GatenbySanderson Ltd

GatenbySanderson Competency based Applicant Tracking System (ATS)

End to end applicant tracking (ATS) system, deploying evidence based competency questions. Ideal for senior recruitment/assessment or high volume campaigns when targeting specific competencies. Ability to tailor to reflect organisational competencies / values. Configurable eligibility criteria to encourage self-selection. Dedicated, multi-user client portal with sift, candidate management and reporting tools.

Features

• Ability to assess candidates against organisational values or competencies
• Mobile responsive, branded website and URL
• Eligibility/killer question facility to encourage self-selection in or out
• Online CV & qualifications builder
• Word limit/count feature plus ‘Save and continue later’ feature
• Dedicated, secure portal providing end to end campaign management
• Online sift facility with individual and benchmark scoring system
• Randomisation of candidate answers capability to eliminate unconscious bias
• All monitoring data captured e.g. diversity, reportable at any stage
• Automated, customisable real time reporting, anonymised if required

Benefits

• Limited training required
• Reduced cost to hire increases internal efficiencies
• Encourages diversity and reduces possibilities for bias
• Brand building by providing a positive candidate experience
• Reduces processing risk for high profile/high value/high volume appointments
• System can be configured to suit your needs
• Intuitive design and navigation with clean, uncluttered interface
• Instant reporting to support internal review and monitoring
• Provides a transparent and fully auditable recruitment process
• Benchmark criteria can be configured

£1,500 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@gatenbysanderson.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

572630471101190

Contact

Charlotte Jourdon
07530 578920
tenders@gatenbysanderson.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: We keep service down-time to a minimum. If we need to schedule server maintenance, we display a prominent banner on all our websites, advising of maintenance for a minimum of 24 hours prior, and schedule maintenance for out-of-hours (generally after 11pm). We plan ahead to ensure we identify timeframes that avoid or minimise client or user disruption.
• System requirements: A modern web-browser with javascript enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within business hours 9am - 5.30pm weekdays, within a few days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We can offer a varied level of support depending upon the client requirements. This could relate to configuration options, customisation requirements or assistance relating to execution of activity. We provide a technical account manager and prices will be a cost per hour basis, dependent upon the seniority of personnel required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An account and project manager are assigned to each new client project. The project plan will include the process for launch. Configuration requires limited input from the client. The ATS is intuitive and no training is required for users. Telephone / online training support is available if needed. Post launch, the account team are available to answer any questions or provide support to ensure successful implementation of the system.
• Service documentation: No
• End-of-contract data extraction: At the end of any contract, we can provide CSV files of relevant data. Where individual data is required to be deleted, we retain anonymous, aggregate data for benchmarking and reporting purposes.
• End-of-contract process: At the end of the contract, we remove user access to the system and can provide csv data as required, as well as a copy of any website content.; ; We can continue to host the website and domain name if the client wishes at an annual cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Uses a responsive-html design that scales and re-layouts the design for mobile and tablet users.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: We offer two levels of customisation - our standard product offers customisation in terms of branding, site content and competency questions asked. Eligibility questions can also be tailored.; ; Additionally, at an extra cost, clients can request additional functionality or customisation to match the specific needs of their recruitment process. Custom reports are also available for data that needs to be presented in a particular format. ; ; Different levels of service support are also offered.; Branding; Content review; Report customisation

Scaling

• Independence of resources: We review each project to gauge expected load and determine whether separate server(s) are required or whether a shared server is more cost effective for the client. We routinely monitor the performance of server(s) and take appropriate action to negate any potential disruption.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a dedicated client portal where authorised users can access real time information, in terms of applicants numbers, scores/grades, progression of applicants, equal opportunities data collected as well as detailed questions we may ask applicants.; In addition, we provide Google analytics metrics for client branded microsites providing, user analysis, content, geography and other useful information that might inform future campaign strategies.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data submitted by candidates can only be accessed and/or modified by themselves (requiring a username and password) or within our administration system (requiring a username password). ; Passwords are encrypted with bcrypt hashing. ; Files (CV's etc) are not encrypted but are stored well outside of web-root and through access-control code so they can only be accessed by authorized users (the candidate for their own documents or by admin users).
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Applicant data can be exported as CSV files.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service commitment is 99.9% during standard office hours. If we fail to reach this level, we would consider the impact upon the client business and agree a level of compensation based upon refunding monthly subscription charges
• Approach to resilience: Daily backups of the RDS are taken daily and retained for 30 days. Our deployment process is also automated so in the event of failure we are able to restore environments in a short period of time. Our service is also monitored to detect any suspicious activity or high traffic volumes.
• Outage reporting: For any outages, we would promptly contact affected clients by telephone or email (depending on time and severity). Public notification would be via our twitter account, and if possible our website(s). ; ; Once an outage has been resolved we will investigate the cause and provide an explanation of what happened, with a timeline, and what changes we will be making to avoid a similar outage in future.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We have a separate internal administration system, currently this is username/password based (with password strength enforced with 'zxcvbn'). Some parts of the system currently require a signed client-side certificate to view.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 25/10/2022
• What the ISO/IEC 27001 doesn’t cover: A.14.2.7 Outsourced Development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials + Certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials + Certified; ISO27001 and ISO27701
• Information security policies and processes: We have Data Protection and Data Security Policies that form part of each employee's formal induction process as well as maintaining an ongoing risk register. We formally record when induction modules are complete. Additionally, we communicate any ongoing requirements to protect ourselves from vulnerabilities. This includes reminders about the use and care of laptops and mobiles also the importance of password security.; ; More formally, colleagues are warned of the potential disciplinary action of failing to adhere to these policies and procedures which could result in the termination of employment. As soon as colleagues leave the business, we terminate access rights and delete accounts.; ; All admin pages and logins are via HTTPS and we use HSTS and public-key-pinning to protect and warn users against attempted man-in-the-middle attacks/insecure internet connections.; ; Our policies include:; Cyber security and Data Protection Policy; IT Security Standard; Acceptable Use Standard; Physical Security Standard; Data Security Standard; Risk Management Standard; Incident Management Standard; 3rd Party Supplier Due Diligence; Joiner, Mover, Leaver Process

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests and bug reports are directed to defined product owners who evaluate, prioritise and document changes adding them to product backlogs, which are then scheduled into the development cycle.; ; Code is versioned and branched in a git repository, following the Git-Flow practice of feature branches pull-requested into a develop branch, and releases performed on the master branch. Merges into develop and master branches (and deployment to servers) are restricted to the head of development. Testing is performed on the developers own machines (using virtual machines) and on a staging server before deployment to live servers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We pro-actively gather information on potential threats from email subscriptions to http://cve.mitre.org & https://www.us-cert.gov/ncas/alerts , along with regular checks of https://www.reddit.com/r/netsec.; ; New alerts are assessed for whether they affect us, For deployment we automatically apply patches to servers on a regular basis to resolve any exploits. If there is a way of mitigating against them (eg rewrite-rules, config changes) we will apply protection to the servers ourselves asap. We will then audit servers to confirm that the exploit had not been used against us.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In terms of our web server, AWS provide us with the monitoring capabilities to monitor access to the servers and inform us immediately if they see any suspicious behaviour. We routinely audit server logins and server errors to identify suspicious behaviour.; ; We are registered with relevant news sites/forums that quickly identify vulnerabilities. We have a fast action response where the Head of Development will allocate and oversee resource to close off any vulnerabilities.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents via phone & email and these are forwarded directly to the Development team.; ; We deploy the Development team to investigate incidents, exploits or areas of vulnerability and whether a breach as occurred. Vulnerabilities are closed. We have a central breach register, which documents a formal communications plan to inform individuals, organisations and regulators of the potential compromise. ; ; Breaches of security are formally reported at Board Level and documented in monthly board reports. Remedial action required is agreed and executed within specific timeframes. Learnings are documented and any change to best practice implemented.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Being fully online, our tool supports paperless working and lowered carbon emissions as no travel is involved. As an organisation, GatenbySanderson is committed to minimising any negative effects that our business and facilities may have on the environment. We have our own Carbon Reduction Plan in place, and other initiatives include: ; ; Online client reporting (rather than paper-based) and reduced fees to those clients who use this method. ; ; Video conferencing to significantly reduce internal travel. ; ; Movement sensitive lights in meeting rooms and within our main office areas. ; ; Recycling of paper, cardboard plastic and tin. ; ; Our company policy is for staff to use public transport wherever possible. Our offices are purposely close to major railway stations.

  Covid-19 recovery

  Our tool can be incorporated into Covid-19 recovery plans, as it is fully secure online and remote delivery, providing all users with ease of access no matter their shielding status, caring arrangements, or working pattern.

  Tackling economic inequality

  GatenbySanderson works exclusively within the public sector and our purpose is to ‘help shape a better society’ through our work at local level to bring the best talent into communities. Many of our roles revolve around economic development, enterprise and social cohesion and we are experts in these areas. As an advisory business, we have a small number of suppliers and aim, wherever possible, to use local ethical businesses based close to our offices. We conduct due diligence on our supply chain and are compliant with the Modern Slavery Act. As an organisation, we recognise the importance of data security and risk management to supply chain security, and are Cyber Essentials + Certified (ISO27001 and ISO27701), with all colleagues at GS receiving significant training on cyber safety and using two-factor authentication. ; ; Each member of staff can utilise two working days to participate in community causes. We also promote opportunities centrally to encourage staff to make full use of these opportunities, and as an organisation we select a ‘charity of the year’ to fundraise for. We encourage colleagues to volunteer at local schools, running mock interviews, to support student development and prepare them for HE or life after school, no matter their background.

  Equal opportunity

  GS is a diverse and inclusive organisation, with an extensive programme of diversity training across the organisation, spearheaded by a dedicated Head of Diversity and Inclusion. We are proud to be a Disability Champion, signed up to the Halo Code and Race at Work Charter, and with four thriving affinity groups: Women, Race, LGBT+, and Disability. Each group have their own Chairs and Exec Sponsors, along with frequent collaboration with HR and Marketing to support and engage the wider GS community and advise on our policies and processes. Our level of engagement across the organisation through a number of forums has aided us in achieving our GOLD Investors in People Award.; ; Though fully online, this does not mean that those with less technological experience are at a disadvantage using our tools, as our friendly and knowledgeable project co-ordination team have significant experience troubleshooting and walking users through the process if needed. We similarly have experience in advising on reasonable adjustments as and when required. ; ; Utilising our system for online application forms / competency questions can ensure that your application system is inclusive, accessible and supported by a dedicated team. We can discuss your bespoke requirements and customise these as needed, providing advice on appropriateness and usefulness of options/questions you bring forward if requested, as well as utilising our expertise in formulating inclusive and clear communications.

  Wellbeing

  As an organisation, we encourage everyone to be a leader of ‘self’ and make working at GS work for them, with fully agile working policies and mobile working contracts. We do not engage in any zero-hours contracts and pay close attention to mental health and wellbeing, with our number of accredited Mental Health First Aiders above the suggested level.

Pricing

• Price: £1,500 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@gatenbysanderson.com. Tell them what format you need. It will help if you say what assistive technology you use.