Cornerstone OnDemand

Cornerstone Talent Marketplace for Public Sector

Pro-develop, retain high-performance talent for a future ready work-force integration between Opportunity Marketplace and your ATS. Job postings can be displayed for seamless application experience. Employees are offered personalised career development, access to open roles, projects, learning content, mentors.Our solutions are tightly integrated with the addition of Talespin, virtual-reality learning

Features

• Comprehensive skills building
• Internal talent mobility
• Internal talent sourcing
• Workforce Insights
• Mentoring and gig management
• Career pathing and career based learning goals
• Analytics, Dashboards and market insights

Benefits

• Develop , retain high-performance talent for a future ready workforce
• Empower employees - skills development needed to grow their careers
• Simplify workforce-planning, and skill development by leveraging AI-powered skill management
• Holistic view to all potential career opportunities
• Structured approach to acquire skills, develop expertise,building career-paths

£10.00 to £14.00 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spsmith@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

228568277758435

Contact

Stuart Smith
07534853811
spsmith@csod.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: TBC
• System requirements: As a SaaS Service - there are no hardware requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: TBC
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support includes: - OnDemand self-service resources, available 24/7 through the web interface within the Cornerstone application. - Case Management Tools: Available 24/7 via self-service portal. - Live Emergency Phone Support: 24/7 S1/S2 Emergency Support. Included Support - provided as standard. - 2 Named Admins - Phone Support (M-F): Available Monday through Friday, 24 hours. Additional Support options include: Choice Support Includes: - 5 Named Admins - Live Emergency Phone Support:24/7 S1/S2 Emergency Support - Access to shared Customer Service Manager (CSM). Preferred Support Includes: - 5 Named Admins - Phone Support 24/7/365 Shared GPS Guru: Dedicated GPS Subject Matter Expert Elite Support Includes: - 10 Named Admins - Phone Support 24/7/365 - Prioritized Case Handling: Enhanced case review and resolution. - Elite Support Performance Scorecard - Named GPS Guru: Dedicated Global Product Support Subject Matter Expert. - Weekly Guru Call: A scheduled time to discuss upcoming business projects and/or needs. - Release Weekend Support: Live support during release weekend.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Cornerstone Talent Marketplace is a technology-enabled platform that equitably connects people to growth opportunities through learning, mentoring, open jobs, and projects based on their different skills, interests, and aspirations. It increases efficiency and offers value to both the employer and employee by supporting people’s career aspirations, while meeting the organization’s changing labor demands.; ; Benefits of Cornerstone Talent Marketplace include:; ; Improve Workforce Planning: Improve visibility into workforce skills so you can quickly upskill or match employees to opportunities and projects for greater workforce agility.; ; Enable Internal Talent Sourcing: Increase the transparency of the skills, experiences, and preferences of your workforce so you can easily source employees for open roles or projects.; ; Empower Internal Mobility: Improve access and exposure to internal opportunities for employee career growth, enabling your people to discover new ways to contribute and belong within the organisation rather than seeking advancement elsewhere.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: In the event that a client does not renew their contract, Cornerstone will return the client’s data via their secure FTP site in the same format in which the data was originally inputted into the software. Alternatively, the client’s data can be returned in a mutually agreed format at a scope and price to be agreed. Cornerstone will maintain a copy of the client data for no more than six months following termination of the agreement, after which time any client data not retrieved will be destroyed.
• End-of-contract process: Our agreements are for a term lease period, and software fees are paid in annual installments over that period, during which time Cornerstone recovers costs. Accordingly, during that lease period (as with, say, a rental or car lease), there can be no termination for convenience. Effect of Termination. Immediately following termination of this Agreement, Client shall cease using all Products. Client may retrieve Client Data any time prior to termination or expiration of the Agreement. If requested, Cornerstone will assist with such data retrieval at a scope and price to be agreed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: TBC
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Please refer to the following link for further detail: https://docs.edcast.com/docs/apis
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Cornerstone Talent Marketplace offers a powerful Admin Tool which lets administrators make customisations, configurations, and functionalities to various pieces of the platform, such as:; ; Core Data Fields; ; Enable/disable Opportunity Types; Default Values; ; Job Architecture management; ; User permissions; ; Tab visibility and title"

Scaling

• Independence of resources: The Cornerstone application, as per the Software as a Service model, is designed to scale horizontally. It is multi-tenant-efficient, offering a load balanced farm of identical instances known as swim lanes. When additional server equipment is added, the application capacity scales to fill the available hardware. This allows virtually unlimited growth capacity. As opposed to a classical behind the firewall or hosted architecture, our application and our hardware platforms are designed to: • Efficiently support a high number of users and customers • Redistribute load easily • Add additional capacity easily and quickly

Analytics

• Service usage metrics: Yes
• Metrics types: Out-of-the-box reports are provided along with the ability to create custom reports and leverage Cornerstone Learning Experience Data APIs to expose data to external systems if desired. Reports include:; ; User adoption and engagement; ; Number of active and historical opportunities; ; Number of applications per opportunity type; ; Most and least applied-to opportunities; ; Average time to fill for opportunities; ; Skill demand in active opportunities; ; Skill gaps for the active opportunities; ; Analytics dashboards are available for selected users who are enabled by system administrators. Each dashboard is a collection of metrics, charts, and tables that work together to give targeted analytics.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Other data at rest protection approach; Data-at-rest protection, Optional TDE Encryption at rest Physical access control, complying with CSA CCM v3.0 and ISO27002 Standards"
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can export their data from the Cornerstone application through a variety of methods: · The reporting & analytics tool lets customers easily export reports at any time. · The Reporting API (REST-based) allows customers to make OData-based queries against our Real Time Data Warehouse. · The Data Exporter enables customers to schedule batch exports of defined data sets
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Other protection within supplier network; TLS (Version 1.2 or above), VPN, restricted access (SSO) and dedicated lines.

Availability and resilience

• Guaranteed availability: Cornerstone provides an SLA for all clients that guarantees initial response and resolution in regards to defined priority and severity levels. Cornerstone’s SLA also guarantees 99.5% uptime (excluding reasonable and scheduled maintenance periods) per month. In the event that Cornerstone has not complied with its "Resolution" obligations set forth above, then, for each calendar day (or portion thereof) that Cornerstone has not so complied, Client shall be entitled, as its sole and exclusive remedy therefor, to a credit against Client's next invoice equal to 1/365th of the annual fees for Software set forth in the Agreement
• Approach to resilience: Cornerstone’s Disaster Recovery/Business Continuity Plan defines plans, procedures, and guidelines for the Company in the event of disaster. Specifically, this document establishes procedures for recovering business operations, internal data; systems, and critical internal functions to maintain Cornerstone as an on-going concern in the face of unexpected events. The plan has the following primary objectives: •Identify critical systems, services, and staff necessary to maintain and/or restore Cornerstone business operations and internal functions. •Provide guidelines for the communication of activities and status to both Cornerstone staff and client personnel during the recovery period. •Present an orderly course of action for restoring critical computing capability to Cornerstone and for maintaining and/or restoring client service and support. Cornerstone performs site-to-site replication of data to protect client data in the event of a disaster. There are two dedicated disaster recovery sites distant from each of the production data centers. Disaster recovery testing is performed semi-annually at each DR site
• Outage reporting: Outages occur during scheduled maintenance/releases. Otherwise, the system is not likely to experience any outages, however in the unlikely event of an unexpected outage, clients will receive email alerts. Downtime is scheduled for planned quarterly releases at least 4 months in advance and deployed during off-peak hours, typically 8:30PM EST Fridays to 1AM EST Saturday (4.5 hours). Patch fixes typically occur every two weeks between 8:30PM EST and 12:00AM EST. The typical downtime for a patch deployment is approximately 10 minutes. Client administrators can access a calendar of upcoming release and patch dates at any time through our client portal, Success Center. In addition, multiple email reminders are sent in advance

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Best practice with regards to Multi-Factor Authentication is to use our SSO integration which allows clients to use their own two-factor authentication mechanism. Cornerstone is able to integrate with SAML-based SSO or Identity Providers used by the client already. This way, customers provide to their users the same authentication procedure that their users already use several times per day"
• Access restrictions in management interfaces and support channels: Role based permissions are provided within the solution. Some of these permissions are component specific such as the ability to create Projects, become a mentor, and edit skills associated to Job Vacancies.; ; Permissions even provide administrators the ability restrict access to the solution for specific segments of users. This can be helpful for customers who want to introduce Cornerstone Talent Marketplace on a rolling basis, rather than launching to all users at once."
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register
• ISO/IEC 27001 accreditation date: 04/11/2021
• What the ISO/IEC 27001 doesn’t cover: "ISO/IEC 27001 certification; Yes; Please note that our IT service management policies and procedures are informed by many sources, including the cohesive set of best practices covered by ITIL, as well as other standards and best practices such as SSAE 16, ISAE 3402, ISO 27001, and FISMA. These certifications cover all the main security requirements.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 07/05/2015
• CSA STAR certification level: Level 5: CSA STAR Continuous Monitoring
• What the CSA STAR doesn’t cover: The result of our STAR self-assessment is publicly available via https://cloudsecurityalliance.org/star/registry/cornerstone-ondemand
• PCI certification: Yes
• Who accredited the PCI DSS certification: SecureTrust
• PCI DSS accreditation date: 31/01/2022
• What the PCI DSS doesn’t cover: Cornerstone is categorised as PCI Level 4 SAQ D under the Payment Card Industry Data Security Standards. Standards include: building and maintaining a secure network, protecting cardholder data, and maintaining an information security policy
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18
  • ISAE 3402 Type II
  • SOC 2 Type II
  • FDA 21 CFR Part 11
  • ISO 27001:2013
  • ISO 27018:2014 & 27701 for Privacy
  • FDA 21 CFR Part 11
  • Equinix SSAE16
  • ISO27001
  • ISO22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Cornerstone’s security procedures and controls provide assurance that processes maintain the confidentiality, integrity and availability of data for our customers. The policies and procedures cover the breadth and depth of IT operations, and infusing security by design through these processes. The information security policy and procedures apply to all Cornerstone employees, consultants, and contractors; and is intended to safeguard data and information technology for Cornerstone. Cornerstone does not publish these documents. However we can provide a secure online account, where you can access and view.Upon joining Cornerstone, applicable security policies and procedures are assigned to personnel to complete within a period of time. In addition, personnel complete updated training every year to ensure they understand and review the policies. There is a dedicated IT Security & Compliance department, overseen by the CISO, that drive security oversight and initiatives across the organizations. Security responsibilities are also shared with the IT operations team that perform the day-to-day processes, and overseen by the CISO, who works in concert with our AVP of Technology Operations and Chief Technology Officer. The CISO is responsible for securing information in accordance with industry best practices and for implementing the recommendations of the various 3rd party audit

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Cornerstone follows a defined SDLC that contains a number of important quality steps. The change management/application development process at Cornerstone is designed to ensure that standardized methods and procedures are used for handling all system changes and application development ("changes"). Changes are applied to production environment as either part of a "release", "patch", or “hot fix”. Formal quarterly release cycles are used for major enhancements: patches (bi-weekly) are utilized for mid-release updates. Unanticipated changes, “hot fixes”, follow the standard change control process. Using a planned release and patch schedule, minimizes impact of change-related incidents on service quality and day-to-day operations.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Cornerstone contracts independent CREST-certified third parties to run external penetration tests on a quarterly basis. Additionally, monthly external vulnerability scans validate both the patch level and protection from known attacks. Results are provided to Cornerstone IT personnel for review and remediation. There are also various RSS feeds that Cornerstone is subscribed to, including US-CERT, the National Vulnerability Database (NVD), and vendor specific feeds for major software / hardware that Cornerstone uses within the environment. Clients can access the patch schedule at any time through our client portal, the Client Success Center. Clients can request copies of penetration reports as needed.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Quarterly application penetration tests are performed by independent third-party companies upon Cornerstone’s application. Cornerstone performs internal vulnerability scanning on a monthly basis. Internal and external penetration test is performed yearly by an independent third-party company. Cornerstone has implemented a specific Data Breach Incident Management SOP which details the procedures to be followed in the event of a data breach. Cornerstone has never had a security breach.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cornerstone maintains a Security Incident Response Plan in order to organize resources to respond in an effective and efficient manner to an adverse event related to the safety and security of a computer resource under Cornerstone’s management. An adverse event may be malicious code attack, unauthorized access to Cornerstone managed networks or systems, unauthorized utilization of Cornerstone services, denial of service attack, or general misuse of systems. The plan clearly defines the appropriate steps and processes in communication. Clients will be notified within 24 hours of security incidents impacting their data.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Cornerstone strives to have a positive environmental impact, operate in a sustainable and ethical way, and bring a social conscience to all business decisions, with the well-being of people and the planet at the center. We maintain an Environmental, Social, Governance (ESG) Policy that details our commitment to responsible business practices. Cornerstone’s ESG Committee is responsible for the oversight of all ESG matters. Reporting to the Head of Social Impact, Cornerstone has an ESG Manager who manages day-to-day ESG operations. For more details, please see https://www.cornerstoneondemand.com/legal/

Pricing

• Price: £10.00 to £14.00 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A “sandbox/test environment” is available upon request during the evaluation period. It can include a multiple number of users (log-ins/passwords) with various roles and permissions—based on your needs. Once the sandbox/test environment is requested/received, Cornerstone will activate it for a pre-determined time period.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spsmith@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.