Employment check Online DBS Ebulk Solution
From as little as £2.50 per check, Employmentcheck is an online solution for DBS and Basic Disclosures provided by Cantium Business Solutions.
Delivering white box SaaS solutions or an established Umbrella Body service that will countersign applications on your behalf; we have the right solution for you.
- Online application, ID and submission process
- Unlimited DBS checks
- Accessible 24/7
- Auto-validation of data
- Supported by a team of experts
- Integrated external ID verification tool
- Fully hosted, maintained and compliant system
- Integrated online payment option
- Comprehensive reporting suite
- Error free applications
- Quicker turn around
- Supportive help desk available
- Quick and easy on boarding process
- Tablet and mobile friendly
- Umbrella Body and customised e-Bulk services available
£2.50 per unit
- Education pricing available
Cantium Business Solutions
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
The only requirement to access and benefit from the Employmentcheck system is access to an internet browser and internet connection.
Any maintenance required to the system is actioned out of hours where ever possible.
The system is designed to comply with the DBS and MOJ specification and therefore wide scale changes or development relating to the Technology Code of Practice would only be made with consideration of these specifications and mandatory requirements and the impact to our existing customer base
|Email or online ticketing support||Email or online ticketing|
|Support response times||Our dedicated helpdesk is available Monday to Friday 8.30am - 5pm. Response times may vary based on the nature of the enquiry.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
Access to our team of DBS experts via our helpdesk.
Webinar training for new onboarding customers
Guidance notes provided with new customer training
|Support available to third parties||No|
Onboarding and offboarding
We provide a webinar training session for all new customers and guidance notes.
Customers taking our Umbrella Body Plus and Ebulk SaaS solution will receive onsite training and comprehensive user documentation.
|Other documentation formats||
|End-of-contract data extraction||
The system automatically purges any personal and sensitive data 6 months after a completed check has been archived by your admin users. This is to ensure the system adheres to the DBS codes of practice for the retention of personal and sensitive data.
Users can also run and download comprehensive reports containing a broad range of data sets through the system at any time including when the contract ends.
Included in our Umbrella Body Service:
New customer webinar training session with guidance notes.
Access to our supportive DBS helpdesk. Available Mon - Fri 8.30am - 5.00pm.
Applicants ability to track their disclosures. Standard reporting suite.
Additional chargeable services:
Customised homepage options.
Bespoke report requirements.
Video training sessions.
Bespoke training services.
Create your own branded online DBS system (contact for further information)
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The system is supported in a number of common browsers including Internet Explorer 6 and upwards, Chrome, Firefox, Safari and mobile versions of these browsers through IOS, Windows and Android devices. The Employmentcheck site is successfully viewed across all these interfaces. We are also currently rolling out a full site rebuild that will ensure we are mobile optimised and responsive to viewing from all devices|
|Description of customisation||
Customers can request a customised homepage that allows them to select colours, images and content to reflect their brand and tone of voice.
Umbrella Body Plus and Ebulk customers are also provided with the ability to customise the set up of their system, user profiles and reporting functionality
|Independence of resources||The resources needed to onboard new customers are relatively low and once onboard the system is designed to encourage self-sufficiency. All customers are provided with a training session that enables them to feel confident in navigating around the system and our supportive DBS team are on hand to answer any queries. In terms of countersigning an application, the system is designed to check and submit applications on mass enabling us to increase demand without impacting our customers' experience.|
|Service usage metrics||Yes|
Umbrella body customers are able to run service usage reports directly from the system as standard.
Ebullient customers are also provided a monthly KPI pack containing benchmarked MI against the system totals/averages to help refine processes and best practice.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Other|
|Other data at rest protection approach||
All data is stored in our data centre. Our Hosting Providers data centre is built to Tier III standards.
Physical Site Security
24x7 On site security.
Multiple zone anti-pass-back.
Swipe cards, PIN and Biometric controls on secure zones.
Visitors and External staff escorted at all times
90 day retention HD CCTV provision with IR and Motion detection sensors.
The datacentre is fully within scope of ISO/IEC 27001
The datacentre, while not formally certified is designed and constructed to meet or exceed Tier 3 rating under ANSI-TIA 942 standards. The facility scores on average 3.39 against all measures.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Select our Umbrella Body service and you will receive access to a range of standard reports which include a billing statement report for easy invoice reconciliation and bespoke reports can be requested but may incur an additional charge to create.
Choose our ebulk solution and your organisation will have access to a comprehensive suite of standard reports prebuilt into the Employmentcheck system as well as access to a bespoke report writer which allows you to create customisable reports from nearly every field within the system.
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Employmentcheck.org.uk will commit to the following:
Access to our supportive DBS helpdesk by telephone or email Monday - Friday 9am - 5pm.
Enable secure access to employmentcheck.org.uk for up to 5 designated administrative staff, allowing you to manage your DBS checks online.
To provide a webinar training session of up to two hours for your administrators; to ensure they are adequately trained on how to use the system.
To adhere to the DBS Code of Practice at all times.
A robust complaint procedure where we endeavour to rectify any problems caused and respond to your correspondence within five working days.
Where we are unable to meet the proposed five day deadline, if for example further investigation is required, we will contact you to inform you of progress of your complaint and agree a completion date with you.
|Approach to resilience||
The system is fully hosted on a dedicated server located in our subcontractor's datacentre. Our hosting provider are an ISO27001 certified datacentre who were procured in line with the requirements set out by the DBS and MOJ. Our hosting provider is ISO 9001, 2000 and 27001 certified and are audited on an annual basic by both external independent quality assessors and by Vendor partners. The system undergoes regular penetration testing in line with ISO 27001 compliance.
System backups are performed nightly and incrementally with our hosting provider performing regular IT health checks on their infrastructure and security infrastructure, which includes network availability, disk space, RAID array health, load and memory usage. They also carries out network penetration tests as part of independent IT Health Checks.
Further information is available on request
|Outage reporting||Through our dedicated account management team we will notify users of service interruptions/outages via email and messages on our Employmentcheck website.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access to data on the system is tightly controlled and only authorised personnel have access to the data/information. The database itself is password protected. Employmentcheck is hosted upon dedicated servers which are utilised for no other purpose than for the Employmentcheck system. The Employmentcheck system records and time, date and user stamps the access to all records within the system and therefore offers a clear audit trail to correlate with any security events. Protective monitoring of the system is undertaken by Cantium’s hosting company who will notify Cantium of any issues.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||06/02/2019|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Cantium employees undergo the required levels of vetting suitable for the role in which they undertake.
All employees undergo a induction program which includes Information Governance training. All staff are also aware of the company’s data protection, information governance and GDPR policies which details all staffs responsibilities when handling information and must adhere to this at all times.
E learning on Information governance and Data protection is available to all staff and is refreshed on an annual basis. Sub Contractor services are procured using OJEU procurement rules and require that sub-contractors adhere to at least the same standards of system and data management as Cantium requires of itself.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Our web development provider works to a strict change control process requiring authorisation before any new patches or software developments are applied to the system. Alterations or changes to the system software are performed in conjunction and consultation with Cantium. Customers are informed of upcoming alterations to the system in advance to ensure that they are aware of any upcoming changes to the system from a software development perspective. All customers are notified of planned maintenance in advance and current server uptime for has been tracked at 99.99%|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device) and runs nod32 security for Linux antivirus software which is updated every ten minutes.
The DBS eBulk server is patched on a monthly basis. A full backup is taken prior to any patch installation, and changes are moved from one environment to the next via a formal sign-off process. At each stage authorisation is required before patches are tested and then applied. Release is only permitted following successful testing and sign-off. The deployment occurs out of hours wherever possible
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device) and runs nod32 security for Linux antivirus software which is updated every ten minutes. The system is managed and maintained by both Kent County Council internal systems development team support by our support sub contractor . Cantium monitors the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Cantium have a Information Security Incident Protocol with assisting flowcharts to advise staff of correct procedure.
Cantium will manage any system incidents, recording and investigating them thoroughly before taking the required measures to resolve them.
Should a security incident or risk be identified with an associated (i.e. not directly connected) supplier offering an internal service which has any chance of posing a risk to Employmentcheck services then this must also be reported.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£2.50 per unit|
|Discount for educational organisations||Yes|
|Free trial available||No|