Amiqus Resolution Limited

Amiqus

Amiqus are the UK's most trusted compliance and onboarding platform supporting the public sector at scale. Conduct pre-employment vetting and enable staff passporting.

Amiqus is a UKGov accredited IDSP and a centralised end to end candidate and user experience, to meet all BPSS level checks.

Features

• Read E-Passports and check liveness digitally
• UK Home office accredited Digital Right to Work checks
• Politically exposed persons screening, sanctions lists and adverse media checks
• Credit report, identity and criminal record checks
• Secure document management: send, receive and store client/employee documents
• Candidate reusable Identity and document passport
• DBS checks through API with 24hr turnaround time
• Automated referencing of employment and education
• BPSS level screening checks
• Utilise two-factor authentication for greater account security

Benefits

• Keep candidate and employee data safe
• Use via browser - no downloads or installations
• Turn hours of paper-based admin into minutes of online compliance
• Demonstrate compliance to regulators and auditors
• Single point of access to a range of compliance checks
• Conduct checks remotely or in person
• Record internal decision making with platforms audit trail
• Simplify and speed up onboarding for clients and employees
• Update and engage with candidates through the identity wallet
• Customise forms and messages to be sent alongside requests

£30 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@amiqus.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

965094362755458

Contact

sales@amiqus.co
0131 5139757
sales@amiqus.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints
• System requirements:
  • Requires a connection to the Internet
  • Requires an Amiqus license to cover individual users
  • Requires that the user purchase credits upfront to conduct checks
  • Recommended to use the latest version of browser
  • Requires App download for E-Passport verification

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We endeavour to respond to queries as soon as is reasonably possible. Our official response time is one business day within the hours of 09:00 - 17:00 Monday to Friday. Weekends excluded.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Access for users and data subjects to the web chat is available from within the browser application, the widget is located in the bottom right hand corner of the screen. The options will navigate to our FAQ support section or to raise a support ticket.
• Web chat accessibility testing: No testing with assistive technology users has been conducted. This will be part of future work around the product.
• Onsite support: Yes, at extra cost
• Support levels: Amiqus uses commercially reasonable endeavours to make the service available 24 hours a day, seven days a week except when planned maintenance is required. ; The cost of our support services is included within the license fees, our pricing can be viewed at the www.amiqus.co/pricing. ; Should technical integration be required, the level of support will be dependent on the scope of the project. ; We would provide a technical account manager or cloud support engineer where applicable and dependent on size of contract. Enterprise customers have a dedicated account manager and technical integrations will be supported by engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We work hard to make our onboarding process as frictionless as possible.; ; Step 1: due diligence |; Due diligence is required for clients running identity checks or credit reports. This requires customers to provide basic information and update their privacy policies. Lead time is ~10 working days; ; If identity checks or credit reports are not required, the due diligence process is reduced to ~2 working days.; ; Step 2: account set up |; Amiqus account managers work closely with customers to ensure their account is correctly configured for use.This includes adding team members and assigning relevant permissions and utilising workflows and templates to increase efficiency.; ; Step 3: process implementation and training |; Amiqus complete training, onsite or online, to ensure customers are confident using the system and to help implement Amiqus within wider team or organisational processes.; ; Step 4: ongoing support |; Useful content is provided to customers throughout the duration of the relationship, with increased frequency during the first 8 weeks of product use, designed to help users tackle common tasks and answer frequently asked questions.; ; A help centre is available for users:https://help.amiqus.co/; ; Ongoing support is provided within the product (web chat) and via email.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Amiqus clients |; As per UK GDPR, Amiqus acts as the data processor with our customers assuming the role of the data controller. Amiqus customers can request to extract their data from Amqus, available in CSV or JSON format at any time.; ; Data subjects |; Data subjects are the customers or employees of Amiqus clients. Data subjects data is stored by Amiqus and made available to the Amiqus client until a time when asked to remove it.; ; Data subjects have a right to access, rectify or erase this information by contacting the organisation requesting the information (the Amiqus client).
• End-of-contract process: Clients can cease using the Amiqus platform, with four weeks prior notice.; ; Licence fees are calculated as a monthly cost. Credits, required to run compliance checks, are purchased and used on a 'pay as you go' basis.; ; Data is extracted and supplied to the customer at their request.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference functionality wise between the two.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Amiqus create an API client for the customer. The customer uses the API client to authorise their application using OAuth 2.0.; ; The API allows applications to create, update and get people, organisations and requests. It can also create, update, get and delete webhooks.; ; Customers are provided with a “test” team on production where they are assigned an example check type, allowing them to test their application without incurring costs or running real checks on real people.; ; The API does not allow user or team management, nor API management. Both of which must be managed via the Amiqus browser application.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can build in their own messaging/logos/templates to interact with their candidates.; ; They can also customise forms and documents to gather or share information as required

Scaling

• Independence of resources: Amiqus and its infrastructure use load balancing and auto-scaling techniques so that the service is spread evenly over the available computing resources, this also ensures that the service remains unaffected during high traffic periods by provisioning more resources when necessary.; ; As part of our onboarding process, Amiqus will work with the client to fully understand their current and future usage patterns in order to maintain the agreed level of service.

Analytics

• Service usage metrics: Yes
• Metrics types: A 'Dashboard' view is available within Amiqus and utilises usage metrics. Usage metrics are available as read only and can be personalised, allowing the user to save a preferred view based on their chosen dataset(s). Usage metrics in Amiqus show the status of requests sent, providing users with a clear overview of the status of all requests within their account.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Disclosure Scotland, DBS, TransUnion, Equifax, ComplyAdvantage, Onfido, Truelayer

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data will be displayed within the browser but can be downloaded in report format as a PDF for reference.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data is encrypted at rest using the AWS native encryption algorithms and at each stage of the verification process using modern ciphers.; ; All traffic within the AWS virtual private cloud is encrypted by default and segregated from other customers' infrastructure.

Availability and resilience

• Guaranteed availability: Amiqus shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except when any planned maintenance is required. The Client shall be given notice by email of any such planned maintenance, we make a concerted effort to schedule downtime out with normal operating hours. Services typically run at around 99% availability.
• Approach to resilience: Our service is deployed within the EU-West-1 region of the AWS global infrastructure and is spread across multiple availability zones within the region. This means that the service operates from two geographically separated data centres for maximum redundancy. Additionally, due to the nature of our deployment strategy we are capable of launching the service from any region within a short space of time, with our selected backup region being EU-WEST-2.
• Outage reporting: Notification provided by email in the event of any planned maintenance. Users are informed of any interruption to service by internal messaging system within platform.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access and searching of accounts / client data is tightly restricted to only the authorised user with enforced password standards, activity reporting and account throttling. All passwords are user generated and hashed using SHA-512 with 10,0000+ rounds and a 32 byte salt of random data. Internal temporary access to user accounts / client data by Amiqus staff is only possible through internal permissions set on a firm by firm basis by account users for purposes of resolving a technical or support query.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 10/04/2018
• What the ISO/IEC 27001 doesn’t cover: Controls A.11.1.6 (physical delivery and loading areas) and A.14.2.7 (outsourced development) are out of scope and had been excluded from audit review.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We followISO27001:2022 best practice, which ensures that we comply to various regulations regarding data protection, privacy, risk and IT governance.; ; Information is at the heart of our business and any threat to its confidentiality, integrity, or availability is a direct threat to our business. Information security applies to and is the responsibility of all our staff. All new starts receive mandatory training to review Amiqus' information security standards and their obligations under such framework. All employees are required to sign an acknowledgement of security awareness training and non-disclosure agreement.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: An extensive Information Security Manual articulates the business' approach to information security management. Configuration and change management processes are reviewed at regular intervals.; ; All changes to infrastructure are handled by using Hashicorp Terraform. The source code for these services is held within private Git repositories on Github and deployed using Jenkins. From inception to deployment all infrastructure and application code is made through Github pull requests and manually and approved by a senior member of our engineering team. This makes sure that all inconsistencies are spotted and can be traced back to their source to be fixed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Through a combination of an incident log, risk register and vulnerability scanning of both end devices and our infrastructure. Our end user devices are configured to automatically install relevant OS updates and staff are instructed to do so with all relevant software installed.; ; From an application standpoint we identify vulnerabilities via penetration testing, vulnerabilities are scored and high level ones are actioned as soon as possible with the less severe being added to the backlog.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have an end-to-end monitoring solution in place using Sensu to monitor processes on the server and also to monitor our provider’s endpoints from the application. We have AWS Cloudwatch monitoring and alerting on specific parts of the estate.; ; We monitor the health of the AWS infrastructure using their CloudTrail and GuardDuty products which alert the security operations team if there are unexpected/irregular actions taking place within our infrastructure accounts.; ; If we’re alerted to a high risk compromise, our DevOps team begins immediate investigation to determine how serious the breach is and to immediately mitigate / fix.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: A robust Incident Management procedure is in place to ensure a quick, effective and orderly response to information security incidents that ensures appropriate corrective or preventive actions, restores normal operations as quickly as possible and ensures that improvement opportunities are identified and acted upon. Evidence is collected for all information security incidents and is retained and presented for regular review.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • The Home Office (Disclosure and Barring Service)
  • Disclosure Scotland
  • Companies House

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Amiqus is a member of the Wellbeing Economy Alliance, a collaboration of organisations, alliances, movements and individuals working towards a wellbeing economy, delivering human and ecological wellbeing. Though our environmental initiatives will expand as we scale, we’re currently reducing our carbon impact through hybrid working, encouraging the use of public transport for company-wide gatherings and consciously using ethical suppliers and local catering whenever possible.

  Covid-19 recovery

  Amiqus has been supporting organisations and businesses to manage and recover from the impacts of COVID-19 since 2020, particularly where new ways of working have been needed to deliver services. In 2021, our platform saved the NHS £1.3 million worth of cost by replacing manual recruitment processes with secure, online pre-employment screening, directly enabling one of most successful COVID-19 vaccine rollouts in the UK. Before using Amiqus, NHS BSA were looking at around 3 weeks of delay just to verify identity documents and right to work due to the manual process. By using Amiqus, they were able to successfully conduct nearly 16,000; pre-employment checks across various services. This led to safely and rapidly deploying volunteer returners to front line roles for the vaccine rollout and necessary checks were completed in as little as 2 days.

  Tackling economic inequality

  Amiqus is on a mission to reinvent the delivery of regulated services and make legal help accessible. In 2021, our technology supported the pilot of ProxyAddress, demonstrating that people at risk of homelessness can gain access to vital services and opportunities into work without having a fixed address to prove their identity. When facing homelessness or the loss of a permanent address as a means of identification, those individuals are then also at risk of losing access to basic services such as benefits, bank accounts and stigma which makes employment a challenge. To tackle this problem ProxyAddress uses the vacant addresses owned by local authorities and others to connect those facing homelessness with the support they need. However, before local authorities can issue a proxy address, in accordance with the latest anti-money laundering regulation, they need a secure and reliable method of verifying the identity of the person in need of assistance. Amiqus software solves this issue.; ; Amiqus helps our clients improve resilience, capacity and productivity by using digital technology to streamline and improve internal processes to maximise efficiency. We’re certified to Cyber Essentials Plus and ISO 27001, and we’re working towards alignment with NIST frameworks, including Cyber Security and Risk Management as part of our focus to scale safely and sustainably.

  Equal opportunity

  Amiqus is a proud participant of Purple Tuesday, an initiative that focuses on improving the customer experience for disabled people. We’re committed to improving the accessibility of our platform with the help of AbilityNet, a leading UK charity that focuses on accessibility for disabled people, through working to meet Web Content Accessibility Guidelines (WCAG) 2.1.; ; Since 2022, we’ve partnered with Black Professionals United Kingdom (BPUK) to offer annual internships at Amiqus. BPUK empower Black ethnic minority professionals to excel across sectors, and help organisations like ours build diverse and inclusive workplaces. All of our interns thus far have since taken up full time, permanent employment at Amiqus. ; ; We’re committed to people progression across the board which is why all Amiqus employees have access to twelve ‘development days’ every year for learning, training and professional development, enabled by an annual personal development budget.

  Wellbeing

  Amongst the many social and wellbeing initiatives at Amiqus the most significant is our Mental Health First Aid Directory. All line managers at Amiqus are required to qualify as Mental Health First Aiders (MHFAs) and a directory of qualified line managers is provided to all employees so that anyone can choose who they feel most comfortable speaking to in confidence. MHFAs are trained how to recognise some of the common signs of mental ill health in others, listen to those who approach them for help and take appropriate action during a mental health emergency. We also provide all our employees with various health benefits, including private medical, mental health support, and critical illness cover. ; ; As one of the UK’s fastest-growing technology companies, we have an opportunity to set a new model for how the private sector supports and engages with the third sector through sustainable and repeatable private-sector fundraising. That’s why Amiqus has committed to a three-year strategic partnership with the Scottish Refugee Council (SRC) to fundraise £100k+, as opposed to just one-off, ad hoc fundraising. The SRC provides practical support and advice to refugees and asylum seekers, assisting some of the most financially and socially vulnerable people seeking safety and starting a new life in Scotland. By fundraising for the SRC we can support some of the most vulnerable people in society who often experience the greatest difficulty accessing vital financial or digital services. This goal aligns with our mission to reinvent the delivery of regulated services and make legal help accessible, and is fully supported by both our board and investors. By engaging in the partnership, we’re also learning how our products and services can be improved and made more accessible to help vulnerable groups, as well as strengthening our commitment to ESG (environmental, social and corporate governance).

Pricing

• Price: £30 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@amiqus.co. Tell them what format you need. It will help if you say what assistive technology you use.