CA3

Eli Onboarding

Eli is a personalised, content-rich digital onboarding platform which new employees can explore in their own time, before, and after, they join. Technology that starts conversations, builds connections, embeds values, empowers line managers, and automates process and tasks. It’s very engaging onboarding, and we’ve got the stats to prove it.

Features

• Fully brandable (not just a logo)
• Responsive design (mobile friendly)
• Open API. Easy integration with other systems (e.g. your HRIS)
• Multi-group management (tailor journey & content for groups/individuals)
• Instant messaging (Connect and chat in real time)
• Events calendar (Group and individual event management)
• Create bespoke tasks and checklists (new hires and managers)
• Digital contracts & forms (go paper free)
• Intuitive CMS (manage content easily with drag & drop functionality)
• MI dashboard (analyse data easily; act swiftly on insights)

Benefits

• Captures detailed MI, enabling real-time analysis and continuous improvement.
• Promotes your employer brand and EVP through rich, engaging content.
• Personalises the onboarding experience making everyone feel like a VIP.
• Builds better relationships between new starters, managers, buddies, and teams.
• Automates process, reducing admin and improving consistency.
• Creates more knowledgeable and culturally-aligned employees, who are productive sooner.
• Manages compliance, tasks and forms, ensuring everything runs like clockwork.
• Supports managers to take control of their team’s onboarding.
• Boosts employee engagement before and after day one.
• Improves first year retention, NPS & survey results.

£6 to £43 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sarah@cathree.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

885546416790069

Contact

Sarah Wardle
02035670672
sarah@cathree.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Please note we can currently only offer technical support in English.; The back-end of Eli Onboarding is currently only available in English.; Eli currently supports the following languages: English, French, Polish, Lithuanian, Canadian-French, Spanish, Italian, German, Norwegian (Bokmal), Korean, Portuguese, Japanese and simplified Chinese. Eli does not currently support languages that read right-to-left.; Eli Onboarding is web-based and not an App.
• System requirements: Internet Explorer 11 or above or other modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1-2 hours.; UK working hours only 9am-6pm Mon-Fri
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Customer support via e-ticketing or email; Charged at £85 per hour; ; Technical support; Charged as needed
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full Admin training (half a day) either onsite or via Teams or Zoom, giving in depth detail and instruction on back end functionality, and User management, as well as an overview of what the end user (new joiners) will experience. ; ; We also establish a Customer Success Plan, mapping out the year ahead (and beyond) in terms of quarterly review calls, MI reporting, ensuring our client is set up for success. ; ; We are also available via Support Desk for any queries, and video guides are available for Admins 24/7.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Video guides
• End-of-contract data extraction: The data within our system is the client's own data, so there is no data to extract when the contract ends.
• End-of-contract process: There is additional cost for deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Administration back-end only partially mobile friendly
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There in an administrator back-end for administration of nearly all aspects of the product. Access is via a web browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The public REST API can be used for the administration of users.; - Adding users (new starters, line managers etc); - Editing users (new starters, line managers etc); - Deleting user (new starters, line managers etc); ; It can also be used for marking checklist items as complete.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: - Configuration to employer's employer brand; - Configuration of audience segments (types of users) and their data fields; - Permissions for admins and for front-end users; - Configuration of content and checklists

Scaling

• Independence of resources: Client's have the option for dedicated virtual servers that will be unaffected by other clients

Analytics

• Service usage metrics: Yes
• Metrics types: All usage data for all users (data list below).; ; Can be segmented by user type (new starter/line manager/etc) and other metrics (e.g. location, country, level, etc); ; Sessions over time graph; Users; Sessions; Bounced Sessions; Page views; Average page views; Average time on a page; Average time on site; Media downloads; Videos played; Videos finished; Mobile sessions; Tablet sessions; Activated users; Activated users who logged on; Average days to first login; Returning users; Average logins; Messages started; Avg. message length; Messages sent; Events; Checklists completed; Page data (visits, time on page); Pages feedback (ratings, comments); Media downloaded; Videos watched
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Checklist progress data can be downloaded as Excel document; Usage statistics can be downloaded as Excel document; User uploads can be downloaded individually; Completed user forms can be downloaded individually; ; User data cannot be exported en masse
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The client’s uptime will be no less than 99.5%, not counting planned maintenance times.; ; The 99.5% availability metric will be measured by a rolling 3-month period. The client may request the uptime statistics for the service at any time.; ; If the uptime falls below 99% then the client is entitled to a deduction in their hosting cost according to a KPI deduction.
• Approach to resilience: The data centre is a tier 3 centre. ; ; We have redundancy on all aspects of the hosting. CPU, RAM, Firewalls, Disk, Power, Network.; ; There is off-site backups and also offsite Disaster Recovery solution
• Outage reporting: Our systems are monitored 24/7 but our hosting partner. They have internal monitoring systems. ; ; Additionally outages are reported to CA3 via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Source IP restricted for access to back-end
• Access restrictions in management interfaces and support channels: Only employees with the requirement for access are given access.; Client responsibility to manage their own admin access however admins users are deactivated after a period of inactivity.
• Access restriction testing frequency: Never
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Source IP restriction

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We are GDPR compliant.; Our hosting provider complies with:; • ISO9001:2015 – Quality Management System; • ISO27001:2013 – Information Security Management System; • ISO22301:2012 ; • ISO20000:2011 ; • ISO14001:2015 ; • ISO50001:2011 ; • ISO27017:2015 ; • ISO27018:2014 ; • ISO27032:2012 ; • ISO27040:2015 ; • ISO17789:2014 ; • ISO38505:2017 ; • BS10012:2017 ; • ISO31000:2009
• Information security policies and processes: As a data processor for our clients, and a data controller for our own employee data, we ensure that we process only information required in the operation of the Eli onboarding solution and the management of our business. ; ; Our primary responsibility to that data is to keep it safe and ensure any data no longer required is destroyed appropriately and fully. ; ; Access to the Eli system is restricted and based on the Principle of Least Privilege (PoLP). ; ; A matrix of all Eli roles and corresponding access rights is decided with the client at the initial scoping meeting, client roles are then modified and configured uniquely for each client depending on specific security and access requirements. Accounts can be deleted, suspended or deactivated either by a client administrator or by a CA3 employee with appropriate administrator privilege to that client company account.; ; A full infosec data document is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have source control on all source code with agreed process for making changes to the code. Pull requests are reviewed by senior developers. Automated tests must be written and pass before merging into production code. ; There is a development, QA/staging environment for verification. ; Deployment to all production systems is automated.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Servers are regularly updated with OS and software updates.; Regular pen tests identify all levels of vunerability.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We have a documented incident management plan to respond to incidents. Our SLA covers who quickly we will respond. ; ; We have logs of most activity on the server and product for investigation.
• Incident management type: Undisclosed
• Incident management approach: Our incident management plan has the following steps.; - Detection; - Categorisation and Prioritisation; - Mitigation and Notification; - Resolution; - Post Incident Investigation; ; Users can report incidents through the helpdesk. We report to clients initally by phone or email. The post incident document is sent to clients via email.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Environmental policy; ; We recognise that we have a responsibility; to the environment beyond the legal; requirements. We are committed to reducing; our environmental footprint by:; • Reducing energy use - turning the lights off; when leaving office, or not using them when it; is not necessary during the day.; • Reducing water use or ensuring we are not; wasting water - checking for dripping taps; and pipes.; • Minimising waste and recycling more –; we have recycling bins in the office and; recommend double-sided printing; were possible.; • Promoting use of non-motorised transport; - if possible, encourage all our people and; associates to walk, cycle or use public; transport when getting to the office. One of; our benefits is also a cycle to work scheme.; • Reduce our use of plastics; • Work with suppliers and partners who are; focused on reducing their environmental; footprint as well.
• Equal opportunity:

  Equal opportunity

  Inclusion and diversity are fundamental to our; culture and the success of our business. Every; person in CA3 has a responsibility to create and; sustain an inclusive environment, where every; one feels like they can belong.; We believe that no one should be discriminated; against because of age, ability, ethnicity, gender,; gender identity and expression, religion or; sexual orientation.; As our business grows having a rich diversity of; people in CA3 will help us serve our clients better; and create an incredible internal culture. Variety,; after all, is the spice of life!

Pricing

• Price: £6 to £43 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sarah@cathree.com. Tell them what format you need. It will help if you say what assistive technology you use.