CONEXIA LIMITED

Security Watchdog - Digital Onboard

Capita onboarding supports an organisation to providing a personalised, engaging, mobile first, onboarding experience.
New joiners are guided to complete on-boarding tasks and provided essential content. Managers are supported to participate, engage and uphold standard management practices. The business benefits from oversight, tracking, improved retention and speed to productivity.

Features

• Personalised mobile first onboarding tool available on any device
• Configurable to your brand and theme colours
• Configurable new joiner checklist items with PDF functionality
• Configurable new joiner information sections
• Configurable manager tasks with reminders
• Manager dashboards for oversight and new joiner interventions
• Automated reminders and interventions using emails and/or SMS
• System Administration portal to configure, upload and personalise content
• System Administration dashboard provides user activity visibility for reporting
• Trigger own devices apps for uplifted communication and connectivity

Benefits

• Create positive onboarding outcomes with oversight in one place
• Exceptional communication optimises new joiner engagement and supports retention
• Checklist activities support new joiner readiness and speed to productivity
• Manager tasks activate timely participation to support outcomes
• Reminders, notifications and automated interventions act to secure onboarding
• Information sections enable a constant point of reference
• Mobile first on any device means anytime anyplace anywhere
• Data drives focus, tracks progress and supports improvements
• Integrations available with Capita’s digital background checking and learning
• Third party integrations can support a simplified user experience

£10,000.00 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@peregrineresourcing.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

422023986906796

Contact

Sara Wright
02071507500
bidteam@peregrineresourcing.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Modern internet enabled devices built in the past 5 years

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our aim is to resolve cases at the point of enquiry. However, if a solution is not immediately available, details of the enquiry will be logged, and the case allocated to a Service Desk Analyst for investigation. We use an incident definition table to categorise incidents. Prioritisation is defined as P1, P2, P3, P4 which are responded to within 1 hour, 3 hours, 1 workday and 1 workday respectively. Standard support is available Monday to Friday 9.00am to 5.30pm. If weekend support is an essential requirement for an organisation, then this can be arranged at an additional cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Capita Onboard provides customer support via (1) Implementation: The client will be supported to implement the tool and understand how best to configure their content. Implementation will support you to translate your processes for use with our digital onboarding tool. (2) Training: As the tool is designed to be self-service there should be limited training need. However, our implementation team will support you to utilise the tool effectively and support your new joiners. (3) Account Management: Account Managers interact with clients to support long-term goals tied to the use of Capita Onboard. Your dedicated account manager will handle all day-to-day queries, share the development road map and release roll out, as well as attend regular review meetings. (4) Technical Support: This team oversees monitoring the issue resolution process and making sure that issues are solved within the shortest possible time frame. This is at no extra cost.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training is provided for client system administration users during the implementation phase - this can be provided online and is accompanied by a guide document. New Joiners and Managers will not require training as these portals are highly intuitive. However, there are FAQ and support options available via the portal.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: All client owned data can be downloaded and extracted as a CSV document to be archived or transferred, according to client requirements.
• End-of-contract process: Typically contracts run on a rolling annual commitment unless the client wishes to terminate at the end of the agreed contract time frame.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Capita Onboard is a mobile first design and is about delivering the right experience on the right device. It is cross-platform compatible which means that our portals work on different platforms or devices. Examples include laptops and desktops and, of course, tablets and smartphones. The screening resizes and rearranges automatically depending on the size of the smart device screen to clearly display the information and buttons etc.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Capita Onboard is a web application delivered as SaaS. The platform’s interfaces are visually attractive, mobile-optimised and designed to support a positive user experience. Systems Administrators, New Joiners, and Managers, via role-based permissions, utilise the part of the tool designed specifically for their role. Systems Administrators support the content required to complete the content templates used to define the New Joiners and Manager experience along with a dashboard for user visibility. New Joiners have pre- and onboarding checklist activities to complete and a set of 7 information sections, whilst Managers have tasks to complete and dashboards to review.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our service is accessible on any internet enabled smart device via a link using secure login credentials assigned to each individual user. It is designed following WCAG guidelines. We have undertaken limited manual testing in relation to WCAG AA compliance.
• API: Yes
• What users can and can't do using the API: Clients can use the API to integrate with other solutions. An Applicant Tracking System for example. This would be a separate project and scoped accordingly. Additional charges may apply.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our service is configurable, and we can offer a number of options regarding the colours and logos used to the email and automatic messaging templates. These options are all discussed and scoped during Implementation.

Scaling

• Independence of resources: Auto Scaling - Automatically scales when load reaches a threshold

Analytics

• Service usage metrics: Yes
• Metrics types: MI data is available for the client via the Client Portal. This will cover a number of data fields, including Checks Status, Time Scales, Costings, and other relevant information regarding the screening process. Clients will also have the benefit of using Google Analytics to help visualise the reporting data.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Direct from their online dashboard
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% availability
• Approach to resilience: The solution design constrains the single points of failure. Within the application, load balancing across multiple instances of service and automated restart of failed services preserves availability. To support these measures, the service is monitored such that failures or anomalous behaviour can be identified and corrective action taken, in many cases prior to defects emerging.; The technical measures outlined are supported by a range of operational controls, including: comprehensive testing, configuration control, release management, and asset management. In the event of a failure, effective issue and problem management ensure the service is quickly recovered and lessons learnt preventing repeat scenarios.; In the event of a BC/DR failure, cloud enabled replication across the region enables rapid restoration of the service.
• Outage reporting: In terms of system errors that are reported internally or externally, this is raised to the IT team who notify the business via teams/email. If this impacts service or we as a business decide to notify clients, this is done via email and by the Client Relationship Manager (CRM). If we have scheduled downtime for maintenance, this will also initially be communicated internally by IT, but it is then the CRM’s responsibility to notify the client, via email and usually 2 weeks ahead of downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Role Base Access Control (RBAC), Okta, Global Protect
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 21/12/2018
• What the ISO/IEC 27001 doesn’t cover: See the Statement of Applicability
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/06/2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Support and process outside the Azure Hosted VOLT Portals
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISMS governs our approach to security governance and is independently audited against ISO27001 annually. ISMS documentation is thoroughly maintained and managed by the Information Security Manager. Our management teams are supported by our Group and Divisional Information Security Officers who report ultimately to Group Risk Committees. The documents included and managed in this ISMS are as follows.; ISMS; Statement of Applicability; Document Control; Effectiveness Measurements; Information Security Objectives and Policy; Management Review of Information Security Policy; Internal Audit Procedure; Non-Conformity Procedure; Audit Schedule; Internal Audit Report; Non-conformance Report/Improvement Log; Risk Assessment/Treatment Plan; Risk Management Policy; Organisation Security; Governance Policy; HR Security Policy; Joiners/Leavers IT Process; IT Leavers Process Checklist; Induction InfoSec PPT; Asset Inventory and Ownership; Acceptable Use Policy; Asset Classification and Handling; Storage Media Disposal; Courier and Mail Management Procedure; Asset List; Security Watchdog Data Mapping (IAR); Access Control Policy; Access Control Procedure; User Access Management; Cryptography Control Policy; Physical and Equipment Security; Visitors Procedure; IT Procedures; Anti-virus Policy; Patch Management; WPS Change Management; Secure Development Policy; Secure Development Lifecycle; Supplier Relationships; Information Security Incident Management; Incident Report Form; Incident Log; Compliance and Redundancies; Control of Records; List of Legislation and Regulations; Data Retention Schedule

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Management Process defined in ISMS Doc 12.7 Defined in Capita Threat and Incident Management standard - confidential document for internal use only
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We comply with The Information Security Forum’s Standard of Good Practice for Information Security 2018 which is defined in Capita's Threat and Incident Management standard - confidential document for internal use only
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We comply with The Information Security Forum’s Standard of Good Practice for Information Security 2018. This is defined in Capita's Threat and Incident Management standard which is a confidential document for internal use only
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We comply to The Information Security Forum’s Standard of Good Practice for Information Security 2018 which is defined in Capita's Threat and Incident Management standard - confidential document for internal use only

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Equal opportunity:

  Equal opportunity

  One of Capita’s responsible business strategies is “Enhancing diversity to create better outcomes for our clients and customers”. We are committed to increase our focus on diversity, inclusion and wellbeing; a key consideration for all our products and services. Indicative of this strategy is that fact that Capita are a:; o signatory of the UK Government and Business in the Community’s Race at Work Charter; o Disability Confident Employer; o supporter of the Social Mobility Foundation; o Global Member of the Employee Networks for Equality and Inclusion; ; We also collaborate with leading D&I organisations, such as:; o Radiate; o Stonewall; o Age UK; o Fawcett Society; o Women on Boards; o Race for Opportunity; o Network for Black and Asian Professionals; o Inter Faith Network; o Gender Trust; ; Clients know that their candidates are looking for authenticity and proof that they are about to apply for, and possibly join, an inclusive, diverse organisation. Our products are tailored to assist with this, we ensure:; • language used is societally acceptable and comprehensible; • applications can be used on various types of hardware, i.e. PC, tablet or mobile phone, providing full accessibility and functionality

Pricing

• Price: £10,000.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@peregrineresourcing.com. Tell them what format you need. It will help if you say what assistive technology you use.