SYSMAX LIMITED

Benchmax

Benchmax is an Integrated Compliance, Risk, and Competency Management Software Platform.

The system works online or offline, on any device, in any language, and in any key sector. It has been extensively used by blue-collar and white-collar workers globally.

Features

• Compliance platform
• Risk management platform
• Competency platform
• Non-compliance reporting
• Risked non-compliance reporting

Benefits

• Ensure the right person does the right thing
• Ensure the right thing is done at the right time
• Manage risks from the ground up
• Prove competency
• Live compliance, competency and risk reporting
• Non-compliance notifications across the enterprise
• Risked non-compliance notifications across the enterprise

£27 to £500 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at peter.mcateer@sysmax.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

928727541304325

Contact

Peter McAteer
03332414 443
peter.mcateer@sysmax.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Our platform supports the following modern browsers: Edge, Firefox, IE11+ and chrome.; ; In addition, we support (via our mobile apps) iOS iPhone and iPads, as well as Android phones and tablets
• System requirements:
  • Browser
  • Native app

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response within 1 hour
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We provide email ticketing support via Dixa our help partner
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Selected users are given a training session and taught how to use the system. These trained users are expected to disseminate the information throughout their organisation.; ; The training session is backed up by training documentation which users are sent a copy of.; ; As well as this there is an online help, available to all users, which details the functionality and purpose of the screens in the service.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • PowerPoint
  • Online Knowledge Base
• End-of-contract data extraction: Some data can be extracted by the client's admin users themselves in the form of .pdf and excel export.; ; For other data, a data export will need to be completed by Sysmax Limited. This can be exported into various formats as agreed with the client.
• End-of-contract process: Unless there is a statutory requirement to retain data at the end of contract access to the software will be terminated for the client. The client will have up to 21 days to request a data extraction - this will be chargeable - after which the database plus any saved files/documents will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our native mobile apps provide the ability to work offline and synchronise data when a connection is available.; ; The mobile app offers an advanced method for capturing evidence when users are out in the field out with from the office.; ; Push notifications and alerts are available for any matter that requires a users immediate attention.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We treat each integration on its own merit and handle this through our dedicated integration layer that is abstracted from the core solution. There is no public API, but the private API can be integrated with. This requires a collaborative effort by both parties
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: We are happy to white label (rebrand) our service provided the commercial opportunity is sizeable and requires this.; ; We do provide a degree of customisation in the core system, such as through our custom report builder.

Scaling

• Independence of resources: We have a flexible load balancer in place on our application server to manage capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics within the platform for how well the system is helping customers with KPIs and can be opened up to partners via API
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Some data can be exported from Benchmax via an inbuilt Excel Export. For any additional ad hoc exports they must put in a request to Sysmax Limited
• Data export formats: Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Powerpoint
  • Video
  • Mp4
  • Pdf
  • Jpg
  • Png
  • Doc
  • Bmp
  • Xls
  • Webm

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: This SLA measures that services are available to process transactions in a normal and non-degraded manner.; ; How service level is calculated: (Scheduled Service Uptime-Unscheduled Service Downtime) * 100 / Scheduled Service Uptime; ; Example: In a 30 day month, if there were 200 minutes of Unscheduled Downtime in a particular month then this service level would be calculated as (43,200 - 200)*100 / 43,200 = 99.537%; ; Service Level Target: 99.00% (Monthly); ; Service Credit (as % age of monthly fees): 10%; ; For example, suppose the monthly service fees for the SaaS service is £100,000. In January, the Service Availability=98.3%.; ; Service Availability has failed to meet the target. Therefore, the service credits for January equal is to: £100,000*10% = £10,000; ; The service credit of £10,000 should be deducted from the invoice in February for the January services delivered.
• Approach to resilience: Our datacentre provider (Oracle) provides a robust and highly available architecture, specifically designed to minimize downtime and ensure that applications remain accessible and functional even in the face of failures. This architecture is achieved by deploying resources across multiple fault domains (FD) and availability domains (AD) within a region. Each Fault Domain (FD) represents different physical hardware within a single availability domain, providing anti-affinity, while each Availability Domain (AD) is an independent data center that is isolated from other ADs, providing redundancy and fault tolerance.
• Outage reporting: We have a public dashboard showing uptime and current status of the service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We have a suite of customisable provisioning profiles that dictate the region and access levels of each individual's access, in a client's organisation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI (British Standards Institution)
• ISO/IEC 27001 accreditation date: 28/01/2016
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions for ISO27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Sysmax is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organisation in order to preserve our cash-flow, profitability, legal, regulatory and contractual compliance and commercial image. ; ; Information security requirements are aligned with Sysmax’s goals and the ISMS is intended to be an enabling mechanism for information sharing, for electronic operations and for reducing information-related risks to acceptable levels.; ; The Risk Assessment, Statement of Applicability and Risk Treatment Plan identify how information-related risks are controlled. The Quality Manager is responsible for the management and maintenance of the risk treatment plan. ; ; In particular, business continuity plans, data backup procedures, malware control, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these areas are supported by specific documented policies.; ; The ISMS is subject to continuous, systematic review and improvement. ; Sysmax has established an Information Security Group (ISC), chaired by the Quality Manager and including the Systems Manager, Managing Director and the CTO to support the ISMS framework, to periodically review the security policy and to ensure policies are followed.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is facilitated through our ISO27001 procedure for this.; ; The details of the procedure are as follows:; ; Stage 1 - Identify and log the change request; Stage 2 - Plan and test changes; Stage 3 - Assess the potential impacts (mainly on information security); Stage 4 - Formal approval procedure for proposed changes; Stage 5 - Verification that information security requirements have been met; Stage 6 - Communication of change details to all relevant persons; Stage 7 - Fall-back procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Potential threats to our services are identified by a 1-5 rating scale. Threats will be assessed for seriousness and required controls (patching; turning off/removing services affected by the vulnerability; adapting / adding access controls; increased monitoring; awareness raising).; ; Critical security patches are risk assessed and applied as soon as possible. ; ; Information regarding potential threats to the service is gathered from Oracle CloudGuard which monitors our service for weaknesses, we also receive threat intelligence briefs from a variety of reliable sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Potential compromises are identified through various monitoring tools including but not limited to: Microsoft365 SIEM integration, domain recon services, Oracle CloudGuard, annual penetration testing, daily vulnerability scans, anti-malware software on employee workstations, DLP monitoring.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is part of our ISO27001 compliance. Upon receiving notification of a potential incident it is categorised appropriately against our pre-defined incident catalogue, prioritised and an entry is created for it in our incident log.; ; Users can report incidents through our ticketing system via a help widget available in the service or by directly contacting us through our support e-mail.; ; Updates are provided to the affected users throughout the timeline of an incident being investigated. Once the incident has been resolved a copy of the finalised report will be made available to the affected users.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change is core to our corporate strategy. Not only do we democratise regulations, standards, and best practices. We ensure they are used 24/7 and alert the organisation when they are not via our risked impact reporting.; ; Our service tackles some of the most challenging aspects facing technologies in this area.; ; Complex data collection and limited supply chain visibility are the main challenges that we have identified in fighting climate change.; ; The following are the main business values sought by organisations:; 1. Operational Effectiveness; 2. Environmental Impact Quantified; 3. Compliance / Auditing Transparency; ; The following are the business use cases sought:; 1. Data collection; 2. ESG (Environmental, Social and Governance) Reporting; 3. Emissions Tracking; 4. Actionable recommendations; 5. Supply Chain Transparency; 6. CSR (Corporate Social Responsibility) Reporting; ; We take the vision from the boardroom and ensure best practices are distributed by role and organisation, acted upon, and validated in the workplace. ; ; We drive performance improvement while capturing frontline data and assuring compliance to enable auditing transparency.; ; Our platform includes ISO and other standards, regulations, or corporate best practices.; ; Regulatory Compliance: The service ensures organisations, and their supply chains comply with environmental regulations and standards. This can be automated to include updates on regulatory changes, compliance tracking, and audit-ready reporting features.; ; Best Practices and Benchmarks: The service incorporates industry-specific environmental benchmarks, allowing organisations to compare performance against peers and adopt best practices for environmental management.; ; Environmental Compliance and Tracking: The service helps organisations comply with regulations and track their environmental impact to reduce their carbon footprint.; ; Supply Chain Management ensures environmental standards are met, from raw materials to finished products.; ; Social Impact Evaluation can ensure that the company's operations and services contribute positively to society and the environment.; ; We partner with innovative organisations to reduce environmental impact and promote sustainability.

  Covid-19 recovery

  The baby boomer exit, and pandemic require upskilling people faster than ever.; ; • Skills Development: Our software platform delivers support, training and workplace validation of compliance with best practices. This helps upskill and multi-skill people faster. PepsiCo achieved an 80% improvement in onboarding new personnel during COVID-19 in its factories using our platform. ; • Through the platform, we can provide training and development opportunities to help individuals acquire new skills relevant to high-growth sectors, ensuring they are equipped for the changing job market.; ; • Job Creation: We employ personnel in the high-growth technology sector, offering high-paid jobs that are sustainable for the long term.; ; Supporting People and Communities; • Mental Health and Wellbeing: Implement features that help organisations monitor and support the mental health of their workforce, ensuring they have the necessary accommodations and resources to thrive.; ; Supporting Organizations and Businesses; • Remote Work Solutions: We provide a platform enabling organisations to adapt to new working methods, including remote work and flexible scheduling, to support their recovery efforts and drive performance improvement. We provide remote compliance with best practices.; • Sustainable Travel Solutions: Our software platform empowers remote working and remote performance auditing to reduce travel. This supports environmental sustainability.; ; Reducing Demand on Health and Care Services; • Physical and Mental Health Support: Our software platform offers tools and resources that help organisations support their workforce's physical and mental health by partnering with relevant, knowledgeable organisations on the software platform.; • Health Monitoring: Implement health monitoring and reporting tools through our software platform, which allow businesses to track the well-being of their employees, identify potential health issues early, and support proactive interventions.; ; We demonstrate our commitment to improving social value creation in the COVID-19 recovery by promoting economic growth, job creation, and skills development.

  Tackling economic inequality

  Creating Employment Opportunities; • Diversity and Inclusion: Our software platform helps organisations promote diversity and inclusion in their workforce, ensuring that employment opportunities are accessible to a wide range of candidates. ; Supporting Skills Development and High Growth Sectors; • Skills Assessment: Our software platform helps organisations assess the skills of their workforce and identify areas for improvement, including training needs and career development opportunities. It does this ignoring gender, race or other potential bias areas to focus purely on the competencies and compliance with best practices of the personnel involved.; • Training Schemes: Our software platform can provide training programs that address skills gaps and result in recognised qualifications, helping to upskill the workforce and support growth in high-demand sectors.; Influencing Stakeholders to Support Employment and Skills Opportunities; • Stakeholder Engagement: The software platform helps organisations engage with their staff, suppliers, customers, and communities on employment and skills opportunities, promoting a culture of collaboration and shared responsibility.; • Sectoral Collaboration: We encourage collaboration between organisations in high-growth sectors, fostering innovation and supporting the development of new business opportunities.; ; By focusing on these activities, Sysmax demonstrates its commitment to improving social value creation in relation to economic opportunity, promoting business growth, job creation, and skills development.

  Equal opportunity

  Global organisations have used our software platform to ensure equal opportunities by deploying appropriate data.; ; Reducing the Disability Employment Gap; • Increasing Representation: Our software helps organisations track and analyse their employment data, identifying areas where disabled people are underrepresented, setting targets for improvement and driving compliance.; • Skills Development: Our software platform can deploy training information and validate competency in the workplace, enabling disabled people to develop the skills to succeed.; • Supporting the Disabled Workforce: We can help organisations support the well-being and mental health of their disabled employees, ensuring they have the necessary resources to thrive.; Tackling Workforce Inequality; • Identifying and Addressing Inequality: Our software can help organisations identify and address inequality in employment, skills, and pay within their workforce by comparing actual competency validated in the workplace with salaries, grades and levels of seniority.; • Supporting In-Work Progression: Our software helps people, including those from disadvantaged or minority groups, to move into higher-paid work by developing new skills relevant to the contract.; • Modern Slavery Risk Management: Our software can help organisations identify and manage the risks of modern slavery in their supply chains, ensuring that their operations are ethical and fair. It also ensures in-the-workplace validation by the individual and enables whistleblowing by any personnel.; Influencing Stakeholders; • Supporting Disabled People: Our software compliance management platform can help organisations engage with disabled people, promoting inclusive practices and supporting the development of new skills relevant to the contract.; • Promoting Equal Opportunity: Our compliance management software platform can help organisations communicate their commitment to equal opportunity to their staff, suppliers, customers, and communities, fostering a culture of inclusivity.; ; Focusing on compliance, risk, and competency management, we create social value and equal opportunity and promote a more inclusive, equitable society.

  Wellbeing

  Sysmax focuses on the following wellbeing areas by using appropriate data within the software platform:; ; Demonstrating Action to Support Health and Wellbeing; ; Health and Safety Protocols: Our software compliance management platform helps implement and report health and safety protocols to drive adoption and validation in the workplace.; ; Mental Health Support: Our software platform can also house stress management resources and mental health assessments.; ; Influencing Stakeholders to Support Health and Wellbeing; ; Supplier and Customer Engagement: Our software compliance management platform can enable organisations to engage with suppliers and customers on health and wellbeing issues.; ; By focusing on these activities, Sysmax can effectively demonstrate its commitment to improving social value creation in relation to wellbeing, both within its contract workforce and through its influence on stakeholders. This approach not only aligns with governmental objectives but also positions Sysmax as a leader in promoting health and wellbeing, community integration, and strong, integrated communities.

Pricing

• Price: £27 to £500 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer the ability to register an account via our iOS mobile app to try out the service on some set compliance templates.; ; We may allow free trials for large contracts for two months.
• Link to free trial: https://apps.apple.com/us/app/benchmax/id1525240367

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at peter.mcateer@sysmax.com. Tell them what format you need. It will help if you say what assistive technology you use.