INKERMAN (GROUP) LIMITED

Employee verification and screening - human resources and employee management

Pre-employment checks, security screening and verification of staff and employees

Features

• Remote access to screening platforms
• Updated in real-time
• Efficient user interface
• Available 24/7
• Comprehensive management of data
• Security of personal data - GDPR
• Cross-verification of data and information
• Identity verification and supporting documentation
• Right to Work employment checks on-line

Benefits

• Updated information available in real-time
• Access and manage data from any location
• 24/7 operational support to users
• Access information from multiple devices

£100.00 to £300.00 a user a 6 months

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at karen.englishby@inkerman.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

739745718094822

Contact

Karen Englishby
01233646940
karen.englishby@inkerman.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No - any required maintenance would be advised
• System requirements: None required

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Urgent requests within 1 hour of receipt.; Standard requests within 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Support levels are based on usage of software systems - so are provided online and / or by personal contact (telephone) to all end users.; Standard support costs are included in the overall service package price - so, no additional costs unless increased coverage or availability is required and are determined on a case-by-case basis on 'at cost' pricing.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Documentation on system usage and detailed guidelines for users.; Online training, webinars and meetings provided - including bespoke design for clients.; Trained and qualified staff available throughout the period of service delivery for ongoing assistance, advice and support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Microsoft Word
• End-of-contract data extraction: Either by transfer to alternative platform / format on request, dependent on technical specification requirements.; Download of data conducted to required format, generally Microsoft Excel or database.
• End-of-contract process: Standard contracts are based on all-inclusive pricing for service set-up, delivery, support, training, limited customisation / branding, reporting.; Additional costs could be attracted by any requirements for significant / premium customisation being requested.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Functionality and usage remain unchanged - interface is designed to be 'user friendly' in best way for alternative device access.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Some aspects of the service can be customised in terms of functionality (for example, which specific employment screening checks to include; re-branding to the buyer organisation's branding).; Customisation is managed and implementation by the Inkerman screening team direct and attracts an additional cost, depending on the nature of customisation required.

Scaling

• Independence of resources: Service usage is monitored on a regular basis.; Full redundancy of services is in place.; Service SLAs are agreed with users at start of contract and strictly adhered to.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of applicants in the system.; Status of applicants in the system.; Length of time application in process.; Progress of application from start to completion of screening process, including which aspects have been completed.; Tracking of status application vs timeline.; Performance against agreed service SLAs / KPIs.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All data at rest is stored on company servers, with robust physical access controls in place to both the building premises and the server room itself.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Within the system - transfer / export options.; Manual alternatives available as downloads and / or reporting documents
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: For all service components (except Account management): 100% 0800 hours to 1800 hours (Monday-Friday) excluding bank holidays.; ; Account management: 100% 0900 hours to 1700 hours (Monday-Friday) excluding bank holidays.; ; Subject to Planned Outages and Planned Maintenance all Services are available Monday-Friday 0800-1900 excluding bank holidays.; ; Planned Outages - The process for agreed planned outages is:; The Contractor’s initiated outages – other than in agreed emergency situations, the Contractor will provide no less than 5 working days’ notice to the Authority for any periods when the Services will not be available for planned outages.; ; Emergency Outage – the Contractor and the Authority will agree outages to take place at short notice.; ; Planned Maintenance : In order to fulfil its obligations the Contractor may require periods of time to perform maintenance to the Service. The Contractor will agree proposed maintenance opportunities with the Authority on a quarterly basis.; Prioritisation - A published matrix outlines the priority levels that the Authority shall use when logging a call with Contractor’s Service/Help Desk and the response and resolutions targets for the Service.; The Authority will agree by mutual consent with the supplier the priority call allocation for all calls logged with Contractor’s Service/Help Desk
• Approach to resilience: Frequent onsite and offsite back ups and replication of all critical systems
• Outage reporting: Email alerts; ; All systems are monitored remote monitoring system which push notifications and email alerts - reports outages

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: All management interfaces are only accessible by authorised users. For the server administration side, this is limited to our managed services provider / helpdesk team.; Internal database systems have a very limited number of admin accounts which only the manager for the relevant department has the credentials of.; Any cloud systems have multi-factor authentication requirements.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: Original certification 11/12/2002; current certificate 02/12/2023
• What the ISO/IEC 27001 doesn’t cover: ISO27001 covers our information security - it is complemented with other Company frameworks and practices to address the specific needs and gaps.; Operational Details - ISO27001 sets the high-level requirements, not the operational specifics. These are covered with Company detailed policies, procedures and controls based on the requirements set.; Legal and Regulatory Compliance - ISO27001 does not directly address this - the organisation has policies and procedures internally to ensure compliance with relevant laws and regulations.; Business Continuity / Disaster Recovery - ISO27001 touches on the subject but does not comprehensively cover disaster recovery strategies or continuity testing; these are covered by the Business Continuity Plan.; Physical security aspects such as access control and facility protection are not detailed - internal business policies and procedures are in place.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Inkerman employees are screened to BS7858 security standard

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Inkerman (Group) Limited's Information Security Policy applies to all business functions within the business and covers the information, information systems, networks, physical environment and people supporting these business functions. ; The Chief Executive Officer has approved the Information Security Policy and has overall responsibility for Information Security. ; Day-to-day responsibility for procedural matters, legal compliance including data protection, maintenance and updating of documentation, promotion of security awareness, liaison with external organisations, incident investigation, management reporting etc. rests with the ISMS Manager.; All employees have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay, direct to the ISMS Manager. ; Information Security aspects are considered in all daily activities, processes, plans, projects, contracts and partnerships entered into by the Organisation.; ; Employees are advised and trained on general and specific aspects of Information Security, according to the requirements of their function within the Organisation. The Contract of Employment includes a condition covering confidentiality regarding the Organisation’s business.; Adherence to Information Security procedures as communicated in the Organisation’s policies and guideline documents is the contractual duty of all employees - a clause of which is included in Contracts of Employment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Use content from ISO27001 on change management
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All external e-mails pass through a third party mail filtering and threat detection system. Malware, viruses and other known threats are blocked before they enter our systems.; Other suspicious content is flagged and quarantined.; All endpoints in the business have managed endpoint protection, which is centrally managed by our managed services provider.; The endpoint management system also deploys updates and patches to all devices for all critical applications. Any devices that fall out of compliance with the patch or security policies are alerted to our IT helpdesk for investigation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All alerts are sent to and monitored by our IT helpdesk and / or our 24/7 Operations Centre. This includes firewalls, mail filtering and endpoint agents.; We have incident response plans which detail various compromise scenarios and provide detailed instructions on how the incident should be responded to.; All incidents are responded to as soon as a staff member is alerted.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident response plans cover most types of attack or incident, with examples to help determine type of attack. ; Plans cover areas such as who to notify, in which order, whether external parties such as cyber security specialists or law enforcement need to be involved.; Users are required to report any incidents to management;assuming it's a cyber incident, our managed services provider is informed and engaged.; Incident reports compiled internally and with the help of the MSP; once completed, entered into the ISO27001 Incident Log.; Reports that are legally required to be notified to external parties done within the reporting process.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  All employment opportunities are advertised, including on local forums etc. We work towards creating new business opportunities, new jobs and new skills throughout our business.; ; We work together with specialist organisations such as Armed Forces Covenant, ICAREC and Armed Forces recruitment services to provide new work opportunities, as well as local job centre services and career services in educational establishments.; ; Training for all members of staff in the team is reviewed at the beginning of their engagement on the contract and on an ongoing basis throughout the contract, including at each staff members's annual appraisal meeting as part of our training and development commitment. Vocational qualifications are supported financially and in terms of management / mentoring support and time off work to complete the studies.; ; All contracts are required to operate within the Company's overall policy and commitment to investigate our supply chains and conduct company audits and due diligence checks on our suppliers, with an emphasis on ethical employment practices, particularly in the area of the Modern Slavery Act and related aspects.

  Equal opportunity

  Actions taken to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain:; With regard to Modern Slavery - to identify and manage the risks of modern slavery, we have initiated a service / method to support businesses in meeting the compliance obligations of the Modern Slavery requirements - Inkerman has established a compliance programme that enables businesses to be more easily be able to identify and manage their business in the fight against slavery and human trafficking and to comply with the expected requirements of the current legislation. ; In addition, we operate within the Company's overall policy and commitment to investigate our supply chains and conduct company audits and due diligence checks on our suppliers, including within the area of the Modern Slavery Act and related aspects. ; ; All staff are able to apply for all job opportunities within the Company - applications are proactively invited by internal vacancy advertisements being issued before external applications are sought.; ; All staff are proactively encouraged to progress within the organisation in their careers - this can include opportunities for additional training, inclusion in in-house training initiatives, secondment to other teams / involvement in new projects and development opportunities - throughout the business.

  Wellbeing

  Inkerman is committed to providing measures that contribute to the wellbeing of all its employees in the business. ; ; We are responsive to staff and their individual needs and work with them to provide the best, workable solutions to the team and their concerns / needs such as consideration to employee requests to work from home and / or at other locations, physical health and / or other health / medical requirements as identified and discussed with individuals etc. In addition, we support staff in attending identified wellbeing programmes during their employment. ; ; Staff are encouraged to participate with community organisations, locally, within their areas of interest / specialisms and with organisations supporting these such as specialist groups within our industry sector (Armed Forces Covenant, ICAREC and Armed Forces) supporting colleagues to participate in new employment and training opportunities.

Pricing

• Price: £100.00 to £300.00 a user a 6 months
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: All services except criminal record checks (attract an external cost from DBS); Limited time period - typically valid for one month but negotiable maximum of 5 screenings

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at karen.englishby@inkerman.com. Tell them what format you need. It will help if you say what assistive technology you use.