Monster Worldwide Ltd

Labour Market Support & Job Board Solution

Monster’s Labour Market Support and Job Board Solution allows job seekers and employers to search and connect with each other quickly, simply and securely via a web-based interface.
Our Software as a Service (SaaS) offering comprises an underlying set of proven standard components, complemented by further optional or configurable components.

Features

  • Established & proven national job board integrated with JCP
  • Job Seeker service: online job search and supporting services
  • Employer service: online job posting & candidate management
  • Advisor service: online caseload management/jobseeker & employer support
  • Fraud Monitoring: automated tools and optional specialist resources protecting users
  • Customer Service: CRM tools/optional specialist resources resolving technical issues
  • Security: multiple layers of security protocols meeting UK Government standards
  • Aggregation & Job Feeds: cleansed feed of UK online jobs
  • Employer Brand Advertising: targeted, audience-appropriate messaging
  • Consulting: guidance on detailed service specification and benefits

Benefits

  • Reduce time searching for and applying for relevant jobs
  • Reduce time to find suitable candidates to fill vacancies
  • Reduce time required to manage customer accounts
  • Increase visibility of job seeking activity
  • Provide access to rich data source to drive service improvements
  • Reduce risk: proven to be resilient and work at scale
  • Make use of industry expertise to improve services
  • National service that presents job vacancies to Job seekers
  • Allows Work Coaches to assess/monitor job seeker activity
  • Provides a data feed to the EURES system

Pricing

£4747000 per unit per year

Service documents

G-Cloud 9

390283634042107

Monster Worldwide Ltd

Malcolm Stirling

0785 051 7456

malcolm.stirling@monster.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Planned maintenance windows agreed in advance with clients and no disruption to users/service expected due to hot-hot service configuration.
For planned service outages, from November 2012 to March 2017 there have been less than 40hrs of planned downtime due to software releases and disaster recovery rehearsal exercises.
System requirements
  • User access via end-user network
  • End-user access via standard web browser
  • 2-factor security authentication (username/password)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Immediate automated response (within 3 seconds measured within service boundary), 24x7x365; service desk response within 1 working day, Monday - Friday 9.00am - 5.30pm
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Onsite support
Support levels The support levels we provide are as follows:
Priority 3_Normal: Standard response level. Resolve according to standard process, schedule and prioritization. Next appropriate
Maintenance release.
Priority 2_High: High response level. Best effort. Prioritized resources.
Resolve quickly with exceptions to standard release process. Next Appropriate Release
Priority 1_Critical: Highest response level. Continuous effort. All resources committed. Resolve right away. Hotfix/Point Release
as soon as possible (0-5 Days)
Description of standard support provided:
• Consulting expertise to provide implementation and ongoing technical client support, delivering process improvements and ensuring smooth and clear organisational integration
• CRM tool to administer user contacts and manage client hand-offs
• Email point of contact for technical user queries
• Provision of dedicated, experienced resources to manage customer contacts and respond to technical system queries.
Monster delivers Service Management following ITIL processes that integrate with the client’s processes and standards. This ensures alignment with the service boundaries agreed to deliver an efficient and effective service that aligns with the client’s stated objectives. Those processes include:
• Incident Management
• Problem Management
• Release Management
• Change Management
• Configuration Management
• Capacity Management
• Availability Management
• Disaster Recovery and Business Continuity
• Service Level Management
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On-site train-the-trainer training is included within our standard service. User documentation for all user groups is available and updated regularly as service enhancements are introduced.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A detailed exit plan is developed which includes full details of data migration. Required data will be extracted from the system by Monster and provided in an agreed format to the client. Monster will support the transfer of data from the service to enable continued provision of the Service by either the Client or a Replacement Contractor. This will include schema definitions and appropriate Entity Relation Diagrams to show the relationships between the elements of data sets provided. This would allow the Client or (if applicable) a Replacement Contractor to take the data and use it in connection with any successor solution. Additionally, Monster personnel will be available to collaborate closely with the Client’s transition team and provide responses to questions during Transition.
End-of-contract process Included:
Maintenance of registers.
Management of Exit Plan.
Transfer of relevant documentation.
Full migration of all data at once.
No fewer than four full data sets to support client testing.
The data housed within the service that shall be migrated is briefly described below:
Recruiter account data.
Data associated with a specific vacancy announcement.
Current profile data, saved jobs, saved searches, and account settings.
Historical data for application submission.
CV data.
All uploaded documents.
Audit and history data maintained in the service.
Job Seeker created searches.
User entered profile questions, captured as part of Monster’s Adaptive Authentication tool.
Front-end design and layout of the Services, and all static content used on the Services.

Monster will support two Dry Runs of the migration. Data quality analysis is to be performed by the Client with full extracts and sample sets, prior to subsequent Dry Run activities.

Monster will complete decommissioning and purge activities in line with the Exit Plan.

Not included:
Infrastructure.
Software covered by Monster IPR.
Non-standard reports.

Additional services and charges to be discussed and agreed as required. Details of the Exit Plan can be provided on request

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no functional differences between the desktop and mobile versions of the service. Our solution is device-sensitive and will reformat for phone, tablet or personal computer.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Client-led testing completed with vision-impaired and physically disabled users
API Yes
What users can and can't do using the API A standard API is provided allowing 3rd parties to deploy a job search widget on their own web sites. This provides access to the available job content on the service.
A simple portal allows job seekers to search for and apply for jobs online.
Separate APIs exist for transmission of relevant data to the EURES platform, including mapping to ISCO8 codes and NUTS codes from current SOC codes.
Conversion to ESCO codes can be configured for an additional cost.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation The front-end UI of the Job Seeker service can be customised to meet client requirements. The registration and login process can be amended to meet varying security needs, e.g. currently 2-factor authentication using Government Gateway is used, however this can be configured to bypass Government Gateway if required.

Users can customise their dashboards to determine what information they would like to display. Users can also save different search terms to reduce time spent searching for jobs or candidates.

The current APIs in use to transmit data to the EURES platform can be amended to allow additional/alternative data to be transmitted in line with requirements. This includes sharing of CV data and mapping to ESCO codes.

An aggregated jobs feed can be deployed on the service, or specified feeds from selected organisations. The aggregated feed is de-duplicated and provides a feed of high-quality postings that display as if they were posted by the originating employer. An apply API keeps traffic on the site, maximising the seeker experience.

Employer brand advertising can be added to the service to highlight relevant organisations or job opportunities. Please refer to the service specification document for further details of customisable elements of the service

Scaling

Scaling
Independence of resources We monitor the service constantly and follow capacity-management processes to ensure that service continuity and service levels are maintained at all times. Our data centres operate in active-active mode, and can therefore share resources to ensure that user demands can be met comfortably. Additional resources can be quickly deployed to the Monster stack to maintain the required levels of service

Analytics

Analytics
Service usage metrics Yes
Metrics types A series of pre-defined reports is available for the service covering a large portion of system usage and is based on client requirements that have developed over time. An ad-hoc reporting tool is also available to allow specific users to create and manage their own reports
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach • Encryption of physical media.
• Use of technical access control via ACL (access control list)
• Physical Access Control via location restriction (role-based access control to Level 1 and Level 2 environments)
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Client users can export reports in various formats including CSV, PDF. This is limited to users with user profiles with access privileges.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel
Data import formats Other
Other data import formats
  • MS Word documents
  • On-site CV builder
  • Job vacancies via in-built job posting wizard
  • Multiple job uploads via XML feed

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network We use load balancers, firewalls and Intrusion detection/protection Systems (IDS/IPS).
Annual PEN testing is carried out to assure the service.
All staff are vetted to a minimum of BPSS level, and relevant resources to SC level.

Availability and resilience

Availability and resilience
Guaranteed availability Our standard SLA for Availability is 99.90% covering up-time of critical service components within defined service boundaries, measured over a monthly period.
Our standard SLA for System Response Time is 99.90% covering live internet operational response times, within defined service boundaries, measured over a monthly period.
Penalties are awarded via service credits and are an agreed percentage of the monthly service charge for any months where SLA is not met.
Approach to resilience The Monster service is supported by a highly-resilient datacentre configuration which is tested on an annual basis and is witness-tested by DWP. A more detailed description can be made available on request.
Outage reporting For planned outages public messages are displayed on the service to advise users.
We utilise Gomez service monitoring tools which generate system alerts; the service is monitored 24x7x365. If required, email alerts are sent to the end-client.
A clear escalation process is mapped out.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels We use secure profiles to restrict access. These profiles are managed by the Monster team and the client. We also have physical separation between networks and separate workstations for cleared users.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 04/09/2015
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations DWP in process of accrediting service to 'OFFICIAL' level

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards Cyber Security Standards
Information security policies and processes Monster adheres to the following policies which can be made available on request:

Acceptable_Use_Policy_English
Audit_and_Accountability_Policy
Backup_and_Archive_Policy
Bring_Your_Own_Device
Certification_and_Accreditation_Policy
Configuration_Management_Policy
Contingency_Planning_Policy
Cryptographic_Policy
Data_Classification_Policy
Desktop_Laptop_Security_Policy
Email_Use_Policy
External_Disclosure_Policy
File_Integrity_Monitoring_Policy
GTI_Change_Control_Policy
Identification_and_Authentication_Policy
Incident_Response_Plan
Incident_Response_Policy
Internet_Intranet_Use_Policy
Maintenance_ Policy
Media_Protection_Policy
Mobile_Device_Policy
Network_and_Server_Security_Policy
Personnel_Security_Policy
Physical_and_Environmental_Protection_Policy
Remote_Access_Telecommuting_Security_Policy
Risk_Assessment_and_Management_Policy
Security_Awareness_and_Training_Policy
Stolen_or_Lost_Equipment_Policy
System_and_Communication_Protection_Policy
System_and_Information_Integrity_Policy
System_Security_Planning_Policy
Systems_and_Services_Acqusition_Policy
Telephone_Use_Policy
User_Access_Policy
Virus_Protection_Policy
Vulnerability_Management_Policy
Wireless_Security_Policy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Monster utilises a standard ITIL approach to managing configuration and change which may be initiated in several ways, such as:
1. Incident Management
2. Problem Management
3. Request for Change (Continuous Improvement or amendments to code)
Information about configuration items are recorded within the configuration management system and are maintained throughout their lifecycle by service asset and configuration management. Configuration items are under the control of change management.

TechNow is used to record and manage formal RFCs. Changes are classified using pre-defined rules regarding priority and impact. Following internal test cycles, formal customer acceptance testing is conducted prior to release.
Vulnerability management type Supplier-defined controls
Vulnerability management approach • Use of IDS, Web Application Firewalls, and continuous vulnerability scans
• Monthly patch management approach
• Advisory Websites – Cisco, Microsoft, Linux, Trustwave, NIST, Common Vulnerabilities and Exposures (CVE), UK/US-CERT, Rapid7 Cyber Security Advisory Services, National Cyber Security Centre (NCSC) etc
Protective monitoring type Supplier-defined controls
Protective monitoring approach • Use of IDS, Infrastructure/Application Firewalls and continuous vulnerability scanning of entire estate to track/identify unusual outbound/inbound network traffic patterns. Tracking anomalies in privileged user accounts. Identification of geo irregularities of probes and attempts to bypass/compromise access controls. Active log analysis.
• Identifying the exact incident checking affected system(s), match potential compromise into categories.
• Containment
• Investigation
• Exterminate
• Recovery
• Finally, after normalcy, a lesson-learnt process then follows
• Once the incident is identified and determined concerning the threat it poses to our network, a measured response is applied immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Tools (e.g. Gomez) measure and monitor critical business processes to ensure optimal availability and performance. This is done on three levels:
• End user management – We run synthetic transactions through the system and measure the performance of the key processes (e.g. logins, searches, etc). Response time metrics are recorded as well as any errors that are generated during the test.
• Real use management – We capture work flow data and error messages of real users in real time
• System availability management – We monitor the performance, disk space, uptime and some customised items of our infrastructure.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £4747000 per unit per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑