Cornerstone OnDemand

TalentLink - ATS, Recruitment & Onboarding for Public Sector

TalentLink is an Applicant-Tracking System used by organisations to support end-to-end recruiting process: job approvals/ posting, social media integration, career site development, online applications, selection process management including shortlisting, assessment integration, interview scheduling, offers, contract generation and onboarding.Our solutions are tightly integrated with the addition of Talespin, virtual reality learning.

Features

• Applicant tracking, candidate management, recruitment and campaign management
• Job requisition & approval management
• Job distribution and job board posting
• Career sites, configurable application processes & CV parsing
• Talent Pooling, pipeline management & candidate search and match
• Manager Self Service including dedicated dashboards & online short-listing
• Interview management, Offer & contract generation
• Creation of engaging pre and on-boarding experiences
• Interactive recruitment metric dashboards and ad-hoc reporting

Benefits

• Deliver streamlined engaging experiences for candidates and your hiring team
• Match candidates to roles based on their interests and skills
• Reduce bias throughout hiring process, ensure data privacy and security
• Easily manage complex talent ecosystems with flexible configurations
• Collaborative candidate management for hiring managers and recruiters
• Create engaging, personalised, onboarding experiences to support your employer brand
• Streamline manual tasks throughout the hiring process with AI recommendations
• Permanent and contract candidate management plus in-built e-timesheets
• Automated recommendations for the sourcing, interview, and offer stages
• Pre-built calendar integration for easy scheduling

£5.00 to £8.60 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spsmith@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

974242246597651

Contact

Stuart Smith
07534853811
spsmith@csod.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Our TalentLink recruitment and onboarding service is part of our wider integrated Human Capital Management suite. This includes both Learning, Talent Management and Talent Acquisition (Recruiting and Onboarding). Customers are able to procure TalentLink without the need to procure other modules from the suite.
• Cloud deployment model: Private cloud
• Service constraints: Standard customer support is provided to UK customers between the hours of 8 - 6 pm Monday to Friday.
• System requirements:
  • Users need access to the internet
  • Recruitment annual licensing is based on the number of employees
  • Onboarding annual licensing is based on number of new hires

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times vary depending on severity level:; For cases raised as 'Critical' Saba Lumesse will respond within 1 (one) hour.; For cases raised as 'Severe' Saba Lumesse will respond within 2 (two) Support Hours.; For cases raised as 'Major' Saba Lumesse will respond within 1 (one) Support Day.; For cases raised as 'Minor' Saba Lumesse will respond within 2 (two) Support Days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer 3 levels of support to our customers:; Access to Customer Support - included as standard; The team will act as the primary point of contact for the status of Support Cases/Incidents as well as work requests.; Customer Success - additional paid for service; These consultants work with customers to understand their unique recruitment and onboarding KPIs, they go onto to partner with them to ensure that TalentLink is configured to get the best return on their investment, as well as ensure they meet their strategic objectives. ; Account Manager - included as standard; Your Account Manager will fully understand your contract & commercial terms and conditions. They will work with you throughout the lifetime of the contract on both a strategic and tactical level to ensure you are making the most of your investment with us.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: TalentLink's commercial-grade User Experience/ User Interface has been purposely designed to be as intuitive and as simple to use as possible. It, therefore, requires minimal training to get users up and running. To support users further we offer 'walkthroughs' for key aspects/actions within the solution e.g. Creating a new vacancy. These 'Walkthroughs' guide users through each step in the process, allowing them to easily follow the process with clear guidance appearing on the screen when needed. We offer administrator training as part of the agile implementation process for TalentLink, We are also able to provide additional paid for training both on and offline (onsite/face to face). Formal courses offered include content specific to administrators/super-users, recruiters and hiring managers. If the customer would like to have us deliver or create a customized workshop or Train-the-Trainer program, we would welcome that discussion and offer further scoping based on their business needs. We provide an extensive library of educational resources – at no additional charge - to help new users navigate the system and become familiar with the user interface. We also provide detailed customer webinars with each new product release and these are backed up with updated documentation available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On request and at a cost, we are able to provide an extract of customer data provided within our standard template. Bespoke data extracts can also be provided, again at a cost.
• End-of-contract process: Once notice has been provided, in accordance with the contractual terms, the Account Manager will notify Operations that the customer is due to terminate. We will set up a call to discuss the data extract requirement. On the date of the contract termination, your career site will be taken down. Once the data extract has been provided, our Operations Team will then switch off the application and remove all of the customers data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: From the applicants perspective, the entire front office career site experience including the application process is mobile responsive. This allows applicants to apply from any device and is completely frictionless. In terms of the back office, most screens are also mobile responsive. We also offer a useful app for Hiring Managers and Recruiters that is available to download in both Google Play and Apple App Stores, which allows users to undertake common recruitment tasks quickly including the approval of requisitions, CV/Application reviews including the ability to proceed or reject candidates as well as interview invitations.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: What users can and can't do using the API Through our Edge API Explorer, customers can browse and learn about product specific APIs (web services) to easily help connect their systems to Cornerstone and design data driven applications and external reports. Client developers have access to a code repository and all the API technical documentation needed to create custom integrations. Cornerstone’s API was designed to simplify how clients can connect their applications with our system. With ease in mind, Cornerstone has developed our API based on the REST protocol. Our library of web services can be reviewed online: https://csod.dev/
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customer specific customisations are achieved via the solutions extensive in-built configuration toolkit. The majority of the solution can be configured to meet each specific customer requirement e.g. branding, organisational structure, user roles and rights, end-to-end recruiting and onboarding workflows, communication templates, lists of values, the addition of custom fields etc. Named customer super users have the same level of access to configure the solution as our own consultants. The configuration is undertaken via the solutions simple and intuitive configuration screens within the back-office of the platform. This is a non-technical task for customer super-users. Access to these screens is controlled via the platforms comprehensive user roles and rights.

Scaling

• Independence of resources: TalentLink can scale to support very high user volumes. The auto-scaling capabilities of AWS are used to expand key components of the service as load increases or in the event of component failure. This headroom is continually being monitored by our infrastructure and applications monitoring tools.

Analytics

• Service usage metrics: Yes
• Metrics types: We are able to provide monthly metrics to customers on service availability, open cases, cases closed, the number of users in the system, jobs created, applications made as well as any other service metric KPI's customers may require.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Exports can be provide in a excel or CSV file. You can also export data via an API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our SLA (refer to our Service Description document attached) provides for refunds at the following service availability levels:; • Monthly Availability Achieved Service Credit; • between 99.8 and 99.89 % 3 %; • between 97 and 99.79 % 6 %; • between 96 and 96.99 % 9 %; • between 95 and 95.99 % 12 %; • less than 95 % 15 %; • less than 90 % 40 %
• Approach to resilience: Available on request.
• Outage reporting: E-mail alert notifications are sent out to all emergency customer contacts. An alert would also be posted on our customer portal, and all of our Account Managers would be informed in order that they are able to pro-actively begin contacting impacted customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: TalentLink has a two factor authentication we are also able to limit access to the Back Office of TalentLink via registered IP addresses.
• Access restrictions in management interfaces and support channels: TalentLink has a number of user profiles which relate to the type of data a user can access within the tool. Access to the support portal is restricted to individuals who have received our training and have a customer portal account.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 4/11/2021and runs through to 17/6/2023
• What the ISO/IEC 27001 doesn’t cover: Available upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Annual SOC-1 Audit Report

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 27001; ISO/IEC 27701; ISO/IEC 22301 ; SOC II Certification
• Information security policies and processes: We have implemented a control framework based upon market standards as ISO27001/2, CobIT, ITIT. The effective of this control framework is audited by LRQA and PwC and evidenced in the form of the ISO 27001 certificate. We have Chief Privacy Officer / Data Protection Officer who works with all departments to ensure the framework is robustly adhered to.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are tested prior to implementation by the internal QC team. This consists of several tests : ; • Functionality ; • Regression – delivered product does not negatively impact the current system; • Compatibility with supported browsers; • Multilingual; • Performance maintains SLA criteria; • User-friendly interface; • Security issue free.; The results are analysed and all testing stages are validated against acceptance criteria. This process is continuously enhanced by applying the improvement actions and lessons learned during the tests of each release. This continuous improvement is embedded in our software lifecycle process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We undertake continuous risk assessments. Information is gathered from different sources. Controls are implemented to address these. Internal teams do regular vulnerability assessments. An independent penetration test is done on an annual basis. Patches can be deployed within 24 hours if deemed absolutely necessary. Typically after each release, there is a maintenance release and patches for bug-fixing.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: How we identify:; Host Intrusion Detection Systems (HIDS) ; AWS Shield and AWS Guard duty ; DDOS protection and intelligent threat detection; Third-party scanning of application and infrastructure ; OWASP ZAP is built-in the deployment process. ; ; How we respond:; Each line of modified code is reviewed by at least one more person. The vulnerability management process consists of a formal review of any findings to determine appropriate action. ; Actions are added to our JIRA issue management workflow tool and corrections worked through our SDLC. ; ; Response:; We can install a corrected version of the software within 4-hours after preparing necessary correction to the code.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cornerstone maintains a Security Incident Response Policy and an Incident Management Standard Operating Procedure (SOP) to organize resources to respond in an effective and efficient manner to an adverse event related to the safety and security of a computer resource under Cornerstone’s management. An adverse event may be malicious code attack, unauthorized access to Cornerstone managed networks or systems, unauthorized utilization of Cornerstone services, denial of service attack, or general misuse of systems. The plan clearly defines the appropriate steps and processes in communication. Impacted clients are notified within 24 hours of an identified issue.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Cornerstone strives to have a positive environmental impact, operate in a sustainable and ethical way, and bring a social conscience to all business decisions, with the well-being of people and the planet at the center. We maintain an Environmental, Social, Governance (ESG) Policy that details our commitment to responsible business practices. Cornerstone’s ESG Committee is responsible for the oversight of all ESG matters. Reporting to the Head of Social Impact, Cornerstone has an ESG Manager who manages day-to-day ESG operations. For more details, please see https://www.cornerstoneondemand.com/legal/

Pricing

• Price: £5.00 to £8.60 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spsmith@csod.com. Tell them what format you need. It will help if you say what assistive technology you use.