QUALIFICATION CHECK LTD

Global Qualification Verifications and other Background Checks

Qualification Check is a leading supplier of global education verifications and other background checks and screening services, with over 50,000 data sources in more than 195 countries. Trusted by organisations worldwide to verify the authenticity of their applicants' and candidates' qualifications, employment history, IDs and other credentials.

Features

• On-demand verification of academic qualifications, professional membership, employment and IDs
• Global coverage in over 196 countries
• Cloud-based Managed Service
• Live- Dashboard with detailed managemnt information and statistics
• Live chat customer service 24/7
• Downloadable Reports
• Dedicated Account Management Support Team
• Unlimited users and flexible acount setup
• Multiple payment methods with no minimum volumes
• Full audit trail of all verifciations and sources

Benefits

• Easy web access
• Available 24/7
• Secure and confidential
• Fast and Accurate
• Global coverage in over 195 countries
• Multilingual support in over 20 languages
• ISO27001 and GDPR compliant
• Customisable setups and wihte-labelling if preferable
• Thousands of secure data integrtarions to ensure the fastest verifications
• No setup fees or minimum volume thresholds

£10 to £25 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@qualificationcheck.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

894636488782196

Contact

Edward Hall
0203 897 0956
sales@qualificationcheck.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints it is a web accessed application anyone can sign up to and use
• System requirements: There are no systems requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a live chat facility Monday to Friday 18 hours a day and response times are within minutes. On the weekends this is not available but any messages via it are sent as emails to the customer services team and responses are done first thing Monday mornings
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: It is accessed via the homepage and has no constraints in terms of use. Our customer services team will respond to any enquiries immediately
• Web chat accessibility testing: We have not done any web chat testing however we have used the live chat application for over 7 years to great success. It is an important resource for all our users as it provides instant support.
• Onsite support: Onsite support
• Support levels: We provide an account manager for each client who helps with day to day issues and enquiries. We provide onsite training if required. We also provide technical support free of charge for any clients who prefer to integrate their systems with our API rather than just use the web application
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We help users get started with our service both remotely and onsite whichever is preferable. If they prefer remote there is a user guide video on our website and we can provide online demos of the service and an initial setup and training call. If an onsite visit is preferable we will provide a demo and training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Following GDPR guidelines we have a standard retention period of 12 months for verification data once the verification has been completed, unless a user specifically requests this to be longer or shorter. When a user no longer wishes to use our service they can request for their retained data to be sent to them . Then, as standard, any cancelled account will have its data deleted as per GDPR guidelines.
• End-of-contract process: As we charge no setup fees or retainer but instead a fee per verification (as laid out in the pricing section) at the end of the contract the user account is simply shut down at not cost and data is extracted and deleted as laid out in the previous section.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The layout of some pages may differ a little due to screen sizes but the functionality remains the same on mobile or desktop
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can use the full functionality of our service via the API. The setup and all information regarding the API is laid out in our API documentation and our technical team provide free support during setup
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Using the API they are able to customise and white label the service as part of their own platform. We also provide bespoke customisation and alternative integration options for clients if required.

Scaling

• Independence of resources: Our use of smart technology supported by staff in the UK, India, Africa and other global locations means that we have a fully scaleable solution ensuring that large volume increases in verifications will not negatively effect service levels

Analytics

• Service usage metrics: Yes
• Metrics types: We have management information displyed live in the platform showing all verification results and audit trails. Reports are generated fro user quarterly or on request.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data is held in their secure qualification check account and can be accessed at any time using their username and password. If they wish to extract their data in bulk at any time they simply need to make a request via our customer services team and one of our technical team will arrange this for them.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.5% plus availability of service is our SLA
• Approach to resilience: Our datacentre is resilient as it it has multiple redundant vendor transient servers
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We have an administrative platform that is accessed by qualification check employees for the purposes of customer service and helping process verifications. This has restricted access to only certain relevant employees who login in using a secure username and password. For database and other backend access there are strict access controls that only our CTO and management control and can access
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: URS
• ISO/IEC 27001 accreditation date: April 2020
• What the ISO/IEC 27001 doesn’t cover: It covers everything
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO27001 and Cyber Essential Plus certified. We have followed the guidelines that are needed to achieve these certifications including implementing a strict reporting structure that includes key members of our management team such as our CEO and CTO. This ensures that all policies are followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A register of all assets that process, or store information is maintained by our IT Service provide HJS Technology; ; For our application the CTO is responsible for all changes and this is manged in accordance with OWASP and SDLC best practices.; ; We have a Security Framework of policies and procedures covering IT, physical and HR security controls, and is certified to ISO 27001:2013. Policies are communicated to staff during induction with annual recertification.; ; The CEO is accountable for security and he is supported by the CTO, the COO and Head of Operations APAC
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Testing and deployment of patches is carried out for all systems and applications. The business and technical impacts of the deployment of any patches are considered as well as the security impact.; ; Our IT service provder Wisp IT maintain a list of suppliers of vulnerability alerts which will include vendors for critical infrastructure components (e.g., Microsoft, Cisco, Oracle, etc.).; ; All patches which are deployed are integrated into subsequent standard builds so that the vulnerabilities which it addresses are not subsequently re-introduced. Wisp are responsible for deploying to endpoint devices while our cloud services are responsible for patching the platform services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: To record events and generate evidence event logs recording user activities, exceptions, faults and information security events will be produced, kept and regularly reviewed. For QC devices and applications, the following events will be recorded:; ; · time of the event; ; · the event types; ; · associated user ID and/or system ID; ; Event logs will be retained for 3 months. Access to event logs will be limited to authorised users.; ; We also place reliance on our cloud hosting provides WAF, IDS and SIEM to provide us with alerts to any incidents. The CTO will investigate and respond to any alert.
• Incident management type: Supplier-defined controls
• Incident management approach: Our user security provides guidance and to staff on what security events and incident to all staff. All security incidents, events or concerns are to be reported to the Chief Technical Officer as soon as possible.; ; The Chief Technical Officer will investigate and respond to security incidents. Where the incident involves the loss or personal data or affect the clients the Chief Technical Officer and the Chief Executive Officer with discuss the need to inform the Information Commissioner’s Office and clients. Where the incident involves client’s information, we always inform the client within 72 hours of the incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  By verifying the background credentials of all individuals it will help equal opportunity by stopping fraudtsers gain unfair advantage during the recruitment or immigration process

Pricing

• Price: £10 to £25 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer free trials to high volume customers that are run over a two week periond and cover 20 free verifications.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@qualificationcheck.com. Tell them what format you need. It will help if you say what assistive technology you use.