Tribepad

Tribepad Talent Acquisition Platform for NHS (ATS, CRM & Onboarding)

Tribepad is a talent acquisition platform specially configured for the NHS. Comprising Applicant Tracking System (ATS), CRM, Onboarding & Video interviewing. Integrated with NHS Jobs, ESR and a range of compliance and occupational health providers. Used by NHS Professionals and NHS Trusts for clinical & non-clinical recruitment.

Features

• Customer branded Applicant Tracking System for processing jobs and candidates
• Customer branded job search and configurable application form processes
• Multiple selection & hiring workflows including 'blind' recruiting capability
• CRM capability including talent pooling, redeployment & campaign management
• Configure engaging onboarding experiences & manage online reference collection
• Real-time reporting with 100+ standard reports plus ad-hoc reporting
• Interview management including Office 365 & google calendar integration
• Communication & candidate correspondence management including two-way SMS and email
• Job requisition creation & approval management
• Job board & social media multi-posting

Benefits

• Enables efficient recruitment of single or multiple roles simultaneously
• Take advantage of Video Interviewing to improve efficiency and experience
• Utilise online assessment tools to sift applicants
• Templated and automated communication to save time and increase efficiency
• Automated pre-screening & candidate shortlisting to assist volume recruitment
• Branded, AA, mobile optimised user interfaces for ease of access
• Multiple user types & permissions to restrict data access
• Online background checking tools to improve efficiency and reduce risk
• Powerful real-time reporting with standard & ad-hoc options
• Automated GDPR tools to manage data protection and regulatory compliance

£1,500.00 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketing@tribepad.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

142719887263403

Contact

Jason Collis
0114 312 2110
marketing@tribepad.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: No Service Constraints are envisaged as the service is accessible via any web browser on any device (computer, phone, tablet, etc.). Available in 16 languages including UK English and Welsh.
• System requirements:
  • Internet access
  • Device with a web browser, PC/Laptop, Phone, Tablet, TV, Console

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 issues are responded to within 30mins, 24/7.; Priority 2 issues are responded to within 2 working hours.; Priority 3 issues are responded to within 8 working hours.; Normal working hours are 9am to 5pm, Monday to Friday.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Every customer is assigned their own Account Manager, who will conduct ongoing account reviews, and discussions on platform improvements, help with technical questions, assist with raising support tickets where needed, as well as liaise with Tribepad departments on the customer's behalf. ; ; Every client has access to our Customer Success Consultants who help drive adoption, innovation and return on investment and ongoing training.; ; Day to day customer support is accessible via email, phone or ticket, and working within the previous SLAs. ; ; Our Senior Management Team are extremely hands-on and frequently available to support the customer in conjunction with the Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: More than 50,000 recruiters and hiring managers use Tribepad, so we know it is intuitive to use. To support adoption Tribepad offers an interactive ‘user pilot’ guided tour as standard when users log into the system. This comprehensive, easy to user tool provides users with an interactive tour of the platform and assists them with advice and guidance on how to complete common tasks as well as describing individual features and platform functionality. The walk through's themselves have been purposely designed to be simple to use and provide valuable answers. The aim of the guides is to increase user adoption by allowing them to trigger the right in-solution experience to the right persona at the right stage of their user journey. ; ; If further, more detailed support/information is required Tribepad offers an ever-evolving online knowledge hub that contains articles, PDFs and 'how to' video guides for both recruiters and hiring managers.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Using Tribepad's 'Insights' reporting module, Customers can create their data dumps to retrieve their data. Alternatively, the customer can use our APIs to pull all their data out. After the contract ends, any live data will be deleted a week after termination. The same 7-days timeframe applies to backups (because we take daily backups where these will be naturally cycled out.)
• End-of-contract process: As the platform is entirely cloud-based, there are no requirements to remove any equipment from the customer's site. Even if the solution has been linked to the customer's ERP, simply disabling the API or stopping the SFTP will remove that link. So aside from either securely giving the customer a dump of their data, or allowing the customer to take their data via the API, there are no costs. It should be stressed that Tribepad works ethically with its customers and will ensure that customer satisfaction is never compromised even at the end of any contract. This approach has contributed to us having almost a 100% customer retention rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No noticeable difference aside from screen layout thanks to the adaptive and responsive design of the solution.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Tribepad Manage is a super-user tool accessible via 2FA for a sub-set of system administrators only. It allows organisations to self-serve changes to organisational structure, Users and permissions, data retention policies, branding, communication and much more.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Tribepad conducts both internal and external accessibility reviews to help define our own accessibility standards. These are used to bring all areas of our current systems and any future developments to the desired standard.; ; We have chosen BunnyFoot, a company that specialises in user experience to help define our standards and source any external testing.; Internal testing is guided by WCAG success criteria but ultimately, the goal is to make our systems meet the needs of a wide range of users and to eliminate barriers when they are discovered with any developments qualified by user testing. ; ; Working with BunnyFoot we will continue to define and refine our testing process and the standards we aim to adhere to - and how accessibility can be worked into our development and testing life cycle.
• API: Yes
• What users can and can't do using the API: We have multiple APIs that the users can use to interact with almost every aspect of our platform. As we created the platform, and have complete ownership of the IP, we can also develop APIs on request for customers as part of any contractual roll-out. As examples, uploading, amending, and removing of jobs or candidates, or using an API for reporting, even an API for taking a complete data copy of the customers data, can all be done via APIs. As part of the contractual roll-out, we will configure the APIs for the customer/users, and ensure that full training is undertaken on their use.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We believe Tribepad is one of the most configurable TA suites in the world. Many aspects of the service can be configured. This includes user permissions & GDPR retention periods through to simple rebranding for the customer to reflect their corporate image, to the user choosing what layout for job role advertisements. Adding questionnaires to the application, how many interview stages, interview slots, what type of interview i.e. face to face or video interview, which job boards to publish to, whether to advertise to internal or external candidates, (or both), allowing ring fencing of jobs, and inviting passive candidates are just some of the areas that the user can configure to their requirements.

Scaling

• Independence of resources: Tribepad believes in over-resourcing our infrastructure, which includes not just a large number of physical servers, and virtual servers for each customer, but also load balancers and vast storage availability. As our system is accessed by the user using https, and we have a 1GBps connection to each datacentre, we do not see bottlenecks in accessing the system either. Therefore we are never running "hot" and always have availability for significant increases in use by customers. We have active monitoring and alerting on resources such as bandwidth, disks i/o, disk space, memory and CPU.

Analytics

• Service usage metrics: Yes
• Metrics types: Everything that the customer does can be reported upon. ; Examples include :-; How many roles have been created,; How many applicants have applied,; How long between application and candidate communication,; Which user did what action and when,; How many interviews are scheduled etc.,; In reality, whilst most metrics are available through our secure reporting tool 'Insights', we can provide whatever metrics the customer requires.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers have three options:; API - using our API, customers can take a copy of all of their data whenever they wish. ; SFTP - Custom CSV's of required customer data can be created using Tribepad's 'Insights' reporting module that customers can receive via SFTP.; Email - Again, using Tribepad 'Insights', custom reports can be scheduled to automatically run at specific times and be distributed to users via email or uploaded to secure online storage. All reports would be sent as encrypted zip files requiring the recipient to have the correct password to open.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our standard SLA for availability is 99.9% outside of any agreed maintenance periods. However, we don't have standard penalty clauses as any penalties for failure to adhere to the SLA are usually agreed on a contract by contract basis.
• Approach to resilience: Tribepad's core platform is hosted from two UK-based Tier 3 ISO27001 compliant data centres. ; ; Tribepad operates both primary and secondary data centres on warm standby, so in the event of a complete loss of the primary data centre, the secondary data centre can take up the responsibility of being the primary environment. ; ; The Tribepad codebase is stored in an encrypted format within our remotely hosted version control solution. This platform is backed up hourly on redundant and resilient servers. So in the event of a total loss of data centre infrastructure, we would still be able to run up a copy of the codebase in a tertiary environment. ; ; The Tribepad production databases are replicated onto secondary servers (both within the primary data centre and the secondary data centre in real-time through a master/slave replication process and backed up daily (it can be hourly depending on the customer contract) onto the same remote server. These backups are copied daily in a Grandfather, Father, Son routine.
• Outage reporting: In the unlikely event of an outage, customer nominated users will be notified by email from our customer support team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Each user group is pre-defined by you during the implementation process. As standard, for customers nominated system admins, we offer 2-factor authentication to access the solutions 'Insights' reporting module and 'Manage', the solutions self-configuration toolkit. ; ; For Tribepad staff, our Access Control Policy A9.1, part of our ISMS, defines the measures taken to secure and restrict access to information and information processing facilities, in order to protect the confidentiality, integrity and availability of customer data. Tribepad operates a least-access security methodology with any access to customer systems or sensitive data requiring COO approval.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA Limited
• ISO/IEC 27001 accreditation date: 22/05/22
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Tribepad's security policies & data protection infrastructure is in the form of an Information Security Management System (ISMS), in accordance with ISO/IEC 27001:2013. ; ; Our information security policies, which reside under our main ISMS folder, contain the following:; ; A1 ISMS Manual; A2 Risk Management; A5 Information Security Policy; A5.1 ISMS Objectives; A6.1 Organisation; A6.2 Mobile Devices & Remote Working; A7 Human Resources Policy; A7.2.2 Information Security Awareness & Training; A7.2.3 Disciplinary Process; A8.1 Acceptable Use Policy; A8.2 Information Classification & Handling; A9.1 Access Control; A10 Cryptographic Controls; A11 Physical Security; A12 Operations Security; A13 Communications Security; A14 System Acquisition, Development & Maintenance; A15 Supplier Relationships; A16 Incident Management; A17 Business Continuity Policy; A18 Compliance; A18.2.3 Vulnerability Disclosure Program; C10 Improvement & Corrective Actions; SoA ; ; All Policies are available on request and are fully compliant with industry standards. All Policies are tested, reviewed regularly, updated when required, and are clear and unambiguous. All Policies are fully sponsored by Senior Management, and are version controlled and approved by either the CISO, COO or the CTO before adoption. On adoption, all staff are trained on the contents of the policies, and Senior Management ensures that Policies are enforced completely.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: System changes are controlled as per the procedures set out in the ISMS document A12 Operations Security Policy, under section 2.2 Change management & A14 System acquisition, development and maintenance.; ; The components that are tracked through their lifetime include:; Application-based security or business needs patches; Regularly scheduled maintenance; Operating system patches (critical, hotfixes, and service packs) ; Language Packs; Web application vulnerability mitigations and code fixes; ; All changes are assessed for their potential security impact.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our security team carefully assesses vulnerabilities using several threat intelligence sources.; ; Security patches are applied within one 1-working day of being made available, with any zero-day issues being patched immediately. ; ; To identify threats, Tribepad employs compliance and monitoring tools, proactive threat discovery, e.g. monitoring systems for current and new threats, intrusion detection tools, vulnerability prevention and scanning tools and can provide root cause analysis for forensic investigations. We are also subscribed to threat intelligence feeds and check them for relevant vulnerabilities to ensure security.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Tribepad has implemented network security controls & we monitor all network devices using SNMP polling into a Zabbix system which alerts 24/7.; ; If any compromises have been identified, the ISO will perform a risk assessment following the A2 Risk Management Policy procedure.; ; Affected customers and/or third parties of any incident will be notified and contacted by Tribepad within 12 hours but must be no later than 24 hours after Tribepad has become aware of the incident. ; ; Tribepad will also inform any actions that have been undertaken as well as any others that are recommended or required on their behalf.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Tribepad has pre-defined procedures and processes in place to ensure effective management of common events.; ; All employees and contractors must report any incidents, events or weaknesses to the relevant personnel through the appropriate channels and methods of communication, as soon as it is feasible. ; ; Affected customers and/or third parties of any incident will be notified and contacted within 12 hours but must be no later than 24 hours after Tribepad has become aware of the incident and will be informed of any actions that have been undertaken as well as any others that are recommended or required on their behalf.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Tribepad holds itself accountable by engaging in carbon quotas for annual assessments. Our aim is to achieve net-zero emissions for scopes 1 and 2 by 2030, aligning our carbon management strategy with our values of environmental stewardship. This commitment is further underscored by our pursuit of B Corp certification, striving to be the first UK Applicant Tracking System (ATS) provider to meet the highest standards of environmental and social impact on society.; ; Aligned with our public sector customers and partners, we are dedicated to driving positive social change. As part of this commitment, we have set ambitious goals to make a tangible difference in the world. For instance, we have pledged to plant 1 million trees by the end of 2025, contributing to environmental sustainability and combatting deforestation.; ; Introducing initiatives like our electric car salary sacrifice program helps to play a significant role in our corporate efforts to mitigate climate change while also benefiting employees and the broader community.

  Tackling economic inequality

  At Tribepad, we're committed to tackling economic inequality through various initiatives:; ; Living Wage Policies: Ensuring fair compensation for all employees.; Diversity, Equity, and Inclusion (DEI) Programs: Prioritising diversity in hiring and promotion to create opportunities for underrepresented groups.; Education and Training Programs: We offer skill-building opportunities to empower career advancement; Financial Wellness Programs: We provide external resources for financial literacy and planning to improve our employees' economic security; Community Investment and Philanthropy: We engage in philanthropic initiatives to address economic disparities in our communities. Whether through charitable endeavours or collaborative partnerships, we are committed to making a positive impact at the grassroots level. We understand the importance of working hand-in-hand with communities, embodying our ethos of responsibility and collaboration in every aspect of our business. An example of this commitment in action is our policy of allowing each employee to take a day off each year to volunteer and support local social charities. This initiative empowers our team members to give back to their communities and fosters a sense of purpose, fulfilment, and civic responsibility among our workforce.; Tribepad also supports underserved communities worldwide through its investment in Kiva microloans. These empower entrepreneurs globally, aligning with our commitment to social responsibility and engaging our employees in meaningful philanthropic endeavours.; ; Through these efforts, we aim to foster a more equitable workplace and contribute to a fairer society.

  Equal opportunity

  We’ve consulted with TalentProof about Diversity, Equity, and Inclusion (DE&I) as we are committed to fostering a diverse and inclusive workplace culture. TalentProof's expertise in DE&I initiatives has provided valuable insights and strategies to help Tribepad cultivate a more diverse talent pool, create a more inclusive work environment, and promote equity across all levels of our organisation.

  Wellbeing

  Tribepad is committed to doing the right thing and that begins with our people, recognising them as our greatest asset. We embrace a people-first approach, valuing the well-being and potential of each individual within our organisation.; ; First and foremost, we prioritise the well-being of our employees by fostering a supportive and inclusive workplace culture. We recognize the importance of work-life balance, and thus, we strive to create an environment where employees can personally and professionally thrive. Open communication and feedback are encouraged and valued as integral components of our company culture, ensuring every team member feels heard and supported.; ; In addition to promoting a healthy work-life balance, we are committed to supporting the mental well-being of our employees. Tribepad provides access to counselling services, mental health resources, and employee assistance programs to ensure individuals have the support they need to navigate personal and work-related challenges. We understand that mental health is a critical aspect of overall well-being, and we are dedicated to providing resources and support to help our employees prioritize their mental wellness.; ; Moreover, we recognise the importance of flexibility in today's fast-paced world. That's why we offer flexible schedules, remote work options, and compressed work weeks to accommodate our team members' diverse needs and lifestyles. By providing these options, we aim to promote work-life balance and reduce stress, allowing employees to better manage their responsibilities inside and outside work.; ; Furthermore, we prioritise the physical health of our employees by offering comprehensive health insurance plans. These help to ensure that our team members have access to the resources they need to maintain their health and well-being. At Tribepad, we believe that supporting the holistic well-being of our employees is not just a responsibility but a fundamental aspect of creating a positive and thriving workplace culture.

Pricing

• Price: £1,500.00 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provide access to a trial, branded sandbox environment with supporting guidance material. Usually, a trial is over a 30 day period, however, extensions can be agreed on request.
• Link to free trial: https://www.tribepad.com/contact-us/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketing@tribepad.com. Tell them what format you need. It will help if you say what assistive technology you use.