COMMERCIAL SERVICES KENT LIMITED

EmploymentCheck - Online DBS, Digital ID, Right to Work and Social Media Checks Solution

EmploymentCheck is a cloud-based eBulk platform for all levels of Disclosure and Barring (DBS). Choose between our SaaS solution where your organisation retains countersigning responsibilities or opt for our Umbrella Body service where we will countersign applications on your behalf.

Features

• Online application, ID and submission process
• Unlimited DBS checks
• Accessible 24/7
• Comprehensive reporting suite
• Supported by a team of experts
• Integrated online payment option
• Fully hosted, maintained and compliant system
• Integrated Digital ID verification
• Social Media Checks add-on module
• Integrated Right to Work checks

Benefits

• Error free applications
• Reduced application abandonment with automated chase email reminders
• Quicker turn around compared to the paper application route
• Supportive help desk available
• Quick and easy on boarding process
• Tablet and mobile friendly
• Umbrella Body and customised e-Bulk services available
• Digital ID Checks - For easy and accurate ID verification
• Social Media Checks - Avoid any behavioural and reputational risk
• Right to Work - For fast and simple pre-employment checks

£2.25 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@hrconnect.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

215896957064004

Contact

G-Cloud Enquiries
03301249996
bids@hrconnect.org.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The only requirements are access to a modern internet browser and internet connection. Standard/Enhanced DBS checks are subject to eligibility criteria.
• System requirements:
  • Internet connection (includes tablet/mobile devices)
  • Modern web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - Entire system unavailable; Target Response 30 Minutes; Target Resolution 6 Hours. P2 - Module/key process unavailable - time critical; Target Response 120 Minutes; Target Resolution 1 Working Day. P3 - Module/key process unavailable - not time critical; Target Response 120 Minutes; Target Resolution 5 Working Days. P4 - Feature not available - no workaround present; Target Response 120 Minutes; Target Resolution 10 Working Days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Webinar training for new onboarding customers.; Access to our team of DBS experts via our helpdesk.; Comprehensive user guides provided with new customer training.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: SaaS customers are allocated a dedicated onboarding lead to guide them through the registration/re-registration process with the DBS. We provide a webinar training session for all new customers and comprehensive user guides. BUA support includes training videos, updated user guides and access to raise calls to our teams of DBS experts.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Hard copy
• End-of-contract data extraction: Copies of data can be provided upon contract end. The extracted data for the client can be provided as a SQL Schema, this will contain all the required data in plain English using the ASCII codeset.
• End-of-contract process: System access is revoked on the contract end date unless otherwise agreed. In line with the contract, at the written direction of the Controller, unless a copy is specifically required to be retained by the Processor for audit or compliance purposes in performance of its obligations for up to six (6) years, the Processor will delete or return Personal Data (and any copies of it) to the Controller on termination of the Contract unless the Processor is required by Law to retain the Personal Data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The system is supported in a number of modern browsers including Chrome, Firefox, Safari and mobile versions of these browsers through IOS, Windows and Android devices. The EmploymentCheck system can be successfully viewed across all these interfaces with no major differences in functionality aside from display size.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Customers can opt for a bespoke customisation that allows them to select colours, images and content of their instance to reflect their organisation branding. Customers are also provided with the ability to customise the set up of their system including user account privileges, system settings and reporting functionality.

Scaling

• Independence of resources: The EmploymentCheck system has separate application servers and database servers protected by a firewall. To ensure continuity, a load balancer is used to evenly distribute traffic between servers and acts as a failover. With multi tenancy, each customer's data is isolated and remains invisible to others. The database structure ensures that customer data is isolated in a unique database schema and access to the database is restricted to EmploymentCheck analysts and developers only. Multi-factor authentication (MFA) exists on all company devices and staff are only permitted to access EmploymentCheck infrastructure via a company device which utilises a secure network.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers are able to run service usage reports directly from the system as standard. SaaS customers are also provided a monthly KPI pack containing benchmarked MI against the system totals/averages to help refine processes and best practice. The standard set of reports also includes outputs covering key metrics.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All data is stored in our UK-based data centres. Data centre management is undertaken by an accredited third party who are ISO certified, PCI DSS compliant and data centres are secured to UK government IL4 standards, the solution is protected by exceptional levels of data security at all times. Cisco ASA Firewalls are used as standard.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported from the system in CSV or PDF format. Use of the system includes access to a bespoke report builder and a set of standard reports which cover key metrics, the data output can be saved locally in a CSV of PDF format. Four bulk upload functions exist on the system, each requires the completion of a template CSV file which allows for applications, users and Business Units to be uploaded in bulk to the system.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: FTPS.; Use of client authentication certificates which utilise AES 256 symmetric encryption.; Integrity key encryption.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% service availability
• Approach to resilience: The system is fully hosted on a dedicated server located in our subcontractor's datacentre. Our hosting provider are an ISO27001 certified datacentre who were procured in line with the requirements set out by the DBS. Our hosting provider is ISO 9001, 2000 and 27001 certified and are audited on an annual basic by both external independent quality assessors and by Vendor partners. The system undergoes regular penetration testing in line with ISO 27001 compliance. System backups are performed nightly and incrementally with our hosting provider performing regular IT health checks on their infrastructure and security infrastructure, which includes network availability, disk space, RAID array health, load and memory usage. They also carries out network penetration tests as part of independent IT Health Checks. Further information is available on request.
• Outage reporting: Through our dedicated account management team we will notify users of service interruptions/outages via email and messages on our EmploymentCheck system.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Multi Factor Authentication (MFA) options available
• Access restrictions in management interfaces and support channels: Access to data is tightly controlled and only authorised personnel have access. The database itself is password protected. EmploymentCheck is hosted upon dedicated servers which are utilised for no other purpose than for the EmploymentCheck system. EmploymentCheck records and time, date and user stamps the access to all records within the system and offers a clear audit trail to correlate with any security events. Protective monitoring of the system is undertaken by our hosting company who will notify us of any issues. System access is managed by full RBAC methods with a range of user roles with varying privileges.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Multi Factor Authentication (MFA) options available

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: External expert support. The provider we partner with holds ISO accreditations and aligns to NIST & SANS for security standards. We have a comprehensive Information Security Policy that is regularly reviewed and updated. All staff are trained and required to complete regulatory and information security assessments on a regular basis. Controls are in place to ensure best practices are followed in relation to maintaining information security.
• Information security policies and processes: We have a comprehensive Information Security Policy that sets out our processes for managing data within the company. Risk registers are continuously updated, from risk identification through risk response planning and status update during risk monitoring and control. Our employees undergo the required levels of vetting suitable for the role in which they undertake. All employees undergo a induction program which includes Information Governance training. All staff are also aware of the company’s data protection, information governance and GDPR policies which details all staffs responsibilities when handling information and must adhere to this at all times. E learning on Information governance and Data protection is available to all staff and is refreshed on an annual basis. Sub Contractor services are procured using procurement rules and require that sub-contractors adhere to at least the same standards of system and data management as we do.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change control is handled in line with recognised ITIL best practice. An internal change process exists and must be adhered to for any development amendment. This includes a full communications plan which provide suitable notice ahead of planned changes. All planned changes are undertaken outside of core working hours wherever possible.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual penetration testing is conducted by an accredited third party. The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device). The system is managed and maintained by our external security partner and supported by our external service host UKFAST Ltd. We monitor the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Annual penetration testing is conducted by an accredited third party. The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device). The system is managed and maintained by our external security partner and supported by our external service host UKFAST Ltd. We monitor the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a Information Security Incident Protocol with assisting flowcharts to advise staff of correct procedure. We will manage any system incidents, recording and investigating them thoroughly before taking the required measures to resolve them. Should a security incident or risk be identified with an associated (i.e. not directly connected) supplier offering an internal service which has any chance of posing a risk to EmploymentCheck services then this must also be reported.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a cloud based HR Services provider, our environmental impacts are limited, however, as a responsible business, we understand the importance of fighting climate change and have set a net zero target of being carbon neutral by 2030, in line with our corporate strategy.; ; To deliver to this target, we have created a Carbon Reduction Plan, which sets out the steps on our journey to carbon neutrality, including:; • Engagement across our business to improve environmental ; awareness.; • Minimising energy use through smart technology.; • Promoting ‘reduce, reuse, recycle’.; • Minimising business travel and promoting less impactful modes ; of transport.; ; We provide an electric and plug-in hybrid car scheme to all employees and have recently launched a new cycle to work scheme to promote more sustainable ways to move around. ; ; We take a virtual first approach to business interactions wherever possible, encouraging employees to engage through online platforms, such as Microsoft Teams, in the first instance, to reduce unnecessary business travel.; ; Where practicable, we strive to purchase goods/services that have a minimal impact upon the environment. Factors taken into consideration will include sustainability of resource production, transportation, full life energy/raw material consumption, waste production and recycling percentage.; ; As part of our wider company group, we are also accredited to the environmental standard ISO 14001 and are in the process of installing solar panels and electric car charging points within our head office buildings.

  Tackling economic inequality

  As a socially inclusive business, we place great emphasis on equal economic opportunities for everyone, helping to tackle inequality. ; ; 100% of employees within Employment Check and the wider Commercial Services Group are paid more than the current national living wage. The success of our ‘get in, go far’ culture relies on high pay standards, giving our employees peace of mind. ; ; Lifelong learning is a core value for Employment Check and across the whole of the Commercial Services Group, offering development opportunities and in-work progression to all employees to ensure they achieve their career goals and aspirations, demonstrated by being recently awarded Gold by the Investors in People (IiP).; ; Employment Check as part of the Commercial Services Group has a gender pay gap of 5.6% for permanent employees, this continues to remain lower than the gender pay gap for the whole economy which the ONS reports as 14.9% in 2022.

  Equal opportunity

  As an ethical organisation, we promote inclusion, equality and diversity across every area of our business. Every new employee joining the company must complete mandatory diversity training, which is regularly refreshed every 2 years to ensure continued awareness.; ; Our staff are our greatest asset. Therefore, we take care to ensure we are recruiting and maintaining the best candidates, regardless of race, gender or disability.; ; Our detailed Inclusion and Diversity Policy sets out our standards which all employees must uphold. The principles of this policy are embedded in our People Strategy and all policies and procedures are regularly monitored and reviewed.; ; To accommodate the needs of our employees and tackle inequality in the workforce, flexible working is an embedded culture within our organisation. This ensures business needs are met and encourages more diversity in the workplace with our ethos that ‘work is not a place’; ; Lifelong learning is a core value, offering development opportunities and in-work progression to all employees to ensure they achieve their career goals and aspirations, demonstrated by being recently awarded Gold by the Investors in People (IiP).

  Wellbeing

  Improving wellbeing, both internally for our employees and externally, through community engagement, is a core focus for Employment Check. In a digitally-driven world, it is vital that we ensure people are supported, both from a physical and mental health perspective.; ; Promoting wellbeing to our customers and within the community starts with first ensuring our employees are supported and cared for. Our company culture is to nurture and support each other, creating an inclusive environment where each team member’s wellbeing is important. These values are embedded into our Wellbeing Policy and Wellbeing Action Plan, which are monitored and updated on a regular basis. To promote and uphold the vision within the policy, we have a network of nominated Wellbeing Champions and Mental Health First Aiders across every area of our business, committed to supporting other staff members and advocating wellbeing for all. Through our corporate intranet, our employees have an extensive range of supportive tools and advisors within the wellbeing hub, home to information and ideas to engage, empower and enable staff to prioritise their wellbeing, to take care of themselves and encourage others to do the same.; ; For any staff seeking advise but wishing to remain anonymous, we have a dedicated employee assistance programme and support line to listen and provide guidance for those in need.; ; To ensure regular engagement, we run wellbeing campaigns throughout the year and arrange bi-annual staff pulse surveys to monitor employee contentment. We also have a dedicated Mental Health Awareness week, where workshops and webinars are run across the week and employees are encouraged to take time to reflect on their own wellbeing.

Pricing

• Price: £2.25 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@hrconnect.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.