Amiqus

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: No constraints
System requirements: Requires a connection to the Internet

Requires an Amiqus license to cover individual users

Requires that the user purchase credits upfront to conduct checks

Recommended to use the latest version of browser

Requires App download for E-Passport verification

User support

Email or online ticketing support: Email or online ticketing
Support response times: We endeavour to respond to queries as soon as is reasonably possible. Our official response time is one business day within the hours of 09:00 - 17:00 Monday to Friday. Weekends excluded.
User can manage status and priority of support tickets: No
Phone support: No
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Access for users and data subjects to the web chat is available from within the browser application, the widget is located in the bottom right hand corner of the screen. The options will navigate to our FAQ support section or to raise a support ticket.
Web chat accessibility testing: No testing with assistive technology users has been conducted. This will be part of future work around the product.
Onsite support: Yes, at extra cost
Support levels: Amiqus uses commercially reasonable endeavours to make the service available 24 hours a day, seven days a week except when planned maintenance is required.
The cost of our support services is included within the license fees, our pricing can be viewed at the www.amiqus.co/pricing.
Should technical integration be required, the level of support will be dependent on the scope of the project.
We would provide a technical account manager or cloud support engineer where applicable and dependent on size of contract. Enterprise customers have a dedicated account manager and technical integrations will be supported by engineers.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We work hard to make our onboarding process as frictionless as possible.

Step 1: due diligence |
Due diligence is required for clients running identity checks or credit reports. This requires customers to provide basic information and update their privacy policies. Lead time is ~10 working days

If identity checks or credit reports are not required, the due diligence process is reduced to ~2 working days.

Step 2: account set up |
Amiqus account managers work closely with customers to ensure their account is correctly configured for use.This includes adding team members and assigning relevant permissions and utilising workflows and templates to increase efficiency.

Step 3: process implementation and training |
Amiqus complete training, onsite or online, to ensure customers are confident using the system and to help implement Amiqus within wider team or organisational processes.

Step 4: ongoing support |
Useful content is provided to customers throughout the duration of the relationship, with increased frequency during the first 8 weeks of product use, designed to help users tackle common tasks and answer frequently asked questions.

A help centre is available for users:https://help.amiqus.co/

Ongoing support is provided within the product (web chat) and via email.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Amiqus clients |
As per UK GDPR, Amiqus acts as the data processor with our customers assuming the role of the data controller. Amiqus customers can request to extract their data from Amqus, available in CSV or JSON format at any time.

Data subjects |
Data subjects are the customers or employees of Amiqus clients. Data subjects data is stored by Amiqus and made available to the Amiqus client until a time when asked to remove it.

Data subjects have a right to access, rectify or erase this information by contacting the organisation requesting the information (the Amiqus client).
End-of-contract process: Clients can cease using the Amiqus platform, with four weeks prior notice.

Licence fees are calculated as a monthly cost. Credits, required to run compliance checks, are purchased and used on a 'pay as you go' basis.

Data is extracted and supplied to the customer at their request.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: There is no difference functionality wise between the two.
Service interface: No
User support accessibility: WCAG 2.1 AAA
API: Yes
What users can and can't do using the API: Amiqus create an API client for the customer. The customer uses the API client to authorise their application using OAuth 2.0.

The API allows applications to create, update and get people, organisations and requests. It can also create, update, get and delete webhooks.

Customers are provided with a “test” team on production where they are assigned an example check type, allowing them to test their application without incurring costs or running real checks on real people.

The API does not allow user or team management, nor API management. Both of which must be managed via the Amiqus browser application.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Buyers can build in their own messaging/logos/templates to interact with their candidates.

They can also customise forms and documents to gather or share information as required

Scaling

Independence of resources: Amiqus and its infrastructure use load balancing and auto-scaling techniques so that the service is spread evenly over the available computing resources, this also ensures that the service remains unaffected during high traffic periods by provisioning more resources when necessary.

As part of our onboarding process, Amiqus will work with the client to fully understand their current and future usage patterns in order to maintain the agreed level of service.

Analytics

Service usage metrics: Yes
Metrics types: A 'Dashboard' view is available within Amiqus and utilises usage metrics. Usage metrics are available as read only and can be personalised, allowing the user to save a preferred view based on their chosen dataset(s). Usage metrics in Amiqus show the status of requests sent, providing users with a clear overview of the status of all requests within their account.
Reporting types: Real-time dashboards

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Disclosure Scotland, DBS, TransUnion, Equifax, ComplyAdvantage, Onfido, Truelayer

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Data will be displayed within the browser but can be downloaded in report format as a PDF for reference.
Data export formats: CSV

Other
Other data export formats: PDF

JSON
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: Data is encrypted at rest using the AWS native encryption algorithms and at each stage of the verification process using modern ciphers.

All traffic within the AWS virtual private cloud is encrypted by default and segregated from other customers' infrastructure.

Availability and resilience

Guaranteed availability: Amiqus shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except when any planned maintenance is required. The Client shall be given notice by email of any such planned maintenance, we make a concerted effort to schedule downtime out with normal operating hours. Services typically run at around 99% availability.
Approach to resilience: Our service is deployed within the EU-West-1 region of the AWS global infrastructure and is spread across multiple availability zones within the region. This means that the service operates from two geographically separated data centres for maximum redundancy. Additionally, due to the nature of our deployment strategy we are capable of launching the service from any region within a short space of time, with our selected backup region being EU-WEST-2.
Outage reporting: Notification provided by email in the event of any planned maintenance. Users are informed of any interruption to service by internal messaging system within platform.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Access and searching of accounts / client data is tightly restricted to only the authorised user with enforced password standards, activity reporting and account throttling. All passwords are user generated and hashed using SHA-512 with 10,0000+ rounds and a 32 byte salt of random data. Internal temporary access to user accounts / client data by Amiqus staff is only possible through internal permissions set on a firm by firm basis by account users for purposes of resolving a technical or support query.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Alcumus ISOQAR
ISO/IEC 27001 accreditation date: 10/04/2018
What the ISO/IEC 27001 doesn’t cover: Controls A.11.1.6 (physical delivery and loading areas) and A.14.2.7 (outsourced development) are out of scope and had been excluded from audit review.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: Cyber Essentials Plus

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: We follow ISO27001:13 best practice, which ensures that we comply to various regulations regarding data protection, privacy, risk and IT governance.

Information is at the heart of our business and any threat to its confidentiality, integrity, or availability is a direct threat to our business. Information security applies to and is the responsibility of all our staff. All new starts receive mandatory training to review Amiqus' information security standards and their obligations under such framework. All employees are required to sign an acknowledgement of security awareness training and non-disclosure agreement.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: An extensive Information Security Manual articulates the business' approach to information security management. Configuration and change management processes are reviewed at regular intervals.

All changes to infrastructure are handled by using Hashicorp Terraform. The source code for these services is held within private Git repositories on Github and deployed using Jenkins. From inception to deployment all infrastructure and application code is made through Github pull requests and manually and approved by a senior member of our engineering team. This makes sure that all inconsistencies are spotted and can be traced back to their source to be fixed.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Through a combination of an incident log, risk register and vulnerability scanning of both end devices and our infrastructure. Our end user devices are configured to automatically install relevant OS updates and staff are instructed to do so with all relevant software installed.

From an application standpoint we identify vulnerabilities via penetration testing, vulnerabilities are scored and high level ones are actioned as soon as possible with the less severe being added to the backlog.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: We have an end-to-end monitoring solution in place using Sensu to monitor processes on the server and also to monitor our provider’s endpoints from the application. We have AWS Cloudwatch monitoring and alerting on specific parts of the estate.

We monitor the health of the AWS infrastructure using their CloudTrail and GuardDuty products which alert the security operations team if there are unexpected/irregular actions taking place within our infrastructure accounts.

If we’re alerted to a high risk compromise, our DevOps team begins immediate investigation to determine how serious the breach is and to immediately mitigate / fix.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: A robust Incident Management procedure is in place to ensure a quick, effective and orderly response to information security incidents that ensures appropriate corrective or preventive actions, restores normal operations as quickly as possible and ensures that improvement opportunities are identified and acted upon. Evidence is collected for all information security incidents and is retained and presented for regular review.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Other
Other public sector networks: The Home Office (Disclosure and Barring Service)

Disclosure Scotland

Companies House

Equal opportunity: Equal opportunity

Policy Statement
Amiqus Resolution Ltd. fully accepts and welcomes that society consists of many diverse groups
and individuals and this diversity is an asset to the community. We also recognise that certain
groups and individuals are discriminated against and we are strongly opposed to this. We
recognise that we have a moral and legal responsibility to promote equal opportunities and we will
pursue equality in all of our work.
This document has been prepared to set out Amiqus Resolution’s commitment and as a statement
of its intent. The Policy will be reviewed annually to ensure effective implementation.
What is inclusion and diversity?
● Inclusion is where people’s differences are valued and used to enable everyone to thrive at
work. An inclusive environment is one in which everyone feels they belong without having
to behave in a certain way and are always made to feel that their contribution matters
whilst being able to perform to their full potential.
● Diversity is about recognising differences and acknowledging the benefit of having a range
of perspectives in the workplace.
Amiqus Resolution Ltd. is an Equal Opportunities Organisation and is committed to the
development of policies to provide for equality of opportunity in all aspects of its work. We will
work to ensure that all our services are provided in a way that promotes awareness of the rights
and needs of people from minority groups and enables all people to access them.
Amiqus Resolution Ltd. will take whatever steps are necessary including, if appropriate, use of the
disciplinary mechanisms laid out in the Disciplinary Policy and Procedure document, to enforce
the Policy. Amiqus have the right to action an immediate dismissal to any employee, client or
associate of Amiqus if they are found to be discriminatory against people from minority groups.

Pricing

Price: £30 a licence a month
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Amiqus

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents