Amiqus
Amiqus are the UK's most trusted compliance and onboarding platform supporting the public sector at scale. Conduct pre-employment vetting and enable staff passporting.
Amiqus delivers UK Government accredited ID verification and a centralised end to end candidate and user experience, converting hours of paper-based admin into minutes of online compliance.
Features
- Read E-Passports and check liveness digitally
- UK Home office accredited Digital Right to Work checks
- Politically exposed persons screening, sanctions lists and adverse media checks
- Credit report, identity and criminal record checks
- Secure document management: send, receive and store client/employee documents
- Check company directors, ownership and control
- User access levels help manage team responsibilities
- Assignee workflow helps teams to manage their tasks
- Activity logging and notification updates
- Utilise two-factor authentication for greater account security
Benefits
- Keep candidate and employee data safe
- Use via browser - no downloads or installations
- Turn hours of paper-based admin into minutes of online compliance
- Demonstrate compliance to regulators and auditors
- Single point of access to a range of compliance checks
- Conduct checks remotely or in person
- Record internal decision making with platforms audit trail
- Simplify and speed up onboarding for clients and employees
- Fully compliant with EU anti-money laundering requirements
- Customise forms and messages to be sent alongside requests
Pricing
£30 a licence a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 4 5 3 1 6 6 5 0 7 4 8 6 3 8
Contact
Amiqus Resolution Limited
sales@amiqus.co
Telephone: 0131 5139757
Email: sales@amiqus.co
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No constraints
- System requirements
-
- Requires a connection to the Internet
- Requires an Amiqus license to cover individual users
- Requires that the user purchase credits upfront to conduct checks
- Recommended to use the latest version of browser
- Requires App download for E-Passport verification
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We endeavour to respond to queries as soon as is reasonably possible. Our official response time is one business day within the hours of 09:00 - 17:00 Monday to Friday. Weekends excluded.
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Access for users and data subjects to the web chat is available from within the browser application, the widget is located in the bottom right hand corner of the screen. The options will navigate to our FAQ support section or to raise a support ticket.
- Web chat accessibility testing
- No testing with assistive technology users has been conducted. This will be part of future work around the product.
- Onsite support
- Yes, at extra cost
- Support levels
-
Amiqus uses commercially reasonable endeavours to make the service available 24 hours a day, seven days a week except when planned maintenance is required.
The cost of our support services is included within the license fees, our pricing can be viewed at the www.amiqus.co/pricing.
Should technical integration be required, the level of support will be dependent on the scope of the project.
We would provide a technical account manager or cloud support engineer where applicable and dependent on size of contract. Enterprise customers have a dedicated account manager and technical integrations will be supported by engineers. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We work hard to make our onboarding process as frictionless as possible.
Step 1: due diligence |
Due diligence is required for clients running identity checks or credit reports. This requires customers to provide basic information and update their privacy policies. Lead time is ~10 working days
If identity checks or credit reports are not required, the due diligence process is reduced to ~2 working days.
Step 2: account set up |
Amiqus account managers work closely with customers to ensure their account is correctly configured for use.This includes adding team members and assigning relevant permissions and utilising workflows and templates to increase efficiency.
Step 3: process implementation and training |
Amiqus complete training, onsite or online, to ensure customers are confident using the system and to help implement Amiqus within wider team or organisational processes.
Step 4: ongoing support |
Useful content is provided to customers throughout the duration of the relationship, with increased frequency during the first 8 weeks of product use, designed to help users tackle common tasks and answer frequently asked questions.
A help centre is available for users:https://help.amiqus.co/
Ongoing support is provided within the product (web chat) and via email. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
Amiqus clients |
As per UK GDPR, Amiqus acts as the data processor with our customers assuming the role of the data controller. Amiqus customers can request to extract their data from Amqus, available in CSV or JSON format at any time.
Data subjects |
Data subjects are the customers or employees of Amiqus clients. Data subjects data is stored by Amiqus and made available to the Amiqus client until a time when asked to remove it.
Data subjects have a right to access, rectify or erase this information by contacting the organisation requesting the information (the Amiqus client). - End-of-contract process
-
Clients can cease using the Amiqus platform, with four weeks prior notice.
Licence fees are calculated as a monthly cost. Credits, required to run compliance checks, are purchased and used on a 'pay as you go' basis.
Data is extracted and supplied to the customer at their request.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There is no difference functionality wise between the two.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- Yes
- What users can and can't do using the API
-
Amiqus create an API client for the customer. The customer uses the API client to authorise their application using OAuth 2.0.
The API allows applications to create, update and get people, organisations and requests. It can also create, update, get and delete webhooks.
Customers are provided with a “test” team on production where they are assigned an example check type, allowing them to test their application without incurring costs or running real checks on real people.
The API does not allow user or team management, nor API management. Both of which must be managed via the Amiqus browser application. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Buyers can build in their own messaging/logos/templates to interact with their candidates.
They can also customise forms and documents to gather or share information as required
Scaling
- Independence of resources
-
Amiqus and its infrastructure use load balancing and auto-scaling techniques so that the service is spread evenly over the available computing resources, this also ensures that the service remains unaffected during high traffic periods by provisioning more resources when necessary.
As part of our onboarding process, Amiqus will work with the client to fully understand their current and future usage patterns in order to maintain the agreed level of service.
Analytics
- Service usage metrics
- Yes
- Metrics types
- A 'Dashboard' view is available within Amiqus and utilises usage metrics. Usage metrics are available as read only and can be personalised, allowing the user to save a preferred view based on their chosen dataset(s). Usage metrics in Amiqus show the status of requests sent, providing users with a clear overview of the status of all requests within their account.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Disclosure Scotland, DBS, TransUnion, Equifax, ComplyAdvantage, Onfido, Truelayer
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data will be displayed within the browser but can be downloaded in report format as a PDF for reference.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- JSON
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
-
Data is encrypted at rest using the AWS native encryption algorithms and at each stage of the verification process using modern ciphers.
All traffic within the AWS virtual private cloud is encrypted by default and segregated from other customers' infrastructure.
Availability and resilience
- Guaranteed availability
- Amiqus shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except when any planned maintenance is required. The Client shall be given notice by email of any such planned maintenance, we make a concerted effort to schedule downtime out with normal operating hours. Services typically run at around 99% availability.
- Approach to resilience
- Our service is deployed within the EU-West-1 region of the AWS global infrastructure and is spread across multiple availability zones within the region. This means that the service operates from two geographically separated data centres for maximum redundancy. Additionally, due to the nature of our deployment strategy we are capable of launching the service from any region within a short space of time, with our selected backup region being EU-WEST-2.
- Outage reporting
- Notification provided by email in the event of any planned maintenance. Users are informed of any interruption to service by internal messaging system within platform.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Access and searching of accounts / client data is tightly restricted to only the authorised user with enforced password standards, activity reporting and account throttling. All passwords are user generated and hashed using SHA-512 with 10,0000+ rounds and a 32 byte salt of random data. Internal temporary access to user accounts / client data by Amiqus staff is only possible through internal permissions set on a firm by firm basis by account users for purposes of resolving a technical or support query.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Alcumus ISOQAR
- ISO/IEC 27001 accreditation date
- 10/04/2018
- What the ISO/IEC 27001 doesn’t cover
- Controls A.11.1.6 (physical delivery and loading areas) and A.14.2.7 (outsourced development) are out of scope and had been excluded from audit review.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We follow ISO27001:13 best practice, which ensures that we comply to various regulations regarding data protection, privacy, risk and IT governance.
Information is at the heart of our business and any threat to its confidentiality, integrity, or availability is a direct threat to our business. Information security applies to and is the responsibility of all our staff. All new starts receive mandatory training to review Amiqus' information security standards and their obligations under such framework. All employees are required to sign an acknowledgement of security awareness training and non-disclosure agreement.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
An extensive Information Security Manual articulates the business' approach to information security management. Configuration and change management processes are reviewed at regular intervals.
All changes to infrastructure are handled by using Hashicorp Terraform. The source code for these services is held within private Git repositories on Github and deployed using Jenkins. From inception to deployment all infrastructure and application code is made through Github pull requests and manually and approved by a senior member of our engineering team. This makes sure that all inconsistencies are spotted and can be traced back to their source to be fixed. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Through a combination of an incident log, risk register and vulnerability scanning of both end devices and our infrastructure. Our end user devices are configured to automatically install relevant OS updates and staff are instructed to do so with all relevant software installed.
From an application standpoint we identify vulnerabilities via penetration testing, vulnerabilities are scored and high level ones are actioned as soon as possible with the less severe being added to the backlog. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
We have an end-to-end monitoring solution in place using Sensu to monitor processes on the server and also to monitor our provider’s endpoints from the application. We have AWS Cloudwatch monitoring and alerting on specific parts of the estate.
We monitor the health of the AWS infrastructure using their CloudTrail and GuardDuty products which alert the security operations team if there are unexpected/irregular actions taking place within our infrastructure accounts.
If we’re alerted to a high risk compromise, our DevOps team begins immediate investigation to determine how serious the breach is and to immediately mitigate / fix. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- A robust Incident Management procedure is in place to ensure a quick, effective and orderly response to information security incidents that ensures appropriate corrective or preventive actions, restores normal operations as quickly as possible and ensures that improvement opportunities are identified and acted upon. Evidence is collected for all information security incidents and is retained and presented for regular review.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Other
- Other public sector networks
-
- The Home Office (Disclosure and Barring Service)
- Disclosure Scotland
- Companies House
Social Value
- Equal opportunity
-
Equal opportunity
Policy Statement
Amiqus Resolution Ltd. fully accepts and welcomes that society consists of many diverse groups
and individuals and this diversity is an asset to the community. We also recognise that certain
groups and individuals are discriminated against and we are strongly opposed to this. We
recognise that we have a moral and legal responsibility to promote equal opportunities and we will
pursue equality in all of our work.
This document has been prepared to set out Amiqus Resolution’s commitment and as a statement
of its intent. The Policy will be reviewed annually to ensure effective implementation.
What is inclusion and diversity?
● Inclusion is where people’s differences are valued and used to enable everyone to thrive at
work. An inclusive environment is one in which everyone feels they belong without having
to behave in a certain way and are always made to feel that their contribution matters
whilst being able to perform to their full potential.
● Diversity is about recognising differences and acknowledging the benefit of having a range
of perspectives in the workplace.
Amiqus Resolution Ltd. is an Equal Opportunities Organisation and is committed to the
development of policies to provide for equality of opportunity in all aspects of its work. We will
work to ensure that all our services are provided in a way that promotes awareness of the rights
and needs of people from minority groups and enables all people to access them.
Amiqus Resolution Ltd. will take whatever steps are necessary including, if appropriate, use of the
disciplinary mechanisms laid out in the Disciplinary Policy and Procedure document, to enforce
the Policy. Amiqus have the right to action an immediate dismissal to any employee, client or
associate of Amiqus if they are found to be discriminatory against people from minority groups.
Pricing
- Price
- £30 a licence a month
- Discount for educational organisations
- No
- Free trial available
- No