Amiqus Resolution Limited

Amiqus

Amiqus are the UK's most trusted compliance and onboarding platform supporting the public sector at scale. Conduct pre-employment vetting and enable staff passporting.

Amiqus delivers UK Government accredited ID verification and a centralised end to end candidate and user experience, converting hours of paper-based admin into minutes of online compliance.

Features

  • Read E-Passports and check liveness digitally
  • UK Home office accredited Digital Right to Work checks
  • Politically exposed persons screening, sanctions lists and adverse media checks
  • Credit report, identity and criminal record checks
  • Secure document management: send, receive and store client/employee documents
  • Check company directors, ownership and control
  • User access levels help manage team responsibilities
  • Assignee workflow helps teams to manage their tasks
  • Activity logging and notification updates
  • Utilise two-factor authentication for greater account security

Benefits

  • Keep candidate and employee data safe
  • Use via browser - no downloads or installations
  • Turn hours of paper-based admin into minutes of online compliance
  • Demonstrate compliance to regulators and auditors
  • Single point of access to a range of compliance checks
  • Conduct checks remotely or in person
  • Record internal decision making with platforms audit trail
  • Simplify and speed up onboarding for clients and employees
  • Fully compliant with EU anti-money laundering requirements
  • Customise forms and messages to be sent alongside requests

Pricing

£30 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@amiqus.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 4 5 3 1 6 6 5 0 7 4 8 6 3 8

Contact

Amiqus Resolution Limited sales@amiqus.co
Telephone: 0131 5139757
Email: sales@amiqus.co

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No constraints
System requirements
  • Requires a connection to the Internet
  • Requires an Amiqus license to cover individual users
  • Requires that the user purchase credits upfront to conduct checks
  • Recommended to use the latest version of browser
  • Requires App download for E-Passport verification

User support

Email or online ticketing support
Email or online ticketing
Support response times
We endeavour to respond to queries as soon as is reasonably possible. Our official response time is one business day within the hours of 09:00 - 17:00 Monday to Friday. Weekends excluded.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Access for users and data subjects to the web chat is available from within the browser application, the widget is located in the bottom right hand corner of the screen. The options will navigate to our FAQ support section or to raise a support ticket.
Web chat accessibility testing
No testing with assistive technology users has been conducted. This will be part of future work around the product.
Onsite support
Yes, at extra cost
Support levels
Amiqus uses commercially reasonable endeavours to make the service available 24 hours a day, seven days a week except when planned maintenance is required.
The cost of our support services is included within the license fees, our pricing can be viewed at the www.amiqus.co/pricing.
Should technical integration be required, the level of support will be dependent on the scope of the project.
We would provide a technical account manager or cloud support engineer where applicable and dependent on size of contract. Enterprise customers have a dedicated account manager and technical integrations will be supported by engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We work hard to make our onboarding process as frictionless as possible.

Step 1: due diligence |
Due diligence is required for clients running identity checks or credit reports. This requires customers to provide basic information and update their privacy policies. Lead time is ~10 working days

If identity checks or credit reports are not required, the due diligence process is reduced to ~2 working days.

Step 2: account set up |
Amiqus account managers work closely with customers to ensure their account is correctly configured for use.This includes adding team members and assigning relevant permissions and utilising workflows and templates to increase efficiency.

Step 3: process implementation and training |
Amiqus complete training, onsite or online, to ensure customers are confident using the system and to help implement Amiqus within wider team or organisational processes.

Step 4: ongoing support |
Useful content is provided to customers throughout the duration of the relationship, with increased frequency during the first 8 weeks of product use, designed to help users tackle common tasks and answer frequently asked questions.

A help centre is available for users:https://help.amiqus.co/

Ongoing support is provided within the product (web chat) and via email.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Amiqus clients |
As per UK GDPR, Amiqus acts as the data processor with our customers assuming the role of the data controller. Amiqus customers can request to extract their data from Amqus, available in CSV or JSON format at any time.

Data subjects |
Data subjects are the customers or employees of Amiqus clients. Data subjects data is stored by Amiqus and made available to the Amiqus client until a time when asked to remove it.

Data subjects have a right to access, rectify or erase this information by contacting the organisation requesting the information (the Amiqus client).
End-of-contract process
Clients can cease using the Amiqus platform, with four weeks prior notice.

Licence fees are calculated as a monthly cost. Credits, required to run compliance checks, are purchased and used on a 'pay as you go' basis.

Data is extracted and supplied to the customer at their request.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There is no difference functionality wise between the two.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
Yes
What users can and can't do using the API
Amiqus create an API client for the customer. The customer uses the API client to authorise their application using OAuth 2.0.

The API allows applications to create, update and get people, organisations and requests. It can also create, update, get and delete webhooks.

Customers are provided with a “test” team on production where they are assigned an example check type, allowing them to test their application without incurring costs or running real checks on real people.

The API does not allow user or team management, nor API management. Both of which must be managed via the Amiqus browser application.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Buyers can build in their own messaging/logos/templates to interact with their candidates.

They can also customise forms and documents to gather or share information as required

Scaling

Independence of resources
Amiqus and its infrastructure use load balancing and auto-scaling techniques so that the service is spread evenly over the available computing resources, this also ensures that the service remains unaffected during high traffic periods by provisioning more resources when necessary.

As part of our onboarding process, Amiqus will work with the client to fully understand their current and future usage patterns in order to maintain the agreed level of service.

Analytics

Service usage metrics
Yes
Metrics types
A 'Dashboard' view is available within Amiqus and utilises usage metrics. Usage metrics are available as read only and can be personalised, allowing the user to save a preferred view based on their chosen dataset(s). Usage metrics in Amiqus show the status of requests sent, providing users with a clear overview of the status of all requests within their account.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Disclosure Scotland, DBS, TransUnion, Equifax, ComplyAdvantage, Onfido, Truelayer

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data will be displayed within the browser but can be downloaded in report format as a PDF for reference.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • JSON
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Data is encrypted at rest using the AWS native encryption algorithms and at each stage of the verification process using modern ciphers.

All traffic within the AWS virtual private cloud is encrypted by default and segregated from other customers' infrastructure.

Availability and resilience

Guaranteed availability
Amiqus shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except when any planned maintenance is required. The Client shall be given notice by email of any such planned maintenance, we make a concerted effort to schedule downtime out with normal operating hours. Services typically run at around 99% availability.
Approach to resilience
Our service is deployed within the EU-West-1 region of the AWS global infrastructure and is spread across multiple availability zones within the region. This means that the service operates from two geographically separated data centres for maximum redundancy. Additionally, due to the nature of our deployment strategy we are capable of launching the service from any region within a short space of time, with our selected backup region being EU-WEST-2.
Outage reporting
Notification provided by email in the event of any planned maintenance. Users are informed of any interruption to service by internal messaging system within platform.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access and searching of accounts / client data is tightly restricted to only the authorised user with enforced password standards, activity reporting and account throttling. All passwords are user generated and hashed using SHA-512 with 10,0000+ rounds and a 32 byte salt of random data. Internal temporary access to user accounts / client data by Amiqus staff is only possible through internal permissions set on a firm by firm basis by account users for purposes of resolving a technical or support query.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
10/04/2018
What the ISO/IEC 27001 doesn’t cover
Controls A.11.1.6 (physical delivery and loading areas) and A.14.2.7 (outsourced development) are out of scope and had been excluded from audit review.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow ISO27001:13 best practice, which ensures that we comply to various regulations regarding data protection, privacy, risk and IT governance.

Information is at the heart of our business and any threat to its confidentiality, integrity, or availability is a direct threat to our business. Information security applies to and is the responsibility of all our staff. All new starts receive mandatory training to review Amiqus' information security standards and their obligations under such framework. All employees are required to sign an acknowledgement of security awareness training and non-disclosure agreement.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
An extensive Information Security Manual articulates the business' approach to information security management. Configuration and change management processes are reviewed at regular intervals.

All changes to infrastructure are handled by using Hashicorp Terraform. The source code for these services is held within private Git repositories on Github and deployed using Jenkins. From inception to deployment all infrastructure and application code is made through Github pull requests and manually and approved by a senior member of our engineering team. This makes sure that all inconsistencies are spotted and can be traced back to their source to be fixed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Through a combination of an incident log, risk register and vulnerability scanning of both end devices and our infrastructure. Our end user devices are configured to automatically install relevant OS updates and staff are instructed to do so with all relevant software installed.

From an application standpoint we identify vulnerabilities via penetration testing, vulnerabilities are scored and high level ones are actioned as soon as possible with the less severe being added to the backlog.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We have an end-to-end monitoring solution in place using Sensu to monitor processes on the server and also to monitor our provider’s endpoints from the application. We have AWS Cloudwatch monitoring and alerting on specific parts of the estate.

We monitor the health of the AWS infrastructure using their CloudTrail and GuardDuty products which alert the security operations team if there are unexpected/irregular actions taking place within our infrastructure accounts.

If we’re alerted to a high risk compromise, our DevOps team begins immediate investigation to determine how serious the breach is and to immediately mitigate / fix.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
A robust Incident Management procedure is in place to ensure a quick, effective and orderly response to information security incidents that ensures appropriate corrective or preventive actions, restores normal operations as quickly as possible and ensures that improvement opportunities are identified and acted upon. Evidence is collected for all information security incidents and is retained and presented for regular review.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
  • The Home Office (Disclosure and Barring Service)
  • Disclosure Scotland
  • Companies House

Social Value

Equal opportunity

Equal opportunity

Policy Statement
Amiqus Resolution Ltd. fully accepts and welcomes that society consists of many diverse groups
and individuals and this diversity is an asset to the community. We also recognise that certain
groups and individuals are discriminated against and we are strongly opposed to this. We
recognise that we have a moral and legal responsibility to promote equal opportunities and we will
pursue equality in all of our work.
This document has been prepared to set out Amiqus Resolution’s commitment and as a statement
of its intent. The Policy will be reviewed annually to ensure effective implementation.
What is inclusion and diversity?
● Inclusion is where people’s differences are valued and used to enable everyone to thrive at
work. An inclusive environment is one in which everyone feels they belong without having
to behave in a certain way and are always made to feel that their contribution matters
whilst being able to perform to their full potential.
● Diversity is about recognising differences and acknowledging the benefit of having a range
of perspectives in the workplace.
Amiqus Resolution Ltd. is an Equal Opportunities Organisation and is committed to the
development of policies to provide for equality of opportunity in all aspects of its work. We will
work to ensure that all our services are provided in a way that promotes awareness of the rights
and needs of people from minority groups and enables all people to access them.
Amiqus Resolution Ltd. will take whatever steps are necessary including, if appropriate, use of the
disciplinary mechanisms laid out in the Disciplinary Policy and Procedure document, to enforce
the Policy. Amiqus have the right to action an immediate dismissal to any employee, client or
associate of Amiqus if they are found to be discriminatory against people from minority groups.

Pricing

Price
£30 a licence a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@amiqus.co. Tell them what format you need. It will help if you say what assistive technology you use.