uComply Limited

Right to Work and Digital onboarding

Digitise your Right to Work, onboarding and provide a self service solution for recruiting new employees whilst remaining compliant with your own recruitment processes. Fully customisable to ensure all your workforce are onboarded correctly in accordance with your procedures.

Features

Right to Work compliance
Digital ID
Onboarding of staff
Compliance with health and safety and risk assessments of staff
Remote recruitment of staff with self service
Portal/Dashboard with real time reporting
Storage of recruitment critical documentation including expiry alerts
Digitise paper based processes and API's are available to extract
Available on Mobile devices to be used in the field
Capture workers signature/consent to help comply with GDPR

Benefits

Ensure recruitment compliance with Home Office Right to Work guidance
Permit the onboarding of remote workers using Digital ID
Ensure all recruitment steps are followed by hiring managers
Consent obtained from workforce for information held in the cloud
Send reports of expiring/expired documents to users
Reduce paper and time spent on face to face activities
Provide management with an overview of their recruitment process
Reduce the risk of illegal working or non-compliant workers
Increase efficiency in the onboarding process
User access controlled using profiles on need to know basis

£0.90 a unit

Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kim-marie.freeston@ucomply.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

uComply Limited Kim-Marie Freeston
Telephone: 01707802891
Email: kim-marie.freeston@ucomply.co.uk

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Products are in line with current supported software platforms.
If maintenance is required notice is given to all users
System requirements: Mobile devices need to run on supported operating systems

User support

Email or online ticketing support: Email or online ticketing
Support response times: SLA is to acknowledge within 4 hours and respond within 24 hours during weekday 9-5.30
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Included
For all requests acknowledgement of the query within 1 hour
Software issue respond within 4 hours, we aim to resolve within 24 hours at weekends resolution is the next working day
Scanning document query – Customer to send using inbuilt features to the Supplier, response within 4 hours

Chargeable
Training £495 per session
Support - Customer requests site visit for a virtually solvable solution or where customer states the software is at fault and it is not then the charge is £295 for the half day and £500 for a full day (incl. travel time) and accommodation and subsistence costs (where appropriate)
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We provide a minimum of PDF documentation. We are introducing videos in some of the products and this will continue to be development. Where requested we can provide online or onsite training
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: Users are given a time period (length depending upon the size of the contract) to download - they can do so by individual records or use our CSV extraction tool or if they have access consuming our API
End-of-contract process: We will provide a time period for the users to extract information stored - if there is an element that it highly customised we will charge on a time and materials basis to code a solution.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: Yes
Compatible operating systems: Android

IOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The mobile can perform authentication of documents by using the NFC capabilities of the device
Service interface: No
User support accessibility: None or don’t know
API: Yes
What users can and can't do using the API: We have an open API for customers to consume for integration (with no charge from ourselves). Details available on Postman or Swagger. Customer will need to be credentialised by the supplier to utlise the API.
However, if the API needs a bespoke interface for third party solutions it would be on a time and materials basis.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Customers can customise
Logos, elements of wording using the functionality provided

Supplier can customise elements like style sheets, form designs or even create a white labelled solution for the customer

Scaling

Independence of resources: We maintain a strict regime of quality control during our deployment and monitoring of our service response times. Our platform is hosted with automatic scaling enabled

Analytics

Service usage metrics: Yes
Metrics types: Dashboard with status monitoring
Reporting types: Real-time dashboards

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: Less than once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Either by individual records or using our built in CSV export
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Suppliers cloud solution is available 24/7 except where we notify the users of downtime - if this is not achieved (through a fault of our solution) the limit of liability is the licence fee - full details available in the liability clause of the contract
Approach to resilience: Available on request
Outage reporting: Supplier dashboard

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: All users are assigned with profiles which determine the level of access that they have to the records stored. These are controlled by the supplier upon instruction from the authorised Customer.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Alcumus ISOQAR
ISO/IEC 27001 accreditation date: 21/10/2020
What the ISO/IEC 27001 doesn’t cover: A.11.1.6
A.8.2.2
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Policies are enforced through regular management reviews and ISO 9001/27001 audits. Specifically utilising our Information Security Management System (ISMS)

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Our development processes are managed through our secure development policy and through both internal/external pen testing. New developments go through rigorous controlled steps before release with Development unit testing, UAT and senior management sign off before our production environments are affected. All this is overseen by our ISO27001 Swat/pestle and continuous improvement logs right through to incident reporting
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Supplier adheres to ISO27001 standards utilising our Information Security Management System. Our Technical director has full oversight of our end point security and ensures that we have the most recent updates/patches installed on our devices. They also assess the market to ensure that we have the most appropriate levels of security in place.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: As per our ISO27001 standards we have incident management process in place and depending upon severity the response could be immediate through to being logged as an improvement required - all are recorded in our continuous improvement log which is reviewed at management meetings.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: As per our ISO27001 standards we have incident management process in place and depending upon severity the response could be immediate through to being logged as an improvement required - all are recorded in our continuous improvement log which is reviewed at management meetings.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Pricing

Price: £0.90 a unit
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Vanilla fully functional - limited by number of users / scans without customisation

Service documents

Request an accessible format

Cookies on Digital Marketplace

Right to Work and Digital onboarding

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents