Fluxus

AI Hiring Assistant Tool

AI-powered HR tool that matches CVs to job specs, identifying strengths and weaknesses. Generates tailored interview questions to test assumptions, saving time and ensuring fair assessment. Simplifies hiring processes for informed decisions.

Features

• CV-to-job specification matching
• Candidate strength and weakness identification
• Tailored interview question generation
• Interview preparation guidance
• Time-saving automation
• Bias reduction and fair assessment
• Future-proof with planned enhancements
• Intuitive user interface
• Secure data handling
• Scalable for various recruitment needs

Benefits

• Streamlined recruitment process
• Improved interview effectiveness
• Reduced time spent on preparation
• Consistent and fair candidate evaluation
• Increased hiring efficiency
• Better-informed decision-making
• Enhanced candidate experience
• Adaptable to future recruitment trends
• Easy to use and implement
• Peace of mind with data security

£150 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@fluxus.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

719931980896699

Contact

Django Beatty
01392581040
info@fluxus.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The AI-powered HR tool is a cloud-based software service, accessible via web browsers. No specific hardware configurations are required. The service is designed for high availability, with minimal planned maintenance downtime. In the event of necessary maintenance, users will be notified in advance. Support is provided during standard business hours, Monday to Friday. The service is scalable, but performance may be affected by factors such as internet connection speed and the volume of data being processed. Data security is a top priority, with encryption and secure storage measures in place.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 48 hrs, Mon-Fri.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support is by email during UK office hours Mon-Fri. UK-based TAM available on request, on site or remote. If support is critical we have a 3rd party partner based in EU who can provide fully technical support at various levels up to 24/7 by phone.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users get started with our tool, we provide comprehensive user documentation and online resources. Our user guide includes step-by-step instructions to help users quickly familiarize themselves with the service and its features. Additionally, we offer a dedicated support team that is readily available to answer any questions and provide guidance via email or chat. While we don't offer onsite or extensive online training due to the service's simplicity and intuitive interface, we are committed to ensuring that our users have all the necessary resources to effectively leverage our tool and derive valuable insights from day one.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At contract end, users can request to extract their stored reports and data from our service. We prioritize data ownership and strive to make the process smooth.; ; Users initiate data extraction by contacting our support team, who will guide them through the process. We compile all the user's reports and data from our S3 storage and provide them in a secure, industry-standard format within a reasonable timeframe.; ; We work closely with users to ensure all relevant data is included and the process is completed satisfactorily. We provide confirmation once the data is successfully transferred and securely deleted from our systems, per our data retention policies.
• End-of-contract process: At the end of the contract, users can request to extract their stored reports and data from our service. Our support team will assist in compiling and providing the data in a secure, industry-standard format. We will ensure all relevant data is included, transferred successfully, and securely deleted from our systems per our data retention policies.; ; The price of the contract includes access to the tool, generating reports, and storing reports where the user opts for this feature.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: While the core functionality remains the same, the mobile version may have some minor layout adjustments to optimize the display of information on smaller screens. For example, reports may be presented in a more compact format, and some interactive elements may be streamlined for touch-based interactions.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The AI-powered HR tool has a user-friendly web-based interface, accessible through web browsers without additional software. Users can easily upload job specifications and candidate CVs in various formats. The interface displays the results of the CV-to-job matching process, highlighting candidate strengths and weaknesses. Generated interview questions are presented clearly, with guidance on what to listen for. A dashboard provides an overview of the recruitment process, displaying key metrics and candidate status. The interface will be updated seamlessly as new features are added, ensuring a consistent and user-friendly experience.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: As a new service, we have not yet conducted extensive testing with users of assistive technology. However, we are committed to ensuring accessibility and inclusivity. Our interface is built using Bootstrap, which is known for its adherence to WCAG 2.1 AA standards. Moving forward, we plan to conduct thorough testing with users of various assistive technologies to ensure compliance with WCAG 2.1 AAA. We will follow best practices for accessible design, including proper use of semantic HTML, ARIA attributes, and clear text alternatives. We are dedicated to providing an inclusive and user-friendly experience for all users.
• API: Yes
• What users can and can't do using the API: Standard REST API accessible via AWS API Gateway.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We can do a white labelled version of this which will allow you to customise the look and feel of the interface. (We can also consider adding new features as a bespoke customisation where feasible.)

Scaling

• Independence of resources: Our serverless architecture provides independent resources for each user request.

Analytics

• Service usage metrics: Yes
• Metrics types: We monitor the following, which might be shared via dashboard with advanced users.; - Requests; - Performance (speed); - Tokens; - Quality (using internal benchmarks); - System health
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: As well as self service downloading of stored generated reports, users can export their data by contacting our support team, who will assist them in compiling and securely transferring their stored reports and associated data in an industry-standard format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: As per AWS standard for API Gateway. Currently: Monthly Uptime Percentage Less than 99.95% but greater than or equal to 99.0% Service Credit Percentage 10% Monthly Uptime Percentage Less than 99.0% but greater than or equal to 95.0% Service Credit Percentage 25% Monthly Uptime Percentage Less than 95.0% Service Credit Percentage 100%
• Approach to resilience: Available on request. (12-factor architecture adherent to AWS well-architected framework.)
• Outage reporting: Dashboard and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted to authorized personnel only. We follow the principle of least privilege, granting access based on job roles and responsibilities. Multi-factor authentication is enforced for all user accounts. Access rights are regularly reviewed and updated to ensure they remain appropriate. Support channels, such as email and chat systems, are secured and monitored. Communication through these channels is encrypted to protect sensitive information. We maintain strict access control policies and procedures, which are regularly audited to ensure compliance and effectiveness.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Principles: Customer Data Ownership Data Quality Data Security Data Sharing (GDPR compliant) Consistent Data Definitions Roles and Responsibilities: Data Governance Committee: Policy enforcement and issue resolution Employees: Preserve customer data security, integrity, and privacy
• Information security policies and processes: We prioritize data security and privacy with these key processes: Secure development: Implement secure coding, encryption, and regular updates. Access control: Use least privilege principle, strong authentication, and regular permission reviews. Data backup and disaster recovery: Regularly backup data and establish a recovery plan. Incident response: Develop a plan and designate a team to manage security incidents. Employee training: Train staff on data security and GDPR requirements. Vendor management: Vet and monitor third-party vendors for GDPR compliance and security. Data Protection Impact Assessments: Conduct DPIAs for high-risk processing activities. Consent management: Obtain explicit customer consent and provide preference management. Data retention and deletion: Establish retention policies and secure deletion processes. Regular audits and assessments: Perform security audits and risk assessments to identify and address vulnerabilities.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Maintain a centralized inventory of all service components, including AWS resources, models, and configurations. Use version control and unique identifiers to track changes throughout the component lifecycle. Implement a formal change management process with documented procedures for proposing, reviewing, approving, and implementing changes. Conduct security impact assessments for all proposed changes, evaluating risks and potential vulnerabilities. Use infrastructure as code (IaC) and automated deployment pipelines to ensure consistent and auditable changes. Regularly review and update the inventory and change management processes to maintain accuracy and effectiveness.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We prioritize the security of data in our hosted custom private LLMs. We leverage the fully managed AWS serverless platform and adhere to strict vulnerability management processes. These include secure configuration management, continuous monitoring using AWS native security services, and regular updates of dependencies. We implement rigorous access control measures and encrypt all data at rest and in transit. We assess the security practices of integrated third-party services and have a comprehensive incident response plan. By focusing on these key areas, we ensure the ongoing protection of data within our serverless environment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We employ protective monitoring processes to safeguard data in its hosted custom private LLMs. AWS security services continuously monitor the serverless environment, automatically identifying potential compromises in real-time. Upon detection, the incident response team is alerted and initiates an investigation following a defined plan. The team contains the issue, assesses the impact, and implements mitigation measures. Critical incidents are responded to within 60 minutes, with the team working to resolve the issue and restore data security. The company prioritizes swift action and effective communication throughout the process to minimize potential harm and keep stakeholders informed.
• Incident management type: Supplier-defined controls
• Incident management approach: Pre-defined procedures are in place for common events, ensuring a consistent and efficient response. Users can report incidents via email, which is monitored by the incident response team. The team assesses the incident, determines its severity, and follows the appropriate response plan. Throughout the incident lifecycle, the team provides regular updates to stakeholders via email. Once the incident is resolved, a comprehensive report is generated, detailing the cause, impact, and remediation steps taken. The report is shared with relevant parties for transparency and future prevention.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our AI-powered HR tool promotes equal opportunity and tackles economic inequality by reducing unconscious bias in recruitment. The service objectively analyzes candidate CVs against job specifications, focusing on qualifications and experience rather than personal characteristics. Generated interview questions help employers focus on relevant skills, ensuring fair evaluation. By streamlining the hiring process, the tool reduces time and costs, benefiting small and medium-sized enterprises and contributing to economic growth. Future features like candidate skill matching and personalized career guidance will further support professional development, promoting economic equality and wellbeing.

Pricing

• Price: £150 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Single user for assessment purposes only.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@fluxus.io. Tell them what format you need. It will help if you say what assistive technology you use.