As a privately held company, WhenToWork, Inc. does not give out specific information on our internal structures, policies and procedures (including things like our internal audits, internal structures, or security specifics) nor do we allow external audits or inspections of our system. So we have provided below what information we can give, and hopefully this will be sufficient for your organization’s determination of whether our system will be a good match for your needs:
WhenToWork is an online worker scheduling system that allows organizations to create and communicate schedule information for their workers. It is only available online, hosted on our servers as a SaaS subscription. There is no software that is downloaded and no direct integration with your system or network.
Our multiple servers are fully owned by WhenToWork and housed in the continental US hosted by Superb.net who is well-regarded in the industry. Superb has security measures and multiple redundancies in place but we do not share the specifics of the physical security. Data from multiple customers is stored within the same databases on our servers, though access to any particular customer’s account can only be gained through account-specific passwords. For more on Superb.net’s SSAE-16 SOC-2 Type II compliance please see this page:
Access to our SSL secure system is through password protected logins, created through our system (there is no way to connect to your system to run authorization requests through your software). While the strength of chosen passwords is displayed as a guide when a user is choosing a new password, our system does not force compliance with password complexity or policies other than a minimum length requirement. Entered passwords are stored as salted hash method.
Our system software is updated routinely and all new updates are immediately available to customers. All development is done “in house” and all our staff are in the USA. We back up our entire system nightly and the backup information is stored in two physically different locations within the US. The backup files assist in both minimal data restoration (if a scheduling manager accidentally deletes some data) as well as for disaster recovery should there be a system failure. Backup archives are stored for the previous week, then monthly up to 6 months maximum. Individuals can also create their own backup files by exporting their schedule data to text files and saving to their own device, or by using our export to Google Calendar functionality.
While do we not have a Service Level Agreement, all use of our system is covered under our “Terms of Service” agreement which can be found here: https://whentowork.com/termsofservice.htm Many larger institutions prefer to be covered under our alternative “Institutional Terms of Service” agreement instead (which can be found at: https://whentowork.com/TOSinst.htm), so if your organization prefers the Institutional TOS instead just email email@example.com with your account number and let us know. Note we do not allow any modifications or addendums to our terms agreement, nor do we enter into any other agreements with our customers.
We strive for 99.9% uptime and have achieved that goal for each year since we began in 2001. We have monitoring systems in place to alert us to any issues in service speed or connection, and we have a separate status site at www.when2work.com that provides information on the status of our WhenToWork system and any known issues. Any planned outages for maintenance or upgrades are posted in advance on that status site as well as on the account home pages.
We provide an optional screen reader version of our full version for worker interface. You can download our VPAT and try out our screen reader version in a sample worker account by going to our page here: https://whentowork.com/accessibility.htm
The best way to know if our system will be a good fit for all your organization’s users is through direct use, so should someone at your organization have any trouble with any of our displays during actual use, just have them send more details on which particular pages are causing trouble and we will have our developers work to help resolve any issues.
Our system does not interface or directly connect to any customer software or networks. We do offer the ability for scheduling managers to export schedule data to text files in a variety of prescribed third party software formats.
Our system does have a variety of reporting, file exporting and tracking functionality for the scheduling managers within their account displays to know when the workers have logged in or if received emails, etc, but we do not offer API or other bi-directional queries for logging or tracking information from our system.
We have our own internal systems in place for security monitoring and audits, but we do not share specifics on our internal systems and policies.
Note that our system is for scheduling workers to shift times, so there is no sensitive data required by our system and there should be no storing or transmitting of restricted data as scheduling managers should not be entering that type of information into our system. If there are any concerns about data security we recommend that your organization simply not enter any sensitive data into the account. Note no identifiable information is required, you do not have to enter addresses, phone, email or even full names; you can enter just initials or worker codes if preferred.
If you have any other specific questions or concerns please contact us at firstname.lastname@example.org
WhenToWork ® and W2W ® are US Registered Trademarks of WhenToWork, Inc., a California Corporation Copyright WhenToWork, Inc. 2000-2023 All Rights Reserved
WhenToWork, Inc. · 360 E 1st St #301 · Tustin, CA 92780