SPOTTED ZEBRA SOLUTIONS LTD

Role-specific online assessment solution

The SZ Skills Intelligence Platform enables clients to create role-specific online assessments for hiring, reskilling & succession planning. Our unique approach enables the adoption of a skills-first approach, equipping clients with insight and data to power decision making. We use continuous validation techniques to track organisational success against key metrics.

Features

• Consistent and comprehensive skills intelligence platform
• Unique role specific assessment generated each time for every role
• Specific modules for early career, volume, professional and leader hiring
• Talent reviews of current employees for succession planning
• Quality of Hire surveys ensure ongoing validation of the solution
• Hiring manager insight reports and digital interview or development guidance
• Candidate feedback instantly provided to all
• Technical skills assessment can be integrated within the solution
• Reskilling solution identifies individuals with skill potential for new roles
• Data analytics and insight provided to ensure ongoing solution improvement

Benefits

• Improve time to hire
• Improve performance in role
• Improve speed to competence in role
• Enhance line manager decision making in relation to hiring/developing people
• Engaging and focused candidate experience aligned with employer brand
• Interconnected talent solution ensures data improves hiring and development processes
• Latest assessment science ensures no adverse impact
• Identify high potential employees
• Improve diversity in hiring
• Implement skills-based hiring

£300.00 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.shaw@spottedzebra.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

852700869586947

Contact

Nick Shaw
07814136123
nick.shaw@spottedzebra.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: We run at 99.9% availability with scheduled maintenance outside of business hours.
• System requirements:
  • Requires an internet browser connection
  • Browser versions: chrome 87, edge 94, firefox 92
  • Browser versions: ie 11, ios_saf 12.2, opera 79, safari 13.1

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This depends on the support required. Within 1 hour for an issue impacting multiple clients or candidates; within 24 hours of the request being received for all other requests (during UK working hours)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web chat is available to users with screenreaders
• Onsite support: No
• Support levels: The CEO and Engineering team is notified in realtime of any potential security issues so that they can take the appropriate action immediately. ; Day-to-day support is provided to our clients as part of our ongoing service. This includes hiring manager or recruiter system support, and all required interaction with candidates (such as helping to manage specific requirements or adjustments) .
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Webinar based platform training, E-Learning, video tutorials and user guides are available
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We have a standardised, automated deletion cycle. This means that candidate data is deleted automatically after 7 years, unless otherwise agreed. Ad hoc deletion can also occur through a formal request process. Finally, any individual can request deletion via a "right to be forgotten" process. ; ; Within this framework, we would need to agree within the contract which data would need to be retained (and for which time period) to suit your requirements, and agree a process for data transfer at contract end.
• End-of-contract process: As previously noted, we would work with you to agree an end of contract process in relation to data, content and transfer of knowledge to an alternative resource (i.e. if the process is continuing with another provider). ; ; This information would be outlined in our order/contract documentation and managed as part of our standard project delivery process.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All of our tests are available on a mobile device, although we recommend using a desktop device when completing numerical tests if possible
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The SZ web service interface uses well defined schemas for a partner system to implement. This web service provides a web interface (includes web methods) to perform certain actions on the SZ platform through industry standard transports such as HTTP and SOAP. A partner system will integrate these calls into its workflow to consume SZ services exposed via this web service interface. The partner system will expose web method to consume the any notifications that are published by SZ web service. These web methods are well defined as part of the SZ web service interface.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Branding of the user interface is available. This customisation is completed by the SZ client support team.

Scaling

• Independence of resources: Our solution is regularly reviewed in relation to its capacity to handle usage in relation to both administrators and candidates. Our development team is responsible for determining anticipated hardware requirements and for monitoring system capacity performance. This includes disk usage and size, network traffic load, load balancing, necessary processing power, and necessary memory requirements

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide reporting on volume usage in the platform, such as the number of candidates, number of users, and assessments administered in a given time period. ; ; We also provide data analysis on the implications of the assessment data collected for hiring, succession planning and development interventions to improve organisational performance
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Candidate or participant data can be exported from the platform in CSV format by individuals with the appropriate access rights to the platform. ; ; Candidates/participants cannot export their data in this format, rather they are provided with feedback reports that provide meaningful interpretation of the data and are therefore appropriate for this specific purpose.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have had no unplanned outages in the past 12 months and target 99.9% availability.; ; All agreed SLAs, and associated penalties for failure to meet these, would be stipulated within relevant contractual documentation.
• Approach to resilience: Our solution is regularly reviewed in relation to its capacity to handle usage in relation to both administrators and candidates. Our development team is responsible for determining anticipated hardware requirements and for monitoring system capacity performance. This includes disk usage and size, network traffic load, load balancing, necessary processing power, and necessary memory requirements
• Outage reporting: We follow a clearly defined disaster recovery approach, covering the key elements of our platform as follows: ; ; 1. Databases - utilizes AWS disaster recovery features to allow database to be restored in the same or a different region within 20 minutes; 2. Apps - utilizes AWS S3 buckets and github to allow apps to be deployed within minutes; 3. Servers - utilizes github actions and AWS instances to allow servers to be deployed in the same or a different region within approx 20-20 minutes; ; Alongside this we have an aligned incident management process, with customer communications sent via email and available on our website.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All Administration is performed by SZ Admin’s on behalf of the Company.; Manager access is through the Company App or ATS integration. Managers are provided access only on project by project basis (e.g. Manager 1 may not access Candidate Results from Project 2).; Furthermore, sensitive candidate information within a project can be restricted to specific managers.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO
• ISO/IEC 27001 accreditation date: 08/12/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ian Monk takes direct responsibility for technical infrastructure, security and auditing. Nick Shaw acts as Chief Information Officer (and is responsible for Data Protection Officer) to ensure all procedures are in compliance with the relevant Information and Security policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our Change Management Process is based on ITIL foundations and best practices. All processes are documented and categorised based on four types of requests for change; the most commonly used procedures to track and implement system and technology changes. Operational metrics are gathered through key defined and agreed metrics for a variety of systems.; ; IT Change Management process currently covers both hardware and software related activities. All changes are reviewed through a weekly meeting and captured and recorded for compliance. Changes and problems are audited by internal and external auditors quarterly. The findings are then presented to the compliance board.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The SZ System is automatically scanned for emerging vulnerabilities using a service provided by intruder.io.; ; Systems and patches are updated to ensure identified emerging vulnerabilities are removed.; ; The engineering platform consists of development, stage and production environments. Any changes to the System are required to move through each environment with a range of automated unit, integration and e2e tests performed, all of which include security and vulnerability tests.; ; All new code within the System is deployed once approved by a second member of engineering team and our CTO to ensure compliance, check for vulnerabilities and reasonable level of automated testing.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SZ has registered with and monitors the Early Warning system; There is protection from CloudFlair and limited protective monitoring is performed using Coralogix (based on ElasticSearch) and is working through and implementing any appropriate best practices detailed within LME.; In the event of system failure, SZ are able to rapidly record with a maximum loss of 1 hour’s data (in the event of a database failure backups are typically less than 1 hour old).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have an incident management policy which guides a formal process for reporting, investigating, and analysing all information security events, weaknesses, and incidents. The policy also determines the appropriate response to take depending on the severity of the incident and impact on clients/candidates; ; Clients are notified within 24 hours in the event of a confirmed security breach.; ; The policy also ensures that lessons are learned so preventive controls can be identified and implemented.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  The Spotted Zebra platform enables clients to take a skills-first approach to hiring. This removes typical barriers to inequality, such as hiring on the basis of an individual's experience, qualifications or background. ; ; Within the platform, the client creates a Role Skills Profile that they use to identify the skills needed for success in the role. The platform then creates a corresponding skills assessment, which relates directly to the requirements of the role and can be used for hiring, reskilling or succession planning. The individual's skills match is then explored further through the digital interview guide and reporting insights that the solution provides to the organisation. ; ; This means that at no point does the Spotted Zebra solution consume information related to the individual's background or qualifications, enabling a fair and objective evaluation of their skills. ; The skills assessment is relevant to the role, and is blended - i.e. it contains multiple measurements (skill proficiency evaluation of both technical and behavioural skills, personality, motivation, cognitive and skills self assessment). This approach has been proven to reduce adverse impact, and improve the predictive power of the solution.

Pricing

• Price: £300.00 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to the SZ solution for use with one role within a recruitment campaign in order to understand both the candidate and recruiter experience. Sample reports can also be provided.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.shaw@spottedzebra.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.