IRIS SOFTWARE LIMITED

IRIS Networx

IRIS Networx provides complete recruitment solutions to organisations across the UK. As a business we offer simple clever recruitment software and an unrivalled suite of recruitment services.

You choose your modules, integrate with 3rd party suppliers, configure workflows, IRIS Networx shall become a centralised hub for all your recruitment needs.

Features

• Entire recruitment process managed through a fully configurable, modular system
• Add, edit and create Vacancies, or use pre-defined templates
• Manager self-serve for requesting vacancies through authorisation channels
• Enhanced real-time reporting and Dashboards to track all recruitment data
• Candidate On-boarding portal to allow Applicants to track their status
• Integration with DocuSign for utilising electronic signatures
• Workflow configuration to automate Vacancy and Applicant processes
• Fully branded Vacancy Search pages and Careers pages
• Application process tailored to specific role to maximise response rates
• Self-Select availability on Interview booking for Candidates and Hiring Managers

Benefits

• Fully customisable ATS built to suit your business needs
• Our latest technologies reduce your recruitment costs
• Tailored implementation and fully comprehensive training from our consultants
• Managers take authorisation responsibilities for hiring needs through authorisations
• Visibility on Applicant tracking and Hiring stages through custom Insights
• Empower your Hiring Team with Panel sifting and Candidate scoring
• Streamline time-to-hire processes by building pre-defined Vacancy templates
• Maximise potential candidates reach through posting on multiple Job Boards
• Manage all recruitment; from Vacancy posting, to On-Boarding new hires
• Achieve your recruitment goals with a secure GDPR compliant system

£5,500 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

754095757172595

Contact

Bid Team
0344 225 1525
BidTeam@iris.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Update to date browser with JavaScript enabled
  • Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: No responses will be sent at weekends
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: P1. Response = 30 mins, Resolve = 4.5 hours; P2. Response = 60 mins, Resolve = 8 hours; P3. Response = 4.5 hours, Resolve = 6.2 days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The IRIS Networx professional services team will assign a project manager and team of consultants to implement the system with you throughout the training and onboarding phase through to the launch of your solution.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Dedicated online customer Help Centre
• End-of-contract data extraction: IRIS Networx can provide an extract of the data and supply it to the customer vis secure file transfer.
• End-of-contract process: An extract of the data will be provided to the customer. After a set period all the customer data will be completely removed from the IRIS Networx databases.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application is responsive and can be used on a mobile device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Yes, there is a Customer Support helpdesk and the ability to log tickets and receive updates.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Specific common tasks (such as logging-in, creating a vacancy, and managing candidates) are tested using assistive technology and feedback from users acted upon.
• API: No
• Customisation available: Yes
• Description of customisation: There are a vast range of configuration options to create new forms and workflows. Customers can also influence the product roadmap by raising (and voting for) enhancements requests in our suggestion forum called "Networx Ideas".

Scaling

• Independence of resources: Currently the application resources are sized to support the existing customer base at peak times. Work is in progress to enable auto horizontal scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: User access logs
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: We encrypt sensitive data such as passwords using HMAC SHA2-512 encryption. Additional information captured from the candidates can be set to be encrypted at rest as required.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There are various tools within the system to allow users to export data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Microsoft SQL Backups
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All access to the system is controlled via secure user accounts. All access is logged.; ; 2FA is an optional feature.

Availability and resilience

• Guaranteed availability: The Private Cloud hardware is designed to operate 24 x 7 x 365. All hardware and services are monitored 24 x 7 by our hosting providers.
• Approach to resilience: In order to protect against hardware failure IRIS Networx is a high availability/resilient architecture utilizing clustering and virtualization. Should there be an issue on a Networx Virtual Host, all virtual machines will failover automatically onto another host in the cluster, with each host sized appropriately to manage the operation of all servers. This failover is seamless and is practically invisible to the running applications. No downtime would be required for the performance of a hardware based disaster recovery scenario involving a single host.
• Outage reporting: Via phone, email and website notices

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: Authentication can be via username/password with the option of 2FA. Customers are in control of their password policies, which can be configured within the application. Customers may choose to instead/also authenticate their users against an external provider such as Azure AD.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 13/10/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001
• Information security policies and processes: IRIS operates using a full suite of internal policies and processes - including but not limited to:; ISMS Acceptable use policy; ISMS Access control; ISMS Anti-virus; ISMS Communication and mobile devices; ISMS Computer systems and equipment use; ISMS Cybercrime and security incidents; ISMS Email policy; ISMS Information management; ISMS Internet use; ISMS Laptop and tablet security policy; ISMS Legal compliance; ISMS Password and authentication policy; ISMS Physical access policy; ISMS Remote access policy; ; Security and management of data are in line with established IRIS Group policies and procedures. We have Group IT governance and a DPO. All staff are data security trained. We commission independent Software Penetration Testing at least annually. Our penetration testing provider performs both manual and automated tests against our software in both a “black” and “white” box fashion.; ; Reporting structure: ; All IRIS staff are responsible for compliance with data protection in line with IRIS policies and procedures. The Chief Information Officer (CIO) has ultimate responsibility for enforcement of policies and procedures. ; ; IRIS has a Group Data Protection Policy. Staff who may have access to your data – for example in relation to Support or Professional Services are required to operate to standard operating procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any changes to configuration or maintenance are only carried out by IRIS staff with the appropriate permissions according to their role and following strict adherence to the Change Advisory Board procedures.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scans and patching are performed on a regular basis and findings mitigated immediately. Findings from scans are tracked and rescans are performed until no findings are identified.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Network intruder detection systems (NIDS) and network intruder prevention systems (NIPS) are installed and configured to monitor all external perimeter network connections.
• Incident management type: Supplier-defined controls
• Incident management approach: The IRIS Group Incident Reporting Procedure outlines the process for reporting Information Security, Physical and Information Systems Incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We are committed to ensuring equal opportunities at IRIS. Our CEO, Elona Mortimer-Zhika, celebrates diversity in our workplace and expects the culture and environment of IRIS to be based on mutual respect and free from discrimination. We are committed to delivering a competitive and fair employment environment. We put equality, diversity, and inclusion at the forefront of our decisions, monitor progress, take action to continually improve, and be transparent with our findings. We have a zero-tolerance approach to discrimination based on protected characteristics and any allegations of discrimination will be dealt with in line with our Disciplinary policies. We have several wellbeing groups, including Unique which provides support for physical or mental health conditions or neurodivergent people. We provide a variety of training schemes to all employees, regardless of any protected characteristic, and encourage progression through our organisation.; ; We are passionate about gender equality and are committed to building a diverse workforce. We have continued to invest in our range of programmes to support gender equality and support the women of IRIS so they can reach their full potential. These initiatives ensure that we continue to focus on making IRIS a great place to work, enable our people to flourish, improving gender pay equality and providing equal opportunity for all. IRIS Groups championing of women in leadership has been recognised as a Great Place to Work for Women. The executive team comprises of three female leaders and 11 male leaders. ; Our Modern Slavery Policy sets out the ways in which we identify and manage the risks of modern slavery as a business, including risk assessment, risk mitigation and staff training. IRIS reviews all material suppliers and assesses whether any risks of slavery or human trafficking arise.

  Wellbeing

  We are committed to engaging, supporting and empowering our workforce. We create an environment where they feel part of a team; from regular global company updates to social evenings and charity events. We’re a UK Best Workplaces™ for Wellbeing. We have over 40 Mental Health First Aiders, have a weekly workplace support group and offer a free Employee Assistance Programme and bereavement counselling. We have several wellbeing groups and celebrate diversity. We offer colleagues a cycle scheme, private medical insurance and reduced gym memberships. We hold company fitness challenges and provide free fitness sessions. We’re proud to be a Real Living Wage employer, provide UK cost of living support, offer a tech and car scheme and give access to money coaches, workplace ISAs and pension, life assurance and critical illness cover. We seek our employees feedback on benefits that matter to them.; We give our employees three ‘Giving Back’ days a year on top of their annual holiday entitlement to support local community and national charitable cause. Employees are encouraged to actively give their time and skills to fundraise for a charity of their choice and volunteer on community projects, including being a school governor, charity trustee, reading with school children through the Benchmark scheme, mentoring in schools and running money management courses, both externally in conjunction with charities and schools, as well as internally with IRIS employees.

Pricing

• Price: £5,500 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidTeam@iris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.