Entergy Employee Rewards and Recognition Program RFP PDF

Summary

This document is a request for proposal (RFP) for an employee rewards and recognition program. It details the requirements for a system provider and includes information on company history and capabilities, service levels, and pricing.

Full Transcript

empuls.io 1
General Vendor/Bidder Information
1. Provide a brief overview of your firm and history of your firm including the following:

o Company Name/Information

Gift Management, Inc. (The Company)

Company Profile
Please refer to the document titled “Giift + Xoxoday Corporate Deck” attached for your
reference.

o Location of Headquarters

Gift Management, Inc. is a subsidiary of Gift Management Asia Pte. Ltd., a private
company incorporated and headquartered in Singapore.

The following are our key HQ locations:

Gift Management, Inc. USA
12 East 49th Street, New York, NY 10017, USA
Phone Number:
+1 9175449068

Singapore Office:
109 North Bridge Road #05-21 Singapore 179097
Phone Number:
+65 8228 9364

o Years in operation

The company has been in operation since 2012.

o Number of Employees

500+ employees globally

o Website

Company - https://www.giift.com/

Product - https://www.empuls.io/

o Account – Contact Person

1. Contact Person Name

John Mills

2. Contact Person Title

Vice President - Business Development, North America

3. Contact Information – email and phone number.

Email: [email protected]
Phone Number: 1-514-234-4113

empuls.io 2
 o Capabilities-overview of your company, its history & areas of specialization.

Giift offers end-to-end SaaS solutions for managing engagement, loyalty, incentives,
rewards, and marketplaces. Our technology suite helps businesses drive growth with
their employees, customers, sales teams, channel partners, and merchants. Our suite of
SaaS solutions includes:

Empuls - All-in-one platform for employee engagement, connection, motivation &
well-being.
LBMS - Comprehensive solution for managing customer & partner loyalty programs
at scale.
Marketplace - Global rewards redemption & exchange platform for loyalty & reward
programs.
GiiftBox - Integrated solution for merchants to digitally create offers, vouchers &
discounts.
Xoxoday - A platform for automating rewards, incentives & payout programs at
scale.
Compass - Automation platform for managing sales incentives & commissions.

Please refer to the slide below that describes the key milestones in Giift’s journey since its
inception in 2013.

o How long have you been providing these services to clients?

Giift has been providing the above services since 2013.

empuls.io 3
 o Do you provide these services nationally or are your services more regionally
oriented?

Giift provides our solutions regionally, nationally and on a global basis. We work within
all major all market segments and industries. Giift works with more than 8000 clients and
150 million users across 80+ countries.

o Service levels, and performance measures.

Please refer to the document titled “Empuls by GIIFT - Support Document” attached for
your reference.

o Information systems, technology, and communication capabilities

o Reporting capabilities
o Pricing, price drivers, cost structure
o Cost control initiatives
o Quality programs and measures
o Invoicing capabilities
o Customer service availability

2. How long has your firm been providing Rewards and Recognition services.

Our company has been providing rewards and recognition services across diverse industries
for over a decade.

3. Describe any relationships your firm presently has with Entergy, Entergy’s affiliates
and/or the Entergy Plans.

The company does not currently have any, nor has it had any business relationship in the past
with Entergy, Entergy’s affiliates, or the Entergy Plans.

empuls.io 4
Description of Proposed Subcontractors
If utilizing any subcontractors to perform any or all the work being proposed as part of the
submission, they must specify so in their response. In the response, bidders are expected to
list all subcontractors they plan to use, along with the following for each:

o Role: Define the specific role(s) of the subcontractor in terms of delivering the proposed
solution, including the functions they will serve and where they fit into the overall set of rules
required to deliver the solution.

Not Applicable

o Responsibilities: Define the responsibilities for which the subcontractor will have control and
accountability to bidder. Confirm that, for each, bidder will ultimately be responsible to
Entergy.

Not Applicable

o Rationale: For each subcontractor, explain why the use of a subcontractor to fill the role and
take responsibility for the defined aspects of the solution is an optimal choice to meet
Entergy’s needs. Please also explain how and why each specific subcontractor was chosen to
fill the specified roles and responsibilities.

Not Applicable

o Relationship: Explain any existing relationship between the subcontractor and bidder,
including business relationships and strategic agreements or partnerships.

Not Applicable

o Terms: Provide the terms, conditions, and policies in place with respect to each
subcontractor, in addition to evidence that each subcontractor has agreed to such terms,
conditions and policies.

Not Applicable

Failure to submit this document will be understood to mean that bidder does not intend to use
subcontractors for any portion of the work proposed.

We do not intend to utilize the services of a subcontractor to deliver the services in the scope of this
RFP.

empuls.io 5
Approach
Entergy's Program Requirements and preferences for a Rewards & Recognition Program are
identified in the Program Requirements Section. Please provide a detail summary of your
firm's ability to comply with those requirements including the following:

Describe your firm's conceptual approach to the services being solicited and approach
in meeting Entergy’s objectives.

Describe your experience in delivering similar projects for Companies, other than
Entergy.

We have extensive experience in implementing and managing Employee Engagement and
Recognition Programs. We've worked with over 3000+ global clients, including leading
multinationals. Empuls, our all-in-one employee engagement platform, supports multiple
programs, such as recognition, rewards, perks and benefits, surveys, and communication.
The following solutions are an inherent to the platform: Service and Milestone Awards, Spot
Awards, Peer-to-Peer Awards, Values-based Recognition, Nomination & Jury Approval
Awards, Monetary & Non-monetary Awards, Corporate Gifting, and Perks & Discount
Program. Our solutions are meant to be social and public to drive motivation and encourage
high participation. The Entergy program will be implemented on Empuls allowing you to
automate the distribution of points and set up award workflows across all Entergy locations.

Empuls has been recognized by leading industry experts which is proof of our "Best in Class"
comprehensive global experience. These accolades include - TiE 50 winners, 2021 -
Business Excellence Award – by World Confederation of Business 2021. - Next Big 100
Companies by Hay Group. Empuls has been frequently featured in the following reports:
1. Forrester Employee Recognition Landscape, Q1 2023
2. Everest Group R&R Solutions PEAK Matrix® Assessment 2023
3. Gartner:
Hype Cycle for HR Technology, 2023
Hype Cycle for Hybrid Work, 2023
Market Guide for Voice of the Employee Solutions™ 2023
Innovation Insight: Digital Technologies Driving DEI Outcomes 2023

Our programs stands out from our competitors in three key areas:
Extensive global reward catalog offering 1M+ options, across 30+ categories
Multi-language and multi-currency capabilities for your global teams
Bill-on-redemption billing model that eliminates point breakage
No mark ups on rewards

empuls.io 6
 Please detail your account management structure with particular
emphasis on how you are organized to support customers similar to Entergy.

Please refer to the document titled “Empuls Implementation Plan” attached for your
reference which details the account management structure.

Customer Success:

a. We conduct regular sync up with our customers to review business metrics.
b. Identifying any challenges you may encounter with our product or service post go-live.
c. Exploring any additional features or support you may require from us post go-live.
d. Regular updates on product & catalog roadmap.

Does your firm provide for marketing support (i.e., advertisements, promotional emails,
etc.) for a Rewards & Recognition Program? If so, please explain.

Empuls will provide your program team, access to on-demand content such as launch
communication kits, best practices, engagement calendars to plan activities, R&R framework
structures, support documentation and videos for admins and end users, ready-to-use
templates to celebrate special days such as Employee Appreciation Day, Women’s Day, and
more.

empuls.io 7
 Does your firm provide training materials and/or services for customers utilizing your
order placement system? Are programs available where you train key customer
individuals to become trainers themselves (i.e., "train the trainer")? Do you firm make
an 800-customer service line available for questions?

Yes, the Empuls implementation team will offer online training resources to educate users on
effectively using the Empuls platform. We can train admins and other users to then pass on
this training to future Empuls platform users. We have a free number +1-844-411-9696 on
which users can reach out to us in case of any queries.

Who inventories the items that your firm makes available for ordering? What are your
processes and turnaround time for order fulfilment? Do you utilize a single shipping
provider?

Our in-house category team ensures a diverse range of reward options are available for
platform users. We collaborate with local merchants and fulfilment partners to offer
merchandise, gift vouchers, swags, experiences, donations, and charity options on the
rewards marketplace. These partners handle order processing and fulfilment, with timelines
varying based on location. Digital gift card delivery is immediate, merchandise selections are
delivered from 2 to 14 days depending on the item selected and the ship to location. Shipping
is managed by the respective local merchants and vendors. We DO NOT charge a mark-up
on shipping.

How does your firm ensure availability of different items?

Giift is the largest provider of redemption options across the globe. This is achieved through
organic means like brand partnerships via in-house business development teams and
inorganically through acquisition of organizations with a regional presence.

The catalog is continuously being reviewed by the in-house business development teams.
Most of the catalog options are digitally integrated to provide a seamless experience.

The Giift team on a regular basis will solicit its client’s inputs for introducing new brands and
categories on regional, country, and client-location specific requirements.

What is your firm's return policy?

Return and replacement policies are geography specific and adhere to the local laws and
regulations of each country. The T&C can be seen against the product listings on the
redemption platform.

Describe how your firm honours the manufacturer warranties for the products that you
carry?

Products sold on the platform are covered by the standard manufacturer warranties. End
users are encouraged to directly register their products for warranty as per the brand
guidelines. Our warranty philosophy is to provide a solution to award recipients to “make
them happy”. Our product return rate and warranty issues tracked are less than.05% of the
total number of awards redeemed.

empuls.io 8
 Please feel free to describe and/or suggest any Best Practices with regard to point-
based reward programs that you may have worked on or are aware of.

Some of the suggested best practices when incorporating point-based reward programs are
as follows:

o Provide “Spot Awards” with no approval within the program. Give each employee a small
monthly budget of points to give to recognize their peers for living your values and
excelling in their day-to-day activities.
o Peer to Peer Nomination feature with approvals based on supervisor or manager approval
o Your award catalog should offer redemption options that allow for employees to select
with low balances of points. Example: Digital upload to Amazon Gift Card available at $1
dollar = to 1 point
o Providing managers with reward budgets that are either monthly, quarterly, or half-yearly
could motivate them to continuously reward employees at different timelines for their
unique achievements. Our platform provides additional automation of budgets.
o Link all programs to your point-based solution: Wellness, Safety, Charitable and Volunteer
recognition programs based on a point currency to load to your portal.
o Make sure there is a social aspect to your program that does not involve monetary points.
This helps build adoption and a sense of engagement.

Invoicing
Entergy has very strict accounting requirements. Each reward point transaction must
be charged to a specific set of accounting code block that must first be validated
before being processed. Describe your options for handling complex accounting
requirements like this, the format of invoices, and with what level of additional detail is
available?

Describe how you would handle the complexity involving tax requirements and FLSA
calculations.

empuls.io 9
Service Level Agreements (SLAs)
Please provide all SLAs, the measurement and how they will be calculated in response
and support of servicing the proposed program.

Please refer to the document titled “Empuls Implementation Plan” attached for your
reference.

Monitoring and Tracking Capabilities
Describe the reporting capabilities for viewing the frequency and status of orders.

Empuls has a pre-built report that shows the frequency and status of orders. This report is
categorized under raw data report called all redemption report.

All Redemption: This report provides the list of all catalog order transactions by employees.
This will include point redemptions, reward claims from links, in-house catalog redemptions,
etc.

Describe how the accounting would work for tracking the liability associated with
outstanding rewards points. Also describe how you would handle terminations,
transfers between companies, etc. Do you have reports specifically built for this that
could assist with the accounting reconciliation process?

o We provide redeemable points that are left with current employees. This report is
accessible both in the dashboard and in the detailed reports. This is the way liability
associated with outstanding reward points is tracked.

o We have these features to manage the points of former employees on the platform. With
these features, you can do the following:

▪ Reassign budgets that belonged to such employees.
▪ Destroy points accumulated in their account, which can be processed as cash during
their full and final settlement.
▪ Transfer points they had to their personal email ID, which then can be used to redeem
rewards/gifts from our rewards marketplace.

o We also provide specific reports on reward points and budget points for former
employees.

empuls.io 10
Proposed Project Team and Timeline
Bidder must submit, by phase, information regarding the key personnel for the proposed
project team required for successful execution of the scope of work, and the specific roles of
the individuals within that structure, based on previous experience. Information sought by
Entergy:

Basic information (name, title, tenure, resume, etc.)

The key personnels who will be involved in this project with Entergy are:

Project POC: John Mills
Empuls Tech: Srivatsan Mohan
Empuls Product: Isaac John Wesley
Empuls Customer Success: Kailash Joshi
Empuls Customer Service: Manish Yadav
Empuls Implementation: Naz Parveen

Experience at bidder and other companies related to similar projects, including exact
roles and responsibilities on those projects as they relate to this RFP.
phases of support. Ability to commit for the life of this initiative, through full
completion of the RFP requirements.

KEY PERSONNEL FOR THE PROPOSED PROJECT TEAM

2. Implementation Manager
Experience: Led multiple implementations, managed timelines, and teams.
Role: Primary contact, oversees implementation, coordinates activities, ensures timeline
adherence.
3. Technical Lead
Experience: Provided technical leadership, specialized in integration and troubleshooting.
Role: Oversees technical aspects, resolves complex issues, supports the team.
4. Customer Success Manager
Experience: Managed post-implementation support, focused on client satisfaction and
training.
Role: Manages post-implementation phase, ensures smooth transition, addresses client
queries.

PHASES OF SUPPORT

5. Implementation Phase (6-8 weeks)
Implementation Manager: Leads project, ensures timely delivery.
Technical Lead: Handles technical issues, provides expertise.
Support Staff: Assists with training and system setup.
6. Post-Implementation Phase
Implementation Manager: Oversees initial hyper care period.
Customer Success Manager: Manages long-term support, ensures client satisfaction.
Support Team: Provides ongoing technical support.

Please refer to the resumes of the key personnel mentioned above attached for your
reference.

empuls.io 11
 Please refer to the document titled “Empuls Implementation Plan”
attached for your reference, which details the role on the project, including responsibilities,
estimated hours, and specific phases of support.

Entergy also recognizes the project will require staffing and support from Entergy personnel to
ensure efficient operations and execution by bidder. Hence, bidder should provide, by phase,
the following information based on its experiences in providing the same or similar services at
other utilities:

Proposed full-time and part-time staffing commitment from Entergy to support bidder
services.
Experience and tenure of Entergy personnel best-suited to supporting bidder.
Proposed organizational structure for Entergy personnel to effectively support bidder.
Roles and responsibilities of Entergy personnel in supporting Bidder services.
Frequency and forms of interaction and reporting between bidder and Entergy
personnel for efficient operations and execution of bidder services.
Length of commitment and continuity required from Entergy personnel by phase.

empuls.io 12
Limitations
Discuss any potential limitations or restrictions your company may have in relation to
providing service to Entergy.

While there are no outright limitations, there may be some limitations in matching the exact
requirements of a specific client. Identifying such limitations would require a detailed walk-
through of Entergy’s program requirements from a functional and technical perspective.

However, one limitation we have as a policy that we continue to restrict is the exchange of
crypto for reward points. (i.e., employees cannot exchange their reward points for bitcoins.)

Value Add Services
Please describe any value-added services that your organization can offer to Entergy.

o Value-added Services:
▪ Program Design - Our experienced, professional services team will work with
you to determine your desired outcomes and help you design a recognition
and reward program that consistently delivers results. We’ll co-create the
recognition and reward program tailoring it to your organization’s culture, with
our expert strategy, program design and execution, to deliver everyday
employee experiences that fuel success every step of the way. We work with
leading experts and customers in the employee experience space who
validate our programs to ensure our clients get the best, tested out, and
proven value for their money.
▪ Customization - We customize the solution to meet your specific needs.
needs and adapt as required. Your desired scope of programs, workflows,
reports, integrations and enhancements will be executed through a series of
configurations and verified through multiple system walkthroughs. We help
you personalize the platform with your branding to make it memorable and
recognizable to your employees – drawing them into the product to engage
with it time and time again, making the system truly yours.
▪ Launch & Communication - Our well-defined communication plan offers a
clear path to successfully drive your organization’s awareness and usage. We
help you with suggesting a schedule, aligning the audience and delivering the
creatives for internal communication. Our team will build custom user and
admin guides and other relevant learning experiences to provide product
guidance that maximizes the use of our platform and promotes your
objectives.
▪ Adoption Support - Your customer success manager works with you to glean
insights from metrics and dashboards on platform utilization, program
adoption, employee sentiment and engagement, to ensure you have all the
information you need to drive higher adoption across teams, departments,
and locations.
▪ Engagement Ideas - We share an annual and monthly calendar of new ideas
to engage employees around important dates and workplace events. Our
team is ready to support you with templates and ready to use communication
kits for special days such as Women’s Day, Employee Appreciation Day,
Christmas, Diwali, and more.
▪ Optimization – Our Customer Success Team conducts regular check-ins to
ensure the continued success of your program and ROI from the platform.
These sessions cover new workplace trends, new product features, program
optimization strategies, benchmark data, and more.

Please describe and/or suggest any Best Practices with regard to point-based reward
programs.

empuls.io 13
 Some of the suggested best practices when incorporating point-based
reward programs are as follows:

o Keeping the award open for all attached to monetary value promotes an equitable
rewarding process across the organization. Of course, the point value could be of a lower
value as per the organization's budget.
o Providing managers with reward budgets that are either monthly, quarterly, or half-yearly
could motivate them to continuously reward employees at different timelines for their
unique achievements. Our platform provides additional automation of budgets.

empuls.io 14
Differentiators
Describe any aspects of your company’s product or service offerings that may
differentiate you from your competitors.

Most of the solutions in the market are point solutions leading to low adoption and higher
costs. Empuls is a holistic employee engagement tool. With Empuls, you can digitize and
streamline multiple people initiatives from a single platform, eliminating the need to invest in
multiple tools, thereby reducing tech complexity and optimizing resources and costs, so your
HR team is free to focus on your people strategy and growth.

Some of our differentiators include:

Highly configurable rewards & recognition rule engine. You can define various reward rules
based on teams, geographies, departments, roles and designations.
Bill-on-redemption Pricing Model to eliminate point breakage and reduce overall program
costs.
Modern UI/UX that drives efficiency and ease of use, leading to high customer adoption and
satisfaction.
Supports multiple languages and currencies to suit the preferences of your multi-location
teams.
Customization of the platform to match the company's branding and program requirements.
We work closely with your teams to ensure a quick go-live and deliver the project on or before
agreed timelines.
Integration with all the popular HRMS, HCM, collaboration (MS Teams & Slack), and
authentication tools to drive engagement in the flow of work.
APIs & SDKs to plug Empuls with LMS, ATS, Intranets, PMS, FinTech, and Health Apps to
embed rewards and recognition into your various work and non-work incentive programs.
Every-expanding global reward catalog covering 100+ countries and more than 25 categories,
spanning e-gift vouchers, experiences, Amazon store, custom merchandise, travel, charity,
company swag, employee discounts & perks and more.
The platform supports Service Awards, Milestone Rewards, Employee Gifting, delivery of
physical gift cards and gift hampers, all from a single platform.
Beyond recognition & rewards, the platform offers solutions for perks & benefits, surveys &
feedback, and social intranet & community groups, enabling Entergy to drive holistic multi-
dimensional engagement from a single platform.

Proposal Pricing
Provide pricing for the Scope request. Include how the price for individual items are
established and itemize any other separately priced services billed to Company in
supporting a Rewards & Recognition Program.

Vendor References
Provide three (3) customer firms that can serve as references regarding your firm’s
experience, capabilities, and results achieved. Provide company name, contact person
familiar with your firm, title, telephone number, e-mail address, nature and scope of
services provided, length and dates of relationship. The references provided should
represent, as Request for Proposal Rewards and Recognition Entergy Confidential
Information closely as possible, the nature of work proposed here and for a customer
and environment similar to Entergy.

Provide the name of one firm and a contact person, with telephone number, etc. of a
former customer with which a relationship was terminated or not renewed for cause.
Again, the references provided should represent, as closely as possible, the nature of
work proposed here and for a customer and environment similar to Entergy.

empuls.io 15
empuls.io 16
 IT Requirements
Please provide a response to each of the following:

1. Ability to integrate with internal systems.

a. Service Oriented Architecture (SOA).

i. Is the product design on a SOA or is it service enabled? In other words, can
the product’s functions be executed as services within other applications
or portal? Or are only selected functions within the product service-
enabled?

Yes, our application is built on a SOA, and is highly modular. Having said that,
the application is delivered via a SaaS model and so the customers will have
access to the public APIs via the SDK provided for integrations.

ii. Describe the methods available to execute a function of your system from
within other Entergy systems (i.e., expose functions with your system as
web services in external systems).

We have HTTPS web endpoints on our platform for this functionality.

b. Batch Import/Export Interfaces.

i. When importing data, can a common set of business rules be used?
Shared logic with other input processes, such as online entry?

Yes, common business rules can be set.

ii. Do you provide “mass change” type functionality for batch modification of
data that is ordinarily maintained online?

Yes, we have batch XLS based modification.

iii. Describe the methods for exporting data to other systems. Flat file
interface? Database to database interface tables?

We can export via CSV. We also have JSON based APIs to integrate and
retrieve data. DB access is not provided externally.

iv. Do you have product-specific interface mapping files?

Yes, we have product-specific interface mapping files.

empuls.io 17
 c. Data Replication Interfaces.

i. Describe the methods for data replication into product database. Flat file
interface? Database to database interface tables?

Data Import can be done via Flat files. There is no support for replication, as our
application is a SaaS tool.

ii. Demonstrate or describe how to import control or domain type data
maintain in other systems into your product’s database, such as
accounting code block data.

Import of data can be done on specific modules/tools via CSV upload.

2. Data security.

a. Describe technically how user authentication is implemented.

I. Is LDAP software used to manage security? If so, which software (Sun One,
MS Active Directory, etc.).

Yes, the application supports all popular active directories via SAML2.0.

II. Can it be integrated with Entergy’s corporate LDAP (AlertEnterprise)? In
other words, authenticate the password against Entergy’s network
password?

Yes, our solution is capable of being integrated with Entergy’s corporate LDAP.

III. Can a trusted authentication against Entergy LDAP be done, where no
password entry is required, i.e., single sign-on functionality?

Yes, our solution will allow for trusted authentication against Entergy LDAP i.e.,
AlertEnterprise.

empuls.io 18
 b. If the answer is no for above two questions, what are the rules for user
authentication (user ID and password rules)?

i. Are user IDs implemented as individual database IDs?

Yes, user IDs are implemented as individual database IDs.

ii. Does the application login to the database via a single internal
application ID?

Yes, application has its own individual username.

iii. What are the ID and password rules? For example, does the password
need to be over a specific length, made up of mix characters and
numbers? Does the system enforce password change after a period of
time?

The password needs to be minimum 8 characters long and should contain at
least one capital letter, special characters among '# $ % * &' and 1 digit.

c. Data security audits for vulnerabilities.

I. All web applications, especially those that can be executed via
portal, must pass an automated audit searching for security holes.
Would it be possible to run this audit as part of vendor product
evaluation?

Yes, we are open to performing this audit as part of your vendor product
evaluation criteria.

II. For SaaS (Software-as-a-Service or hosted) vendor solutions, there
is a questionnaire required by Entergy’s security policy.

Yes, we can fill out the questionnaire required by Entergy’s security
policy.

d. Functional Access Security.

I. Describe how functional security defined and maintained. This is
security over access to part of the system, such as by menu, web
page, button on a page, etc.

We have implemented Role Based Access Control (RBAC) in our
solution. Where each page/functionality has a menu, and clients can
define their own rules where it will be visible.

II. What is the granularity of the functional security? For example, by
menu item, by web page, by button on a web page, by field?

The granularity of functional security can be set at the menu and sub
menu level.

empuls.io 19
 III. Are there standard security groups (admin, users, browsers, etc.) or
can custom security group be defined to restrict or grant access to
specific system functions?

We have four standard access roles. Super Admin, General Admin,
Manager and Employee. Custom roles cannot be created.

IV. Demonstrate how define custom security groups and assign access
to a user ID.

We can only assign standard access groups as mentioned above. As
mentioned above, custom security groups cannot be created.

e. Data Row Access Security.

i. Describe technical how data row level security is implemented and
maintained.

Data is stored on AWS Database in an encrypted format and only CTO and
the Production head can access the database.

ii. Demonstrate how to define row security by an organization code
(company or business unit) and assign access to groups of users.

Access is enabled to only authorized individuals post approval and are
connected to the production environment through VPN.

f. Describe how a new employee hire can generate an Entergy network user ID
and update or interface with AlertEnterprise (corporate LDAP). Also updates for
employee status changes, such as terminations or transfers.

Using the solution’s capability of integration with HRIS systems, new hires can be
given access to our solution, and using the same functionality employee status
changes such as terminations or transfers can be captured on the solution.

g. Does the system require external internet access? If so for what reasons?

Yes, the application is hosted on public internet. The application is delivered as an
online SaaS tool and is not hosted on the client’s network.

h. SOX and Separation of Duty (SOD) audit compliance requirements. Describe
and demonstrate how your system complies with SOX and SOD audit
requirements.

Not applicable; we are a privately held company registered and incorporated in
Singapore. Only publicly traded companies are required to comply with the Sarbanes-
Oxley Act (SOX) and Separation of Duty (SOD) audit compliance requirements.

Post implementation. For example, do you provide named contacts or just general help desk. What
is the process for reporting a problem ticket? What is your escalation process?

empuls.io 20
 3. System configuration and rules - change control.

a) Are change controls in place for system configuration, setup/rules data? In
other words, given an environment that includes a Dev and Test support
instances of the software, is there a migration utility and workflow to move
configuration and rules data changes from the test/support instance to the
production instance?

Yes, all these processes are documented in our SDLC process. Please refer to the
document titled “ISMS - SDLC Procedure” attached for your reference.

b) Are change audit log entries created for system configuration and rules data
changes?

Yes, audit log entries are created for changes made to system configuration and rules
data.

4. Software upgrades, patches and fixes.

a) Describe the typical process for applying software patches and fixes. Is there
an automated web-based download/installation process?

As the application is delivered in a multi-tenant environment via a SaaS model, we will
take care of applying software patches and fixes.

b) What is your recommended strategy on applying patches and fixes? Apply
when needed? Apply all regardless of whether needed or not? If there are 10
patches and we only need #10, do #1 through #9 need to be applied first?

The application is delivered in a multi-tenant environment via a SaaS model and
hence this is not applicable.

c) What is your recommended strategy for performing regression testing after
applying fixes? Do you provide detailed description of the system impact of
each fix or patch?

The GIIFT tech team performs necessary tests before releasing the changes. A
detailed note of all features released will be sent to all the customers periodically.

d) Do you categorize/prioritize patches and fixes? For example, a ‘must fix’ for
security vulnerabilities.

Not Applicable.

e) How do you ensure that a patch or fix does not overlay or impact a
customization?

We handle this as part of our impact analysis before releasing any change. This is
handled during our testing phase too.

empuls.io 21
 f) Describe in detail the typical process for upgrading to a major new software
release. How are data conversions handled?

The upgrades are automatic as we follow a CI/CD process. Once the QA team
qualifies the build, the SRE team plans for the release. Prior to any release, a
dedicated release plan is created factoring in the possible disruption that can occur
during the deployment. If the release is simple, it’s done without any disruptions.
However, if any database change/conversions are to be done, they are typically done
prior to the release. If a downtime is needed, an announcement is sent out notifying all
our customers, and is typically planned during the off-peak hours.

g) How are business regulatory and tax changes/updates distributed? Specifically,
are they distributed separately and apart from software upgrades and patches?

Any updates on the regulatory or taxation modules are planned in a way that clients
are aware of such changes beforehand. Additionally, wherever possible an optional
toggle/flag is given to clients to decide if they want to use such functionality.

h) Demonstrate applying a simple software patch.

5. License and support.

a. Describe how the software is licensed. Named users, concurrent users, client
installations, server installs, etc?

i. In a disaster scenario, can we move our production licenses to other
servers/locations without additional cost?

Licenses are given on our cloud server and are not linked with any specific client
infrastructure. In case of a Disaster, the licenses will be automatically moved to
the DR servers.

b. What level of technical and functional support do you provide?

i. During implementation. For example, do you provide on-site consultants,
named contacts or general help desk?

We ensure a smooth implementation of Empuls with comprehensive support.
This includes a dedicated Implementation Manager (named contact) as the
primary contact, and access to our general help desk. We offer real-time
assistance via screen-sharing calls, regular reviews, and launch guidance. Our
technical team is also available for any complex issues. Collaboration for the
implementation process is done virtually, however, we can also provide on-site
consultants.

ii. Post implementation. For example, do you provide named contacts or just
general help desk. What is the process for reporting a problem ticket? What
is your escalation process?

Post-implementation, we provide a 1-month hyper care period with continued
support from the Implementation Consultant (named contact). After this, support
transitions to a dedicated Customer Success Team (named contact) for long-term
optimization.

Support options:

empuls.io 22
 Entergy will be assigned a named contact to reach out for any
queries and access to the general help desk. Users can submit a ticket on this
page, send an email to [email protected], or choose the chat and email support
options from within the platform.

Apart from this, admins, managers, and employees have access to the Empuls
Help Center where they can find information on frequently asked questions and
detailed instructions on various topics.

Here is the escalation matrix:

6. IT Questionnaire

a. Exhibit E.

Please refer to the attached document titled “Exhibit E “ for our responses.

empuls.io 23