VONQ B.V.

Recruitment Marketing Technology, Job Posting, Programmatic, Automation, and Media Buying copy

VONQ are job distribution experts using data to simplify hiring for everybody providing a suite of solutions for Volume, Niche and Campaign Recruitment Marketing.

Features

• 100% to tailored Automation for Recruiters
• Automated Business Rules to enhance
• Automated Business Logic to enrich
• Independent Programmatic Option
• Integrations with both ATS and CRM (Individually or together)
• Precontracted Programmatic Channels
• Data reporting suite inc predictions
• Access to over 5000 pre contracted channels
• Direct Apply options to increase applications
• 3rd Party Technology connectivity to further enhance and enrich

Benefits

• Automation = Limited to Zero disruption for Recruiters
• Automated BR = Enhancements and Efficiencies
• Automated BL = Optimisation of Job Postings and Diverse Distribution
• ID Programmatic = optimising, spend based on set goals
• Dual Integration = wider connectivity options
• Pre Contracted Programmatic = no need for numerous contracts
• Data Suite = ensuring data drive results and decisions
• Channel Access = ability to react to changing market
• Direct Apply = increase in applications
• 3prty Tech = greater options

£4,995 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jimberrisford@vonq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

846669983637733

Contact

Jim Berrisford
07736673666
jimberrisford@vonq.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ATS; CRM; HRIS; ; Plus ability to connect with both ATS and CRM
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: No; Other than the standard API implementation/set up period is up to 3 months; XML integration can be a few weeks between 4 - 6 ; Occasional planned maintenance or changes which may require downtime ; These are performed outside of normal office hours wherever possible and communicated to clients in advance
• System requirements:
  • Annual License
  • Modern, standards compliant browser

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Within 24hrs during working hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Tiered Support and cost relevant to Tier
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and User documentation; ; We support with set up, mapping and training during implantation.; Given ability to automate, limited stakeholders are needed and training is simple we provide expertise, knowledge and insights during training to ensure maximum use from our suite of solutions.; ; This is mapped out and talked through at initial stage so steps are clear.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We can migrate the data in the relevant formats as required *; ; We do not hold any candidate data only relevant marketing data and user information.
• End-of-contract process: No charge at the end of the contract, migration of data and EOC Support can be provided and highlighted in our agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Depends on ATS/CRM integration
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Dashboard / portal for internal use not public or candidates and once set up using the dashboard is optional
• Accessibility standards: None or don’t know
• Description of accessibility: The dashboard is created to help facilitate the onboarding of new customers and to configure new integrations.
• Accessibility testing: Since, we often manage these on behalf of our clients, we have not performed these UX tests at this time.
• API: Yes
• What users can and can't do using the API: We can facilitate a full interface via our API with reports and user management and job distribution ; ; Full integration to API that enables them to have user interface to read data or send date - we can support that.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: ATS/CRM - Automation from 100% to Tailored; User interaction; Customers can customize to a point and we can support other system changes, or mapping; Users can request private integrations dedicated to the customer

Scaling

• Independence of resources: We have a clear People and Product plan and measures in place not just to cover general demand, but also seasonal demand.; ; We also have a data throttling mechanism in place to insure this

Analytics

• Service usage metrics: Yes
• Metrics types: Reporting metrics relevant to duration or programmatic data; EG Clicks, Applicants, Hires, Qualified Applicants + Cost per metric and conversion per metric
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Excel *
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
• Data import formats: Other
• Other data import formats:
  • Data Storage relevant to ATS/CRM
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service Level Agreement; ; Definitions; ; Business Hours means 8:00 AM to 6:00 PM (Central European Time) Monday through Friday.; ; If during any calendar month during the Term the Monthly Uptime Commitment is not met by VONQ and X was negatively impacted, VONQ shall provide, as the sole and exclusive financial remedy for such failure, a service credit to be applied toward future invoices in accordance with the table below:; ; Uptime %; Available Service Credit; 99.75%-99.41%; Credit equal to 33.35% of monthly Subscription Fees; 99.40%-98.91%; Credit equal to 50% of monthly Subscription Fees; 98.90%-98.41%; Credit equal to 66.67% of monthly Subscription Fees; 98.40%-97.5%; Credit equal to 75% of monthly Subscription Fees; Below 97.5%; Credit equal to 100% of monthly Subscription Fees
• Approach to resilience: Available on request
• Outage reporting: We have multiple systems monitoring our web services and we provide updates directly to our customers via email or Slack. We host many business critical applications in AWS in our production environment. This; environment uses multiple Availability zones, so that if an Amazon data center were to fail this; would not fully wipe out our running infrastructure.; Steps to take if we lose a single microservice.; 1. If Micro-service is business critical (eg JMP-API/PKB/HAPI), immediately restart service; via AWS Console, if not already restarted via the auto scaling service.; 2. If this does not work, work through the following steps to restore service.; 3. Ensure hosts are in good health, if need be, destroy unhealthy hosts to let AWS; autoscaling group replace with fresh hosts. Then restart the microservice.; 4. If the current version of micro-service is causing known issues and/or is unavailable in; ECR. Use AWS console to restore older versions of the service.; 5. If there are no working versions of microservice in ECR. Build a new version of; micro-service via Drone (Or manually via Devops PC) and push to ECR. Then force new; deployment via AWS Console

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We have 3 different user role levels in place to ensure correct authorisation for each user.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Aprio
• ISO/IEC 27001 accreditation date: 02/05/2022
• What the ISO/IEC 27001 doesn’t cover: The ISO 27001 audit covered all areas of the business with access to code development and customer data. Some parts of the business like the Sales & business development functions were not covered as part of the audit.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: We rely upon our payment process, Stripe, for this coverage.
• PCI DSS accreditation date: It's current. Managed by Stripe.
• What the PCI DSS doesn’t cover: Payment Provider & Security; We use Stripe. Here you can find how Stripe handles PCI compliance.; It's important to mention that we won't be collecting this data ourselves. Stripe manages this. We will keep a copy of the transaction and partner info for reporting purposes.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have the head of DevOps as our acting CISO and convene quarterly meetings to review our internal policies. Our CTO and Product Director join these meetings. Annually, the Board of Directors signs off on our newest policies. ; ; We provide a range of security policies available on request, including:; ; Access Control Policy ; Asset Management Policy ; Business Continuity and Disaster Recovery Plan ; Cryptography Policy ; Data Management Policy ; Human Resource Security Policy ; Incident Response Plan ; Information Security Policy ; Information Security Roles and Responsibilities ; Operations Security Policy ; Physical Security Policy ; Risk Management Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the organization, business processes, information processing facilities, and systems; that affect information security in the production environment and financial systems shall be; controlled. ; ; ● Processes for planning and testing of changes, including remediation measures; ● Documented managerial approval and authorization before proceeding with changes that; may have a significant impact on information security, operations, or the production platform; ● Advance communication/warning of changes, including schedules and a description of; reasonably anticipated effects, provided to all relevant internal and external stakeholders; ● Documentation of all emergency changes and subsequent review; ● A process for remediating unsuccessful changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Information about technical vulnerabilities of information systems being used shall be obtained; in a timely fashion, the organization's exposure to such vulnerabilities shall be evaluated. A variety of methods shall be used; to obtain information about technical vulnerabilities, including vulnerability scanning, penetration; tests, and the bug bounty program.; External vulnerability scans shall be run on the production environment at least quarterly.; Interior vulnerability scans shall be run against test environments which mirror production; configurations. Penetration tests of applications and production network shall be performed at least annually. Additional scanning and testing performed following major changes to; production systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In order to protect the company’s infrastructure against the introduction of malicious software,; detection, prevention, and recovery controls to protect against malware shall be implemented,; combined with appropriate user awareness.; Additionally, threat; detection and response software shall be utilized for company email. The anti-malware; protections utilized shall be capable of detecting all common forms of malicious threats.; VONQ should scan files upon introduction to systems, and continually scan files upon; access, modification, or download. Anti-malware definition updates configured to be downloaded and installed automatically whenever new updates are available. Known or; suspected malware incidents reported as a security incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Email iso@vonq.com information or reports about the event or incident; ; Summary; ● Event reported; ● Triage and analysis; ● Investigation; ● Containment & neutralization (short term work); ● Recovery & vulnerability remediation; ● Hardening & Detection improvements (lessons learned, long term work); Detailed; ● IT Manager or VP of Support will manage the incident; ● A central “War Room” will be designated; ● A recurring Incident Response Meeting will occur at regular intervals until the incident is resolved.; ● Legal and executive staff will be informed as needed; Incident Response Meeting Agenda

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: GOV.UK Careers site

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have an ESG team and work with Greenly and EcoVadis and obtained Silver level certification with EcoVadis.

  Covid-19 recovery

  We support hybrid and Remote working, where home offices are supported.

  Tackling economic inequality

  We internally review salaries to ensure they are of equal levels, and support initiatives on a wider scale to tackle this.

  Equal opportunity

  We ensure equal opportunities within our own recruitment processes and policies and we also apply the same principles for our partners/customers.

  Wellbeing

  We have strong wellbeing and work life balance policies and procedures, with App like Headspace and internal coms like Eletive.

Pricing

• Price: £4,995 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full service maximin of Six Months

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jimberrisford@vonq.com. Tell them what format you need. It will help if you say what assistive technology you use.