CONEXIA LIMITED

Security Watchdog - Employee Background Screening (VOLT)

Security Watchdog provide bespoke pre-employment screening packages to suit the requirements of your organisation. Background Checking, such as Right to Work, Digital ID (Identity), DBS (Disclosure and Barring Service), Referencing, Financial Probity, Social Media, Security, Financial, Criminal, Sanctions, Directorship, BPSS, SM&CR, BS7858, CQC, FCA, FORS, and International Checks.

Features

• Over 20 years' experience
• Leading and largest supplier of Background Checking services in EMEA
• Industry leading screening software - VOLT
• Mobile First design approach
• UK hosted
• Optical Character Recognition (OCR)
• Dynamic question sets
• Full integration with eBulk+ and Equifax
• Email, SMS, and WhatsApp communication

Benefits

• VOLT minimises the time, complexity, cost, and risk
• Details captured on any smart device easily and efficiently
• Fully Azure hosted and backed up in the UK
• Login without having to remember passwords and other security details
• Pre-population leads to improved data accuracy and increased speed
• Client data based questions, based on where they live/work
• Seamless and frictionless Criminality and Financial Checks
• Contacted via the candidate's preferred method thus increasing engagement
• Power BI and Google Analytics to deliver HQ visual reports

£8.00 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@peregrineresourcing.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

291073193631478

Contact

Sara Wright
02071507500
bidteam@peregrineresourcing.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Any internet enabled device built in the past 5 years
  • HTTP

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We offer sector dedicated SME support/2-hour response window for clients/48-hour response time for candidates. Online support is also available directly through the relevant client or candidate portal. More limited support outside UK business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The day-to-day support is typically managed via email and phone through to your dedicated operations team. Depending on the requirements and size of the contract, face to face client relationship meetings can be arranged to discuss in more detail any operational queries and MI. Typically, we would not charge for this support service unless the requirements are outside the scope of our standard support offering. This will be fully scoped and discussed during implementation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided for the client admin users. Candidates will not require training as the candidate portal is highly intuitive, however, there are FAQ and support options available via the portal.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Microsoft Excel
• End-of-contract data extraction: All client owned data can be downloaded and extracted on a CSV document to be archived or transferred according to client requirements.
• End-of-contract process: Typically contracts run on a rolling annual commitment unless the client wishes to terminate at the end of the agreed contract time frame.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our VOLT digital screening service is cross-platform compatible which means that our technology works on different devices and platforms. Our Candidate Portal has been designed with a 'Mobile First' design approach which means that candidates can fill out their details on any smart device easily and efficiently, thus improving the candidate experience and driving speed of completion.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Both candidates and client admin users have access to our Virtual Online Tracker (VOLT) software through which candidates can be created, monitored, and tracked by the client admin. Candidates can effortlessly upload and submit the relevant information relating to the screening package the client has selected for the role.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have undertaken limited manual testing in relation to WCAG AA compliance.
• API: Yes
• What users can and can't do using the API: Clients can use the API to integrate with other solutions, an Applicant Tracking System for example. This would be a separate project and scoped accordingly. Additional charges may apply.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our service is configurable, and we can offer a number of options regarding the colours and logos used for the email and automatic messaging templates. This will help set the tone of our system’s correspondence with your candidates to align with your own organisation’s language and branding. The options are discussed, scoped, and agreed during implementation.

Scaling

• Independence of resources: Auto Scaling - Automatically scales when load reaches a threshold

Analytics

• Service usage metrics: Yes
• Metrics types: MI data is available for the client via the Client Portal. This will cover a number of data fields, including Checks Status, Time Scales, Costings, and other relevant information regarding the screening process. Clients will also have the benefit of using Google Analytics to help visualise the reporting data.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: At-rest the Azure Database for PostgreSQL service uses the FIPS 140-2 validated cryptographic module for storage encryption of data at-rest. Data, including backups, are encrypted on disk, with the exception of temporary files created while running queries. The service uses the AES 256-bit cipher included in Azure storage encryption, and the keys are system managed. Storage encryption is always on and cannot be disabled.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Clients can export their data through the system via PDF Download; Candidates, by request
• Data export formats: Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • Microsoft Word
  • JPG
  • Bitmap
  • PNG

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99%
• Approach to resilience: The solution design constrains the single points of failure. Within the application, load balancing across multiple instances of service and automated restart of failed services preserves availability. To support these measures the service is monitored such that failures or anomalous behaviour can be identified and corrective action taken, in many cases prior to defects emerging.; The technical measures outlined are supported by a range of operational controls including: comprehensive testing, configuration control, release management, and asset management. In the event of a failure effective issue and problem, management ensures the service is quickly recovered and lessons learned preventing repeat scenarios. In the event of a BC/DR failure, cloud-enabled replication across the region enables rapid restoration of the service.
• Outage reporting: In terms of system errors that are reported internally or externally, this is raised to the IT team who notify the business via teams/email. If this impacts service or we as a business decide to notify clients, this is done via email and by the Client Relationship Manager (CRM). If we have scheduled downtime for maintenance, this will also initially be communicated internally by IT, but it is then the CRM’s responsibility to notify the client, via email, and usually 2 weeks ahead of downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Security Watchdog users access VOLT via the Microsoft Dynamics 365 online portal which enforces the Capita password policy, with mandatory Multi-Factor Authentication (MFA) required. Client portal users are authenticated using the same Azure Active Directory based policy. MFA can be provided against either physical or mobile factor device definition to generate one-time passcodes.
• Access restrictions in management interfaces and support channels: Role Base Access Control (RBAC), Okta, Global Protect
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: Management access is strictly restricted to those that have a business need and is conditional on two factor authentication using Okta. Only Capita staff hold admin accounts.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 21/12/2018
• What the ISO/IEC 27001 doesn’t cover: See Statement of Applicability
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/06/2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Support and process outside the Azure Hosted VOLT Portals
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO9001
  • NAPBS (National Association of Professional Background Screeners)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO9001, Cyber Essentials Plus, NAPBS (National Association of Professional Background Screeners)
• Information security policies and processes: Security Watchdog ISMS in line with ISO27001/Cyber Essentials Plus

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Defined in Capita Threat and Incident Management standard - confidential document for internal use only
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Defined in Capita Threat and Incident Management standard - confidential document for internal use only
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Defined in Capita Threat and Incident Management standard - confidential document for internal use only
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Defined in Capita Threat and Incident Management standard - confidential document for internal use only

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Other
• Other public sector networks: DBS and Disclosures Scotland

Social Value

• Equal opportunity:

  Equal opportunity

  One of Capita’s responsible business strategies is “Enhancing diversity to create better outcomes for our clients and customers”. We are committed to increase our focus on diversity, inclusion and wellbeing; a key consideration for all our products and services. Indicative of this strategy is that fact that Capita are a:; o signatory of the UK Government and Business in the Community’s Race at Work Charter; o Disability Confident Employer; o supporter of the Social Mobility Foundation; o Global Member of the Employee Networks for Equality and Inclusion; ; We also collaborate with leading D&I organisations, such as:; o Radiate; o Stonewall; o Age UK; o Fawcett Society; o Women on Boards; o Race for Opportunity; o Network for Black and Asian Professionals; o Inter Faith Network; o Gender Trust; ; Clients know that their candidates are looking for authenticity and proof that they are about to apply for, and possibly join, an inclusive, diverse organisation. Our products are tailored to assist with this, we ensure:; • language used is societally acceptable and comprehensible; • applications can be used on various types of hardware, i.e. PC, tablet or mobile phone, providing full accessibility and functionality

Pricing

• Price: £8.00 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a 'Pay Per Candidate' service which enables the prospective client to choose from a small range of standard screening packages. This option can be used to trial our service, but it is not free. The experience will also be slightly different to that of a contracted customer.
• Link to free trial: https://www.securitywatchdog.org.uk/ppc-screening-packages

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@peregrineresourcing.com. Tell them what format you need. It will help if you say what assistive technology you use.