internet use; ISMS Laptop and tablet security policy; ISMS Legal compliance; ISMS Password and authentication policy; ISMS Physical access policy; ISMS Remote access policy; ; Security and management of data are in line with established IRIS Group policies and procedures. We have Group IT governance and a DPO. All staff are data security trained. We commission independent Software Penetration Testing at least annually. Our penetration testing provider performs both manual and automated tests against our software in both a “black” and “white” box fashion.; ; Reporting structure: ; All IRIS staff are responsible for compliance with data protection in line with IRIS policies and procedures. The Chief Information Officer (CIO) has ultimate responsibility for enforcement of policies and procedures. ; ; IRIS has a Group Data Protection Policy. Staff who may have access to your data – for example in relation to Support or Professional Services are required to operate to standard operating procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any changes to configuration or maintenance are only carried out by IRIS staff with the appropriate permissions according to their role and following strict adherence to the Change Advisory Board procedures.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scans and patching are performed on a regular basis and findings mitigated immediately. Findings from scans are tracked and rescans are performed until no findings are identified.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Azure utilizes a two-pronged approach to protective monitoring:; Continuous Collection and Logging:; Azure Monitor: This built-in service acts as the central hub for collecting data from various sources.; Alerting and Threat Detection: Log Analysis and Anomaly Detection: Analyses collected data to identify anomalies that deviate from expected behaviour. ; ; Security Services Integration: Provides advanced threat detection capabilities and leverage machine learning to identify and respond to potential attacks.; ; Alerting and Notification: When anomalies or threats are detected, Azure can trigger alerts through various channels.; ; Human Expertise: Security professionals from Microsoft monitor Azure infrastructure for critical events and potential widespread issues.
• Incident management type: Supplier-defined controls
• Incident management approach: The IRIS Group Incident Reporting Procedure outlines the process for reporting Information Security, Physical and Information Systems Incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We are committed to ensuring equal opportunities at IRIS. Our CEO, Elona Mortimer-Zhika, celebrates diversity in our workplace and expects the culture and environment of IRIS to be based on mutual respect and free from discrimination. We are committed to delivering a competitive and fair employment environment. We put equality, diversity, and inclusion at the forefront of our decisions, monitor progress, take action to continually improve, and be transparent with our findings. We have a zero-tolerance approach to discrimination based on protected characteristics and any allegations of discrimination will be dealt with in line with our Disciplinary policies. We have several wellbeing groups, including Unique which provides support for physical or mental health conditions or neurodivergent people. We provide a variety of training schemes to all employees, regardless of any protected characteristic, and encourage progression through our organisation.; ; We are passionate about gender equality and are committed to building a diverse workforce. We have continued to invest in our range of programmes to support gender equality and support the women of IRIS so they can reach their full potential. These initiatives ensure that we continue to focus on making IRIS a great place to work, enable our people to flourish, improving gender pay equality and providing equal opportunity for all. IRIS Groups championing of women in leadership has been recognised as a Great Place to Work for Women. The executive team comprises of three female leaders and 11 male leaders. ; Our Modern Slavery Policy sets out the ways in which we identify and manage the risks of modern slavery as a business, including risk assessment, risk mitigation and staff training. IRIS reviews all material suppliers and assesses whether any risks of slavery or human trafficking arise.

  Wellbeing

  We are committed to engaging, supporting and empowering our workforce. We create an environment where they feel part of a team; from regular global company updates to social evenings and charity events. We’re a UK Best Workplaces™ for Wellbeing. We have over 40 Mental Health First Aiders, have a weekly workplace support group and offer a free Employee Assistance Programme and bereavement counselling. We have several wellbeing groups and celebrate diversity. We offer colleagues a cycle scheme, private medical insurance and reduced gym memberships. We hold company fitness challenges and provide free fitness sessions. We’re proud to be a Real Living Wage employer, provide UK cost of living support, offer a tech and car scheme and give access to money coaches, workplace ISAs and pension, life assurance and critical illness cover. We seek our employees feedback on benefits that matter to them.; We give our employees three ‘Giving Back’ days a year on top of their annual holiday entitlement to support local community and national charitable cause. Employees are encouraged to actively give their time and skills to fundraise for a charity of their choice and volunteer on community projects, including being a school governor, charity trustee, reading with school children through the Benchmark scheme, mentoring in schools and running money management courses, both externally in conjunction with charities and schools, as well as internally with IRIS employees.

Pricing

• Price: £566.50 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a free 14 day trial of the service which includes all major features, additional demos of specific areas can be arranged.
• Link to free trial: https://www.staffology.co.uk/hr-software/free-trial/#form

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.