Amberjack

Candidate Management Platform

An applicant tracking system designed for campaign or intake-based volume recruitment e.g. Early Careers or high volumes of a particular role

Features

• Fully branded recruitment experience
• Real-time reporting
• Automation, bulk processing and comms tools
• Enterprise Applicant Tracking System (ATS)
• Personalised automated feedback
• Net Promoter Scores (NPS) for real-time candidate sentiment
• Seamless integration with assessment providers and enterprise technology
• Mobile enabled self-service candidate booking and interactive account areas
• Inbuilt blind screening
• Offer management and onboarding

Benefits

• Leverage your employer brand
• Complete visibility of pipelines and reports to individual candidate level
• Efficiently saves over 85% of recruiter time
• Typically 28% faster time-to-offer and 43% less cost-per-hire
• Provide feedback hungry candidates with instant results
• Measure, benchmark and act on the experience of candidates
• Proven in the most regulated business environments and sectors
• Deliver an unrivalled candidate experience
• Remove screener bias, Improve diversity results
• Keep candidates warm from offer until they join you

£9,030 a licence a year

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@weareamberjack.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

403521781048258

Contact

Jonathan Hall
+441635584130
contracts@weareamberjack.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: As with all software services, Amberjack will, with due notice, periodically provision service upgrades and platform maintenance that may require a period of planned downtime. Typically this downtime will be planned outside of key operating hours.
• System requirements:
  • Modern browser (Google Chrome, Safari, Firefox, Microsoft Edge)
  • Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on the severity of fault, between 2 hours and 1 day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Reactive support is included in the price. This provides working day telephone and email support with 4 levels of ticket categorisation.; Technical account management is offered (at a cost) to provide proactive management of the service including service reviews, reporting and strategic support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A full implementation service can be provided to design and implement the technical and assessment processes in partnership with the client, only being signed off for live deployment after full user acceptance testing.; ; Full user training and documentation is also provided and can be delivered onsite or remotely.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Amberjack will provide a data extract in the format required by the client at the end of the contract. Data retention/archive/deletion policies will match the requirements of the client.
• End-of-contract process: Typically at the end of the contract, an exit plan will be put in place to define the timeline for closure of system for new registration, removing access for candidates and client users, data extraction and decommissioning.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The UI has been designed to be mobile responsive and so positioning of text/buttons/tabs will change depending on screen size.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Online Assessment Module provides clients with the ability to design immersive assessments for candidates. The Module supports many different kinds of questions and answer type tests. The question interface and scoring mechanisms are pluggable to allow customised experiences to be created for clients. These can range from simple multiple choice to games and immersive video enabled experiences. On registration, candidates can then take the assessment tests, the results of which are collated for review by the client assessors. Metrics and analytics are available to enable continual improvement in areas such as diversity and candidate engagement.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: SortSite has been used to assess our solutions for accessibility. Supporting accessibility standards is an ongoing element of the Amberjack technical development roadmap.; In addition NVDA has been used in a Proof of Concept capacity to understand compatibility with screen readers.
• API: Yes
• What users can and can't do using the API: API integration can be discussed as part of initial partnership dialogue, however typically this service is set up in partnership with our internal technical team who can provide all relevant documentation. ; ; Once the integration is in place, any changes must be made via our change request process and cannot be made by users without involvement of our internal technical team.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our Online Assessment Module is fully customisable to create unique assessment experiences for candidates, including, but not limited to branding through to bespoke design of situational judgement testing and text based match-me tools. Expert assessment specialists can help to develop the most appropriate assessment model that our Online Assessment Module can then be used to deliver.

Scaling

• Independence of resources: Whilst our Online Assessment Module uses shared resources, these are load balanced across multiple servers, with frequent capacity management reviews held to review existing client consumption growth, based on information in our monitoring tools, and new business expectations for the next period. Infrastructure capacity can then be adjusted as necessary to ensure high levels of performance and availability.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are specific to each organisation depending on their implementation design and will typically be a combination of built in and custom reports alongside analysis provided by technical account managers.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The client user interface supports the export of candidate data including scores, and associated custom meta data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: .xlsx
• Data import formats:
  • CSV
  • Other
• Other data import formats: .xlsx

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Up to 99.9% availability (excluding planned maintenance, but deployment of the platform takes typically less than 2 minutes). Service credits are agreed as part of contract negotiations.
• Approach to resilience: Redundancy is built in by design, for example, load balanced web servers, firewalls, and the data centre is replicated across 2 different sites.
• Outage reporting: Reactive RfO (Reason for Outage) reporting as well as a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Separation by site. e.g. the admin site is independent from the client site and with independent authentication. Within the client site there are multiple levels of user access to restrict access appropriately.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 26/09/2022
• What the ISO/IEC 27001 doesn’t cover: A10.1.2 Key Management; A11.1.6 Delivery and Loading Areas; A14.2.7 Outsourced Development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We employ a fully ISO27001:2013 Information Security Management System with a statement of applicability for all but 2 non-applicable controls (relating to delivery/loading bay controls). This means we have a full suite of information security policies and procedures that are independently audited on at least an annual basis.; ; Security is governed by our Board of Directors with daily management deferred to our head of security (who sits independently of any department).; ; All changes are governed by a weekly change board, and we have an independent SOC monitoring our systems 24x7. We undertake daily vulnerability scans of all our systems and perform automated patching twice weekly or as required.; ; Our head of security monitors compliance with our policies and standards and reports to the board on a quarterly basis.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are managed through a weekly Change Board attended by service and system owners. Requests are reviewed and if approved are tracked to completion with mop up sessions.; ; Each change has to consider the impact to security risk (reduce, maintain, worsen), the likely impact to service and whether comms are required to users of the system.; ; Only correctly formed requests are considered for approval.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We undertake daily Internal and External Infrastructure assessments to the PCI standards as a benchmark. Our SLA for patch deployment is within 10 working days for High/Critical and 30 days for Medium rated vulnerabilities.; ; We use several sources for threat intel including BitSight, Risk Ledger, MyNCSC, Tenable.IO and the Microsoft Threat Intelligence reports.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have the latest threat analysis tools deployed to all systems which in turn feed into our fully managed 24x7 SOC.; ; We have defined runbooks to respond to various scenarios and our response time varies depending on the severity of the alert. We enable our SOC to block access if they deem necessary while we investigate the incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident process is published to all users desktops and is well understood by staff. Reports always require an email but initial contact/reporting can be via any communication method.; ; Incidents are then assessed for severity and runbooks for standard scenarios are followed. Incidents are logged in a dedicated system which feeds into our security management system. This enables incident reports to be generated if required.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  We designed our Candidate Management Platform specifically for the Early Careers and High-Volume marketplace, to fill the gaps that traditional requisition based ATS do not cater for.; One example is bulk management of, and processing of candidates fairly throughout the entire recruitment cycle. Our system allows for bespoke questions and forms that can accommodate candidates with neurodiverse or disabilities for example so we can ensure each process does not adversely affect any individual candidate. We can also report on various demographic qualities or groups at each stage to further mitigate and assess any impacts.

Pricing

• Price: £9,030 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@weareamberjack.com. Tell them what format you need. It will help if you say what assistive technology you use.