Cantium Business Solutions

Employment check Online DBS Ebulk Solution

From as little as £2.50 per check, Employmentcheck is an online solution for DBS and Basic Disclosures provided by Cantium Business Solutions.

Delivering white box SaaS solutions or an established Umbrella Body service that will countersign applications on your behalf; we have the right solution for you.

Features

  • Online application, ID and submission process
  • Unlimited DBS checks
  • Accessible 24/7
  • Auto-validation of data
  • Supported by a team of experts
  • Integrated external ID verification tool
  • Fully hosted, maintained and compliant system
  • Integrated online payment option
  • Comprehensive reporting suite

Benefits

  • Error free applications
  • Quicker turn around
  • Supportive help desk available
  • Quick and easy on boarding process
  • Tablet and mobile friendly
  • Umbrella Body and customised e-Bulk services available

Pricing

£2.50 per unit

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

1 8 2 1 8 1 6 5 5 9 5 0 6 7 5

Contact

Cantium Business Solutions

Bids Cantium

03000411115

bids@cantium.solutions

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
The only requirement to access and benefit from the Employmentcheck system is access to an internet browser and internet connection.

Any maintenance required to the system is actioned out of hours where ever possible.

The system is designed to comply with the DBS and MOJ specification and therefore wide scale changes or development relating to the Technology Code of Practice would only be made with consideration of these specifications and mandatory requirements and the impact to our existing customer base
System requirements
  • Internet connection
  • Compatible web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our dedicated helpdesk is available Monday to Friday 8.30am - 5pm. Response times may vary based on the nature of the enquiry.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Access to our team of DBS experts via our helpdesk.
Webinar training for new onboarding customers
Guidance notes provided with new customer training
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide a webinar training session for all new customers and guidance notes.

Customers taking our Umbrella Body Plus and Ebulk SaaS solution will receive onsite training and comprehensive user documentation.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Hardcopy
  • Word
End-of-contract data extraction
The system automatically purges any personal and sensitive data 6 months after a completed check has been archived by your admin users. This is to ensure the system adheres to the DBS codes of practice for the retention of personal and sensitive data.

Users can also run and download comprehensive reports containing a broad range of data sets through the system at any time including when the contract ends.
End-of-contract process
Included in our Umbrella Body Service:
New customer webinar training session with guidance notes.
Access to our supportive DBS helpdesk. Available Mon - Fri 8.30am - 5.00pm.
Applicants ability to track their disclosures. Standard reporting suite.

Additional chargeable services:
Customised homepage options.
Bespoke report requirements.
Video training sessions.
Bespoke training services.
Create your own branded online DBS system (contact for further information)

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The system is supported in a number of common browsers including Internet Explorer 6 and upwards, Chrome, Firefox, Safari and mobile versions of these browsers through IOS, Windows and Android devices. The Employmentcheck site is successfully viewed across all these interfaces. We are also currently rolling out a full site rebuild that will ensure we are mobile optimised and responsive to viewing from all devices
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Customers can request a customised homepage that allows them to select colours, images and content to reflect their brand and tone of voice.

Umbrella Body Plus and Ebulk customers are also provided with the ability to customise the set up of their system, user profiles and reporting functionality

Scaling

Independence of resources
The resources needed to onboard new customers are relatively low and once onboard the system is designed to encourage self-sufficiency. All customers are provided with a training session that enables them to feel confident in navigating around the system and our supportive DBS team are on hand to answer any queries. In terms of countersigning an application, the system is designed to check and submit applications on mass enabling us to increase demand without impacting our customers' experience.

Analytics

Service usage metrics
Yes
Metrics types
Umbrella body customers are able to run service usage reports directly from the system as standard.

Ebullient customers are also provided a monthly KPI pack containing benchmarked MI against the system totals/averages to help refine processes and best practice.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
All data is stored in our data centre. Our Hosting Providers data centre is built to Tier III standards.

Physical Site Security
24x7 On site security.
Multiple zone anti-pass-back.
Swipe cards, PIN and Biometric controls on secure zones.
Visitors and External staff escorted at all times
90 day retention HD CCTV provision with IR and Motion detection sensors.
The datacentre is fully within scope of ISO/IEC 27001
The datacentre, while not formally certified is designed and constructed to meet or exceed Tier 3 rating under ANSI-TIA 942 standards. The facility scores on average 3.39 against all measures.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Select our Umbrella Body service and you will receive access to a range of standard reports which include a billing statement report for easy invoice reconciliation and bespoke reports can be requested but may incur an additional charge to create.

Choose our ebulk solution and your organisation will have access to a comprehensive suite of standard reports prebuilt into the Employmentcheck system as well as access to a bespoke report writer which allows you to create customisable reports from nearly every field within the system.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Employmentcheck.org.uk will commit to the following:
Access to our supportive DBS helpdesk by telephone or email Monday - Friday 9am - 5pm.
Enable secure access to employmentcheck.org.uk for up to 5 designated administrative staff, allowing you to manage your DBS checks online.
To provide a webinar training session of up to two hours for your administrators; to ensure they are adequately trained on how to use the system.
To adhere to the DBS Code of Practice at all times.
A robust complaint procedure where we endeavour to rectify any problems caused and respond to your correspondence within five working days.
Where we are unable to meet the proposed five day deadline, if for example further investigation is required, we will contact you to inform you of progress of your complaint and agree a completion date with you.
Approach to resilience
The system is fully hosted on a dedicated server located in our subcontractor's datacentre. Our hosting provider are an ISO27001 certified datacentre who were procured in line with the requirements set out by the DBS and MOJ. Our hosting provider is ISO 9001, 2000 and 27001 certified and are audited on an annual basic by both external independent quality assessors and by Vendor partners. The system undergoes regular penetration testing in line with ISO 27001 compliance.

System backups are performed nightly and incrementally with our hosting provider performing regular IT health checks on their infrastructure and security infrastructure, which includes network availability, disk space, RAID array health, load and memory usage. They also carries out network penetration tests as part of independent IT Health Checks.

Further information is available on request
Outage reporting
Through our dedicated account management team we will notify users of service interruptions/outages via email and messages on our Employmentcheck website.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to data on the system is tightly controlled and only authorised personnel have access to the data/information. The database itself is password protected. Employmentcheck is hosted upon dedicated servers which are utilised for no other purpose than for the Employmentcheck system. The Employmentcheck system records and time, date and user stamps the access to all records within the system and therefore offers a clear audit trail to correlate with any security events. Protective monitoring of the system is undertaken by Cantium’s hosting company who will notify Cantium of any issues.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
06/02/2019
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cantium employees undergo the required levels of vetting suitable for the role in which they undertake.

All employees undergo a induction program which includes Information Governance training. All staff are also aware of the company’s data protection, information governance and GDPR policies which details all staffs responsibilities when handling information and must adhere to this at all times.

E learning on Information governance and Data protection is available to all staff and is refreshed on an annual basis. Sub Contractor services are procured using OJEU procurement rules and require that sub-contractors adhere to at least the same standards of system and data management as Cantium requires of itself.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our web development provider works to a strict change control process requiring authorisation before any new patches or software developments are applied to the system. Alterations or changes to the system software are performed in conjunction and consultation with Cantium. Customers are informed of upcoming alterations to the system in advance to ensure that they are aware of any upcoming changes to the system from a software development perspective. All customers are notified of planned maintenance in advance and current server uptime for has been tracked at 99.99%
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device) and runs nod32 security for Linux antivirus software which is updated every ten minutes.
The DBS eBulk server is patched on a monthly basis. A full backup is taken prior to any patch installation, and changes are moved from one environment to the next via a formal sign-off process. At each stage authorisation is required before patches are tested and then applied. Release is only permitted following successful testing and sign-off. The deployment occurs out of hours wherever possible
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device) and runs nod32 security for Linux antivirus software which is updated every ten minutes. The system is managed and maintained by both Kent County Council internal systems development team support by our support sub contractor . Cantium monitors the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system
Incident management type
Supplier-defined controls
Incident management approach
Cantium have a Information Security Incident Protocol with assisting flowcharts to advise staff of correct procedure.

Cantium will manage any system incidents, recording and investigating them thoroughly before taking the required measures to resolve them.
Should a security incident or risk be identified with an associated (i.e. not directly connected) supplier offering an internal service which has any chance of posing a risk to Employmentcheck services then this must also be reported.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2.50 per unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑