Cello Software Limited

Online Leave Management and Staff Development System - tracker2

tracker2 Online Leave Management System is used by numerous hospitals to monitor all types of Leave (Annual, Study, Special, Sick Leave) It monitors attendance at courses, mandatory and in-house training with e Portfolio for employee appraisals. It allows for multiple levels of access. It is securely hosted on dedicated servers.

Features

• Online Leave management, remote access,
• Attendance record, mandatory training record, real-time analytics
• Calendar view, multiple level of access, leave clash alert
• Multiple types of Leave, annual, study, special, sick
• Secure login, secure dedicated servers, secure backup
• Real-time Overview, in-house courses attendance electronic record
• Financial governance and budget allocation per group of employees
• Course evaluation analytics,
• Local Meeting Attendance Monitoring, QR code scanning
• e-Portfolio to support employee mandatory appraisal

Benefits

• Remote Leave application, multiple levels of approval,
• All Leave recorded in one place, online free flexible reports
• Calendar view by department or section, connects the whole organisation
• Electronic record of Leave in multiple format (xlsx, docx etc.)
• Saves thousands of hours on paper trail
• Secure audit trail for each application process
• Manages financial budget allocation, up to date financial records
• Empowers employees to exercise governance managing their own leave
• Electronic record of in-house meetings through advance technology
• Employees benefit from integral e-Portfolio module to prepare appraisal

£6 to £14 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cellosoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

856132893954674

Contact

Hani Zakhour
0151 348 4035
info@cellosoftware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Internet connection must be of reasonable speed,; up to date hardware, occasional service downtime for updates and maintenance. Although intuitive, the system manager will require training.
• System requirements:
  • Internet or 3G/4G link
  • Works on Windows and Mac OS X platforms
  • Works on tablets, smartphones and other mobile devices
  • Requires minimum input from System administrator
  • Requires Annual software and support licence
  • Requires a cloud hosting (provided by Cello Software partner)
  • Requires a reasonable level of computer literacy
  • Buyer hardware needs to be of reasonable specifications

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1st Response is immediate, 2nd response is within 24 hours. Same response at weekend.; Support Services shall be provided primarily to the Client’s Systems Administrator. The Company will provide support and advice through the following channels:; 1. By email/telephone during normal working hours ; 9.00 – 17.00 Monday-Friday excluding public holidays; 2. On-line support at weekend; 3. On-site visits (Chargeable); Further details are outlined in the Service level agreement
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Contact by the Client should in the first instance be by email to support@cellosoftware.co.uk; Requests for support by the Client will be classified in the following categories: ; A Urgent (Red) eg: if the server is down; ; B High Priority (Amber) eg: non-server software errors; ; C Medium Priority (Green) eg: problems that can wait up to 5 days for resolution; ; D Low Priority (Black) eg: requests for new functionality and software upgrades.; Support is charged annually and is included in the price of the licence. ; A technical account manager is available to provide support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The system manager is supported extensively in the period leading to the launch of the product. We work closely with the client to set up the system, starting with demographic data import. We continue with customisation and setting of the software to on site training. The length of the session depends on the number of users attending. We normally train system managers and system administrators. Standard users require minimal training as the System is intuitive. User documentation is online in the form of help files which open in separate tabs. Online advice and telephone support with instructions are provided to all admin users once the system is purchased.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted via running a multitude of reports in commonly known format. This can be done on an individual basis or for an entire group or section of users.
• End-of-contract process: The cost of the contract includes the import of demographic data of the users of the client organisation. It includes the first year license, support by email and for urgent matters as agreed with client by telephone. The contract price includes any updates for the year of the contract. Major updates are offered free for the remainder of the year but may be charged for at the anniversary of the contract.; At the end of the contract the user can either renew the contract or not renew the contract upon which the service and the access to the system is discontinued. Data will be available to extract within the period of the contract but not after the contract has terminated. The client data is destroyed by Cello Software after the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Staff users can use mobile devices for full access of service; Admin users can use the vast majority of features on mobile devices and full features on desktop devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Part of our software is reliant on an API technology but it is invisible to users. The main service is not provided via an API; One of the services modules (Local Meeting Attendance Monitoring System API) relies on users downloading our special App on their mobile device to record attendance at meetings. The users access the App through a login. The initial setup to the Local Meeting App is provided by the System Administrator. The user has full access to all system features
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: System administrators can customise access to the system. This is far too complex to describe in detail but customisation is extensive for the purpose of the software. Normally users must apply to System administrator for a variety of customised access views and functions depending on the level they are working at.; An approver has a separate set of customised access in comparison with a financial support individual or a section Manager, the combinations are vast. Top level admin can customise access and any one else who is given permission by the Senior Admin System Manager

Scaling

• Independence of resources: The system has vast capacity, the sole limiting factor is internet speed and connectivity. Each organisation runs a separate account and therefore the strain on the system is somewhat distributed. Our largest organisation has 1400 employees. The total number of users is over 6 thousand. The server capacity is vastly in excess of the current requirement.

Analytics

• Service usage metrics: Yes
• Metrics types: On request at an extra cost.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: By running a report in either Standard MS Word format or Excel spreadsheet format. Other format can be made available after discussion with the company
• Data export formats: Other
• Other data export formats:
  • MS word
  • MS excel
  • CSV can be reinstated currently inactive in the software
  • Multitude of other format in discussion with the company
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Excel
  • CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: The buyer network is not used to store data. Clients data are stored on a secure dedicated servers by our hosting company. All connections are standard https secure connections. All files are first zipped and encrypted with a defined encrypting key before they are sent to the Backup server. The algorithm that is used to encrypt the files is Advanced Encryption Standard (AES), with 256-bit block ciphers. All communications between Backup Server and the Data Server are transported in a 128-bit SSL (Secure Socket Layer) channel.Our website is protected by a 2048-bit key security certificate from Digicert.
• Data protection within supplier network: Other
• Other protection within supplier network: We do not have an internal network. Dropbox is used for sharing documents. Dropbox files and Dropbox Paper docs at rest are encrypted using 256-bit Advanced Encryption Standard (AES). To protect data in transit between Dropbox apps (currently desktop, mobile, API, or web) and our servers, Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption. Similarly, data in transit between a Paper client (mobile, API, or web) and the hosted services is encrypted via SSL/TLS.

Availability and resilience

• Guaranteed availability: The Company will make all reasonable endeavours to respond to incidents as follows: ; i an acknowledgement of receipt of the message within 1 working hour; ; ii an initial response within 24 hours; ; iii a detailed response within 48 hours from the initial response including an estimated time for fixing the problem. If no fault is found, the user will be contacted to ascertain the nature of the fault to decide whether the fault can be attributed to an element of the software or its environment. ; The Company is not responsible for problems caused by matters outside its control; this includes local network problems, misuse of software, inappropriate use of the software, lack of assistance from the Client and matters of force majeure.The problem generating the support call shall be deemed resolved once the Client Systems Administrator and the Company has declared it so.
• Approach to resilience: Available on request
• Outage reporting: Email alerts or website news alert.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The system is standalone. It does not currently interact with other interfaces or other support channels. Access to management channels within the company is restricted to certain individuals on need to know basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Security Essentials
  • GDPR compliance for data security
  • GDPR Compliance of data protection by design
  • NHS Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber security essentials issued by IASME. Data Security and Protection Toolkit (DSPT). Conformed to National Data Guardian’s (NDG) data security standards.
• Information security policies and processes: We are registered with the Information Commissioner's Office (ICO). We comply with the ICO GDPR criteria for security breach reporting. The company Data Protection Officer, Board level, ensures that policies are adhered to. The details are outlined in a document called "Data Breach Policy - Cello Software". See Below an extract paragraph 4 from this document. (4. The Data protection officer will first ascertain if the breach is still occurring. If so, appropriate steps will be taken immediately to minimise the effects of the breach. An assessment will be carried out to establish the severity of the breach and the nature of further investigation required. Consideration will be given as to whether the police should be informed. Advice from appropriate experts will be sought if necessary. A suitable course of action will be taken to ensure a resolution to the breach.)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cello Software is and has been conversant with the concept of Privacy by Design. Our software is accessed only via secure connections. Updates are tested on secure devices. Our service and support is monitored through its lifecycle. Any change to service will need to meet our security criteria and the approval of our DPO
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Any unusual activities attempts to login, visible through our log. ; ‘Critical’ patches are deployed within hours.; ‘Important’ patches are deployed within 2 weeks of a patch becoming available.; ‘Other’ patches are deployed within 8 weeks of a patch becoming available.; This is part of our declaration for attaining the Cyber security essential level.; Information about threats is obtained from IT blogs and our antivirus software news bulletins
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Suspicious activities which appear on the log. ; We investigate against records of users; We respond urgently to potential threats and incidents
• Incident management type: Supplier-defined controls
• Incident management approach: We have a routine reporting process described in our Business Contingency Plan. Our users may report by email or in major breaches they would contact us by phone. We write to our users and inform them in a report what has taken place and how we addressed the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  The company provides flexible working hours to all employees and directors during the pandemic. Provided free LFT in line with government advice. Conducted the vast majority of meetings with clients online
• Tackling economic inequality:

  Tackling economic inequality

  We helped the lower paid in the company to lessen the impact of the rising cost of living
• Equal opportunity:

  Equal opportunity

  The Company embraces a culture of fairness and inclusion.; All staff are well versed in diversity and inclusion. ; With a multicultural workforce we feel we are immune to unconscious biases and indirect discrimination.

Pricing

• Price: £6 to £14 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A free trial is available with the support of our organisation. It includes full access to the system using test data.
• Link to free trial: https://www.testtracker2.net/index.aspx?cc=d_1_dem

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cellosoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.