BIOSITE SYSTEMS LIMITED

Enterprise Workforce Management solution for a highly transient workforce copy

A web-based platform allowing the capture of workforce management information on direct and indirect employees in a highly transient workforce across multiple locations and contractors, guaranteed single profile, Beginning from the online induction, through to the mobile capture of training and records across multiple locations in high risk industries.

Features

• Central competency database
• Mobile Briefing Manager
• Fatigue Management
• Skills Checker
• Competency Passport
• Mobile onsite competency site checker
• Real-time reporting on captured data
• Custom reporting
• On-boarding and online induction
• Forms and snagging

Benefits

• Ensure all staff are compliant and competent across all sites
• Capture talks and briefings onsite via mobile devices without paperwork
• Mitigate fatigue risk onsite by automated monitoring and reporting
• Ensure workers have the right skills onsite in real time
• Ensuring worker competencies across multiple sites and organisations
• Check competencies without paperwork onsite via mobile technology
• Quick and easy real-time visual data displays across all sites
• Monitor and create tailored reports which can be scheduled
• Remote induction process without paperwork for efficiency and traceability
• Digitise forms and manage snags without paperwork

£30 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kamran.ali@biositesystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

824220457705850

Contact

Kamran Ali
07786630155
kamran.ali@biositesystems.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: It is a custom solution built around client requirements.
• System requirements:
  • Internet connectivity
  • Suitable internet browser listed in the upcoming answers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 hour response Monday - Friday 7am- 6pm, custom options are available subject to client requirements. Responses are handled via a ticketing system and sent to the support team. ; ; Dedicated 24 7 is available as a custom option as required.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: This is not something that has been deployed, it is something that we are working to deploy.
• Web chat accessibility testing: We are currently in the process of this testing.
• Onsite support: Onsite support
• Support levels: Our standard support is model is Monday to Friday 7am - 6pm. We also provide a dedicated Key Account Manager, Project Manager and the option of a dedicated engineer if you are using our on-premise services. We offer options of up to 24 hour support 7 days a week. However any such requirements are deemed custom. ; ; Costs are subject to size and complexity of the set up and number of users on the platform.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have a complete implementation service dependent on user requirements. We provide onsite consultancy and training dependent on the complexity of the requirements. We can also provide online training and user guides for our solution. ; ; The implementation guide documents the client specific requirements to ensure that additional users and access is managed in a congruent manner across all sites as defined by the client with permission levels, GDPR requirements and sensitivity levels of the information are a key part of our 60 page implementation guide.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: There are a number of options available; this can be as simple as a csv file. We can also provide data via our API to a third party system throughout the contract.
• End-of-contract process: We can include the extraction of the data and format as part of the contract, it depends on the scope of the solution we are providing. We always tailor the solution in response to the specific needs of the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile devices render to make the user experience as easy as possible. Our clients can use a mobile application that enables the capture of data and allows the quick and easy check of an individual's competencies and training information. This is specifically designed to deliver information that is typically key to our client base as well as capture information on linear and closed sites. The desktop would typically be used to make changes to the format and data capture requirements of the software rather than the mobile application. Dedicated mobile view for every screen. Offline capability on the app.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: An open API and web socket.
• Accessibility standards: None or don’t know
• Description of accessibility: Biosite is committed to providing solutions that are available to the widest possible audience. In achieving this, Biosite endeavours to conform to the WIA's Web Content Accessibility Guidelines 2.0 at the elevated AA-level.; Further to our focus on accessibility, Biosite produces platforms with usability at the core of its design processes. Employing practices such as wireframing, prototyping and user testing, and with usability and accessibility integral throughout the development cycle, Biosite is able to deliver software that is well thought out, intuitive and considerate to every type of user, regardless of role or ability.
• Accessibility testing: This is something we are currently working on.
• API: Yes
• What users can and can't do using the API: We have a rest API from which users can create, read, update, and delete information on the system, based on permissions given by the customer. We also provide a web socket API for real-time notification for change events. Modifying the system configuration is not possible through the API as it is used to access data.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform is highly customisable with the ability to capture any field of information required, we can set this up as part of the implementation process or enable the client to set up themselves. Each field can have a different level of sensitivity to control access levels to the data as well as different deletion periods that can be applied to each field. Each field can also have dependent fields, so for example if you asked "Do you have any medical issues", if the answer was "no", you would move on to the next question. If the answer was "yes" then you could be given another list of questions to answer. This also has a significant impact on the user journey streamlining the process as much as possible. Only users with the right permission level will be able to customise the software portal and this is verified as part of the implementation process.

Scaling

• Independence of resources: We monitor the capacity of our systems and have the ability to allocate more resources if necessary. We are currently in the process of looking at auto scaling. Determining the initial capacity requirements is part of the implementation process to ensure the system has the required resources from the beginning of the project.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users, ; accounts created; Total no of users on the system; NO if tickets raised ; Time of resolution; Monthly SLA reporting target vs actual.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is exportable via our portal reporting tool which allows permitted users to extract data to pdf, excel and csv. The reporting tool allows you to correlate the data and export in your preferred method.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% availability. ; ; SLA are subject to client requirements.; ; Specific terms on repayment and compensation relating to performance against service levels can be detailed within each customer agreement. ; ; To date we have not fallen below our agreed standard SLA uptime of 99%
• Approach to resilience: This information is available on request.
• Outage reporting: Our service reports outages via Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only predefined users as defined by the implementation process can access the solution. Users can only be added to the platform via a predefined mechanism subject to the client specific needs and processes. Again this is a consultative process and we work with our clients to ensure they get the optimum workflows and security restrictions.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 29/01/2019
• What the ISO/IEC 27001 doesn’t cover: Our scope only covers our head office operations.; ; We only exclude the following controls from Annex A:; 14.2.7 Outsourced development: we do not outsource development.; 17.1.3 Review information security continuity: we expect information security controls to continue operating unmodified even under adverse conditions. CIA of relevant systems and controls is covered within the risk assessment.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Available on request subject to NDA.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All software development is subject to design code review and QA verification as well as tracked using source control. Security aspects are considered at design and code review stages and where appropriate verified by QA. Only verified builds are deployed to customer systems. System configuration is also held in change control and changed are automatically deployed by an infrastructure management platform.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We monitor public vulnerability databases for relevant advisories. Where necessary we would take action to upgrade or mitigate any issues or vulnerabilities. ; ; We automatically all security patches weekly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our systems monitor for unauthorised activity and automatically ban IP addresses when a high volume is detected.
• Incident management type: Supplier-defined controls
• Incident management approach: We have predefined 5 stage processes in place.; 1 - Containment - Take any action necessary to stop an ongoing incident.; 2 - Investigation - Gather evidence; 3 - Reporting - Notify relevant people and organisations with the relevant information; 4 - Analysis - root cause investigation; 5 - Response - implementation of new controls or measures to stop the incident from reoccurring.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  We recycle and re-use equipment only using local providers where possible. We target savings in efficiency in terms of consumption of resource in order to produce equipment more economically.

  Covid-19 recovery

  We provided solutions at the peak of Covid 19 for construction sites which allowed construction sites to operate safety use automated hand sanitiser and facial recognition technology which was developed specifically in response to covid 19.

  Equal opportunity

  We are an equal opportunity provider and can share our equal opportunity policies as required.

Pricing

• Price: £30 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kamran.ali@biositesystems.com. Tell them what format you need. It will help if you say what assistive technology you use.