Cyber Essentials Renewal for 2022-3

We have just passed our Cyber Essentials audit for this year. This year’s assessment was much tougher than last year but we were given notice about that by our assessor 12 months ago and have upgraded many of our resources to overtake the evolving threats.

AXLR8 Cyber Essentials 2022-3
AXLR8 Cyber Essentials 2022-3 certificate

Thanks as ever to the clear guidance and explanations from RightCue.

Next we have Pen Testing and following that in Late December, we start our Cyber Essentials Plus preparatory scans and physical audit. If you have not been through this process with your company, please think about it. The cyber threats are real and we highly recommend Cyber Essentials for cyber peace of mind and now use it for the more stringent Cyber Essentials Plus exercise each year.

AXLR8 ATS Integration

AXLR8 ATS Integration

AXLR8 has been working on many integrations for the ATS (applicant tracking system). Now our clients can spread the net even wider in their search for new talent. We are all competing for the best candidates.

Integrations include Indeed, Monster and Rest Less as well as many others. We have several links with other HR tools you can plug into the candidate journey such as one way interviewing platforms like Willo. There is much more information about the AXLR8 ATS on our specialist AXLR8 Staffing site. Also, there are several explainer animations about our clients using the AXLR8 ATS like this, and this

Your talent management team can ensure compliance with hiring standards like BS7858, rights to work and automate the process using the AXLR8 Application Form Builder (AXLR8 AFB) and AXLR8 Vetting. For placing the adverts and job details pages on your website job boards, AXLR8 provides a plug in for well known CMS providers such as WordPress.

More information About the AXLR8 ATS is available in this article.

Audit trail

If you need to know who did what and when on the AXLR8 system, you can refer to the comprehensive audit data that is recorded as your users work.

This article from our public sector website demonstrates an example from workflow in a business area with very strict compliance compliance requirements. There are examples from our finance and staffing clients, as you can imagine.

However, the monitoring is mostly used not for compliance or establishing who was responsible for a change or for “Big Brother” staff monitoring. It is mostly used on a day-to-day basis for training and occasionally for diagnostics.

Audit trail data is also used for KPIs examples we have put into AXLR8 Reports (also spreadsheets, pivot tables and Power BI models) recently, include:

  • recruitment applicant tracking progress (time in different job application stages from application to interview, to hiring, etc.
  • sales KPIs – client contact activity rates, follow ups, etc.

Please let us know if there are audit data you need and your AXLR8 consultant will assist you to find an existing report or create a new report using AXLR8 RB.

Start up companies using AXLR8

Start up companies using AXLR8

It is an old adage that more companies go bust coming out of recessions and depressions than during them. So now there are very competent managers who are starting out with their new businesses and using AXLR8 from the very beginning.

AXLR8 packages for startups

We have responded with a start up pricing package. It is summarised as: “Start at a low cost whilst you need to keep costs and risks down. Pay us more when you get richer”. So we are effectively investing in start ups. Obviously, some make it and some do not – for all sorts of reasons.

Many are staffing companies where their previous employers went bust. Most are successful. See this article. There are no surprises why some succeed and some fail – hard work and keeping lots of plates spinning.

We are just exploring and testing different offers customised for startups. It really started when we had to lend money to clients during the recessionary period in order to keep their systems going. The reason for this was that their services have not been required for two years! Thankfully, most of those have recovered and are paying us back as their shift numbers increase.

Others have come across from competitors who have been left with balance sheets tens of thousands underwater and in two cases a quarter of a million under. So make sure you check out the financials of any prospective supplier before gambling your business future on them!

Paxton Net2 Integration improvements coming up

With the arrival of the new football season and other stadium management challenges, we have a short window of dev time for major enhancements.

We will be using the new Paxton development and test kit we have purchased. This will speed the programming and testing cycles up enormously.

This is a mature integration. It has run at live high traffic staff check in locations for several years now. However, it needs to evolve with changing business and systems requirements. We have identified many areas for improvement.

We will be focussed on robustness, reliability, auto restart to heal problems caused by onsite systems maintenance, power failures, etc. Also, we are improving the alerts system telling us when something has gone wrong at a client site.

We have many new ideas including utilities to match up card data which is sometimes not the same in AXLR8 as in Paxton – a common problem we know happens in other stadium systems. So that will be a great step forward. A recent site visit identified 12 ideas that would make the system better for the end user both during the high pressure match day and also in pre- and post-match administration.

Thanks to our clients for their patience and diligent feedback and understanding.

Thanks also to our great partners like Computer Care, FSL and Paxton. Without your help and specialist expertise, this would have been tough. We really appreciate the open discussions and constant attention to detail and cooperative, problem solving approach.

Please read more on our specialist staffing website.

Business foundations

In recent article, we looked at what checklist items you should look for in a SaaS supplier for your business critical applications. We included security accreditations and a solid reliable support team and a long track record of client retention.

One of the most important factors now is financial stability of your critical suppliers. If your supplier goes bust, the outcome for your business is unpredictable. A key part of many crashes over the last two hundred years is the domino effect of good businesses being taken down by bad businesses.

Due to the pandemic, we have lived through challenging times. Like many historical downturns, it will be followed by more economic turbulence. This time it looks like the war in Ukraine will have many side effects. In previous crashes and recessions and macro economic financial upheavals, more businesses failed after the recession than on entry or during the down times. So now is the key time to check out your SaaS supplier.

At AXLR8, we did this market analysis recently. AXLR8 have a strong balance sheet and have never borrowed money. This careful financial approach has meant personal sacrifice but has left us financially much stronger than our competitors. Losses in the down times are covered by hard earned reserves. This is important because our clients rely upon us for their operational systems – now and in the future.

We recently benchmarked our balance sheet against competitors. Like us they must pay wages and keep servers running in the cloud. Both are expensive with unpredictable costs – especially for security enhancements to counter ever increasing threats. One way they may be saving money that is invisible in customer service, is to skimp on expensive security upgrades. This is the equivalent for your business, of an airline not bothering with maintenance and pre flight safety checks on their aircraft.

With a simple Companies House check, we discovered that we have been competing in most of our core markets with our own positive balance sheet but this is not the rule. There are companies with one employee who have been steadily drifting more and more negative for years. What will his clients do if his wife tells him to go and get a proper job? Worse, there are two companies with fantastic websites and a few good references who are £250k underwater and one has not published their accounts for two years! They should swallow their pride and merge or sell out because they are risking huge damage for their clients.

So, take five minutes to check out your SaaS supplier and assess the consequences of their failure. If you are about to buy a system, again, check their finances not just how nice their website and screens look.

Duty of Care: Business Travel Safety

Duty of Care: Business Travel Safety

As a supplier of lone worker applications we were thinking about our own commuting to and from AXLR8 and business travel in general which is growing now in the UK as people in commerce are mostly back in the office. The employer has to take due care of workers. The law also stipulates1 that the staff must carry some responsibility for their own safety.

Every Monday morning we have our regular sales and management meetings. Yesterday, we added in a tyre check.

Lessons learned

  • Know what your pressures are. This will be in the glove compartment, door frame of door edge or in the owners manual. Failing that, try online and at a professional main dealer
  • Set an alarm every week (Sunday morning?) with you tyre pressures on it and the car. So Mine says Hyundai 36F&B and Toyota 33F 32B (B is back wheels and F is front wheels)
  • If you have a foot pump use that in the convenience of your home but check it monthly against the garage with a professional pump for peace of mind.
  • If you use a garage or supermarket petrol station please do not hog the machine and hold up the queue whist you take your valve caps off. Unscrew the caps whilst you wait in the queue. Then you will be able to pump your tyres up in less time and use less change in the machine. Once filled, immediately move your car forward a few yards to let the next person into the machine area to pump their tyres whilst you replace your caps. The quicker the queue, the less likely someone who joined it with the best of intentions will give up.
  • It is better to get you hands dirty than to have a crash.

Don’t forget oil, windscreen awash liquid, radiator, etc., as well!

Stay safe. Prepare for all trips and build in time to pause and allow others out of turnings and not have to speed. Planning is everything. Distractions are dangerous. If you get in a car tired and cause a crash, nobody will congratulate you on your work ethic.

1 If you are an employer or employee Health and Safety law needs professional advice. However, if you want to read up and acquire general knowledge, google The Health and Safety at Work Act 1974 and the Health and Safety at Work regulations 1999.

Software as a Service: a checklist

Software as a Service (SaaS) has revolutionised our lives and freed most of us from large up-front development costs, expensive on-premise hardware and associated software and networks.

You just sign up and everything magically appears with your business data, pictures, documents. It is all backed up and safe. However, have you checked the provider is actually doing what they promised? AXLR8 have been in the SaaS business for over 2 decades and trust many suppliers but check everyone.

What questions should I ask an SaaS supplier?

Here are a few questions we suggest that you ask your SaaS supplier.

Business Stability

  1. Do you track their published accounts every year? Remember, the pandemic has tested all companies and many SaaS companies may be running on empty. More companies go out of business coming out of a recessionary period than going in to it!
  2. Are they debt free or do they have a negative balance sheet? If negative, is it getting worse year on year? Could the bank “pull the plug” tomorrow?
  3. Is the Supplier financially stable? Remember, if they miss payments to a lender, any of their key staff or any of their hosting and technology suppliers, they could disappear overnight and your data and system will probably be lost!
  4. Does the SaaS company have a portfolio of markets they work in so that a change in one market does not wipe them out overnight? Importantly, after the pandemic, are they already “running on empty”?
  5. How long have they been in business? Is their business growing or, if it has been through some recessions and recovered competently, all the better!
  6. Do they have many clients in their portfolio?
  7. Do they have an expert stable team or is there staff turnover? Worst of all, is it a one or two person company which could disappear with the health or motivation of one person?

My business critical data

  1. Do they answer their telephones in an emergency?
  2. Can I get my data from my SaaS supplier (free or for a reasonable small labour and materials fee)?
  3. Where can I read my contract for the service? If it was just something I clicked “OK” to when I signed up, then was there a clause to say they can change it at any time?
  4. Do I own my data entirely or do the supplier feel they own it?
  5. Does my supplier understand their responsibility as Data Processor and how it affects my liability under GDPR as the Data Controller?
  6. Who decides access rights for my staff? What happens when staff join or leave?
  7. If I am using the system free of charge, do the suppliers expect something back and if so, what?
  8. If I am paying, what if I miss a payment? Is there a small or large admin penalty? When does all my data get deleted? No supplier can store it indefinitely due to GDPR DP liabilities. If they do not delete my data, what are they doing with it?
  9. When can I give notice and what are the implications for recovering my data and any associated documents, mails, pictures, etc?
  10. Is the SaaS supplier compliant with cyber security standards? For example, can you find them on the IASME Cyber Essentials Plus compliant companies?
  11. Do your SaaS supplier have a reputable company for regular annual penetration testing to check security of the systems holding your (customer) data?
  12. What are their security policies?
  13. What are their privacy policies and can you find them on the Information Commissioner’s registration list?
  14. Can I talk to someone – a real human being – about the technical or commercial issues that arise?
  15. Can I customise and personalise the system and how does this affect my rights to upgrades?
  16. How often do they actually do back ups? Nightly, hourly, weekly? Are back ups hot? In other words, if my server goes down, does another one come up immediately? These different levels of disaster readiness come with very different price tickets. What level of resilience do I need?
  17. Can they scale with my business?
  18. Will they offer training for super users of the system?

Build vs Buy: should we just develop our own in-house system?

Before developing your own system with a software developer or an in-house developer, you should also be able answer the above questions.

You will be aware of the well known economics of software development:

If it costs 1 pound to develop a system,

it costs 10 pounds to implement and another 10 pounds to document it

15 pounds a year to maintain it and

150 pounds a year to support it.

Outside developers bidding for your business conveniently forget that in their pitch!

On top of that, complying with basic security and GDPR is very costly and you would be paying for it on your own. A SaaS supplier can share those costs around hundreds or even thousands of users.

A reputable SaaS supplier can also bring specialist expertise and new modules from the accumulated experience of thousands of users to your business. They can concentrate on updating their platform, performance, bug fixes, encryption, security. Do not underestimate these expenses. Their helpdesk is always there. Your inhouse developer could be off sick or go on holiday – or leave the company just when you have a critical repair.

Security incident today

Thirty five client websites, including our own Staffing specialist website, have been affected by a DDOS attack this morning.

No business critical business applications are affected.

Email is not affected.

It should be resolved by the engineers at the datacentre soon. These problems are rare and this is the first in perhaps ten or more years.

Thanks for your patience. Please do not hesitate to contact us if you need more information.

AXLR8 achieve Cyber Essentials Plus 2022-3

AXLR8 achieve Cyber Essentials Plus 2022-3

AXLR8 have now completed our audit for 2022-3. We are spending increasing amounts on cyber security every year. This puts AXLR8 ahead of most competitors in the markets in which we supply and support our systems.

The Journey

We would love to report that we flew through but let’s just say but the pre-audits were very useful. We are a great deal more secure again this year as a result. It will be even tougher next year as IASME are enhancing the standards. The bar is getting higher.

However, it does not just stop at the audit pass, like you we are bringing on new people and machines and constantly changing our networks for expansion. That means we need the changes to be within cyber security guidelines and we need to maintain constant vigilance with regular user tests and evidence software upgrades and security updates are happening.

Once again, we would like to thank RightCue Assurance for the audit and helpful guidance for maintaining standards in preparation for the tougher new audit in 2024.

Why should I care?

You would be concerned in a close proximity of someone coughing without putting their hand over their mouth or buying a meal in a restaurant where the chef did not wash their hands. You should be even more worried if you have a software supplier – especially as SaaS supplier – who does not maintain standards of cyber security that are audited by a reputable body. How could you trust them with your private data and mission critical system?

Please call 01344 776500 if you would like any details for this or if you are considering your own Cyber Essentials programme.

AXLR8-CyberEssentialsPlus
AXLR8 pass Cyber Essentials Plus 2022-3