SECURE SCREENING SERVICES LTD

Employment and background screening & Vetting

SAAS provider of employee screening services.
DBS, BPSS & BS7858 specialist screener

Features

digital, screening, cloud, realtime reporting, DBS, BPSS, BS7858

Benefits

remote, 1 workflow, multi platform

£18.00 to £38.00 a transaction

Education pricing available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lee.weightman@securescreeningservices.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

SECURE SCREENING SERVICES LTD Lee Weightman
Telephone: 01243767868
Email: lee.weightman@securescreeningservices.com

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: None
System requirements: Mobile device, laptop, desktop

User support

Email or online ticketing support: Email or online ticketing
Support response times: 2 hour email response
12 seconds wait time for Live Chat
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 A
Web chat accessibility testing: .
Onsite support: No
Support levels: 2hour response for email
12 seconds for live chat
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Customers can register an account directly from our website.
training and support provided post registration
Service documentation: No
End-of-contract data extraction: Reporting function allows customers to export candidate data
End-of-contract process: Customer will be engaged to discuss renewal and commercials

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: None
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: Built in web app
Accessibility standards: WCAG 2.1 A
Accessibility testing: .
API: Yes
What users can and can't do using the API: Users can access system and process through API
Data capture and transfer to enable completed application form and results/reporting
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML

ODF

PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Customers can brand web portal to show own logo and company colours to ensure seamless screening process

Scaling

Independence of resources: Built in software resilience allows us to scale up/down based on volume

Analytics

Service usage metrics: Yes
Metrics types: Can be provided upon request
such as average screening times,
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Via built in reporting function
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.9% uptime for portal
All maintenance work carried out outside of normal working hours
Approach to resilience: AWS servers with build in disaster recovery
Outage reporting: Public Dashboard
API
Email Alerts

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication
Access restrictions in management interfaces and support channels: Users are aligned permissions in the portal that reflects data that can be accessed
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: NQA
ISO/IEC 27001 accreditation date: 13/09/2022
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: All security policies in line with ISO27001

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Configuration and change management in line with ISO27001
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Vulnerability management in line with ISO27001
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Monitoring in line with ISO27001
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: In line with ISO27001

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Pricing

Price: £18.00 to £38.00 a transaction
Discount for educational organisations: Yes
Free trial available: No

Service documents

Request an accessible format

Cookies on Digital Marketplace

Employment and background screening & Vetting

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents