KnowYourPeople

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: N/A
System requirements: Access to modern web browsers such as Google Chrome

User support

Email or online ticketing support: Email or online ticketing
Support response times: Email support is available 24/5 (Mon-Fri) between the hours of 8:30am and 5:30pm. A voicemail service is operational out of hours. Responses are provided within one business day. Voicemails will be picked up at weekends and responded to within one business day.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Users and applicants can access via smart phone, tablet or PC using a modern web browser. User guidance is provided throughout the online journey in addition to both email and telephone support.
Web chat accessibility testing: N/A
Onsite support: No
Support levels: First Advantage provide both telephone and email support services for users and applicants via our Customer Care team. We also provide an online 'chat' feature. Our intuitive web and mobile friendly interface also includes applicant and user guidance notes. Certain customers are allocated a Customer Success Manager for escalations, regular reviews and contract meetings. First Advantages Application Support and Operations teams are also available to support technical and operational queries and our Implementation Team can be leveraged for insightful end user training.
Support available to third parties: No

Onboarding and offboarding

Getting started: First Advantages Implementation Team will work with customers to gather requirements and configure the service to reflect them (users, packages, branding etc). End user training documentation is provided in addition to a range of virtual or onsite end user training workshops being arranged appropriate to each customers needs.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: Users have the ability to search and filter specific data they require using KnowYourPeople's management information dashboard. Data presented can then be exported for use outside of the service and only by those with access rights to do so.
End-of-contract process: Given adherence to terms and conditions, contracts due to expire that will not be extended cease to gain access to the service following the contract end date. Normal service, SLA's and support will be provided up to and including contract end date.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: There are some differences in the journey, most noticeable is the ability to leverage in built camera's and Near-field communication features in an applicants smart phone to support digital identity checking. This is different via PC and some features wont be the same.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Users and applicants can access KnowYourPeople via smart phone, tablet or PC using a modern web browser. User guidance is provided throughout the online journey in addition to both email and telephone support.
Accessibility standards: None or don’t know
Description of accessibility: Users and applicants can access KnowYourPeople via smart phone, tablet or PC using a modern web browser. User guidance is provided throughout the online journey in addition to both email and telephone support.
Accessibility testing: N/A
API: Yes
What users can and can't do using the API: The purpose of our API is to provide you with the ability to integrate your applications and processes with the KnowYourPeople platform. The API can be used for creating, managing and submitting applications containing background checks provided by our service and for obtaining the results of those checks. Our API enables you to pick and choose how much or how little you want to integrate with us. Our API facilitates you to: Create a Person and an Application form via your system, determine who will complete the application form using KnowYourPeople web pages, with the following options available:
Applicant Completes - Activation email sent by KnowYourPeople
Applicant Completes - Activation email sent by your system
Complete the online application form on behalf of the applicant
Poll for Application and Check status updates
Poll for full check results details - Get a breakdown of all elements of check results, plus the overall result of the check, Pass, Alert or Fail
Poll for summary check result details - Only receive the summary result, Pass, Alert or Fail
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Certain components of KnowYourPeople are configurable including; organisational hierarchy, user access, roles and privileges, branding, email content, job roles and packages, payment and ID verification methods and applicant declarations.

Scaling

Independence of resources: Continuous monitoring ensures we have the necessary resources available. We use technology such as rate limiting & quotas to ensure the stability of the platform.

Analytics

Service usage metrics: Yes
Metrics types: Service metrics can be provided on request and reports can be generated to provide users with service data relating to application status, tasks, people, checks and users.
Reporting types: Real-time dashboards

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Users have the ability to search and filter specific data they require using KnowYourPeople's management information dashboard. Data presented can then be exported for use outside of the service and only by those with access rights to do so. Data exports are sent to users as files via password protected email.
Data export formats: CSV
Data import formats: CSV

ODF

Other
Other data import formats: PDF

JPEG

JPG

PNG

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

Other
Other protection between networks: First Advantage use a WAF enforcing TLS 1.2 or greater and mitigates against common attacks.
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: All inter service communication is over TLS and limited to the cloud provider network.

Availability and resilience

Guaranteed availability: Premier Service Level Agreement can be requested at contract stage and further information shared.
Approach to resilience: First Advantage use Azure Cloud with redundant data centres. Further information can be provided upon request.
Outage reporting: First Advantage use continuous monitoring that sends alerts to a central NOC team.

Identity and authentication

User authentication needed: No
Access restrictions in management interfaces and support channels: There are a range of different user roles, each with their own access and privileges. Users need to be set up with a role on each organisation they would like access to. Users can have different access on different organisations if required. Administrators or Customer Managers are the only users who can set up new users. Users can be updated to have more than 1 role. Users can only see data and complete certain tasks that the user role they've been allocated allows.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: BSI
ISO/IEC 27001 accreditation date: 30/03/2023
What the ISO/IEC 27001 doesn’t cover: First Advantage’s Information Security Management System is aligned with the ISO 27001:2013 standard and our compliance with its requirements is being reviewed on annual basis by an external auditor. The scope covers the provision of Application Development from Bangalore (India), Background Verification & Client Services Operations and its support functions operating from Bangalore (India), Alabang (Philippines), Colchester (UK), Atlanta (USA) & Bolingbrook (USA) and the Data Center Operations from Global Operating Center in Bangalore (India), Amsterdam (The Netherlands), Suwanee & Indianapolis (USA).
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Our technology security team has policies in place that meet ISO 27001:2013 and ISO 27701:2021 standards. We have a comprehensive data security program in place that implements appropriate technical and organisational measures and which at a minimum cover:
- Protection against loss, misuse, or unauthorised alteration of personal data.
- Our customer facing web applications utilise Secure Sockets Layer (SSL) encryption to protect all confidential data across the public network, reducing the risk of exposure.
- In addition, data is encrypted while at rest when it is stored in our data centres, further protecting the data from unauthorised access or loss.
- Access to personal data is strictly limited to those employees who need this access in order to carry out their job responsibilities

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Changes to production systems, including the deployment of First Advantage software updates, go through a formal change management process, which includes security review and approvals. All changes to the system go through a change control process where stakeholders sign off the change after QA signed off. All code undergoes static code analysis.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Approach First Advantage leverages internal and third party regular vulnerability assessments and penetration testing to drive detection and mitigation of vulnerabilities continuously in production systems and applications, reducing the risk of exposure of client data and impact to system availability. This program conforms to the ISO22301 standard to identify risks and the associated business impact and ensure the development of plans to resume critical business functions and/or recover critical systems.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Detecting anomalies and security events in the environment is a critical component of our security program. FA constantly monitors evolving threats and vulnerability landscape in order to respond and mitigate threats proactively. FA monitors infrastructure and security controls 24/7 and works to fix/escalate to appropriate personnel immediately. FA deploys Intrusion Detection System sensors at key points in the network to detect and alert security teams to malicious activity and unauthorized attempts to access network/systems. FA deploys network malware detection solutions to compliment antivirus and IDS technologies by detecting anomalous behaviour, such as systems communicating with Command and Control networks.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: The centrally managed and cross-department Incident Response Team (IRT) performs fast response and resolution of issues. The IRT works closely with internal and external stakeholders to ensure security incidents are contained and remediated as soon as possible to limit any impact to the confidentiality, integrity or availability of data or services.
Incident are categorised and response timeframe. We welcome sharing our Incident Response Plan in detail via WebEx when applicable.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Equal opportunity

Equal opportunity

First Advantage champions a peoplebased approach to DE&I, seeking to
ensure a welcoming and inclusive workplace. We believe that promoting diversity plays an important role in attracting and retaining the most
expansive pool of qualified applicants, fostering greater innovation and
creativity, and enhancing our communication and relationships with customers and the community. By planning and executing strategies
with our employees and customers prioritized, we will make changes that
are self-sustaining and have a lasting impact on our business culture.

First Advantage is proud to have a DE&I Committee representing stakeholders throughout our organization. With representation spanning Human Resources, Legal, Operations, Administration, Information Technology, Quality & Customer Experience, and Business Process, the Committee reflects the diverse needs and perspectives of our
company. As part of its general oversight function, our board also oversees the management of DE&I – as well as broader ESG – risks and opportunities. A copy of First Advantages ESG report can be found here: https://investors.fadv.com/static-files/129b6ffe-a0c3-4dd8-8dc0-0041920bcf04

Pricing

Price: £50 to £295 a licence
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

KnowYourPeople

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents