Cantium Business Solutions

EmploymentCheck - EIS' (Cantium) Online Disclosure and Barring (DBS) and Referencing Solution

EmploymentCheck is a leading, cloud-based eBulk platform for all levels of Disclosure and Barring and DBS Basic Disclosures. Choose between our SaaS solution (your organisation retains countersigning responsibilities) or our Umbrella Body service (our team of experts countersign on your behalf). EmploymentCheck has the benefit of an integrated referencing module.

Features

• Online application, ID and submission process
• Unlimited DBS checks
• Accessible 24/7
• Auto-validation of data
• Supported by a team of experts
• Integrated external ID verification tool
• Fully hosted, maintained and compliant system
• Integrated online payment option
• Comprehensive reporting suite

Benefits

• Unlimited DBS checks for your organisation
• Error-free applications
• Reduced application abandonment with automated chase email reminders
• Quicker turnaround compared to the paper application route
• Supportive help desk available
• Expert support teams on hand
• Quick and easy on-boarding process
• Tablet and mobile friendly
• Umbrella Body and customised e-Bulk services available

£2.25 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@eis.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

266427039129620

Contact

EIS Bids
03301650000
bids@eis.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The only requirements are access to a modern internet browser and internet connection. Standard/Enhanced DBS checks are subject to eligibility criteria.
• System requirements:
  • Internet connection (includes tablet/mobile devices)
  • Modern web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - Entire system unavailable; Target Response 30 Minutes; Target Resolution 6 Hours.; P2 - Module/key process unavailable - time critical; Target Response 120 Minutes; Target Resolution 1 Working Day.; P3 - Module/key process unavailable - not time critical; Target Response 120 Minutes; Target Resolution 5 Working Days.; P4 - Feature not available - no workaround present; Target Response 120 Minutes; Target Resolution 10 Working Days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Webchat testing with assistive technology users has not been undertaken to date.
• Onsite support: No
• Support levels: Webinar training for new onboarding customers,; Access to our team of DBS experts via our helpdesk,; Comprehensive user guides provided with new customer training
• Support available to third parties: No

Onboarding and offboarding

• Getting started: SaaS customers are allocated a dedicated onboarding lead to guide them through the registration/re-registration process with the DBS. We provide a webinar training session for all new customers and comprehensive user guides. BUA support includes training videos, updated user guides and access to raise calls to our teams of DBS experts.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Hardcopy
  • Word
• End-of-contract data extraction: Copies of data can be provided upon contract end. The extracted data for the client can be provided as a SQL Schema, this will contain all the required data in plain English using the ASCII codeset.
• End-of-contract process: System access is revoked on the contract end date unless otherwise agreed. In line with the contract, at the written direction of the Controller, unless a copy is specifically required to be retained by the Processor for audit or compliance purposes in performance of its obligations for up to six (6) years, the Processor will delete or return Personal Data (and any copies of it) to the Controller on termination of the Contract unless the Processor is required by Law to retain the Personal Data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The system is supported in a number of modern browsers including Chrome, Firefox, Safari and mobile versions of these browsers through IOS, Windows and Android devices. The EmploymentCheck system can be successfully viewed across all these interfaces with no major differences in functionality aside from display size.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Customers can opt for a bespoke customisation that allows them to select colours, images and content of their instance to reflect their organisation branding. Customers are also provided with the ability to customise the set up of their system including user account privileges, system settings and reporting functionality.

Scaling

• Independence of resources: The EmploymentCheck system has separate application servers and database servers protected by a firewall. To ensure continuity, a load balancer is used to evenly distribute traffic between servers and acts as a failover. With multi tenancy, each customer's data is isolated and remains invisible to others. The database structure ensures that customer data is isolated in a unique database schema and access to the database is restricted to EmploymentCheck analysts and developers only. Multi-factor authentication (MFA) exists on all Cantium devices and staff are only permitted to access EmploymentCheck infrastructure via a Cantium device which utilises a secure network.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers are able to run service usage reports directly from the system as standard. SaaS customers are also provided a monthly KPI pack containing benchmarked MI against the system totals/averages to help refine processes and best practice. The standard set of reports also includes outputs covering key metrics.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All data is stored in our UK-based data centres. Data centre management is undertaken by an accredited third party who are ISO certified, PCI DSS compliant and data centres are secured to UK government IL4 standards, the solution is protected by exceptional levels of data security at all times. Cisco ASA Firewalls are used as standard.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported from the system in CSV or PDF format. Use of the system includes access to a bespoke report builder and a set of standard reports which cover key metrics, the data output can be saved locally in a CSV of PDF format. Four bulk upload functions exist on the system, each requires the completion of a template CSV file which allows for applications, users and Business Units to be uploaded in bulk to the system.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: FTPS, Use of client authentication certificates which utilise AES 256 symmetric encryption, Integrity key encription.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% service availability
• Approach to resilience: The system is fully hosted on a dedicated server located in our subcontractor's datacentre. Our hosting provider are an ISO27001 certified datacentre who were procured in line with the requirements set out by the DBS. Our hosting provider is ISO 9001, 2000 and 27001 certified and are audited on an annual basic by both external independent quality assessors and by Vendor partners. The system undergoes regular penetration testing in line with ISO 27001 compliance. System backups are performed nightly and incrementally with our hosting provider performing regular IT health checks on their infrastructure and security infrastructure, which includes network availability, disk space, RAID array health, load and memory usage. They also carries out network penetration tests as part of independent IT Health Checks. Further information is available on request.
• Outage reporting: Through our dedicated account management team we will notify users of service interruptions/outages via email and messages on our EmploymentCheck system.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Multi-Factor Authentication (MFA) options available
• Access restrictions in management interfaces and support channels: Access to system data is controlled and only authorised personnel have access. The database itself is password protected. EmploymentCheck is hosted upon dedicated servers which are utilised for no other purpose than for the EmploymentCheck system. The EmploymentCheck system records and time, date and user stamps the access to all records within the system and therefore offers a clear audit trail to correlate with any security events. Protective monitoring is undertaken by Cantium’s hosting company who will notify Cantium of any issues. System access is managed by full RBAC methods with a range of user roles with varying privileges.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Multi-Factor Authentication (MFA) options available

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 03/04/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cantium employees undergo the required levels of vetting suitable for the role in which they undertake. All employees undergo a induction program which includes Information Governance training. All staff are also aware of the company’s data protection, information governance and GDPR policies which details all staffs responsibilities when handling information and must adhere to this at all times. E learning on Information governance and Data protection is available to all staff and is refreshed on an annual basis. Sub Contractor services are procured using procurement rules and require that sub-contractors adhere to at least the same standards of system and data management as Cantium requires of itself.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change control is handled in line with recognised ITIL best practice. An internal change process exists and must be adhered to for any development amendment. This includes a full communications plan which provide suitable notice ahead of planned changes. All planned changes are undertaken outside of core working hours wherever possible.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual penetration testing is conducted by an accredited third party. The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device). The system is managed and maintained by both Cantium internal systems development teams and supported by our external service host UKFAST Ltd . Cantium monitors the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Annual penetration testing is conducted by an accredited third party. The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device). The system is managed and maintained by both Cantium internal systems development teams and supported by our external service host UKFAST Ltd . Cantium monitors the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system.
• Incident management type: Supplier-defined controls
• Incident management approach: Cantium have a Information Security Incident Protocol with assisting flowcharts to advise staff of correct procedure. Cantium will manage any system incidents, recording and investigating them thoroughly before taking the required measures to resolve them. Should a security incident or risk be identified with an associated (i.e. not directly connected) supplier offering an internal service which has any chance of posing a risk to EmploymentCheck services then this must also be reported.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cantium is an ISO 14001 accredited, cloud-first technology provider. We have set a net zero target of being carbon neutral by 2030 within our Carbon Reduction Policy, in line with our corporate strategy.; ; We strive to purchase goods/services that have a minimal impact upon the environment. Factors taken into consideration include sustainability of resource production, transportation, full life energy/raw material consumption, waste production and recycling percentage. Our buildings have also been upgraded to reduce energy and water use, with LED lighting, motion sensors, draught proofing, heating controls, insulation, smart meters and controls. One of our sites was recently part of a project to install an additional 1,300 solar panels on 5 of their buildings, these panels now generate the equivalent of 423 kilowatt at peak. ; ; To improve sustainability and energy efficiency, we continually review the most up to date ways of working. This includes considering environmental impact and sustainability as part of solution design. We aim to repurpose hardware rather than buy new. Energy efficiency is a key selection criterion for any devices, working with suppliers committed to reducing carbon and ecological footprint. We have extended our kit lifecycle from 5 to 7 years or, where possible, extended support agreements to reduce replacement of items for WEEE. As part of our relationship with our partner SWEEEP Kuusakoski, we have recycled over 1,000 pieces of unusable IT hardware which would otherwise have been destined for landfill. Instead of redundant ICT equipment being condemned to landfill, we actively participate in reissuing equipment to local communities and schools (subject to applicable security requirements). This not only serves as an environmental benefit but a societal one too. ; ; We take a virtual first approach to business interactions wherever possible, encouraging employees to engage through online platforms in the first instance, to reduce unnecessary business travel.

  Covid-19 recovery

  We are committed to helping the communities we serve recover from the impacts of the COVID-19 pandemic. Our CSR Policy sets out our future strategic vision; ‘increasing opportunities, improving outcomes’, including, investing more time in volunteering within our local communities to engage with groups at a local level, expanding mentoring programmes and outreach work within the community.; ; Cantium currently pledge our support through:; • Encouraging our staff to play an active role in their communities, supporting and recognising the value of employee volunteering through one paid day’s leave every year for each employee to volunteer with a project of their choice.; • Selecting and promoting a ‘charity of the year’.; • Partnering with the Payroll Giving Scheme to allow employees to make donations to local or national charities directly from their gross pay.; • Organising two annual charity days to support i) national and ii) local charities, such as football tournaments, fun runs or bake sales. ; • Inviting staff to nominate charities of personal significance to them for review by a Cantium panel with a commitment to match the amount staff raise up to an agreed amount. ; • Our support for local charities and not-for-profit organisations also extends to sponsorship of events and equipment.; ; To promote local investment and growth, we also procure locally wherever possible, sourcing from SMEs (small to medium-sized enterprises) whenever feasible.; ; We appreciate the challenging economic times we are all still facing and ensure our employees are fully supported through financial advice, guidance and support to enable them to create a suitable work/ life balance. Our counselling service, Support Line, offers confidential advice to all Cantium staff on topics such as: stress at work, loss or bereavement, depression or anxiety, substance issues and worries concerning money or debt.

  Tackling economic inequality

  As a technology supplier in a constantly evolving digital world, we understand the importance of supporting society to improve digital skills shortages and tackle economic inequality.; ; Cantium is a socially inclusive business and we place great emphasis on equal economic opportunities for all, which is why we participate in apprenticeship schemes such as the DWP Kickstart Scheme, designed to create high-quality 6-month apprenticeship placements across the country for young people aged 16-24 on Universal Credit. As part of each placement, apprentices are provided with hands-on experience with a dedicated mentor to guide and support them through their learning and development. Our primary goal is to encourage skills development, with a view to offering permanent positions within the business to successful placements.; ; During the last iteration of the Kickstart scheme, 9 candidates were interviewed, resulting in 3 Kickstart placements. We are delighted that following these 3 placements, they have now taken permanent positions of employment with Cantium. ; ; To support further within the communities we serve, we have partnered with schools to deliver workshop sessions as part of a Digital Inclusion project within Kent and are open to extending further projects to customers through this framework. We also actively engage with higher education providers to offer placements and employment opportunities to graduate leavers.

  Equal opportunity

  As an ethical organisation, we promote inclusion, equality and diversity across every area of our business. Every new employee joining the company must complete mandatory diversity training, which is regularly refreshed every 2 years to ensure continued awareness.; ; Our staff are our greatest asset. Therefore, we take care to ensure we are recruiting and maintaining the best candidates, regardless of race, gender or disability.; ; Our detailed Inclusion and Diversity Policy sets out our standards which all employees must uphold. The principles of this policy are embedded in our People Strategy and all policies and procedures are regularly monitored and reviewed.; ; To accommodate the needs of our employees and tackle inequality in the workforce, flexible working is an embedded culture within our organisation. This ensures business needs are met and encourages more diversity in the workplace with our ethos that ‘work is not a place’.; ; We have affirmed our commitment to be disability aware throughout our organisation by becoming a Level 1 Disability Confident Committed Employer and working towards the Level 2 status which highlights how our processes, from recruitment through to ongoing support in the workplace, engage and embrace people with disabilities to help them reach their full potential. We have also pledged our support through the Armed Forces Covenant, which seeks to support ex-military personnel through access to training and work placements.

  Wellbeing

  Improving wellbeing, both internally for our employees and externally, through community engagement, is a core focus for Cantium. In a digitally-driven world, it is vital that we ensure people are supported, both from a physical and mental health perspective.; ; Promoting wellbeing to our customers and within the community starts with first ensuring our employees are supported and cared for. Our company culture is to nurture and support each other, creating an inclusive environment where each team member’s wellbeing is important. These values are embedded into our Wellbeing Policy and Wellbeing Action Plan, which are monitored and updated on a regular basis. To promote and uphold the vision within the policy, we have a network of nominated Wellbeing Champions and Mental Health First Aiders across every area of our business, committed to supporting other staff members and advocating wellbeing for all. Through our corporate intranet, Candoo, our employees have an extensive range of supportive tools and advisors within the wellbeing hub, home to information and ideas to engage, empower and enable staff to prioritise their wellbeing, to take care of themselves and encourage others to do the same.; ; For any staff seeking advise but wishing to remain anonymous, we have a dedicated employee assistance programme and support line to listen and provide guidance for those in need.; ; To ensure regular engagement, we run wellbeing campaigns throughout the year and arrange bi-annual staff surveys to monitor employee contentment. We also have a dedicated Mental Health Awareness week, where workshops and webinars are run across the week and employees are encouraged to take time to reflect on their own wellbeing.

Pricing

• Price: £2.25 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@eis.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.