Skip to main content

Help us improve the Digital Marketplace - send your feedback

Atlantic Data

Disclosures Manager - Disclosure and Barring Service (DBS) services

Atlantic Data's Disclosures service provides organizations with an online platform for processing, administering, and managing criminal record checks. This service connects directly to the DBS through its eBulk service. Disclosures Manager is highly configurable with a comprehensive suite of management tools to assist organisations to manage and oversee these checks.

Features

  • Comprehensive, online criminal record check system
  • Secure user access
  • Electronic record of applicant's identity check
  • Internal user and applicant dashboard to track DBS applications
  • Comprehensive management reports covering the entire process
  • Administrator functions and user-management
  • Flexible charging arrangements, including online billing
  • Comprehensive validation to ensure completeness and accuracy of DBS applications
  • Fast turnaround between submission and final result
  • Configuration options available, including API integration

Benefits

  • Advanced technical capability in processing DBS criminal record applications
  • Minimises application intervention
  • Available in other languages
  • Eligibility and Entitlement controls
  • in Screen Support Guidance for users
  • Supplementary background screening optional
  • Enhanced security
  • API Integration
  • Disclosure Scotland and DBS services approved

Pricing

£3.00 to £7.50 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud-enquiries@atlanticdata.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 3 3 2 9 2 1 6 6 0 0 0 6 5 5

Contact

Atlantic Data Client Services team
Telephone: 0333 320 7300
Email: gcloud-enquiries@atlanticdata.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Digital Identity and Right-to-Work Services
Other Background Screening Services
Cloud deployment model
Private cloud
Service constraints
None
System requirements
Service is accessible via any internet-enabled PC or device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Questions can be submitted via telephone, email or a built-in secure messaging facility.

An initial response to e-mails and messages is provided same working day. If the matter cannot be dealt with on the first contact, a priority approach is adopted whereby the most critical of technical issues are dealt with as a high priority.

The majority of queries relate to DBS processes such as new applicant data not matching previous application data held on record by the DBS.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
WCAG2.1AA compliance by testing against assistive technologies, such as JAWS Screen Reader and Zoom Text Screen Magnification software.
Onsite support
No
Support levels
Support for users of the Disclosures system is via a helpdesk and/or client relationship management team. Both of these support services are available 9am to 5pm. Each of these teams offer a level of technical support and are able to resolve the vast majority of technical issues. Specialist technical support is available via a priority-based ticketing system, which the helpdesk support advisers and relationship management team have access to.

Customers qualify for a dedicated account manager as primary contact for support. These customers are provided a unique email address and contact point.

Support is included in annual account maintenance fees.
Support available to third parties
No

Onboarding and offboarding

Getting started
Client User On-boarding is a pre-planned phase within all new client user start-ups or launches. Disclosures and Disclosures Manager is intuitive and is provided with short 3 step training and initiation program of videos. Onsite training is available. The service Quick Start Guide and video tutorials have proved highly successful and meet most organisations training requirements.

The Quick Start Guide is an online training module which takes users through the key functions of the system upon registration. Video tutorials provide more in-depth training on how to use key functionality within the system.

An additional Inline help service is available to users throughout the Disclosures system. This aspect provides additional support to users about important key considerations such as name history or middle names.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Certain Disclosures reports allows users to extract data at the end of the contract using the API feature. Otherwise this can be managed by Atlantic Data on behalf of its customers.
End-of-contract process
The off-boarding process is largely straightforward. Atlantic Data will work with the organisation to establish a project requirement and timetable to agree any required actions as part of the transition.

If a clients require Atlantic Data to consult or liaise with a new supplier at the end of the contract period, its reasonable costs of doing so would also be agreed with the customer in advance.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Disclosures Manager works on mobile devices with no difference in functionality.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Disclosures is accessible using an internet connection. Authorised users use their login credential together with Dual Factor Authentication security. Senior Client Administrators are able to set Access role rights and permissions i.e. initiating new DBS checks, I.D. check, to access management information and reports relevant to their area of responsibility.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
One of Atlantic Data's key clients is a national disability charity, providing support and services to blind and partially sighted people across the UK, through the provision of guide dogs, mobility and other rehabilitation services. This national charity provided vital assistance to oversee Disclosures' WCAG2.1AA compliance, and by testing against assistive technologies, such as JAWS Screen Reader and Zoom Text Screen Magnification software.
API
Yes
What users can and can't do using the API
Disclosures offers API Integration. The API allows users to carry out a range of activities with 3rd party systems e.g.:
- initiating a DBS application invitation
- updating shared information
- DBS application status information
- cancellation applications

Atlantic Data is also able to deliver alternative integration solutions, using most technical methods - SFTPS, SQL access and SOAP and REST API's.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The Disclosures Manager service, can be configured to suit the customers' requirements. Customisable aspects are varied, but include:
- job role descriptions specific to the organisation's requirements
- combinations and levels of DBS checks to suit the customer's needs
- users configured within a structure of departments, branches and divisions to reflect the customer's own corporate structure, or physical network of offices.
- an application/information flow which suits the customer's own business processes
- a variety of I.D. check options, including outsourcing to 3rd parties, such as the Post Office
- tailored reports and export data, such as financial information
- corporate branding
- integration with customers' own/third party systems

Scaling

Independence of resources
Atlantic Data is an IT services organisation with a full technical and IT capability. Atlantic Data supports it own IT server network and infrastructure with a full DR capability. Each client is maintained on their own dedicated virtual instance within Atlantic's cloud service. using Tier one connectivity Atlantic has a proven record on 99% uptime. Dynamic load and resource management enables our IT division to maintain a highly scalable resource centre.

This level of infrastructure enables clients and service users to receive consistent high levels of service accessibly.

Analytics

Service usage metrics
Yes
Metrics types
Disclosures has a suite of management reports which allow users to track applications, as well as obtain useful MI regarding the organisations Disclosure applications.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The export of data can be achieved in a number of ways. Typically through an API . Bespoke versions of Disclosures contain a customised export facility with fields of data specifically agreed with the customer.

Otherwise this can be managed by Atlantic Data on behalf of its customers.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Atlantic Data makes a service level commitment to its clients which guarantees that its online and support services will be available to users between 9am and 5pm. In practice though, the online aspects of the Disclosures system are available 24 hours a day 7 days a week. Disclosures users benefit from a system which boasts in excess of 99% uptime.
Approach to resilience
As an ISO 27001-certified organisation for IT security management systems, Atlantic Data implements robust measures to ensure resilience. Such measures include SLAs, disaster recovery and business continuity planning, and historic performance demonstrates an uptime in excess of 99%.

Further information about the resilience of Atlantic Data's systems are available on request.
Outage reporting
Atlantic Data maintains a log management service policy. As a part of internal framework authorised systems administrators review the audit trail logs daily. These logs capture and store reports in a centralised log analyser, which proactively triggers alerts on suspicious activity and authentication failures. Root cause analysis processes and procedures address potential security threats and incidents that may occur and appropriate corrective action is taken to address and prevent further occurrences.

Where necessary, outages are reported to affected customers via a combination of system messages, public dashboard, email alerts and personal client relationship contact.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Atlantic Data maintains an access control policy, which details the segregation of duties and ensures the confidentiality and integrity of data by restricting access only to authorised personnel.

User access is granted only after a formal authorisation process. Most Disclosures systems adopt a role-based access principle. All access is provided by creating unique user credentials which helps in audit trails.
The service is configured with multiple levels of privileges based on the roles, which ensures the confidentiality of the data by segregation of duties.

Support services are provided by utilising registered user passwords.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Standards Institution
ISO/IEC 27001 accreditation date
28/01/2022 (01/02/2007 was the orginal accreditation)
What the ISO/IEC 27001 doesn’t cover
The certification covers business process outsourcing services, software development and support, client administration, customer support, DBS umbrella body services, compliance with UK data protection legislation, eBulk services, hosting and web services, support functions such as legal, IT, administration and facilities.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self-certificated
PCI DSS accreditation date
3 April 2020
What the PCI DSS doesn’t cover
Current Attestation is for PCI level 4
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
ISO 27001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Atlantic Data is ISO 27001-certified. Some of the security measures in place are as follows:-
clear desk and clear screen policy, restricted physical access within the premises to authorised personnel, shred/disposal of sensitive data policies, password policy, physical and environmental controls (e.g. biometric access doors and RFID), encryption of data in transit and at rest, firewall policy, visitor management processes and an annual IT health check.

In addition to the above, Atlantic Data has an internal security forum, with representation at board level, to review regular updates on security on a periodic basis and monitor compliance with policies and process.

Compliance with policies and processes is also ensured through rigorous training, internal and external audits.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes to Atlantic Data's Disclosures systems invariably stem from one of three main sources 1. Changes initiated by a change in process by the DBS; 2. changes requested by the client; 3. changes/modifications/upgrades to the system initiated by Atlantic Data.

In any of these cases, Atlantic Data follows a strict change management process as part of its ISO controls. This includes robust tracking and monitoring of all change requests. Before being deployed to a live environment, any changes are tested in a staging environment for QA and assessed for risks, such as any potential impact on security.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Atlantic Data has an Internal Security Forum which regularly reviews updates on security. All systems and the environments they are hosted on are regularly reviewed. Independent IT health checks are conducted and appropriate fixes are applied. The workstation environment is also patched regularly to address vulnerabilities.

The IT perimeter is secured using the EAL4+-compliant UTM which acts as the IPS system. The production systems are configured using iptables, firewall, TCP wrappers and application firewalls. All these systems report to a centralised log analyser, which records an audit trail of any incident and triggers alerts on suspicious activity to authorised personnel.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Atlantic Data carries out protective monitoring via a centralised log analyser. This allows authorised systems administrators to review logs on a daily basis. The analyser proactively triggers alerts on any suspicious activity or authentication failures. A root cause analysis process ensures that in the event of any security incidents appropriate and timely corrective action is taken to correct that instances and prevent any future occurrence. Incidents are address immediately.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Atlantic Data's disaster recovery plan and business continuity plans define the processes necessary for the effective restoration/recovery of critical functions. The plans detail strategies for business recovery, plans in the event of communication failure, testing, key employee contact lists, and vendors' emergency contacts. The RTO for IT infrastructure, data and client support is 24 hours.

A back-up site is isolated from Atlantic Data's primary location on a TIER 4 datacentre with the same level of security controls and resilience as the primary. The DR site is a mirror of the production set up and capable of the shortest of RPO.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
The Disclosures and Barring Service's e-Bulk network

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Wherever possible Atlantic Data will employ an approach that aims to deliver additional environmental benefits in the performance of the contract, including working towards net zero greenhouse gas emissions, influencing staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.

Covid-19 recovery

Wherever possible Atlantic Data will endeavour to adopt activities that, in the delivery of the contract create employment, re-training and other return to work opportunities for those left unemployed by COVID-19; to support people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding. Where it can, Atlantic Data will also support organisations and businesses to manage and recover from the impacts of COVID-19. It will also support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services, improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, and sustainable travel solutions.

Tackling economic inequality

Wherever possible Atlantic Data will endeavour to adopt activities that, in the delivery of the contract: - Create opportunities for entrepreneurship and help new, small organisations to grow, supporting economic growth and business creation. - Create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas. - Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors. - Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications. - Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.

Equal opportunity

In its effort to reduce the disability employment gap Atlantic Data will endeavour wherever possible to adopt activities that: - Demonstrate action to increase the representation of disabled people in the contract workforce. - Support disabled people in developing new skills relevant to the contract, including through training schemes. - Influence staff, suppliers, customers and communities through the delivery of the contract to support disabled people. In order to help tackle workforce inequality, Atlantic Data will carry out activities that: - Demonstrate action to identify and tackle inequality in employment, skills and pay in the contract workforce. - Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract. - Demonstrate action to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain.

Wellbeing

In delivering the service Atlantic Data will endeavour to carry out activities that: - Demonstrate action to support the health and wellbeing, including physical and mental health, in the contract workforce. - Influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.

Pricing

Price
£3.00 to £7.50 a transaction
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud-enquiries@atlanticdata.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.