VERISK SPECIALTY BUSINESS SOLUTIONS LIMITED

Staff Attendance Recording System (StARS)

StARS is an integrated personnel management system for fire and rescue services. The system manages staff data and appliance availability, rostering, sickness management and reporting. It provides key management information for strategic planning and decision making.

Features

• Integrated with mobilising systems (Vision, ProCAD)
• Integrated with HR systems (Cyborg, ResourceLink)
• Integrates with payroll systems via data extract
• Real time management reporting
• Recording of attendance, absence and sickness

Benefits

• Supports the front line whilst delivering back office savings
• Single point of data capture
• Elimination of dual data entry and paper processing
• Quicker and more effective deployment of resources
• Real time view of resource availability
• Provides key management information, allowing strategic planning and decision-making
• Improves resilience and efficiency for both support and operational staff
• Improved workforce strategic planning of staffing levels and shortfalls
• Streamlines the process of managing personnel and resources
• Self administration and configuration

£60,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.lamb@verisk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

810857069503874

Contact

Simon Lamb
020 7655 3000
simon.lamb@verisk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Gazetteer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on severity but normally within two hours of a support log being raised.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is provided via a helpdesk between the hours of 9am-5pm Monday to Friday. The cost of this support is included in the product costs.; ; Support outside of these hours can be provided at additional cost.; ; A client account manager, service delivery manager and support team are available as part of the service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide on-site and online training and documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: An extract of the data will be provided in CSV format.
• End-of-contract process: There are no additional costs except for the extraction of data from the service database into CSV format.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application is available to be used on any internet browser, however it is best viewed on desktop or tablet devices
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Desktop application surfaced via a browser.
• Accessibility standards: None or don’t know
• Description of accessibility: All of the functionality is available to users based upon individual roles and security.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: The API provides methods that provide the following functionality:; Booking Leave; Employee Details; Teams/Employees for Shifts & Stations; Appliance Details; Appliance Riders; ; The API is initiated upon request.; ; The API methods provide the full functionality required to complete those tasks and are available to be accessed/used whilst a subscription is held.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Each deployment for a client is ring-fenced and not part of a shared infrastructure.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported upon request.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: AWS Guaranteed Availability is 99.9%. More information on availability can be found here:; ; https://aws.amazon.com/about-aws/whats-new/2019/03/aws-systems-manager-announces-service-level-agreement/#:~:text=AWS%20will%20use%20commercially%20reasonable,the%20%E2%80%9CService%20Commitment%E2%80%9D).
• Approach to resilience: Sequel AWS solution is built over multiple availability zones with AWS for resilience.
• Outage reporting: Please see: https://status.aws.amazon.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Claim and Role based authorisation.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: November 2017 with annual inspection
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27017
  • SOC2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC2 Type II
• Information security policies and processes: Sequel AWS data centres are SOC2 type II and ISO27001 accredited.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Visual Studio Team Services to track changesets on the code base.; Impact assessment with regards to overall solution and design.; Security assessment when changing API methods.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Application URL scanning (Rapid 7); Internal IP scanning (Nessus); Malware and Virus protection – Fireeye; Web Application Firewall (Imperva); Database Activity Monitoring (Imperva DAM)
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: DynaTrace Monitoring and Web Application Firewall monitoring (BOT, DDoS protection).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Sophisticated service model with ITIL process. Can be shared via screen share if required.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Verisk is very active in the fight against climate change, through internal policies, education and software and systems that we have developed. The links below provide information about our efforts in this regard, and highlights the Climate Advisory Council that we have formed.; ; https://www.verisk.com/top-risks/climate-change-a-complex-global-challenge/; ; https://www.reinsurancene.ws/verisk-forms-climate-advisory-council/
• Covid-19 recovery:

  Covid-19 recovery

  Verisk has internal controls and procedures to manage COVID recovery and the return to work in a safe and organised way for staff and customers.; ; Verisk also has analytical tools that we have developed and make available to businesses so that the impact of COVID, the potential for future disruption and the safe return to work can be understood and managed approproately.; ; https://www.prnewswire.com/news-releases/shifting-to-covid-19-recovery-supplyshift-collaborates-with-moodys-analytics-and-verisk-maplecroft-to-expand-impact-assessment--extends-no-cost-access-301072510.html; ; https://www.air-worldwide.com/blog/posts/2020/4/the-verisk-covid-19-projection-tool/; ; https://www.air-worldwide.com/news-and-events/press-releases/COVID-19-Projection-Tool-Cases-and-Deaths-Worldwide/
• Tackling economic inequality:

  Tackling economic inequality

  We do Gender Pay Gap analysis and submission to HMRC on an annual basis.
• Equal opportunity:

  Equal opportunity

  Verisk is an equal opportunity employer. The company’s policies for recruitment, advancement, and retention of employees forbid discrimination on the basis of race, religion, color,u national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran’s status, age, or disability and any other criteria prohibited by law.; ; https://www.verisk.com/siteassets/careers/verisk-eeo-policy-statement.pdf
• Wellbeing:

  Wellbeing

  Verisk is ranked 20th in the UK's Best Workplaces™ for Wellbeing 2022'; ; https://www.greatplacetowork.co.uk/awards/uks-best-workplaces-for-wellbeing-2022

Pricing

• Price: £60,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.lamb@verisk.com. Tell them what format you need. It will help if you say what assistive technology you use.