SQEPTECH LTD

Cornerstone MyGuide

Organisation expect digital transformation projects to improve productivity, reduce search and support costs, and boost innovation across the board. MyGuide is a robust simple-to- use Digital Adoption and automation platform to onboard users, roll-out changes, enhance productivity, and improve performance with real-time and interactive guides.

Features

• Adoption Guides including in-app tours, how-to guides, assisted automations
• Adoption Guides including courses, cue-based instruction, searches, and chat
• Pick-up and go- No engineering, no training required, low code
• One unified platform covers digital adoption for all enterprise applications
• User can access key applications, via web, desktop and mobile
• Create instructional guides with multimedia support, automation updates
• Simple, one-click publishing
• Uses themes and branding
• Track device usage, drill into user data, drive workflow
• Supports the drive for feature adoption

Benefits

• Productivity improvement attributed to technology use, process adoptions, task completion
• Reduced search time for content and answers internally and externally
• Reduced training times- new deployment of systems, features, change processes
• Fewer support calls: tours, nudges, guides, assistance, learning, automation aids
• Easy to build, measure, change, maintain interactive and immersive content

£26,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@sqeptech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

989989503004958

Contact

Roberta King
+447734112102
contact@sqeptech.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Any SaaS solution for which there is a need for an online training guide for the end users.
• Cloud deployment model: Public cloud
• Service constraints: No, Software-as-a-Service. Users can access the application at any time and from anywhere through the internet.
• System requirements:
  • Access to internet connectivity as the solution is SaaS/Cloud based
  • Safari, Google Chrome, Firefox, IE11 and above
  • There are no software maintenance, and no network administration requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Business working hours Mon-Friday 9.00 - 17.00; slower response during the weekend. ; Typical support responses times:; • Priority 1 – 1 working day; • Priority 2 – 3 working days; • Priority 3 – 10 working days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customers can contact the SQEPtech support team via support@sqeptech.com indicating issues and their estimated level of priority as follows:; • Priority 1 – fail in operations; • Priority 2 – reported bug or issue without a workaround in place; • Priority 3 – reported bug or issue with a workaround in place ; ; SQEPtech will endeavour to apply fixes to the reported issues in line with the reviewed priority level as follows:; • Priority 1 – 1 working day; • Priority 2 – 3 working days; • Priority 3 – 10 working days; ; Managed services support level can be put in place, costs varying on number of payslips required to be produced on a monthly basis. ; ; Account Manager and/or Client Success Support available depending on type of contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once the contract has been executed, SQEPtech will assign the client a dedicated Implementation Consultant. The Implementation Consultant will be the primary point of contact during implementation. In addition, they will be supported by a project team as appropriate to the scope of work. This may include a Program Sponsor, Engagement Manager, Integration Consultant, and Technical Consultant.; The Project Teams works closely with the Client SME of the application for which MyGuide is purchased for. Ongoing support for changes will be provided by the Supplier
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: In the event that a client does not renew their contract, the application is removed. No data is stored and/or collected therefore there is no data extraction scope of this service
• End-of-contract process: Our agreements are for a term lease period, and software fees are paid in annual installments over that period, during which time SQEPtech recovers costs. Accordingly, during that lease period (as with, say, a rental or car lease), there can be no termination for convenience. ; Effect of Termination: Immediately following termination of this Agreement, Client shall cease using all Products.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: MyGuide is designed to be fully configurable by the client depending on the application to which is applied.

Scaling

• Independence of resources: The Cornerstone application, as per the Software as a Service model, is designed to scale horizontally. It is multi-tenant-efficient, offering a load balanced farm of identical instances known as swim lanes. When additional server equipment is added, the application capacity scales to fill the available hardware.; This allows virtually unlimited growth capacity.; As opposed to a classical behind the firewall or hosted architecture, our application and our hardware platforms are designed to:; • Efficiently support a high number of users and customers • Redistribute load easily; • Add additional capacity easily and quickly

Analytics

• Service usage metrics: Yes
• Metrics types: Cornerstone’s SLA also guarantees 99.5% uptime (excluding reasonable and scheduled maintenance periods) per month.; Support is enabled for named client administrators to access Global Care knowledge assets, solutions, and self-service support tools online at any time. This is powered by a case management system and interface that provides the ability to submit, update, track and manage questions, issues, and other requests.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Cornerstone OnDemand

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Data-at-rest protection, Optional TDE Encryption at rest; Physical access control, complying with CSA CCM v3.0 and ISO27002 Standards
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: MyGuide does not store any data, therefore there is no scope of data export with this service
• Data export formats: Other
• Other data export formats: There is no data storage with this service
• Data import formats: Other
• Other data import formats: There is no data storage option

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: TLS (Version 1.2 or above), VPN, restricted access (SSO) and dedicated lines.

Availability and resilience

• Guaranteed availability: Cornerstone provides an SLA for all clients that guarantees initial response and resolution in regards to defined priority and severity levels.; Cornerstone’s SLA also guarantees 99.5% uptime (excluding reasonable and scheduled maintenance periods) per month.
• Approach to resilience: Cornerstone’s Disaster Recovery/Business Continuity Plan defines plans, procedures, and guidelines for the Company in the event of disaster. Specifically, this document establishes procedures for recovering business operations, internal data; systems, and critical internal functions to maintain Cornerstone as an on-going concern in the face of unexpected events.; The plan has the following primary objectives:; •Identify critical systems, services, and staff necessary to maintain and/or restore Cornerstone business operations and internal functions.; •Provide guidelines for the communication of activities and status to both Cornerstone staff and client personnel during the recovery period.; •Present an orderly course of action for restoring critical computing capability to Cornerstone and for maintaining and/or restoring client service and support.; Cornerstone performs site-to-site replication of data to protect client data in the event of a disaster. There are two dedicated disaster recovery sites distant from each of the production data centers. Disaster recovery testing is performed semi-annually at each DR site.; Further available information is available upon request.
• Outage reporting: Outages occur during scheduled maintenance/releases. Otherwise, the system is not likely to experience any outages, however in the unlikely event of an unexpected outage, clients will receive email alerts.; Downtime is scheduled for planned quarterly releases at least 4 months in advance and deployed during off-peak hours, typically 8:30PM EST Fridays to 1AM EST Saturday (4.5 hours). Patch fixes typically occur every two weeks between 8:30PM EST and 12:00AM EST. The typical downtime for a patch deployment is approximately 10 minutes.; Client administrators can access a calendar of upcoming release and patch dates at any time through our client portal, Success Center. In addition, multiple email reminders are sent in advance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Users access the Cornerstone application either through a username and password, or through Single Sign-On (SSO). Cornerstone does not offer two factor authentication to clients for logging into their portal. However, clients that use SSO are able to implement two factor authentication within their own network prior to sending the SAML token to Cornerstone.
• Access restrictions in management interfaces and support channels: Users need a unique username, password to access the application. Alternatively, clients can be authenticated using security tokens, utilising a symmetric algorithm, passed by the client’s local authenticator for Single Sign-On functionality.; Passwords represent a fundamental and significant security mechanism at Cornerstone. Passwords are required to access the production network (via Active Directory) and applications (SQL Server). User accounts are created that employ individual user ID and passwords to identify and authenticate a given user. Users cannot access any Cornerstone system without a valid user ID and password. The SQL server logon groups are each configured to use Windows authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV GL Business Assurance accredited the ISO/IEC 27001 certification
• ISO/IEC 27001 accreditation date: 07/05/2015
• What the ISO/IEC 27001 doesn’t cover: Please note that Cornerstone's IT service management policies and procedures are informed by many sources, including the cohesive set of best practices covered by ITIL, as well as other standards and best practices such as SSAE 16, ISAE 3402, ISO 27001, and FISMA. These certifications cover all the main security requirements.; Certification excludes non-Cornerstone elements of SQEPtech's IT.
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: N/A
• ISO 28000:2007 accreditation date: N/A
• What the ISO 28000:2007 doesn’t cover: Please note that Cornerstone has received certification for the following programs:; • SSAE 16, ISAE 3402 Type II Audit, SOC 2 Type II; • PCI Certification; • Privacy Shield (previous EU Model Clauses, previous Safe Harbor); • EU GMP Annex 11 and 21 CFR Part 11; • Federal Information Security Management Act (FISMA); • ISO 27001:2013; • Equinix SSAE16 Audit, ISO 27001, ISO 22301, ISO 9001, OHSAS 18001, ISO 14001; • Equinix Telecity ISO 27001, ISO 22301, ISO 9001, OHSAS 18001, ISO 14001
• CSA STAR certification: Yes
• CSA STAR accreditation date: 7/5/2015
• CSA STAR certification level: Level 5: CSA STAR Continuous Monitoring
• What the CSA STAR doesn’t cover: Cornerstone can provide upon request a copy of the CSA questionnaire with all the Cornerstone compliant specifications.; Excludes SQEPtech's IT.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Trustwave accredited the PCI certification for Cornerstone
• PCI DSS accreditation date: 2014
• What the PCI DSS doesn’t cover: Cornerstone is categorized as PCI Level 4 SAQ D under the Payment Card Industry Data Security Standards. Standards include: building and maintaining a secure network, protecting cardholder data, and maintaining an information security policy.; Excludes SQEPtech's IT.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 16, ISAE 3402 Type II Audit, SOC 2 Type11
  • Privacy Shield (previous EU Model Clauses, previous Safe Harbor)
  • EU GMP Annex 11 and 21 CFR Part 11
  • Federal Information Security Management Act (FISMA)
  • ISAE 3402
  • EU GMP ANNEX 11
  • WCAG 2.0 and Section 508
  • FedRAMP
  • ISO 27701, ISO 27001, 22301, 9001, OHSAS 18001, 14001
  • Equinix Telecity ISO 27001, 22301, 9001, OHSAS 18001, 14001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials.
• Information security policies and processes: Security is of paramount importance to Cornerstone due to the sensitive nature of employee data. We designed our solution to meet rigorous industry security standards and have ISO27001:2013, ISO27701:2020 including ISO27018 for privacy, plus conduct annual SSAE 16 SOC1 and SOC2 third party audits to verify continuously Cornerstone Technical and operational controls to assure clients that their sensitive data is protected across the system. We ensure high levels of security by segregating each client’s data from the data of other clients and by enforcing a consistent approach to roles and rights within the system. These restrictions limit system access to only those individuals authorised by our clients.; We employ multiple standard technologies, protocols, and processes to monitor, test, and certify the security of our infrastructure continuously.; Security responsibilities are handled by our IT operations team and overseen by our Deputy CISO, who works in concert with our Sr. Director of Technology Operations and Chief Technology Officer and is responsible for securing information in accordance with industry best practices and for implementing the recommendations of the various 3rd party audits.; Cornerstone does not publish these documents. However we can provide a secure online account, where you can access and view.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As a SaaS company, we release software frequently and regularly so that our clients may benefit from our on-going R&D. Cornerstone follows a defined SDLC (Software Development Lifecycle) that contains a number of important quality steps, an abridged version of which can be provided upon request. Development and Project Management are tasked with ensuring that these steps are followed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Cornerstone contracts leading third party information security consulting and services companies to run external penetration tests against our production environments to coincide with major code releases throughout the year. Vulnerability classes tested for include the following:; •Cross Site Request Forgery (CSRF); •Cross Site Scripting (XSS); •Command Injection (including SQL, LDAP, and OS command injection) •Server Side Includes (SSI) Injection; •Forced Browsing; •Format String Vulnerabilities; •Response Splitting; •Directory Traversal and Data Exposure; •SSL/TLS Cipher Strength Analysis; •Cookie Analysis; •HTTP Method Analysis; •Hostile Link attacks; •Cookie Injection Attacks; •Session Fixation; •Session Management (Subversion, Timeouts/Logouts); •Vulnerabilities Within the Username/Password Recovery Method
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Security is of paramount importance to Cornerstone due to the sensitive nature of employee data. We designed our solution to meet rigorous industry security standards and to assure clients that their sensitive data is protected across the system. We ensure high levels of security by segregating each client’s data from the data of other clients and by enforcing a consistent approach to roles and rights within the system. These restrictions limit system access to only those individuals authorised by our clients.; Cornerstone include best in class multiple standard technologies, like SPLUNK to help manage our security monitoring.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cornerstone maintains an ISO27001 based Security Incident Response Plan in order to organise resources to respond in an effective and efficient manner to an adverse event related to the safety and security of a computer resource under Cornerstone’s management. An adverse event may be malicious code attack, unauthorised access to Cornerstone managed networks or systems, unauthorised utilisation of Cornerstone services, denial of service attack, or general misuse of systems.; The plan clearly defines the appropriate steps and processes in communication. Clients will be notified within 24 hours of the identified issue.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SQEPtech takes action to combat climate change covering energy use, emissions and waste including from transportation and consumables. This includes: regular review of IT infrastructure needs to minimise energy consumed by this infrastructure and the minimisation of business travel to reduce transport-related emissions by using Teams and remote working tools extensively.

  Covid-19 recovery

  SQEPtech's business is fully remote and hence supports effective social distancing and remote working. This also assists those members of staff from both SQEPtech and the client who are shielding or supporting CEV individuals. As a fully remote company, it is able to host all meeting remotely, maintaining social distancing and avoiding travel (however, where required by a client SQEPtech's team members are able to meet at the client's site). As SQEPtech takes on new contracts and continues to grow its fully remote working business model facilitates it to create new jobs and recruit new employees from across the UK

  Tackling economic inequality

  As a technology start-up company SQEPtech is a fully remote company within the United Kingdom and is able to staff its team from skilled workers across all the regions within the UK. As SQEPtech takes on new contracts and continues to grow its fully remote working business model facilitates it to create new jobs and recruit new employees from across the UK. Additionally, SQEPtech's business model enables it to employ staff from groups that may find it harder to re-enter employment such as those caring for children or with other caring responsibilities. SQEPtech has a Code of Business Conduct that sets out its fair and responsible approach to working. This is supported by policies including data protection, data privacy, ethical trading, modern slavery, anti¬ bribery & corruption, gifts & hospitality, equality & diversity, environmental management and health & safety.

  Equal opportunity

  SQEPtech has an Equality & Diversity Policy which all team members must comply with. This is reflected with our Code of Business Conduct as this extract shows: "Diversity & Inclusion We value all our people, regardless of background and experience. We value all the skills and ideas our people bring to bear on developing and delivering solutions to clients and to internal customers. SQEPtech's strength is in this diversity. Diversity & Inclusion We: -Respect the contribution of all. - Embrace inclusive practices. -Treat others with respect, dignity and expect to be treated this way in return. -We encourage people to collaborate and contribute to activities. -Manage compensation and promotions fairly based upon performance. -Speak up when we see, hear or experience any form of discrimination."

  Wellbeing

  SQEPtech has a culture that supports our team's wellbeing through creating and enabling team members to develop a work-life balance that works for them. This builds upon a fully remote structure and extends to how SQEPtech team members manage their working hours, SQEPtech has a health & safety policy, signed by the CEO. This is the main statement from the policy: "SQEPtech considers health, safety and environment matters to be important principles of ethical business. This policy applies to all of SQEPtech's operations wherever they are carried out and is reviewed, and if necessary revised, on an annual basis. The Chief Executive Officer has overall responsibility for implementing this policy. We do not compromise over the health & safety of our people. We balance social, environmental and economic priorities to create value for all our stakeholders. We protect and improve the environment wherever we can. We are committed to continuous improvement in both our performance and management of health, safety and the environment."

Pricing

• Price: £26,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@sqeptech.com. Tell them what format you need. It will help if you say what assistive technology you use.