The Access Group

Access PeopleXD

PeopleXD manages all strategic and transactional HR and Payroll processes. PeopleXD next generation HCM technology removes all the complexity around your processes, allowing you to focus on what’s important – your people. Empower your global workforce with a mobile self-service experience, backed by analytics and real-time management information.

Features

• People management- fully automated HR processes and workflows, mobile platform
• Workforce management- attendance and absence tracking, leave management
• Payroll- HMRC accredited, total rewards, compensation and benefits management
• Talent Acquisition- recruitment onboarding, social integration, applicant tracking
• Learning and development- training adminstration, evaluation, course catalogue
• Budget and forecasting- workforce planning, what-if modelling and analysis
• Analytics and business intelligence- dashboards, management information, historical analysis
• Evo - Access’ next generation platform including Generative AI
• Knowledge centred support, eLearning, pre-configured environments, customer community

Benefits

• Pedigree- 35 year track record supporting easy & strategic HR
• Access - 100% web-enabled, device agnositic and inherently mobile
• Faster- User interface based on as few clicks as possible
• Better- fully integrated, single database platform, consistent look and feel
• Smarter- intuitive design built with usability and minimal training required
• Insightful- single platform, single source of truth powered in-application analytics
• Efficient- self-service driven functionality frees up HR/Payroll admin
• Compliant- contracted legislative and statutory compliance
• Flexible- fully configurable, scalable and modular options
• Unlimited- supports global workforces, limitless users and high availability

£2.70 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

946869821167907

Contact

Access UK
01206322575
tendernotifications@theaccessgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: -
• System requirements:
  • PeopleXD Certified Browsers
  • Web Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: -
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Success Plan (15% of total Annual Subscription Fee):; 99.5% availability ; ; Premier Success Plan: (25% of total Annual Subscription Fee):; 99.9% availability; Named cloud support engineers
• Support available to third parties: No

Onboarding and offboarding

• Getting started: PeopleXD University is a one stop shop to learn about PeopleXD products, take online Learning courses, view online manuals, assess your knowledge and get certified on PeopleXD . ; Our comprehensive range of courses are delivered by PeopleXD subject matter experts and certification is available for each course. ; This cost effective approach provides users with immediate support and reference material for completion of tasks.; Users have the freedom to learn at their own pace and at a time, location or even a device convenient to them. Simply visit, watch bite-sized videos, take the exam and get certified. ; ; PeopleXD SaaS-IM, our approach to Implementation, we apply a process based methodology founded on PRINCE2 in which all PeopleXD consultants are trained. It employs proven Project Management methods, industry best practice and proven client experience to allow for an optimised approach to HR implementations. It is designed to be a flexible toolset which can be easily understood and applied to HR projects whether they contain Payroll, Personnel, T&A or anyother elements. This methodology uses a consistent approach to understanding requirements, implementing solutions to match client requirements and providing the wraparound services required to support the implementation and on going use by clients.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Microsoft Word
• End-of-contract data extraction: Upon request by Customer, within thirty (30) days after the effective date of termination or expiration of this Agreement, PeopleXD will make the Customer Data available in an Oracle database extract format to Customer through the Service at no additional cost. After that thirty (30) day period, PeopleXD will have no obligation to maintain or provide Customer Data (except by prior written agreement between the Parties and for an additional fee), and will thereafter securely delete or destroy all copies of the Customer Data in PeopleXD's system or otherwise in its possession or control, unless legally prohibited. Customer Data stored in backups will be deleted in accordance with then current schedule for deletion/overwriting of such backups. Customer Data stored in backups will not exceed onehundred (100) daysbeyond the effective date of termination.
• End-of-contract process: The Customer will be provided a with copy of the Customer Data in an in an Oracle Database Extract; format to Customer if they so request. This one-off export will be at no additional cost to Customer.; The PeopleXD Data Export process is as follows:; 1. Receipt of a Support Request requesting a data export for a Customer.; 2. Receive written approval in the Support Request from The Head of Technical Services or Senior Infrastructure Solutions Architect to progress an Oracle Export.; 3. Run standard data pump technology and create the Customer specific Oracle Database Extract dump file.; 4. Customer will be requested to provide a Secure FTP site to facilitate the transfer.; 5. The Customer will be asked to provide their public PGP key to facilitate secure encryption of the dump file.; a. If the Customer cannot provide a PGP key the file will be zipped and password protected.; b. This password will be shared by text message to an approved recipient in the Customer’s organisation.; 6. Once completed the Support Request should be updated accordingly, confirming that the dump file has been securely shared and that the original dump file has been fully deleted from the PeopleXD server.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: PeopleXD has a native app. The PeopleXD portal will also automatically render to mobile device.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: PeopleXD's solution is built on the Oracle technology stack meaning that it is very open in terms of integration which supports a variety of industry standards. Application program interfaces (API) are predefined processes within PeopleXD that will carry out a specific action based on given inputs. The PeopleXD application program interfaces are effectively a database stored library of procedures. For the simplicity of integration, only PL/SQL procedures are used (not functions) as the calling system will only need to make one type of call regardless of the nature of the specific API being utilised. A full overview of the API capability can be found in the attached document ‘DataTalk Integration Overview’ and the public API site for PeopleXD .
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Load balancers are deployed across two data centres within the Cloud Common Front End. In each datacentre the load balancers provide SSL-offloading and load balancing for all web requests destined for the web and application tiers in that datacentre. Global Site load balancing will be used to provide an Active / Active design. This Active / Active design will load balance all web requests across the web / application tiers in both datacentres based on a least connection basis. Traffic from the web/ application tiers will then talk to a database tier which will be active in a single datacentre.

Analytics

• Service usage metrics: Yes
• Metrics types: Access can provide usage and downtime metrics on request by the customer.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: On screen exporting available in Excel, CSV, TXT and HTML formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Maintenance windows as detailed above are minimal with the service so that we use all reasonable efforts to ensure that the SaaS Services are available for 99.80% of each calendar month. That our standard SLA across all Access products.
• Approach to resilience: The PeopleXD Hosted Application is deployed within the BT Ireland Citywest Tier III Data Centre. It resides in what is termed as a shared managed Infrastructure. With the PeopleXD solution resides within its own managed VLAN configuration, the service is comprised of bandwidth from three upstream providers with full transit resilience with an aggregate bandwidth of over 5Gbps. All three upstream providers are provided over diverse and fully resilient fibre networks which are in turn linked to both public and private peering points. The providers currently serving the data centre are BT Net, BT Global and Global Crossing hence we are not reliant on any single provider. For example, if all BT networks were to fail, the BT data centre IP network would continue to operate through our connectivity to Global Crossing. BT's IP network is designed to never run over 50% capacity. Outlined in the schematic below is the meshed IP network.
• Outage reporting: Email Alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access has an Access Control Policy as part of our Information Security Policies. The policy takes into account business and security requirements, is reviewed and approved by management and is communicated to all staff. ; ; As part of the policy, asset owners determine the appropriate access controls, rights and restrictions appropriate. Physical and logical and network access controls are considered together with the information classification level of the asset. Access rights are allocated on the principle of “least privilege” so the user only has access to those systems that are necessary for their role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 01/09/2014
• What the ISO/IEC 27001 doesn’t cover: Scope of Registration: The information security management system in relation to the organisations business, including: hosting, payroll services, financial & payment processing, screening, software development and delivery, client data and infrastructure in accordance with the statement of applicability V2.0
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: PeopleXD has an Information Security Policy which is approved by management, this is an element of the wider Information Security Management System against which the Organisation has been ISO 27001 Certified. ; ; The policy is owned and published by the Chief Information Security Officer. It sets out the organisation's approach to security, the commitment from the senior management team and the specific security policies of the company. ; ; The Information Security Policy is updated regularly, is published on our the corporate sharepoint and staff receive training on the policy during induction training and refresher trainng on a twice yearly basis.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: No changes are made to a customer environment without their request/approval. The only team within Access with the level of access required to introduce a software release to a customer environment is the Development Operations team. This request would need to come from the customer via the Access support organisation. A Change control policy is in place and forms part of the organisations ISO 27001 certified ISMS this policy sits at an overaching organisational level and has additional Change Control policies as applicable at a per Busienss Unit level.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability scans are completed in conjunction with our Datacenter partners-BT; ; Technical Vulnerability management within Access is undertaken by the Information Security team. For example, the IT Manager has responsibility for assessing technical vulnerabilities with PCs, local networks and ensuring appropriate measures in place. ; ; Risks to assets are assessed on an ongoing basis via Access’ technical functions or via suppliers such as Oracles, McAfee, etc. Urgent or critical vulnerabilities or threats are addressed as a matter of urgency. Systems are high risk are addressed first. A risk assessment is also conducted on all assets as part of annual asset review
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring is carried out of all database activity including use of tools such as Oracle Enterprise Manager and Audit Vault auditing functionality. This monitors and records in logs selected / defined user database actions. PeopleXD security monitoring mechanisms trigger auditing when someone accesses or alters specified objects in an Oracle database, including the contents within a specified object.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Access has an Incident Response Procedure which outlines how an incident should be handled and reported. This procedure forms part of the organisations ISO 27001 certified ISMS. The IS policy also highlights to employees how suspicious activity can be reported.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Access UK Limited is a Software author and provide associated services, including Hosting, Payroll Bureau and Payment services. We recognise that although we do not undertake manufacturing, our day to day operations will have impact on the environment at global, national, and local level. We are committed to the care of the environment and the prevention of pollution. •Access ensures that all our operations are carried out in with the minimum adverse effect on the environment but implementing many available resources and approved processes •We protect the environment by striving to prevent and minimise our contribution to pollution of land, air, and water •We keep wastage to a minimum and maximise the efficient use of materials and resources, and manage disposal of all waste in a responsible manner •We use energy, water, and natural resources wisely and prevent pollution by minimising waste, recycling whenever possible and properly disposing of waste that cannot be recycled. •Our management processes are developed to ensure that environmental factors are considered during planning and implementation •We raise employee awareness and encourage best practices for sustainability at work

  Equal opportunity

  We want everyone to feel at home at Access, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual; after all, if we were all the same it would be a pretty dull place. We love the fact that we’re all different. Having more diverse perspectives at work improves how we run our business, helps us support our customers, and when you think about it, it's just more fun. For us, this all starts with helping everyone feel part of the family and being at their best every day, making Access a place where everyone can love what they do and do what they love. We all have regular check-ins with our leaders, take part in monthly employee surveys, have lots of chances to share our views and ask for help, and with our own learning system, 'Access Shine', we really can make things even better each and every day. At Access we'll always hire the best candidate but we're continually looking for creative ways to increase the mix of diverse candidates into our recruitment process. On the basis that you ‘have to see it, to be it’, one thing we're doing is sharing more stories to celebrate the wonderful diverse range of talent we have at Access. It is important for us that our employees understand and reflect the customers and communities we support, and we want everyone to feel at home here, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual.

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £2.70 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.