Matrix SCM

Matrix-CR.Net

Matrix SCM provides a cloud-based software application which enables our customers to engage and manage contingent staff more effectively and efficiently. Our software also helps customers reduce their future reliance on using contingent staff by helping them to develop permanent staffing capability. For more information visit www.teammatrix.com

Features

• End-to-end recruitment system
• Dynamic Purchasing System (DPS)
• Real-time reporting and Management Information
• Candidate order, review and selection
• Temporary Agency Staffing
• Permanent Recruitment
• Electronic Timesheets
• Supplier Management
• Consolidated Invoicing
• Pre-employment check process

Benefits

• DPS Compliant
• Control and Visibility over agency spend
• Faster and more efficient recruitment process
• Increased Candidate Quality
• Candidate Compliance
• Mobile and Tablet Usability

£10,000 to £1,000,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.grimes@matrix-scm.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

929275630224234

Contact

Chris Grimes
07843072803
chris.grimes@matrix-scm.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Access to the internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hours for Clients. Matrix are 24/7/365 with dedicated Account Management support.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: The web chat is embedded into our cloud application and accessed through the help tab. This is a typical chat feature. a recording of conversations are emailed to the matrix Operations manager.
• Web chat accessibility testing: Our web chat is provided by a third party. We have checked with them and they have confirmed that they have not completed any testing with assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: Service Desk, Email, Phone, Live-Chat. ; Account Management Resource and Strategic Contract Management. Support available at additional cost. Technical Account Management related to system available at no cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Matrix SCM provide a comprehensive implementation process which includes full system training through a mix of on-site, online and video training material. This is carried out by a dedicated implementation team and training manager.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users will need to contact Matrix SCM to have their data completely removed from the system. But users can also use the export functionality to extract the data themselves.
• End-of-contract process: The client has a grace period in order that any critical activities are completed and allow any outstanding payments to be made. No new activities can be completed during this time.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The CR.Net web application is fully responsive and is Mobile and Tablet Friendly. The web application supports many different functions and user roles. Matrix now have a native app that runs on both Android and Apple devices. The App is only designed to implement a one specific subset of the overall functionality. But, by having the App means more users engage with the service and reduces the time the given task takes to complete
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The main interface is through a web browser that is fully responsive to a work on mobile browser. Some features also available through a native app.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is delivered through a web browser and as such will allow the accessibility features of the browser to be utilized - Text zoom, speech, keyboard shortcuts. The interface is fully responsive to the screen size that is being used. The service also supports visually impaired users by allowing them to change the colour scheme or increase the font size.
• Accessibility testing: The application was tested for WCAG2 standards following the last major interface redesign. Tools such as Wave and Zoom Text are used to assist in correcting any issues
• API: Yes
• What users can and can't do using the API: The API is not intended for general use. It is provided as an enhanced service for the purposes of bespoke integrations and requires both the Matrix and 3rd party IT teams to work together to implement the required solution.; ; What can be changed is controlled through the access that is granted using authorisation keys. The changes that can be made will be agreed as part of the design of the bespoke development.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: During the onboarding process, all new clients will work with the Matrix implementations team to ensure that the system is customised to reflect the client's internal policies and processes. This includes the layout of pages, including adding custom fields, or defining the contents of a picklist. Optional approval processes can be implemented and bespoke integrations with third party software can be embedded in various parts of the workflow. ; ; End users can change colours, font size, the list pages can be customized by adding, removing or moving columns. Containers can also be re-arranged on the page. All these settings are persisted

Scaling

• Independence of resources: We have a load balanced web farm that spreads load evenly and the solution is hosted in a virtual environment so new resources can be spun up very quickly. Active monitoring of every aspect of the solution allows us to monitor against CPU, disk space and database transaction times.

Analytics

• Service usage metrics: Yes
• Metrics types: User access, browser types, device types, page history, server statistics (CPU, disk space) failed log-ons.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Manually export by selecting the export button within the system or can sign up to schedule reports within the system. ; ; Alternatively, administrators can run data extracts at given schedules. ; ; Users can run reports in the system and then export them in excel or PDF formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Matrix-CR.Net delivers a service uptime of 99.8% to our customers. ; Matrix has a comprehensive Disaster Recovery (DR) Plan to ensure that all departments are fully aware of what actions should take place if Matrix SCM have switch to a DR plan, these actions will ensure that there is minimal disruption to our clients.; ; Uptime will be measured on a quarterly basis, using the measurable hours in the quarter i.e. actual time available vs. total time within the quarter (inclusive of any scheduled downtime, including maintenance, upgrades, etc.) For the avoidance of doubt, his equates to 2,189 actual hours available / 2,200 possible available hours = 99.5 availability. ; The system will be classed as “unavailable” in the event that there is a fault with the system that either a) prohibits users from being able to login or b) renders critical functionality to be non-operational (or otherwise classified as severity 1 within this SLA), as a result of a fault with the system itself, rather than due to the user’s own hardware or software issues.
• Approach to resilience: Tier 4 designed data centre with dual power generators, dual internet connection, dual network cards, dual servers, UPS's.
• Outage reporting: Matrix-SCM have a full business and continuity plan that documents exactly how outages are reported, to how and how frequently. The head of the Operations Centre would manage all communications with users directly by either email or phone.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Users are given a pre-defined role which controls what they can access within the system.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 29/03/2022
• What the ISO/IEC 27001 doesn’t cover: Nothing.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Matrix SCM is accredited for IS0 27001 which demonstrates that Matrix has a well-structured and embedded Information Security Management System. Account Managers report in to Business Management and Operations Director. Matrix SCM also hold the Cyber-Essentials certification

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of CR.Net are tracked through their lifetime via a risk register and issue log which is managed by our IT development team. ; Any changes made to the system are put through rigorous user testing in a testing environment, which are signed off by the customer before being implemented on the the live production site.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Anti virus software on the services. Traffic is routed through firewalls. Patches are applied when released by Microsoft. Threats are alerted to us through Microsoft updates, anti-virus or continual monitoring software
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All servers are firewall protected and are running latest anti-virus software. We perform regular checks of the servers through use of monitoring software that send email alerts to key IT personnel.; If compromised, we would follow the industry standard guidelines to eradicate the risk .; All events within the system are audited and fully visible to the users. All page access is also monitored along with failed login attempts, with passwords being locked after 3 failed attempts. Users also have to change their passwords every 45 days
• Incident management type: Supplier-defined controls
• Incident management approach: All servers are fully monitored with numerous failover points to try and litigate incidents that would affect the running of the system. Matrix also operate a full DR process in case of system outages. This not only includes the system but the offices and telephones. Software related incidents are logged into the helpdesk system through their dedicated account manager. Incident reports are communicated back to the end-users either through phone, email or the system itself.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Our internal social value team will engage with public sector buyers and lead social value initiatives tailored to their goals. We will work with public sector buyers to understand their key priorities. From this, we will create an action plan that sets out our Social Value deliverables against fighting complement changes.

  Equal opportunity

  Our internal social value team will engage with public sector buyers and lead social value initiatives tailored to their goals. We will work with public sector buyers to understand their key priorities. From this, we will create an action plan that sets out our Social Value deliverables against driving equal opportunities.

Pricing

• Price: £10,000 to £1,000,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.grimes@matrix-scm.com. Tell them what format you need. It will help if you say what assistive technology you use.