VERIFILE LIMITED

Employment Screening, Disclosure & Barring Service DBS Checks and BPSS Baseline Vetting

Employment screening, BPSS (Baseline) & BS7858 vetting, DBS services, online searches, social media checks, and open source internet searches. Verifile's secure vetting platform enables employers to select global background check services. Integration with the DBS Disclosure and Barring Service and Disclosure Scotland ensure fastest turnarounds for UK criminal record checks.

Features

• Enabling Digital Identity for right to work and DBS checks
• Queen's Award-winning cloud-based background screening and BPSS vetting
• Full DBS checks and social media online internet screening services
• Accessibility upgrade - WCAG2.1, ADA (Section 508) and EN301549 compliant
• Loaded with validation tools to ensure accuracy/minimise user errors
• Fast flexible set-up, with integrated DBS criminal record checks
• Dedicated Client and Candidate Support Teams for all vetting services
• 100% UK-based operation and data storage
• All data sources and vetting subjects fully researched and authenticated
• Online MI reports and analytics for DBS and BPSS services

Benefits

• Fastest DBS vetting turnaround times due to lowest error rate
• 87% of Basic DBS (CRB) results received within 24 hours
• Place orders, track progress and view staff vetting results online
• Integrate with your ATS or HR system for increased efficiencies
• Stay up-to-date with customisable email notifications/status updates
• Personalised candidate messaging, your account branded with your logo
• Reducing risk with GDPR-compliant and compliant criminal record checking service
• Robust BPSS (Baseline) screening reports enable informed recruitment decisions
• 20 languages spoken in-house ensures extensive global reach
• Direct DBS Disclosure and Barring Service integration means fastest results

£2.50 a transaction

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@verifile.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

930692253847900

Contact

Angela Thomas
+44 (0) 1234 339354
sales@verifile.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We encourage clients and candidates to call for instant support. However, our internal SLA is to respond to emails from clients and candidates within 4 working hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None yet - will be tested prior to deployment in August 2022
• Onsite support: Yes, at extra cost
• Support levels: Verifile operates with three teams supporting our customers. There are two distinctly separate levels of client support, as well as a dedicated team whose sole role is to support the applicants/candidates. ; ; For Managed Accounts, your Customer Success Manager (CSM) provides stakeholders with information, support and guidance regarding your employment screening programme. The CSM will provide Account Governance, regular review meetings, consultation and guidance, project management, continuous improvement, MI reports and account analysis. Your CSM will also be the first point of escalation if ever required.; ; For Unmanaged Accounts, your team will be supported by Verifile’s highly experienced Customer Service Manager and his dedicated Client and Candidate Support Teams for day-to-day enquiries and requests.; ; There is no cost for account support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We recommend that Verifile deliver training on the screening process before going live to all staff that will have interaction with Verifile.; ; Verifile’s system is intuitive and easy to master, particularly from the client facing perspective. Training and re-training sessions can be scheduled via web conference at any stage and will typically take just 30 minutes to complete, including Q&As. ; ; Depending on the number of users requiring training, initial training can typically be delivered on-site as part of the implementation process, however any subsequent user training or refresher sessions would typically be delivered by web meetings. ; ; Users are provided access to videos and soft copies of user guides as part of the welcome pack. These can also be downloaded from the Verifile platform’s document library at any time to help new users when joining the team. We also provide access to our interactive system training demo, which can also be adopted to support a train-the-trainer approach.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Data for Integration Purposes
• End-of-contract data extraction: We can provide copies of final reports in the existing pdf format and on other media requested, as long as this meets with legal and our own business obligations to ensure the security of data. ; ; These reports can be downloaded directly from our platform at any time or transferred via other means such as SFTP. File notes, full audit history, original reference copies and all other information held on the Verifile system can be provided as raw data.; ; Part of the leaving process will be to create an information asset register so all data held by Verifile is identified and a decision made on retention, transfer or disposal. We will need to retain a certain amount of ‘skeleton data’ in order to fulfil its legal and auditing obligations but none will include personal identifiable information about your candidates.; ; Once the demobilisation plan has been executed, we will provide written confirmation to that effect.
• End-of-contract process: Demobilisation Plan - All data held on our system, including pdf final reports, can be provided to you. A secure method of transfer would need to be utilised due to the personal information held and the volume of data. As long as we continue to receive orders from you we will continue to fulfil them in line with the agreed packages and SLA. All clients’ orders experience the same high level of service, irrespective of whether any particular client has expressed their intention to transition away from Verifile.; ; Technical support will be available to assist with the transfer of data and any other needs that may be identified in transition planning discussions and we have a defined leaver’s process which would be executed jointly with yourselves. The process includes ensuring that all user accesses are closed, and decisions are made on the retention, transfer or deletion of data. We ask that leaving clients provide feedback on our service to help us continually review and refine our service. ; ; We would also be open to working with new suppliers during transition and would provide any assistance required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Verifile’s RESTful API uses JSON to transfer data to a third-party system. Buyers typically connect their Applicant Tracking System (ATS) with our system - the Verifile API was designed for this purpose. Buyers use our API to automate their authentication and background check (incl. DBS) processes without needing to run on two separate platforms.; ; The Verifile API offers access to more than 1,000 different background checks worldwide, with the option to set up customisable packages for easier deployment.; ; Buyers can integrate part of or the full workflow: Placing orders, tracking statuses, monitoring progress, obtaining results and final reports. ; ; Orders can be raised as "client entry" (you have all the data and consent to start checks) or "candidate entry". Supporting documentation can be uploaded to an order.; ; We use Azure API Management (APIM) which handles user authentication and key management.; ; Our Developer Documentation site (https://developer.verifile.co.uk/) provides your team with detailed information on:; ; Registration to obtain keys,; Live & Test API,; Headers,; Raising orders,; Order statuses,; Final reports,; Packages,; Attachments,; Helper methods,; Error messages.; ; When your development team is ready, access to a sandbox environment will be provided to complete test scenarios whilst you are building the integration.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can choose to customise the way API works in as much as they can choose to integrate parts of or the full workflow. ; ; Buyers can configure the service account in a variety of different ways. For example, users can choose:; - from Standard, Enhanced and VIP service levels; - client-entry, or candidate-entry of data fields and consent ; - to place orders via API or via our online portal; - a la carte self-service, or selecting from pre-determined packages of checks for quick ordering of background checks; - different variations for many of our checks. For example, we offer 3 alternative routes for confirming identity for your DBS criminal record checks, including Digital Identity for passport holders, and various different levels of international criminal record checks for many countries. ; ; The account structure is also easily customised to suit any organisation and hierarchy. Individual permissions, sub-accounts, branches, locations, departments, etc. can all be accommodated.; ; Even individual users can customise their own notifications, alerts, and MI reporting frequency.

Scaling

• Independence of resources: Local office systems are monitored for capacity with monthly reports produced by Aztech IT Solutions. Hosted systems are monitored with Microsoft Azure and automated capacity threshold notification systems are in place. The Verifile Development Team reviews application, database, system and server logs each week along with checking and recording current server capacities on an internal record keeping system.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide a range of metrics to support the buyer. ; Examples of what we can provide in a formal review of KPIs include:; • Candidate Age Range; • Candidate Nationality ; • Candidate Submission Times; • Individual Check Orders; • Individual Check Results ; • Individual Check Completion Times (i.e. for DBS checks); • Overall Order Completion Times (i.e. for BPSS screening packages); • Overall Orders Placed Per Month
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via API, via MI reports, or via download from the Verifile online portal.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Users can also export data via the API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Bulk upload data can be provided to us via CSV
  • Data can be provided via API / JSON
  • Photos and scanned documents in JPG/JPEG
  • Candidate-initiated ordering (email containing code related to checks required)
  • Client-entry ordering (users enter data and documentation required)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SSL, as users typically interact with Verifile's web application, not email.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim for 99.9% availability and last year achieved 99.97%
• Approach to resilience: Available on Request
• Outage reporting: 4-hour warning with count-down for planned outages. ; Updates are communicated to clients via email and via messaging on the extranet (Client Portal).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to production system is via unique accounts, there are no shared accounts. All access is logged, including to the hosted systems not via the application interface, and logs are reviewed weekly. Verifile utilise Microsoft Defender for Cloud which can monitor traffic using a variety of methods including; threat blacklisting, bot identification algorithms, header, form, and field policy enforcement, HTTP error triggering, resource consumption thresholds, schema validation, content evaluation, minefields and honeypots, signatures, IP address allocation maps, TOR network mapping, progressive challenge mechanisms, argument limitations, RFC compliance, nested encoding detection, method filtering, payload inspection and behavioural analysis.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: IP Whitelisting

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 24/01/2019
• What the ISO/IEC 27001 doesn’t cover: N/A - This industry standard applies to all elements of the Verifile group.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • NSI Gold for Security Vetting
  • ISO 22301 Business Continuity Management Systems
  • ISO 9001 Quality Management Systems

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: We adhere to:; ; The Data Protection Act (1998); Copyright, Designs and Patents Act (1988); Computer Misuse Act (1990); Regulation of Investigatory Powers Act (2000); Human Rights Act (2000); ; Further information is available upon request within our Data Security Policy Document.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: • Compliant with extant Verifile coding standards.; ; • Subject to a design review against the Open Web Application Security Project (OWASP) Top 10 most critical web application security risks.; ; • Follow Microsoft guidelines for ASP.NET Web App Security.; ; • Reviewed by another developer.; ; • Tested in accordance with the formal testing process.; ; The components are tracked through being outsourced to Microsoft Azure and Aztech IT Solutions.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The identification, testing and application of relevant patches for operating systems, firmware and application software packages excluding Verifile software applications are managed services by Aztech IT Solutions.; ; All anti-virus and relevant security updates and service packs are applied as soon as they are released, evaluated and tested.; ; AV software is installed on the live production servers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The identification, testing and application of relevant patches for operating systems, firmware and application software packages excluding Verifile software applications are managed services by Aztech IT Solutions.; ; Alerting and monitoring is in place 24x7 for both the live application hosting environment and the local Verifile IT estate.; ; Verifile will work with you to agree a formal incident reporting and response plan including relevant points of contact.
• Incident management type: Supplier-defined controls
• Incident management approach: Verifile will alert the customer to incidents according to our Incident Management Policy.; ; It is the responsibility of the Information Security Manager to commission security investigations as deemed necessary by them.; ; As part of Verifile’s commitment to ISO27001 and ISO9001 certification, reporting of Information Security weaknesses is encouraged from all personnel and recorded under the ISO9001 system for Corrective and Preventive Action.; ; The reporting of Information Security weaknesses is encouraged from all personnel. All relevant incidents are recorded under the ISO 9001 system for Corrective and Preventive Action.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Verifile has a strong focus on continuous improvement and we are constantly looking at ways to improve on our Environmental impact.​ Striving to become a net zero carbon employer, at the end of 2021, Verifile’s total carbon footprint equated to a Carbon intensity figure of just 0.4 tonnes CO /employee. ​20% of our energy is renewable, largely down to our installation of solar panels at Verifile’s offices. ; ; As a business we have a strong focus on continuous improvement and are constantly looking at ways to improve on our Social and Environmental impact. Our main focus is to bring sustainable improvements to our business and clients, and ultimately the communities in which we all serve. We expect our suppliers to also have the same high standards of sustainability, and to adopt a maintainable strategy to contribute to supporting wider social, economic and eco-friendly objectives. ​
• Covid-19 recovery:

  Covid-19 recovery

  Verifile has been recognised as a UK Business Hero, as part of a campaign to recognise the efforts businesses made in fighting the Coronavirus pandemic.; ; Verifile was nominated for recognition by the Bedfordshire Chamber of Business, after pledging to provide up to £3 million of support to the emergency recruitment of health and social care employees and volunteers dealing with the COVID-19 (coronavirus) pandemic.; ; In April, Verifile removed all admin fees for a possible 500,000 DBS checks, providing a 100% free end-to-end service to save the NHS and other Health and Social organisations £millions in administration fees.
• Tackling economic inequality:

  Tackling economic inequality

  Verifile Celebrates Commitment to Real Living Wage.; Verifile Limited has been accredited as a Living Wage Employer. Verifile's commitment to paying the Real Living Wage will see everyone at Verifile in the UK receiving a minimum hourly wage of £10.00. This wage is significantly higher than the government minimum, which currently stands at £8.91 per hour.
• Equal opportunity:

  Equal opportunity

  Verifile are committed to providing equal opportunities and to a proactive and inclusive approach to equality in employment. No applicant or employee will be treated less favourably than another on the grounds of a ; protected characteristic which are defined as sex, sexual orientation, age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race and religion or belief.; ; Verifile recognises its legal and social responsibilities ensuring it follows correct procedures that are consistent with the relevant legislation and Codes of Practice. The Verifile Equal Opportunities and Diversity Policy is intended to assist the Company to put this commitment into practice. Compliance with this policy should also ensure that employees do not ; commit unlawful acts of discrimination.
• Wellbeing:

  Wellbeing

  Verifile champions wellbeing and mental health of its employees in many ways, reflected in our recent Investors in People (Silver) Award. ; - Wellbeing training forms part of the new starter's induction, and also the ongoing training and development for existing staff. ; - Verifile has a dedicated Wellbeing Channel MS Teams, with regular contributions from HR and Verifile's Wellbeing Champion. ; - Verifile provides a wide range of healthy drinks and snacks for office staff.; - Verifile celebrates World Mental Health Day and National Mental Health Awareness Week. ; -

Pricing

• Price: £2.50 a transaction
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: To help the UK during the Covid pandemic Verifile is offering FREE DBS Checks for emergency workers. The service is for all emergency health and social care workers supporting the NHS in providing care and treatment for the Covid-19.
• Link to free trial: https://library.verifile.co.uk/free-dbs-checks

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@verifile.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.