Cantium Business Solutions

Employment check Online DBS Ebulk Solution

From as little as £2.50 per check, Employmentcheck is an online solution for DBS and Basic Disclosures provided by Cantium Business Solutions.

Delivering white box SaaS solutions or an established Umbrella Body service that will countersign applications on your behalf; we have the right solution for you.

Features

  • Online application, ID and submission process
  • Unlimited DBS checks
  • Accessible 24/7
  • Auto-validation of data
  • Supported by a team of experts
  • Integrated external ID verification tool
  • Fully hosted, maintained and compliant system
  • Integrated online payment option
  • Comprehensive reporting suite

Benefits

  • Error free applications
  • Quicker turn around
  • Supportive help desk available
  • Quick and easy on boarding process
  • Tablet and mobile friendly
  • Umbrella Body and customised e-Bulk services available

Pricing

£2.50 per unit

  • Education pricing available

Service documents

G-Cloud 11

182181655950675

Cantium Business Solutions

Bids Cantium

03000412187

bids@cantium.solutions

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The only requirement to access and benefit from the Employmentcheck system is access to an internet browser and internet connection.

Any maintenance required to the system is actioned out of hours where ever possible.

The system is designed to comply with the DBS and MOJ specification and therefore wide scale changes or development relating to the Technology Code of Practice would only be made with consideration of these specifications and mandatory requirements and the impact to our existing customer base
System requirements
  • Internet connection
  • Compatible web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our dedicated helpdesk is available Monday to Friday 8.30am - 5pm. Response times may vary based on the nature of the enquiry.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Access to our team of DBS experts via our helpdesk.
Webinar training for new onboarding customers
Guidance notes provided with new customer training
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a webinar training session for all new customers and guidance notes.

Customers taking our Umbrella Body Plus and Ebulk SaaS solution will receive onsite training and comprehensive user documentation.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Hardcopy
  • Word
End-of-contract data extraction The system automatically purges any personal and sensitive data 6 months after a completed check has been archived by your admin users. This is to ensure the system adheres to the DBS codes of practice for the retention of personal and sensitive data.

Users can also run and download comprehensive reports containing a broad range of data sets through the system at any time including when the contract ends.
End-of-contract process Included in our Umbrella Body Service:
New customer webinar training session with guidance notes.
Access to our supportive DBS helpdesk. Available Mon - Fri 8.30am - 5.00pm.
Applicants ability to track their disclosures. Standard reporting suite.

Additional chargeable services:
Customised homepage options.
Bespoke report requirements.
Video training sessions.
Bespoke training services.
Create your own branded online DBS system (contact for further information)

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The system is supported in a number of common browsers including Internet Explorer 6 and upwards, Chrome, Firefox, Safari and mobile versions of these browsers through IOS, Windows and Android devices. The Employmentcheck site is successfully viewed across all these interfaces. We are also currently rolling out a full site rebuild that will ensure we are mobile optimised and responsive to viewing from all devices
API No
Customisation available Yes
Description of customisation Customers can request a customised homepage that allows them to select colours, images and content to reflect their brand and tone of voice.

Umbrella Body Plus and Ebulk customers are also provided with the ability to customise the set up of their system, user profiles and reporting functionality

Scaling

Scaling
Independence of resources The resources needed to onboard new customers are relatively low and once onboard the system is designed to encourage self-sufficiency. All customers are provided with a training session that enables them to feel confident in navigating around the system and our supportive DBS team are on hand to answer any queries. In terms of countersigning an application, the system is designed to check and submit applications on mass enabling us to increase demand without impacting our customers' experience.

Analytics

Analytics
Service usage metrics Yes
Metrics types Umbrella body customers are able to run service usage reports directly from the system as standard.

Ebullient customers are also provided a monthly KPI pack containing benchmarked MI against the system totals/averages to help refine processes and best practice.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach All data is stored in our data centre. Our Hosting Providers data centre is built to Tier III standards.

Physical Site Security
24x7 On site security.
Multiple zone anti-pass-back.
Swipe cards, PIN and Biometric controls on secure zones.
Visitors and External staff escorted at all times
90 day retention HD CCTV provision with IR and Motion detection sensors.
The datacentre is fully within scope of ISO/IEC 27001
The datacentre, while not formally certified is designed and constructed to meet or exceed Tier 3 rating under ANSI-TIA 942 standards. The facility scores on average 3.39 against all measures.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Select our Umbrella Body service and you will receive access to a range of standard reports which include a billing statement report for easy invoice reconciliation and bespoke reports can be requested but may incur an additional charge to create.

Choose our ebulk solution and your organisation will have access to a comprehensive suite of standard reports prebuilt into the Employmentcheck system as well as access to a bespoke report writer which allows you to create customisable reports from nearly every field within the system.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Employmentcheck.org.uk will commit to the following:
Access to our supportive DBS helpdesk by telephone or email Monday - Friday 9am - 5pm.
Enable secure access to employmentcheck.org.uk for up to 5 designated administrative staff, allowing you to manage your DBS checks online.
To provide a webinar training session of up to two hours for your administrators; to ensure they are adequately trained on how to use the system.
To adhere to the DBS Code of Practice at all times.
A robust complaint procedure where we endeavour to rectify any problems caused and respond to your correspondence within five working days.
Where we are unable to meet the proposed five day deadline, if for example further investigation is required, we will contact you to inform you of progress of your complaint and agree a completion date with you.
Approach to resilience The system is fully hosted on a dedicated server located in our subcontractor's datacentre. Our hosting provider are an ISO27001 certified datacentre who were procured in line with the requirements set out by the DBS and MOJ. Our hosting provider is ISO 9001, 2000 and 27001 certified and are audited on an annual basic by both external independent quality assessors and by Vendor partners. The system undergoes regular penetration testing in line with ISO 27001 compliance.

System backups are performed nightly and incrementally with our hosting provider performing regular IT health checks on their infrastructure and security infrastructure, which includes network availability, disk space, RAID array health, load and memory usage. They also carries out network penetration tests as part of independent IT Health Checks.

Further information is available on request
Outage reporting Through our dedicated account management team we will notify users of service interruptions/outages via email and messages on our Employmentcheck website.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to data on the system is tightly controlled and only authorised personnel have access to the data/information. The database itself is password protected. Employmentcheck is hosted upon dedicated servers which are utilised for no other purpose than for the Employmentcheck system. The Employmentcheck system records and time, date and user stamps the access to all records within the system and therefore offers a clear audit trail to correlate with any security events. Protective monitoring of the system is undertaken by Cantium’s hosting company who will notify Cantium of any issues.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 06/02/2019
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Cantium employees undergo the required levels of vetting suitable for the role in which they undertake.

All employees undergo a induction program which includes Information Governance training. All staff are also aware of the company’s data protection, information governance and GDPR policies which details all staffs responsibilities when handling information and must adhere to this at all times.

E learning on Information governance and Data protection is available to all staff and is refreshed on an annual basis. Sub Contractor services are procured using OJEU procurement rules and require that sub-contractors adhere to at least the same standards of system and data management as Cantium requires of itself.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our web development provider works to a strict change control process requiring authorisation before any new patches or software developments are applied to the system. Alterations or changes to the system software are performed in conjunction and consultation with Cantium. Customers are informed of upcoming alterations to the system in advance to ensure that they are aware of any upcoming changes to the system from a software development perspective. All customers are notified of planned maintenance in advance and current server uptime for has been tracked at 99.99%
Vulnerability management type Supplier-defined controls
Vulnerability management approach The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device) and runs nod32 security for Linux antivirus software which is updated every ten minutes.
The DBS eBulk server is patched on a monthly basis. A full backup is taken prior to any patch installation, and changes are moved from one environment to the next via a formal sign-off process. At each stage authorisation is required before patches are tested and then applied. Release is only permitted following successful testing and sign-off. The deployment occurs out of hours wherever possible
Protective monitoring type Supplier-defined controls
Protective monitoring approach The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device) and runs nod32 security for Linux antivirus software which is updated every ten minutes. The system is managed and maintained by both Kent County Council internal systems development team support by our support sub contractor . Cantium monitors the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system
Incident management type Supplier-defined controls
Incident management approach Cantium have a Information Security Incident Protocol with assisting flowcharts to advise staff of correct procedure.

Cantium will manage any system incidents, recording and investigating them thoroughly before taking the required measures to resolve them.
Should a security incident or risk be identified with an associated (i.e. not directly connected) supplier offering an internal service which has any chance of posing a risk to Employmentcheck services then this must also be reported.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2.50 per unit
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑