Avature

Avature GovRecruit: Candidate Relationship Management (CRM)

Avature GovRecruit Candidate Relationship Management is a highly-configurable platform for sourcing and recruitment marketing. With CRM customers can source talent internally and externally, populate talent pools, perform segmentation and engage candidates in marketing campaigns. CRM centralizes all information, providing automation, branding, social media, landing pages, diversity hiring and compliance tools.

Features

• Customizable and configurable people, pipeline, company records
• Creation, management and reporting on marketing campaigns
• Candidate sourcing and creation (i.e., websources, email, spreadsheets, etc.)
• Advanced search capabilities (semantic, boolean) and automated matching tools
• Automatic duplicate checking
• Pre-screening & Interview creation and management
• Landing Page Builder and Microsites
• Diversity sourcing tools and reporting
• Org charts for competitive intelligence
• Reporting (i.e., Ad-hoc list reports, custom reports, dashboards)

Benefits

• Use an intuitive and configurable system that drives adoption
• Build an automated, in-house sourcing model
• Leverage marketing tools (e.g., email and SMS campaigns, social media)
• Use employer branding tactics and improve the employer value proposition
• Source ahead of demand and shorten time-to-fill
• Streamline and expedite the recruitment processes (e.g., via configurable workflows)
• Create warm pipelines and encourage one-to-one relationships with candidates
• Build standard and custom reports on all information
• Keep the platform updated through high-frequency software upgrades
• Benefit from our robust customer services and support model

£60,500 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.harrison@avature.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

128506018869088

Contact

James Harrison
(0) 7875 660099
james.harrison@avature.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Avature GovRecruit CRM can be deployed as a standalone solution or integrated with Avature's solution suite (e.g. GovRecruit ATS, GovRecruit Onboarding, Hiring Manager, Referrals, Agency Management, Campus Recruiting). GovTalent Succession Planning, GovTalent Performance Management, GovTalent Internal Mobility
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No. Avature is chosen by global market leaders because we offer the latest technology and enable cutting edge recruiting techniques within a highly mature SaaS architecture. ; We provision for a weekly update of less than 20 minutes if needed, for which Avature’s version release system will seek out a period of non-use within a 24 hour window (typically Saturday/Sunday evening).
• System requirements: Commercial browser and internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response time depends on the severity assigned to the request. As defined in our SLA, the Initial Response Time is as follows-; Critical: 1 hour,; Major: 2 hours,; Minor: 24 hours,; Nominal: 72 hours,; Response time SLA does not vary on weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Avature's support services are provided to all customers equally at no additional cost. Avature provides full life-cycle customer support right from the first day you meet us ; (1) Implementation: The customer is assigned a dedicated Implementation Consultant who will be assisted by one or more Configuration Consultants as well as other members of teams who perform specific technical tasks. They will translate your processes into a completed platform configuration; (2) Training: Our dedicated Training team deliver both standard and custom training programs to customers. We offer remote and on-site options; (3) Account Management: Account Managers interact with customers to ensure that long-term goals tied to the use of Avature are fulfilled. Your dedicated account manager will handle all day-to-day matters, providing news, advice and managing customer requests for platform enhancements, as well as assisting customers to evolve their configuration as their needs change. Account Managers will also review KPIs and execute Quarterly Business Reviews.; (4) Technical Support: This team is in charge of monitoring the issue resolution process and making sure that issues are solved within the shortest possible time frame. Available 24/7.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Avature offers both standard and custom training programs. Avature users can access our standard training program through an online Training Campus as often as they need. Sessions are delivered virtually and include instructor-led programs that guide users through interactive demos. Additionally, we deliver custom training programs focused on the customer’s specific use case and configuration. Training can be delivered both remotely or on-site.; We offer an in-system Help section that contains detailed articles, guides and videos for users and admins. ; In addition, our Change Management team offers support in Adoption and Change Management programs to customers. During the implementation period a change specialist will meet with your team to assist in the establishment of a Change Management plan, and then collaborate with Account Managers and admin users post Go-Live to make sure the Avature configuration meets all requirements and is adopted as expected.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Promptly upon termination of the application service term and no later than thirty days therefrom, Avature will notify the customer that the customer data is available for return in the format specified in the Service Level Agreement.
• End-of-contract process: In the event our customers decide to move on from using our platform, Avature will notify the customer that their customer data is available for return in the format specified in the Service Level Agreement. Customer data will be available for 45 days, after which Avature will delete it.; At the customer’s request we can provide data migration services and other supplementary professional services in order to assist the customer in transitioning their data processing activities to an alternative system of their choice.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between the mobile and desktop service.; Avature’s platform and portals are mobile-optimized, and users and candidates can access them via any web browser without the need for extensions or plug-ins.; All Avature portals and landing pages incorporate responsive design so that elements such as text, media, the site’s layout and menus adjust dynamically to offer the best user experience in all screens sizes.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Avature is a modern web application delivered as SaaS. The platform’s interface is visually attractive, modern, mobile-optimized and user friendly for all roles in the system. ; The back-end UI can be easily personalized to centralize and display information, features and reports relevant to specific users or user groups. Likewise Avature makes available portals for stakeholders who do not need to access the back-end. These allow users to carry out their day-to-day activities within a mobile optimized and streamlined interface that is designed specifically for their role in the process.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Avature portals have been tested and positively validated by our customers as meeting their requirements in relation to WCAG 2.0 level AA. Customers can submit an accessible design to Avature or alternatively, Avature can work together with the customer on a design to meet their accessibility standards. Once a portal is developed it goes through a set of tests that are executed using automated software tools and manual testing. Note, while we provide guidance and will execute agreed tests, it is our customer's ultimate responsibility to ensure that their assets are compliant with their interpretation of the relevant standard.; We have had customers validate Avature portals using a variety of screen reading and related accessibility tools and to date have not identified any particular incompatibilities with these or related input devices. ; Avature's backend supports a number of accessibility requirements, however the platform has not been validated for compliance with WCAG 2.0 level AA at this time.
• API: Yes
• What users can and can't do using the API: Avature offers APIs to import/export data for the management of person/candidate, job/pipeline, company/organizational and folder/project records, as well as a wide variety of interfaces with 3rd party systems, user management and management of foundational data.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Avature’s configurability and flexibility sets us apart from other HCM software providers. During the implementation stage, Avature’s consultants will translate our customers’ requirements into Avature’s functional design, which enables them to address current challenges and pain points with the best tools available. The data model, workflows, automation, forms, templates, portals and sites, branding, dashboards, reports, roles and permissions etc. will be defined collaboratively with the customer’s project team. We offer dedicated account management to support customers once in production, and we equip customer system admins with the training needed to adapt the platform to their changing requirements.

Scaling

• Independence of resources: We use standard and proprietary tools to collect performance data in real time for preventative and continuous capacity planning. We have the ability to cluster multiple DB servers and our Web tier is clustered and routes/load balances Instances to their respective app servers. Avature has a SOA (Service Oriented Architecture) which deploys independent subsystems for mission critical background tasks. These resources can be obtained on demand based on load. Avature SAN architecture allows us to scale storage easily in capacity, IOPs and bandwidth. Our use of NGINX provides industry highest standard web scalability.

Analytics

• Service usage metrics: Yes
• Metrics types: Avature’s robust reporting framework enables admin users to create personalized reports on the utilization of the system. These are available in real time and can be incorporated in dashboards and scheduled reporting. Avature’s Performance team is responsible for the monitoring and collection of key information to support our SLA and agreed KPIs. The team uses proprietary tools to monitor and generate reports on the complete health of our customer's Application Instances including uptime, downtime, application response time, and security. KPIs are available for clients upon request.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export can be carried out manually or automatically via an integration with a third-party system. Avature supports a wide range of protocols and data formats for integrations. Avature supports standard formats (e.g., HTML, CSV, JSON, XML), special formats (e.g., HRXML), and partner proprietary formats. We support varied authentication (e.g., oAuth, basic, digest) and data transfer protocols (e.g., HTTP, HTTPS, SOAP, REST).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • JSON
  • XML
  • Excel
  • Proprietary
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HTML
  • XML
  • JSON
  • Excel
  • Proprietary

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: During each calendar month the Application Service shall be available for 99.6% of the Peak Service Period (excluding periods of scheduled downtime). ; If during any calendar month the Application Service availability is below that level Avature will make available a service credit on the customer's next invoice. Full details are available in our Terms and Conditions.
• Approach to resilience: Business continuity and disaster recovery plans are in place. Data center is N+1 redundant and the application is 2N redundant. All routine datacenter equipment maintenance can be performed without customer downtime. Disaster Recovery is based on fail-over and cross-site replication. The DR location is an alternate production data center. Avature performs near real-time replication and a full backup weekly of all Customer Data on both the production instance and replication instance of the Application Service. Backup systems and the fail-over process are tested periodically to insure that they are functioning properly, including without limitation, the restoration and coverage functions.
• Outage reporting: In the event of a reported service outage, Avature will notify affected customers via the customer service portal and provide a periodic update. Our Technical Support staff will also contact the customer's admin users via email or phone to provide more details on the root causes of the problem and the resolution applied.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We use role-based access permissions to segregate duties and we apply the least privilege principle. Identity and user accounts are managed through a centralized user directory.; ; In addition, IT systems are accessed by secure connections (encrypted channels) which require two-factor authentication and use of the central LDAP for user authentication as well as passwords.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAkkS
• ISO/IEC 27001 accreditation date: 18/10/2017
• What the ISO/IEC 27001 doesn’t cover: The following two controls were excluded from the ISO Certification as they are not applicable: Teleworking and Outsourced development .
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 18/08/2017
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Not applicable.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type II Audit Report prepared by Grant Thornton.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our security program is defined by our policies and security controls, which are based on best practices and industry standards (mainly ISO 27001/2). ; ; Avature’s policy is to ensure that:; (1) Information is protected against unauthorized access and use ; (2) Integrity of information is preserved while being processed by Avature ; (3) Information is made available to authorized users as required ; (4) Security controls are continuously improved based on identified risks ; (5) Information security training and awareness is provided for all employees ; (6) All regulatory and legislative requirements are met when storing and using personal information on our behalf (in our capacity as a controller of personal information) or processing personal information in behalf of our customers (in our capacity as a processor of personal information) ; (7) All contractual terms agreed with our customers are met ; (8) At least minimum service availability levels are met ; (9) All security incidents and suspected weaknesses are investigated, documented, and reported appropriately ; ; The Avature Risk & Audit Team commits to continuously improve the ISMS through ongoing risk assessments, management reviews, and regular internal and external audits.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All IT infrastructure change management and software development lifecycle management is maintained on a ticketing system. We have policies for both SDLC and IT.; We model and support our change management process through workflows in our internal change management system. These workflows are based in good practices and international standards, such as SSAE-16 and ISO 27001.; We have a set of "security hats" distributed into different teams. Those resources have specific security knowledge associated to the tasks performed into the teams. The tasks related to the Information Security of changes are analyzed and considered by these resources.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We run a fully automated vulnerability scan every month of the network, an annual network and application penetration test. Additionally, we have a steady stream of third party tests by customers.; ; We track vulnerabilities and their remediations using our internal ticketing system. We assign priority to each ticket in accordance with the severity of the vulnerabilities.; ; We apply security patches at least weekly but we will respond immediately when required. Patches are applied first to development servers, QA servers, and then production servers. We use an automatic monitoring tool (Nexpose) that tracks and alarms in case of any missing patches.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: 24x7 monitoring is in place. We employ Junos IDS/IPS & UTM (Unified Threat Management) on the gateways. We monitor the production environment for suspicious activity. We have a 4-eyes aware system for the production environment that alerts us to unusual activities or when certain key configuration files are modified. Additionally, our proprietary internal application monitoring tool proactively monitors the complete health of our customer's Application Instances including security.; In case of any security incident, we use our Incident Reporting Policy, which provides a formal mechanism to report suspected or confirmed incidents.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All identified issues are assigned a ticket for resolution. That is including reported incidents, identified bugs and performance related issues. ; ; Customer reported issues are aggregated by defect in our internal monitoring tool, and are mapped to runtime defects and their related diagnostics. All issues are assigned for analysis and resolution based on priority ratings running from p0 to p5.; ; Incidents are reported to the Customer within 24 hours of identification and we provide updates every 4 hours via the Customer Service Portal. We also provide a root cause analysis post event and assess the scope of the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Avature is unwavering in its dedication to fostering equal opportunities within its organisation. Through a multifaceted approach, it endeavours to create an inclusive environment where diversity is not only embraced but celebrated. Here's how Avature manifests its commitment:; ; Recruitment Practices: Avature employs fair and unbiased recruitment processes. It actively seeks out candidates from diverse backgrounds and underrepresented groups. Through outreach programmes and partnerships with organisations focusing on diversity and inclusion, Avature ensures that its talent pool is reflective of society's rich tapestry.; ; Training and Development: Avature invests in continuous learning and development opportunities for all employees. It offers training programmes aimed at promoting diversity awareness, cultural competency, and inclusion. By empowering its workforce with the necessary knowledge and skills, Avature cultivates an environment where everyone feels valued and respected.; ; Equal Pay and Benefits: Avature is committed to pay equity, ensuring that all employees receive fair compensation regardless of gender, race, or any other characteristic. Additionally, it provides comprehensive benefits packages that cater to the diverse needs of its workforce, including healthcare, parental leave, and flexible work arrangements.; ; Promotion and Advancement: Avature promotes a merit-based culture where individuals are recognised and rewarded based on their skills, performance, and potential. It implements transparent promotion processes, free from bias or discrimination, to ensure that career advancement opportunities are accessible to all employees.; ; Community Engagement: Avature actively engages with external communities to promote diversity and inclusion initiatives. It supports various causes and organisations that advocate for equal rights and opportunities, demonstrating its commitment to making a positive impact beyond its own walls.; ; By embracing diversity and championing inclusion, Avature not only enriches its workplace culture but also drives innovation and excellence.

Pricing

• Price: £60,500 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.harrison@avature.net. Tell them what format you need. It will help if you say what assistive technology you use.