VERIFILE LIMITED

UK Identity, Right to Work (RTW), and Criminal Record Checking (DBS) Services

UK Criminal Record Check (DBS, Disclosure Scotland, PVG, AccessNI) services, UK Right to Work Checks, and Identity Verification. Verifile's secure platform enables employers to select UK and International background check services. Integration with the DBS Disclosure and Barring Service and Disclosure Scotland ensures fastest turnarounds for UK criminal record checks.

Features

• Supporting Digital Identity for right to work and DBS checks
• King's Award-winning cloud-based background screening and BPSS vetting
• Full DBS, Disclosure Scotland, PVG, and AccessNI services
• Loaded with validation tools to ensure accuracy/minimise user errors
• Fast flexible set-up, with integrated DBS criminal record checks
• Dedicated Client and Candidate Support Teams for all services
• UK operation and data storage for DBS/RTW/ID services
• MI and analytics for DBS and Right to Work services
• Industry leading turnaround times for all DBS tiers
• Enhanced candidate screening portal launched 2024 incorporating latest vetting technologies

Benefits

• Fastest DBS vetting turnaround times due to lowest error rate
• Various Enhanced DBS job roles pre-approved for faster turnaround times
• Place orders, track progress and view staff vetting results online
• Integrate with your ATS or HR system for increased efficiencies
• Personalised candidate messaging, your account branded with your logo
• Reducing risk with GDPR-compliant and compliant criminal record checking service
• Direct DBS (Disclosure and Barring Service) integration means fastest results
• 92% of Basic DBS results received within 48 hours
• 86% of Standard DBS results received within 48 hours
• 72% of Enhanced DBS results received within 1 week

£2.50 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@verifile.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

252994000430867

Contact

Angela Thomas
+44 (0) 1234 339354
sales@verifile.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We encourage clients and candidates to call for instant support. However, our internal SLA is to respond to emails from clients and candidates within 4 working hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Live chat has been tested with WCAG 2.1 AA to assist any visually impaired users.
• Onsite support: Yes, at extra cost
• Support levels: Verifile operates with three teams supporting our customers. There are two distinctly separate levels of client support, as well as a dedicated team whose sole role is to support the applicants/candidates. ; ; For Managed Accounts, your Customer Success Manager (CSM) provides stakeholders with information, support and guidance regarding your employment screening programme. The CSM will provide Account Governance, regular review meetings, consultation and guidance, project management, continuous improvement, MI reports and account analysis. Your CSM will also be the first point of escalation if ever required.; ; For Unmanaged Accounts, your team will be supported by Verifile’s highly experienced Customer Service Manager and his dedicated Client and Candidate Support Teams for day-to-day enquiries and requests.; ; There is no cost for account support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Verifile’s system is intuitive and easy to master, particularly from the client facing perspective. Training sessions can be scheduled via online call and/or onsite visits at any stage and will typically take just 30 minutes to complete, including Q&As.; Verifile offers an initial “kick-off” call before implementation to discuss any further requirements or ongoing support that may be needed. Weekly drop-in sessions are also available during the first 6 weeks of onboarding to answer any initial questions.; Users are provided access to all training resources as well as our online Knowledge Base to help any new users who are added to the Verifile platform or if help is needed outside of office hours. We also provide access to our interactive system training demo, which can also be adopted to support a train-the-trainer approach.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Data for Integration Purposes
• End-of-contract data extraction: We can provide copies of final reports in the existing pdf format and on other media requested, as long as this meets with legal and our own business obligations to ensure the security of data. ; ; These reports can be downloaded directly from our platform at any time or transferred via other means, including via API. File notes, full audit history, original reference copies and all other information held on the Verifile system can be provided as raw data.; ; Part of the leaving process will be to create an information asset register so all data held by Verifile is identified and a decision made on retention, transfer or disposal. We will need to retain a certain amount of ‘skeleton data’ in order to fulfil its legal and auditing obligations but none will include personal identifiable information about your candidates.; ; Once the demobilisation plan has been executed, we will provide written confirmation to that effect.
• End-of-contract process: Demobilisation Plan - All data held on our system, including pdf final reports, can be provided to you. A secure method of transfer would need to be utilised due to the personal information held and the volume of data. As long as we continue to receive orders from you we will continue to fulfil them in line with the agreed packages and SLA. All clients’ orders experience the same high level of service, irrespective of whether any particular client has expressed their intention to transition away from Verifile.; ; Technical support will be available to assist with the transfer of data and any other needs that may be identified in transition planning discussions and we have a defined leaver’s process which would be executed jointly with yourselves. The process includes ensuring that all user accesses are closed, and decisions are made on the retention, transfer or deletion of data. We ask that leaving clients provide feedback on our service to help us continually review and refine our service. ; ; We would also be open to working with new suppliers during transition and would provide any assistance required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Verifile’s RESTful API uses JSON to transfer data to a third-party system. Buyers typically connect their Applicant Tracking System (ATS) with our system - the Verifile API was designed for this purpose. Buyers use our API to automate their authentication and background check (incl. DBS) processes without needing to run on two separate platforms.; ; The Verifile API offers access to more than 1,000 different background checks worldwide, with the option to set up customisable packages for easier deployment.; ; Buyers can integrate part of or the full workflow: Placing orders, tracking statuses, monitoring progress, obtaining results and final reports. ; ; Orders can be raised as "client entry" (you have all the data and consent to start checks) or "candidate entry". Supporting documentation can be uploaded to an order.; ; We use Azure API Management (APIM) which handles user authentication and key management.; ; Our Developer Documentation site (https://developer.verifile.co.uk/) provides your team with detailed information on:; ; Registration to obtain keys,; Live & Test API,; Headers,; Raising orders,; Order statuses,; Final reports,; Packages,; Attachments,; Helper methods,; Error messages.; ; When your development team is ready, access to a sandbox environment will be provided to complete test scenarios whilst you are building the integration.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can choose to customise the way API works in as much as they can choose to integrate parts of or the full workflow. ; ; Buyers can configure the service account in a variety of different ways. For example, users can choose:; - from Standard, Enhanced and VIP service levels; - client-entry, or candidate-entry of data fields and consent ; - to place orders via API or via our online portal; - a la carte self-service, or selecting from pre-determined packages of checks for quick ordering of background checks; - different variations for many of our checks. For example, we offer 3 alternative routes for confirming identity for your DBS criminal record checks, including Digital Identity for passport holders, and various different levels of international criminal record checks for many countries. ; ; The account structure is also easily customised to suit any organisation and hierarchy. Individual permissions, sub-accounts, branches, locations, departments, etc. can all be accommodated.; ; Even individual users can customise their own notifications, alerts, and MI reporting frequency.

Scaling

• Independence of resources: Local office systems are monitored for capacity with monthly reports produced by Aztech IT Solutions. Hosted systems are monitored with Microsoft Azure and automated capacity threshold notification systems are in place. The Verifile Development Team reviews application, database, system and server logs each week along with checking and recording current server capacities on an internal record keeping system.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide a range of metrics to support the buyer. ; Examples of what we can provide in a formal review of KPIs include:; • Candidate Age Range; • Candidate Nationality ; • Candidate Submission Times; • Individual Check Orders; • Individual Check Results ; • Individual Check Completion Times (i.e. for DBS checks); • Overall Order Completion Times (i.e. for BPSS screening packages); • Overall Orders Placed Per Month
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: All user data, both at rest and in transit, is encrypted. Data stored on Microsoft Azure benefits from Azure's encryption capabilities with data remaining protected and unreadable without the necessary decryption keys. Transparent Data Encryption (TDE) is used on Azure SQL, with Azure Storage encryption for data at rest used for Azure Files Storage. SSL certificates are used for encryption of transmitted data and the key length is at least 2048 bits.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via API, via MI reports, or via download from the Verifile online portal.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Users can also export data via the API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Bulk upload data can be provided to us via CSV
  • Data can be provided via API / JSON
  • Photos and scanned documents in JPG/JPEG
  • Candidate-initiated ordering (email containing code related to checks required)
  • Client-entry ordering (users enter data and documentation required)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SaaS solution provided via HTTPS. Protected via Azure Defender for Cloud.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim for 99.9% availability and last year achieved 99.99%
• Approach to resilience: Available on Request
• Outage reporting: 4-hour warning with count-down for planned outages. ; Updates are communicated to clients via email and via messaging on the extranet (Client Portal).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to production system is via unique accounts, there are no shared accounts. All access is logged, including to the hosted systems not via the application interface, and logs are reviewed weekly. Verifile utilise Microsoft Defender for Cloud which can monitor traffic using a variety of methods including; threat blacklisting, bot identification algorithms, header, form, and field policy enforcement, HTTP error triggering, resource consumption thresholds, schema validation, content evaluation, minefields and honeypots, signatures, IP address allocation maps, TOR network mapping, progressive challenge mechanisms, argument limitations, RFC compliance, nested encoding detection, method filtering, payload inspection and behavioural analysis.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: IP Whitelisting

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 28/01/2022
• What the ISO/IEC 27001 doesn’t cover: N/A - This industry standard applies to all elements of the Verifile group.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • NSI Gold for Security Vetting
  • ISO 22301 Business Continuity Management Systems
  • ISO 9001 Quality Management Systems

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: We adhere to:; ; The Data Protection Act (1998); Copyright, Designs and Patents Act (1988); Computer Misuse Act (1990); Regulation of Investigatory Powers Act (2000); Human Rights Act (2000); ; Further information is available upon request within our Data Security Policy Document.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: • Compliant with extant Verifile coding standards.; ; • Subject to a design review against the Open Web Application Security Project (OWASP) Top 10 most critical web application security risks.; ; • Follow Microsoft guidelines for ASP.NET Web App Security.; ; • Reviewed by another developer.; ; • Tested in accordance with the formal testing process.; ; The components are tracked through being outsourced to Microsoft Azure and Aztech IT Solutions.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The identification, testing and application of relevant patches for operating systems, firmware and application software packages excluding Verifile software applications are managed services by Aztech IT Solutions.; ; All anti-virus and relevant security updates and service packs are applied as soon as they are released, evaluated and tested.; ; AV software is installed on the live production servers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The identification, testing and application of relevant patches for operating systems, firmware and application software packages excluding Verifile software applications are managed services by Aztech IT Solutions.; ; Alerting and monitoring is in place 24x7 for both the live application hosting environment and the local Verifile IT estate.; ; Verifile will work with you to agree a formal incident reporting and response plan including relevant points of contact.
• Incident management type: Supplier-defined controls
• Incident management approach: Verifile will alert the customer to incidents according to our Incident Management Policy.; ; It is the responsibility of the Information Security Manager to commission security investigations as deemed necessary by them.; ; As part of Verifile’s commitment to ISO27001 and ISO9001 certification, reporting of Information Security weaknesses is encouraged from all personnel and recorded under the ISO9001 system for Corrective and Preventive Action.; ; The reporting of Information Security weaknesses is encouraged from all personnel. All relevant incidents are recorded under the ISO 9001 system for Corrective and Preventive Action.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Verifile was an early adopter of corporate responsibility towards the environment and has been ISO14001 accredited since March 2013. ; We have a number of initiatives and policies in place, such as solar panels, recycling and hybrid working arrangements which aim to reduce our carbon footprint. We recruited specialist staff in 2023 to support our plans to focus on developing our ESG strategy, which will include group-wide sustainability training and environmentally friendly initiatives and activities. ; Targets we already have in place included reducing Energy consumption by 10% & Gas/Water by 15% by end of 2023, which we were able to achieve. Further targets for 2024 and beyond are currently under review.

  Covid-19 recovery

  Verifile was recognised as a UK Business Hero, as part of a campaign to recognise the efforts businesses made in fighting the Coronavirus pandemic.; ; Verifile was nominated for recognition by the Bedfordshire Chamber of Business, after pledging to provide up to £3 million of support to the emergency recruitment of health and social care employees and volunteers dealing with the COVID-19 (coronavirus) pandemic.; ; In April 2020, Verifile removed all admin fees for DBS checks, providing a 100% free end-to-end service to save the NHS and other Health and Social organisations £millions in administration fees.

  Tackling economic inequality

  In addition to securing Investors in People (Silver) accreditation, we were accredited as a Living Wage Employer in March 2022 and became a Disability Confident Employer too.

  Equal opportunity

  Verifile has a suite of HR and CSR policies and initiatives including:; ; • Diverse and multicultural teams spread across several international locations.; ; • Multilingual staff who engage with a network of business contacts globally.; ; • Inclusive and regular staff updates & events.; ; • Suite of benefits which support staff from all backgrounds, including healthcare, & financial and mental wellbeing.; ; • Career pathways for staff (both informal and formal secondment) and development opportunities.; ; • Career progression pathways for under-represented groups.; ; • Training and Development Plans.; ; • People Strategy (if they don’t exist already).; ; • EDI Framework and EDI Action Plan; ; • More women in senior roles, greater variation of shift patterns to appeal to working parents, with additional flexible working patterns/contracts serving clients and staff needs for better work/life balance.; ; • Staff volunteering – giving back to the community, adding value.

  Wellbeing

  We believe our fantastic colleagues deserve more than a few perks here and there. Happily, we have lots of benefits for our people to choose from, so there's something for everyone. Everything we offer supports their wellbeing:; ; Health; We want our colleagues to be in tip-top condition - at work and at home. Verifile puts physical and mental health and wellbeing first, with a range of benefits to support staff, and medical services to ensure they get the best care.; ; Have a break; From holidays to time off to support family and community, and with flexible, hybrid and remote working options, Verifile helps staff manage and integrate work and life outside of work. After all, it's all about balance.; ; Finance; Finances are part of our everyday life, so we've included benefits and services to make things simple and hassle free, help our people make their hard-earned cash go further and give them protection.

Pricing

• Price: £2.50 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: To help the UK during the Covid pandemic Verifile is offering FREE DBS Checks for emergency workers. The service is for all emergency health and social care workers supporting the NHS in providing care and treatment for the Covid-19.
• Link to free trial: https://library.verifile.co.uk/free-dbs-checks

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@verifile.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.