Innecto Reward Consulting

Advance

Fully customisable pay modeller, taking the heavy lifting out of pay review. Managing budgeting and distribution you can anticipate cost implications and model impact on salaries with ease via our complete solution for pay review.

Features

• Run scenarios, anticipate cost implications and model impact on employees
• Enable pay pot and distribution financial planning
• Track spend and how it is changing your pay positioning
• Overlay performance ratings to model and manage pay progression
• Configure according to your pay progression practices and policy
• Customisabe dashboards to highlight key insights
• Set, distribte and track budgets by department or location
• Overlay gender and ethnicity performance data

Benefits

• Streamline process and gain departmental efficiency
• Gain clarity around your current and aspirational pay position
• Objective and accountable process for deciding pay
• Easily searchable audit trail of annual pay decisions
• Send individual automated reports to each reviewer
• Compare year-on-year to track how pay is progressing
• Robust methodology ensures transparency and consistency
• Easily adhere to pay governance obligations

£11,250 to £39,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at karen.thornley@innecto.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

841064887504362

Contact

Karen Thornley
07979800886
karen.thornley@innecto.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: A standalone solution sitting on the Innecto Digital platform that can be connected to our other tools:; Evaluate (Job Evaluation), ; PayLab (Pay benchmarking and insight tool) ; Flourish (Competency Framework); Amplify (Employee Experience)
• Cloud deployment model: Private cloud
• Service constraints: No specific constraints. Monthly upgrades occur with occasional hotfixes between the upgrades. Generally upgrades and fixes require no downtime, but if it is then customers are notified and generally it's limited to a 15-30 minutes
• System requirements: Web browser that is under software support

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond within 2 hours for all emails sent to support between the hours of 8.30am-5.30pm Monday to Friday. Out of hours support can be provided but at an extra cost
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each customer will have a dedicated account manager and access to the Innecto support desk, Mon – Fri, 9-5 GMT. Both liaise with the technical staff as needed. This support is included in the price quoted. Additional costs are only required if the customer asks for specific, additional technical development of the platform or extended coverage
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We typically hold a scoping meeting to clarify and define the requirements. When the tool has been configured we complete the handover by running a training sessions either onsite or online. Full user guides are provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Clients can download/export their data into an excel data sheet that includes all the aggregated data inputted into the system, in addition to being able to download a PDF report including images and tables
• End-of-contract process: Contracts are typically on a rolling basis unless notice is served. If your contract is terminated, you will be given notification of your last day of access and prior to this period will be able to download relevant data. At the point access is removed your account will be closed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Functionality remains the same but the screen layout differs
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: There is a standard level of customisation offered during the configuration of the solution including branding and amending the following data fields as required:; Currency; Structure / company breakdown; Number of Users

Scaling

• Independence of resources: Our service is multi-tenanted, but it is hosted on Amazon's elastic cloud service and we monitor performance and overall usage very closely. If performance is falling off below permitted parameters we can deploy extra servers and bandwidth as needed.

Analytics

• Service usage metrics: Yes
• Metrics types: Time on the system
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Download into a CSV file
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We aim to make Advance available 24 hours a day, 7 days a week, whilst this availability is not guaranteed, we do commit to 99.95% uptime. Priority 1 (service down) SLA is a maximum of 8 hours recovery time. Refunds to users not meeting SLA's are specified in the Terms and Conditions.
• Approach to resilience: We have separate development, test and production environments on AWS. The production environment hardware is replicated across AWS data centres in the UK for resiliency in the event of a failure. Each production environment consists of multiple, load balanced servers.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: SAML2 SSO
• Access restrictions in management interfaces and support channels: VPN & trusted IP only
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Isoquar - Alcumuc
• ISO/IEC 27001 accreditation date: October 2012
• What the ISO/IEC 27001 doesn’t cover: The people, processes and technology used to develop, deliver or support the delivery of insurance, employee engagement and reward consultancy services provided to our clients from our offices in Milton Keynes and Marlborough.; AWS who host our solutions are also ISP certified
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: WorldPay
• PCI DSS accreditation date: Feb 2020
• What the PCI DSS doesn’t cover: Up to SAQ-D
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Innecto Reward Consulting are part of the AIM listed Personal Group and have an associated corporate governance structure including main board and risk compliance committees. We have numerous policies approved by these and implemented; Data Policy, Information and Physical security, Cyber security, Clear desk policy and other relating to recruitment, staff vetting and training.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Platform and functionality changes are managed on a ticketing system (Jira), each are assessed for effort, risk and business impact. Estimates are provided, each development is made in a separate development environment with unit testing. Code is then promoted to a full test environment where full regression testing is performed prior to release to production.; Requests that require the transfer of sensitive data are actioned through an online secure data storage site to guarantee safe transfer of data
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Approach Information on threats come from a number of sources; NCSC, 3rd party virus protection vendor, software suppliers, vulnerability scanning that is performed monthly and penetration testing. We access threats as part of a continuous security management programme and deploy patches in most cases immediately after release. Patches that are deemed low priority / require regression testing are schedules as part of our monthly release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring of attempted logins, failed logins, successful logins, source IP addresses, IP address risk ratings, firewall probes. In addition, virus scanners and mail gateway services are constantly running, monitoring and reporting activity. We review daily and if deemed appropriate a security incident procedure is instantiated. This will typically be within 24 hours.
• Incident management type: Undisclosed
• Incident management approach: Our suppliers use SOC2 processes and we use an internal ticketing system to report incidents. We have an internal Security Management Response policy and procedure along with Reportable Events Policy and Procedure

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  By establishing detail on the base pay picture to understand the pay distribution, Advance users can make pay decisions that are responsible, fair, and aligned to their pay policy.

  Equal opportunity

  Reporting functionality overlays various lenses of gender, ethnicity, and age to understand the impact of pay review decisions by demographic and mitigate existing differentials in pay.

Pricing

• Price: £11,250 to £39,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We will provide a demo platform for a select number to trial the functionality and see the full capability of the solution. This however does require accurate data, supplied by the client to upload

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at karen.thornley@innecto.com. Tell them what format you need. It will help if you say what assistive technology you use.