1.    Who is SmartERP/Years of Experience?
a. SmartERP has been helping customers with automated Onboarding solutionsince 2006.
b. More that 500,000 hires go through this automated onboarding solution annually
 
2.    Who are the main points of contact at SmartERP?
a. support@smartonboarding.com – Group that supports our cloud onboarding customers across the globe, in their respective work time zones.
b. Sunny.Kaul@smarterp.com  Implementation Specialist and Escalation point of contact.

3. Provider Platform (cloud?)
a. SmartERP uses Amazon Web Services's IaaS and SaaS components for providing cloud-based Smart Onboarding services.
b. Smart Onboarding application data and backups are physically located in the USA. Our primary system operates from AWS’s North Virginia data centers.
c. Smart Onboarding system and database are secured with multi-layered network access controls behind firewall and system access is restricted based on role. Smart Onboarding systems are updated regularly with latest critical security patches (CPUs) to address security vulnerabilities in tech stack.

4. What is the Implementation Timeline
a. Depends on the size and the complexity of the customer packet.
b. We currently have customers who have had quick implementation cycle of 2 weeks (standard out of the box offering) followed by implementation rollout phases to added more location and/or customizations.
c. We do also have customers with heavy duty custom automation needs that is address in longer implementations cycles.

5. Forms Compliance 
a. We support all State and Federal Tax Forms and ensure they are available to the candidates/New Hires getting hired on or after the form’s effective date.
b. Form I-9 (section 1 and 2 both) is also fully supported on the same lines.

6. ADP Connection
a. We fully integrate with ADP Workforce Now (WFN) application.
b. This integration is strictly governed by the ADP’s ‘New HIRE Template’ for the Smart Onboarding to push data into the customer's ADP WFN, auto-create the New-Hire.
c. ADP’s ‘New Hire Template’ must be set up by the customers exactly as ADP expects for the integration to work.

7. Training Availability
a. 90 minutes of online training is offered on a ‘train-the-trainer’ basis by an product expert from SmartERP, after the implementation is completed, just before Go-Live. This is a one-time activity for all new customers, offered at no additional cost.
b. Detailed online documentation is available for users to educate themselves about various features and functions of the application.
c. Ad-Hoc requests for additional training sessions are also offered at addinal costs.

8. New Hire Video / Welcome Training
a. Client-provided videos to welcome new-hire and provide initial training are readily supported.

9. Save and Exit
a. Data once saved/acknowledged (not submitted) is always retained in the system.
b. Application can be accessed by logging into the secured account any number of times.Once the data packet is submitted to the HR (by the candidate), candidate still has access to the account, but now with a read-only permission.
c. Once the data packet is finalized (onboarding successfully completed by the HR), HR/Admin still has access to the account, but now with a read-only permission.

10. Mobile Access
a. 100% supported on both Android and Apple devices.
b. The application needs to be accessed via an internet browser on the handheld device.
c. All features and functions of the software are fully supported on all three form factors (Mobile, Tablet, Desktop).

11. Secure Email to New Hire
a. Best practice of helping candidates/New-Hires to self register avoids, exchanging sensitive account related information (user id and password) over emails.
b. Additional security features like two-factor authentication (OTP send to mobile) for every time login can be enabled/disabled any time.

12. E-Verify / I-9
a. Fully integrates with the DHS E-Verify system.
b. All three functions (listed below) can be done inside the Smart Onboarding Application.
1. Candidate completing the Section 1 of the Form I-9
2. HR/Admin verifying and completing the Section 2 of the Form I-9
3. HR/Admin Initiating E-Verification, where the application sends the data to DHS and poles DHS for the eligibility status. (in the same exact manner, it is done on the DHS/E-Verify website)
c. Additionally there are powerful features of I-9 Consoles, I-9 Insight, Case Summary, Candidates I-9/E-Verify Summary Page, that simply make the Smart Onboarding a state of the art platform.

13. Background Checks
a. We integrate with ‘GoodHire Background Checks’ system.

14. Benefits Page / Link
a. Smart Onboarding system is configurable to include/exclude/partially-include the benefits business process. Completely driven by the customers need and vision.
b. Features that are supported are:
1. Adding Dependents.
2. Online Benefit Enrollment
3. Nominating Beneficiaries and Contingent Beneficiaries online
4. Electronically signed and duly filled Benefit enrollment PDF forms powered by Smart RTF technology

15. Tax Forms Approval Workflow
a. We support all State and Federal Tax Forms and ensure they are available to the candidates/New Hires getting hired on or after the form’s effective date.
b, Form I-9 (section 1 and 2 both) is also fully supported on the same lines.

16. Direct Deposit
a. Direct Deposit information collected in a globally accepted format.
b. Provision for the candidate to Attach (optional) a voided check
c. Provision for the HR/Admin to enable/disable the option for the candidates to opt-out of Direct Deposit and instead opt-in for check by mail option.

17. Policies
a. Ability to add unlimited number of policies at no additional cost.
b. Policy types that are supported:
1. Confirmation only - Read and acknowledge
2.Data Entry Forms - Free Text, Radio Button, Dropdowns.
3. Mixed  - Data Entry + Confirmation.
4. Checklist

18. Forms Workflow/Approvals
a. Ability to add unlimited number of policies at no additional cost.
b. Policy types that are supported:
1. Confirmation only - Read and acknowledge
2.Data Entry Forms - Free Text, Radio Button, Dropdowns.
3. Mixed  - Data Entry + Confirmation.
4. Checklist

19. Tasks for Incoming Hire
a. Supported. Actually can be logically grouped under the pre-built sections/groups (industry best practice) like below, out of the box:
1. Welcome
2. Background Check
3. New Hire Forms
4. Payroll & Taxes
5. Miscellaneous
6. Pre-Submit Tasks
7. All these Section/Group titles can be custom changed

20. Reporting / Tracking Tasks
a. Ability to create and send custom notifications in addition to delivered out of the notifications.
b. Various Dashboards that help Admins take informed decisions:
1. Candidate Insight
2. I-9 Insight
3. Candidate Summary Page
4. I-9 Summary Page
5. E-Verify Case Summary
6. Company Summary Page

21. Tasks for Internal Teams
a. Supported. Actually can be logically grouped under one pre-built section/group ‘HR Tasks’, out of the box:
b. This title ‘HR Tasks’ can be custom changed.
c. This section/group comes with pre-built sub groups (below), that help manage the flow control and approvals in accordance to the industry best practice.
1. Post-Submit Taks
2. Background Check
3. HR/Job Data
4. Integration into 3rd party system
5. Form I-9, Section 2
6. E-Verify
7. Miscellaneous

22. Who has access, and from where, to view, modify, or delete onboarding configurations?
a. Only the designated ‘System Administrator’ will have access to view/add/edit/delete configurations. This is a super user role which also has access to ALL administrative functions in the software.
b. There are two other roles, ‘configuration Manager’ and ‘content manager’which help the user with these roles gain view/add/edit/delete configuration (e.g. business process) and content (e.g. policies).
c. Thus, the ‘system admin’ Role = Configuration Manager + Content Manager + Other Admin Tasks.
d. Access is granted to Business users and Candidates only after successfully authenticating them.

23. Who has access, and from where, to view, modify, or delete employee PII?
a. Only the Candidate/New Hire can view/add/edit his/her own PII data.
b. The Business users can view the PII data along with the ‘HR Admin’ who can also view/edit PII data of candidates before the final push into ADP.
c. Access is granted to Business users and Candidates only after successfully authenticating them.

24. Who has access, and from where, to view, modify, or delete onboarding data?
a Refer #22 and #23 above.

25. Are there any other third-party solutions, services, or providers involved?
a.    The integration with the DHS E-Verify system to offer the Employment Eligibility Verification functionality.
b.    The integration into ADP Workforce now to auto create a successfully
onboarded employee’s record.

26.    Where, exactly, are all associated servers for the onboarding solution located?
a. All Production systems are hosted on AWS Cloud at northern Virginia Datacenters.
b. SmartERP uses Amazon Web Services IaaS and SaaS components for providing cloud-based Smart Onboarding services.
c. Smart Onboarding application data and backups are physically located in the US. Our primary system operates from AWS’s northern Virginia data centers.
d.The Smart Onboarding system and database are secured with multi-layerednetwork access controls behind firewalls and system access is restricted based on role. Smart Onboarding systems are updated regularly with the latest critical security patches to address any security vulnerabilities that effect
the tech stack.

27. Where is the URL hosted, DNS, Load Balancing, etc.?
a. All Smart Onboarding Production IaaS/SaaS services including DNS server, Load Balancers are hosted on AWS northern Virginia datacenters.


28. How does the URL to the Smart Onboarding solution get forwarded?
a. Self-registration is a best practice for helping candidates/New-Hires gain initial access to Smart Onboarding. Self-registration avoids exchanging sensitive account related information (user id and password) over emails. Instead,
the link to self-register is sent to the email of the candidate.
b. Additional security features like two-factor authentication (One-time password sent to mobile phone) for each login can be enabled/disabled any time.

29. Does the front end website session, interconnect, and back end sessions and connections, SQL (databases data and servers) along with system and user data, leave the continental US?
a.The front end Smart Onboarding application is accessible from anywhere via the internet but the backend data resides in the continental US. System access (servers and backend application) is restricted by network level rules to limit to whitelisted locations based only in the US.
b. Database connections (in-flight data to and from the database) are encrypted with AES256 encryption.
c. Database backups are password protected with AES256 encryption and uploaded to secure cloud storage.

30. Do you have detailed data-in-transit and data-at-rest diagrams?
a. At rest data is encrypted
b. Ref Fig 1.1 – Network Diagram

31. How and where is the data encrypted?
a. All the remote connections will always go through a single connectionwhose data is encrypted in-flight with AES256.
b. Data at rest is encrypted and only authorized application users willhave transparent access to data.
c. See also #8 above.

32. Are there any points within the system which are not encrypted?
a. End-to-end (Browser to Database storage) data is encrypted for all PIIand system access. System executables, logs/traces that do not contain any sensitive information are not encrypted but access controlled.

33. What level of encryption is used; the key type, bit level, ciphers used, and other pertinent information for HTTPS, SQL, and other interconnectednetwork and data devices?
a. Application access is protected with TLS 1.1 encryption standard.
b. Internal systems communication is encrypted with AES256.

34. Where are the front-end and back-end SSL certificates issued from?
a. GoDaddy Inc. US.

35. Whom has access, and from where, to view, modify, and delete the certificates and encryption?
a. SmartERP System and Application Administrators.

36. Where, how many, and how frequently are backups completed, stored, and restored?
a. Daily backups are taken locally on the database servers and uploaded to secure cloud-based storage in the US. Our backup retention target is 30 days.

37. Whom has access, and from where, to view, modify, or delete the backup data?
a. SmartERP Database Administrators.

38. What is the data retention policy?
a.    Current customers:
i.    Data related to all ongoing candidate processes, is always present.                         
ii.    For all ‘completed’ onboarding processes, customers determine how long to retain the sensitive PII data in the system, 30/60/90 to 999 days. Beyond this point (3 years) all sensitive PII data will be eliminated from the system.
b.    Past customers:                     
i.    Upon contract expiration/termination, SmartERP downloads all customer data (PII and non-PII) and provides it to the customer (Soft copy). This can be downloaded form a cloud storage software/application.                               
ii.    Post this (usually 30 days) the sensitive PII data will be purged from the system.

39. Is customer data removed upon contract termination?
a.    Yes.

40. If a customer requests all their data be removed, how, whom, and where is this accomplished?

a. Contact SmartERP Customer Service to log a request. SmartERP support representatives are available via phone or email. SmartERP will respond to provide guidance through the process.
b. Upon initiating a contract termination request customer data will be removed.
c. See also #17 above.

41. If customers request unique [scoped] data removed, how, whom, and where is this accomplished?
a.    Contact SmartERP Customer Service to log a request.  SmartERP will work the customer team to plan for your scoped data removal needs.

42. What is the data recovery point objective (RPO) [what is the expected time to restore data from backup]?
a. SmartERP’s Recovery Time Objective (RTO) is 24 hours.

43. What is the system recovery point objective (RPO) [what is the expected time to restore the system from backup]?
a. SmartERP’s Recovery Point Objective (RPO) is 1 hour.

44. What is the Service Level Agreement (SLA) for uptime availability percentage for our solution? How is this measured? Are there discounts or de-incentives for missed SLAs?
a. Smart Onboarding has an uptime target of %99.5 measured using system monitors on a weekly basis.  We do not offer discounts based on uptime performance.

45. How are we notified about outages and disaster recovery (DR)?
a. SmartERP has an Incident Response plan that includes customer notifications and alerts. You can identify key personnel to be included in notifications and alerts.