SQEPTECH LTD

eSQEP Competency Management SaaS Solution

eSQEP is a competency management and assurance system. It enables organisations to understand the competency, skills and qualifications of its workforce; supports allocation of roles to employees with the appropriate level of competency to undertake those roles; provides an assurance process.

Features

• Competency management and assurance processes
• Visualisation and management dashboards
• Can integrate with Core HR systems
• Can integrate with Learning Management System
• Workflow driven
• Remote access (SaaS)
• Capability framework and alignment
• Training events and post-session assessment
• Reporting and analytics

Benefits

• See workforce competency profiles and match team roles to skills
• Identify competency and skills gaps
• Help the organisation align employees with the best-fit role
• Management information aggregated at various organisational unit levels, summarised graphically
• Encourage internal mobility and reduce recruiting and training costs
• Seamless data from HR system when integrated
• Security user levels restrict visibility of data within reporting areas
• Perform assessments on competency and track validity periods
• Share assessed competency records externally via report generation
• Implement organisational capability frameworks: roles, competencies and training requirements

£9.41 to £150.00 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@sqeptech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

865581988787747

Contact

Roberta King
+447734112102
contact@sqeptech.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: It can be integrated with HR and learning management systems.
• Cloud deployment model: Public cloud
• Service constraints: None, eSQEP is a Software-as-a-Service (SaaS). Users can access the application at any time and from anywhere through the internet.
• System requirements:
  • Access to internet connectivity as the solution is SaaS/Cloud based
  • Safari, Google Chrome, Firefox, IE11 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Business working hours Mon-Friday 9.00 - 17.00; slower response during the weekend. ; Typical support responses times:; • Priority 1 – 1 working day; • Priority 2 – 3 working days; • Priority 3 – 10 working days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customers can contact the SQEPtech support team via support@sqeptech.com indicating issues and their estimated level of priority as follows:; • Priority 1 – fail in operations; • Priority 2 – reported bug or issue without a workaround in place; • Priority 3 – reported bug or issue with a workaround in place ; ; SQEPtech will endeavour to apply fixes to the reported issues in line with the reviewed priority level as follows:; • Priority 1 – 1 working day; • Priority 2 – 3 working days; • Priority 3 – 10 working days; ; Managed services support level can be put in place, costs varying on number of users. ; ; Account Manager and/or Client Success Support available depending on type of contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ESQEP is designed to be intuitive to use. ; The following services are available:; * 1-2-1 user training and shadowing (at additional cost)
• Service documentation: No
• End-of-contract data extraction: Data can be exported via excel files, csv files, or can provided directly from the database in html format or other formats required by individual clients.
• End-of-contract process: We work with the client to ensure a smooth off boarding process. Exact details will depend upon the client and the system or service provider they are moving onto, with data being provided in excel or csv formats. ; Dependent upon the detail of the off boarding required costs are typically 50% of last annual cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Whilst there is no app that can be downloaded the solution is designed as a responsive web app and will adjust to any screen size automatically. It can be used from a tablet or mobile phone when in an area where internet access is available.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The look and feel of the application can be customised with customer specific branding. Access to specific functions can be added/removed on a per customer basis. We undertake the customisation work.

Scaling

• Independence of resources: Information concerning future usage of key services is collected as part of the regular our SaaS service review process. SaaS customers are asked to highlight any known increases or decreases in the usage of existing services and any other business events likely to impact on the effective provision of service.; Data regarding the current usage of technical resources is collected via several monitoring tools and is analysed quarterly to identify trends.; Currently the application resources are sized to support the existing customer base at peak times. Work is in progress to enable auto horizontal scaling.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Physical access control, complying with another standard ISO27001/27002.; Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Standard reporting available in the portal; reports can be exported via csv, excel or pdf type files.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data in transit is secured end to end using TLS 1.2 or higher. All calls to service API are authenticated and validated against multiple permission criteria.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Ensuring the product is legislatively compliant.; First point of call for answering Data Protection Queries. ; Conduct annual training. ; Adherence to General Data Protection Regulations.

Availability and resilience

• Guaranteed availability: Save during routine maintenance and upgrades, we will use reasonable endeavours to ensure that eSQEP is available at least 98% of the time within each calendar month between the hours of 8.00 am and 8.00 pm.
• Approach to resilience: Production information is not physically hosted on any SQEPtech premises, and is managed (together with disaster recovery, failover and information security continuity) by Microsoft Azure (https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/). Backups are taken regularly within the Azure hosted subscription to provide contingency if any of the supplier mitigations fail. Code configuration is controlled within version control. In the highly unlikely event of disaster recovery failing for any supplier, environments can be created through recreating these replicable environments via infrastructure-as-code scripts.
• Outage reporting: Outages are reported via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Password and Authentication Policy: This policy describes the authentication requirements for accessing internal computers & networks and includes those working in-house as well as those connecting remotely. Every person, organisation, or device connecting to internal IT resources and networks must be authenticated as a valid user before gaining access to SQEPtech's computer systems, networks, and information resources.
• Access restrictions in management interfaces and support channels: There are various levels of user which controls what they have access to: ; • Superuser-Full access; • Admin-Full access to a specific subset of data; • User-Limited ability to edit user data but below the level of the admin role; Reader-Primarily read access, can't generally make changes. ; Users require a unique username and password to access the application. Authentication is typically performed against Active Directory
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials.
• Information security policies and processes: A comprehensive information policy is backed by specific, detailed polices applied company-wide. Commitment to the delivery of information security is led from the top of the organisation, with the senior team holding monthly information security reviews. Top management ensure that systematic reviews of performance of the programme are conducted to ensure that information security objectives are being met. Cyber Essentials principles underpin this practice. The policy and supporting policies are endorsed by Management at all levels. Policies are reviewed annually as part of the ongoing security improvement program and documented in the Information Security Management System Policy (ISMS) aligned with ISO27001. Policies cover ISMS, access control, passwords, software development, cryptography, data protection and data privacy, anti-malware and patching, monitoring and logging, incident management, business continuity, the use of media, data retention, suppliers, HR security, change management, remote working, back-ups, social media and internet use, cloud computing and risk assessment and treatment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The change management process controls changes to IT services and associated components are recorded and then evaluated, authorised, prioritised, planned, tested, implemented, documented and reviewed in a controlled manner. A change review board, whose membership includes the Chief Technology Officer and Chief Executive Officer, assesses the impact of all system and software changes. Assessment include information security impacts on a risk-based approach. Once approved, all changes are monitored for a period after deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are identified via suppliers, Microsoft, NCSC and similar bodies. Regular vulnerability scans/pen tests are also carried out. The assessment is carried out in-house or by an external company, and typically covers: -assessment of the security of all routes into the internal network from the Internet; -Externally-facing web servers; -Business critical servers on the internal network. Where configuration changes are recommended, these are actioned through the change management process so that appropriate controls are in place for testing, risks assessment and backout. Patching is performed on a regular schedule and applied centrally. Hardening activities are performed per guidelines.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Various monitoring and alerting tools are used primarily within the Azure Security Centre Regular reviews are performed of the dashboards and audit logs and any identified incidents investigated and if appropriate actioned. Alerts are investigated immediately. Other flagged incidents are reviewed on an at least weekly basis
• Incident management type: Supplier-defined controls
• Incident management approach: SQEPtech has a set of pre-defined processes for managing and recovering from common events. These are regularly tested via incident management exercises. ; The steps: ; • event occurrence ; • event detection and notification; logging ; • event correlation and filtering; actions as needed ; • action review ; • incident close ; Event types: informational, warning or exception. Informational events are logged for audit trail purposes. Warning events are investigated prior to responding to the incident. Exception events trigger the appropriate incident response procedure. Users are able to report incidents. Incident reports are issued via email

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SQEPtech takes action to combat climate change covering energy use, emissions and waste including from transportation and consumables.; This includes: regular review of IT infrastructure needs to minimise energy consumed by this infrastructure and the minimisation of business travel to reduce transport-related emissions by using Teams and remote working tools extensively.

  Covid-19 recovery

  SQEPtech's business is fully remote and hence supports effective social distancing and remote working. This also assists those members of staff from both SQEPtech and the client who are shielding or supporting CEV individuals. As a fully remote company, it is able to host all meeting remotely, maintaining social distancing and avoiding travel (however, where required by a client SQEPtech's team members are able to meet at the client's site). As SQEPtech takes on new contracts and continues to grow its fully remote working business model facilitates it to create new jobs and recruit new employees from across the UK.

  Tackling economic inequality

  As a technology start-up company SQEPtech is a fully remote company within the United Kingdom and is able to staff its team from skilled workers across all the regions within the UK. As SQEPtech takes on new contracts and continues to grow its fully remote working business model facilitates it to create new jobs and recruit new employees from across the UK. Additionally, SQEPtech's business model enables it to employ staff from groups that may find it harder to re-enter employment such as those caring for children or with other caring responsibilities.; SQEPtech has a Code of Business Conduct that sets out its fair and responsible approach to working. This is supported by policies including data protection, data privacy, ethical trading, modern slavery, anti­ bribery & corruption, gifts & hospitality, equality & diversity, environmental management and health & safety.

  Equal opportunity

  SQEPtech has an Equality & Diversity Policy which all team members must comply with. This is reflected with our Code of Business Conduct as this extract shows: "Diversity & Inclusion We value all our people, regardless of background and experience. We value all the skills and ideas our people bring to bear on developing and delivering solutions to clients and to internal customers. SQEPtech's strength is in this diversity. Diversity & Inclusion We: -Respect the contribution of all. - Embrace inclusive practices. -Treat others with respect, dignity and expect to be treated this way in return. -We encourage people to collaborate and contribute to activities. -Manage compensation and promotions fairly based upon performance. -Speak up when we see, hear or experience any form of discrimination."

  Wellbeing

  SQEPtech has a culture that supports our team's wellbeing through creating and enabling team members to develop a work-life balance that works for them. This builds upon a fully remote structure and extends to how SQEPtech team members manage their working hours, SQEPtech has a health & safety policy, signed by the CEO. This is the main statement from the policy: "SQEPtech considers health, safety and environment matters to be important principles of ethical business. This policy applies to all of SQEPtech's operations wherever they are carried out and is reviewed, and if necessary revised, on an annual basis. The Chief Executive Officer has overall responsibility for implementing this policy. We do not compromise over the health & safety of our people.; We balance social, environmental and economic priorities to create value for all our stakeholders. We protect and improve the environment wherever we can. We are committed to continuous improvement in both our performance and management of health, safety and the environment."

Pricing

• Price: £9.41 to £150.00 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@sqeptech.com. Tell them what format you need. It will help if you say what assistive technology you use.