COMPLETE BACKGROUND SCREENING LTD

Employment Screening Services & DBS Specialists

An award winning DBS Specialist & Background Screening provider, serving large national & multinational organisations across the UK and Overseas. Offering unrivalled software platforms for eBulk, eBroker, and eScreening approved by the DBS, Disclosure Scotland, Access NI, and the UK Home Office.

Features

• Exceptional customer support
• Unrivalled software platforms and application processing

Benefits

• Guaranteed quickest possible completion times
• Long standing & respected experts

£4.00 to £150.00 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at RACHELB@CBSCREENING.CO.UK. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

152109406259628

Contact

Rachel Bedgood
01443799900
RACHELB@CBSCREENING.CO.UK

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our service can be integrated into multiple other platforms and background screening service providers.
• Cloud deployment model: Private cloud
• Service constraints: Our system has no constraints
• System requirements: Web-based platform

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All responses are provided within 24 hours of receipt.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: This service can be implemented upon request.
• Onsite support: Onsite support
• Support levels: Our system provides clear, accessible functionality designed to minimise queries through on-line support prompts. CBS will provide full face-to-face training for Administrators, train-the-trainer Super User training, and 24/7/365 access to online training and Authority specific user guide throughout the contract lifespan. Thereafter, we will provide personalised, responsive support through:; • Direct phone and email contact with your Account Manager, Mon-Fri 08:00 – 17:30.; • A helpdesk with central phone support Mon-Fri 08:00 – 17:30 and email Mon-Fri 07:00 – 23:00. Manned by 14 technicians and 5 countersignatories, this will maximise first-time resolution across functional queries (e.g. password reset) and system support (e.g. DBS legislation).; Adding value, we can also implement online live chat support for the Authority. Through the above framework, in 2023 we have acknowledged, responded to and resolved all support requests (average 5000 monthly) within 3 hours; or next working day for out-of-hours queries.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: CBS value relationships to deliver mutual success. CEO, Rachel Bedgood, will lead design and implementation, working collaboratively with the Authority to scope workflow functionality needs and tailor our system to your precise requirements. Once an acceptance tested system is live, she will retain contract accountability, handing daily management responsibility to our experienced Operations Manager, Sarah Lloyd. Rachel and Sarah have managed hosted eBrokerage, eScreening and eBulk systems for 50+ UK national organisations and public sector bodies with similar security and legislative requirements
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data can be extracted ad hoc throughout the life of the contract, or through automated programmes & billing, or provided by CBS at contract end.
• End-of-contract process: Typically this is subject to the contractual obligations placed on CBS by the client. CBS will honour all end of contract requirements promptly and support the customer in all aspects.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Meeting Equality Act 2010 and Web-Content Accessibility Guidelines 2.1 (WCAG), our applicant web pages are WCAG AA compliant. This includes enabling users to adjust font size and colour/contrast. Accessible web layout has been optimised for usage across screen sizes, operating systems (MacOS, Windows) and devices (PC, Tablet, Smart Phone); designed using bootstrap for CSS and accessibility tested through browser-based readers (e.g. naturalreaders.com). ; Adding value, CBS can translate the user interface into any language and are the only eBroker approved by the DBS to provide a bi-lingual (English, Welsh) service including customer support, meeting Home Office Welsh Language Scheme best practice.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Our system is 100% web-based, accessed through all browsers with https. It does not need additional software and supports adaptive technology (e.g. HTML 5). All devices with a camera and internet access can be used (e.g. laptops, tablets, and smart phones). Users access via controlled credentials (e.g. username, password, memorable information) using two-level authorisation. Approximately 80% of our users complete DBS applications forms via a tablet or handheld device.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: As part of our annual auditing and compliance procedures with ISO and other contractual obligations, we undertake ongoing interface tests to ensure accessibility for all in line with our equality and client commitments.
• API: Yes
• What users can and can't do using the API: We currently have varying APIs in place with a host of CRM & ATS solutions. We will work with all suppliers, where required, to implement any require APIs.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We provide a fully customisable administration solution which puts the Authority in full control of functionality, branding, reporting and notification updates, and the end-to-end application journey.

Scaling

• Independence of resources: We are accredited to ISO 27001:2022 (Information Security) and ISO22301:2012 (Business Continuity & Contingency Planning), are Cyber Essentials Plus certified and comply with ISO9001:2015 standards. We also also accredited by the National Security Inspectorate.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics vary depending on the services and SLA defined in the contractual agreement.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CBS will provide customised reporting to your requirements and frequency. With all reports working on real-time data, we provide added value through an Administrator portal accessed reporting suite which allows you to pull direct csv, text-based, table and graphical chart reports across any combination of data fields and timelines. We typically provide monthly client reports showing:; • Total applications created, processed, and approved by department / cost code.; • Invoicing total by cost code / department.; • Average time from countersigning and D&BS submission to return.; • Line item disclosure status and number across applicants (e.g. new, update service).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have an SLA with Secura for 24/7/365 guaranteed 100% uptime (excluding planned maintenance) equivalent to 99.999%. Since 2003, we have experienced no unplanned downtime.
• Approach to resilience: Our system is UKAS accredited to ISO 22301 for business continuity and contingency planning as well as ISO 27001 for Information Management
• Outage reporting: Our service reports outages via internal dashboards and data tables. Additionally, our service reports outages via email alerts and an API.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Preventing unauthorised systems entry or data misuse, we implement robust controls which restrict user access to only the rights and information needed to complete their business function. This includes limiting the number of highly privileged accounts held by our own personnel to management and the number of user accounts for client representatives based on their own operating requirements and hierarchal structure; all of which require two-phase validation including alphanumeric passwords that must be updated every 90days. Managing user accounts from creation, we remove all redundant accounts when no longer needed and inactivate a person’s credentials immediately upon terminating their employment.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 16/12/2022
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Cardnet
• PCI DSS accreditation date: 01/01/2012
• What the PCI DSS doesn’t cover: Most recent annual accreditation was received on 02/01/2024
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO22301
  • NSI - Silver

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our software is hosted on UK data servers and is stored on Tier 3+ servers protected by ISO 27001 accredited security controls. Systems have HyTrust Encryption access controls which require two-phase validation, multiple firewalls and Threat Manager programs (AlertLogic) to enable real-time detection and analysis of viruses/malware. Systems are monitored and bi-annually penetration tested by IT security advisors approved by the Council for Registered Ethical Security Testers (CREST), and MoJ. We have an SLA with Secura for 24/7/365 guaranteed 100% uptime (excluding planned maintenance) equivalent to 99.999%. Since 2003, we have experienced no unplanned downtime.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As a reliable and experienced service provider, we provide bespoke solutions through regular communication with all clients. Our technical change process will vary dependent on the requirement and whether this is led by regulator compliance, client or CBS.; With regards to regulator compliance this could be initiated by the Home Office, Ministry of Justice, Disclosure and Barring Service or through ISO Compliance. All of which is covered by our ISO Change Management Procedure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We employ AlertLogic to further detect and prevent intrusion. AlertLogic seamlessly connects an award-winning security platform, cutting-edge threat intelligence, and expert defenders in order to provide the best security. Protecting the integrity of our systems from both internal and external threats, we have built and maintain a secure network perimeter which effectively mitigates all inbound and outbound connections from malicious activity. This includes use of multiple firewalls and application of threat manager programs which are actively managed to minimise exposure of our systems to cyber-attacks. We also facilitate rolling pentests and simulated cyber-attacks, conducted by CREST IT advisors and MoJ
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: As part of our monitoring strategy we employ a specialist provider of managed detection and response services, Alert Logic, who scan and analyse our systems 24/7 to identify and deny security threats to our servers in real-time. In tandem, every time sensitive information is accessed our systems automatically generate a log of which user, when and where the file has been opened. This audit trail of user activity enables us to monitor and investigate any suspected abuse of privileges; with our management team alerted when an individual’s activities fall outside their expected remit to preserve integrity of information held.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Contingency: a generalised capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not, have been foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice, our BCP sets out our governance arrangements in ensuring our continued operations during major incidents. This is informed by active Risk Mitigation and Disaster Recovery Plans specific to each of our clients, which detail the mitigation and contingency arrangements we invoke to eliminate or minimise risk impact.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As an organisation founded within an ex-mining community that was impacted by poor environmental decisions CBS understands the importance of influencing stakeholders to work collaboratively to achieve climate change goals. ; Our head office in South Wales signifies to all stakeholders the positive efforts CBS are making to fight climate change. The office has previously been shortlisted by the Wales Property Awards due to its design and sustainability, and includes a sustainable air ventilation system, LED lighting and robust insulation and electric vehicle charging points on-site. The office currently operates on renewable energy only. We also recycle 100% of waste and prohibit single-use materials on site.; UK Government (UKGOV) aim to achieve net zero carbon emissions by 2050. In March 2023, the net zero strategy was updated with a suite of publications; including the Powering Up Britain: Net Zero Growth Plan (N0GP), which highlights suitable sustainability initiatives to achieve this goal. ; Further, the March 2023 Decarbonisation Strategy published by CBS’ local council Rhondda Cynon Taf outlines how the locality can achieve 90% net zero by 2030. The roadmap produced included LED lighting, company carbon reduction plans, rooftop solar panels, low carbon heating, electric vehicle charge points and staff awareness programs. This strategy has heavily informed CBS’ approach and will inform the development of our Carbon Reduction Plan (in line with UKGOV PPN-0621) by the CBS Carbon Accountant, before publishing on CBS website for stakeholders to view. 100% of CBS personnel will receive sustainability training on induction which outlines, our sustainability goals and the initiatives/measures we have in place to achieve them; this will include the CBS Carbon Reduction Plan, on site recycling, walk/cycle to work scheme, paperless office, 100% electric/hybrid company cars, prohibiting single use plastics/non-recyclable materials on site and EV charging points.

  Equal opportunity

  Complete Background Screening (CBS) Limited is a woman-owned business which was founded in a deprived ex-mining community in Mountain Ash, Wales. For the last 16 years, CBS has developed an excellent understanding of the capabilities and commitments required to tackle economic inequality within our sector and immediate environment, and have secured awards relating to entrepreneurship and company growth (e.g. Entrepreneur Wales and Fast Growth 50). All senior managers within CBS are female. Furthermore, CBS complies with the Equality Act 2010 and we will undertake annual Disability Access Audits, updating our practices with reasonable adjustments (RAs). Recruitment and onboarding is the responsibility of CBS’ diverse recruitment team. To tackle inequality, employment opportunities will be advertised online via Indeed, Reed, Monster and social media e.g. Facebook and LinkedIn, and physically posted in local newspapers, shops/post-offices and community centres. All adverts include detailed job descriptions and salary information. We also run an employee referral scheme. Positive action schemes will also be implemented by CBS’ to address underrepresentation in certain roles and pay grades, supported by direct advertising in specific communities, with 100% individuals who apply for a role, having a guaranteed interview and receiving CV feedback. For example, in May 2023, 150 people applied for two jobs and CBS provided an interview at our office and CV feedback for all 150 individuals.; All interviews will follow the same question-structure, and be inclusive of skills-based assessment tasks. Successful candidates will be offered flexible employment contracts, a company health and wellbeing programme is operated as well as reasonable adjustments for disabled individuals and subsidised childcare for single parents (up to 40% subsidy). CBS currently have a staff retention rate of 96%, and a staff sickness rate of 0.08%.

  Wellbeing

  CBS has become signatories of the Disability Confident Scheme, and the Mental Health at Work Commitment; implementing any required measures. To support single parents, CBS subsidises childcare costs by up to 40% and offer flexible contracts (e.g. hours/work from home).CBS are based in Mountain Ash, Wales; with recent census data evidencing its deprivation and unemployment rates worse than the Wales average. To support our area, CBS will continue to recruit locally with 100% of our current workforce residing within/around the Mountain Ash region. CBS will aim to recruit local personnel and link with local educational establishments, to recruit students on a work placement, and participate in career events e.g. annual career fair/talks; to promote the sector. Complete Background Screening Limited (CBS) are a woman-owned organisation, which holds an Investors in People (IIP) accreditation and has a 100% female senior management team. CBS are subscribed to the Ethical Trading Initiative (ETI) and operate in alignment with the nine elements of the ETI Base Code and compliance with the Employment Rights Act 1996.

Pricing

• Price: £4.00 to £150.00 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to our test portals to understand the ease of the applicant journey and the high end functions of our online solution.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at RACHELB@CBSCREENING.CO.UK. Tell them what format you need. It will help if you say what assistive technology you use.