Monster’s Labour Market Support and Job Board Solution allows job seekers and employers to search and connect with each other quickly, simply and securely via a web-based interface.
Our Software as a Service (SaaS) offering comprises an underlying set of proven standard components, complemented by further optional or configurable components.
- Established & proven national job board integrated with JCP
- Job Seeker service: online job search and supporting services
- Employer service: online job posting & candidate management
- Advisor service: online caseload management/jobseeker & employer support
- Fraud Monitoring: automated tools and optional specialist resources protecting users
- Customer Service: CRM tools/optional specialist resources resolving technical issues
- Security: multiple layers of security protocols meeting UK Government standards
- Aggregation & Job Feeds: cleansed feed of UK online jobs
- Employer Brand Advertising: targeted, audience-appropriate messaging
- Consulting: guidance on detailed service specification and benefits
- Reduce time searching for and applying for relevant jobs
- Reduce time to find suitable candidates to fill vacancies
- Reduce time required to manage customer accounts
- Increase visibility of job seeking activity
- Provide access to rich data source to drive service improvements
- Reduce risk: proven to be resilient and work at scale
- Make use of industry expertise to improve services
- National service that presents job vacancies to Job seekers
- Allows Work Coaches to assess/monitor job seeker activity
- Provides a data feed to the EURES system
£4747000 per unit per year
Monster Worldwide Ltd
0785 051 7456
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
Planned maintenance windows agreed in advance with clients and no disruption to users/service expected due to hot-hot service configuration.
For planned service outages, from November 2012 to March 2017 there have been less than 40hrs of planned downtime due to software releases and disaster recovery rehearsal exercises.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Immediate automated response (within 3 seconds measured within service boundary), 24x7x365; service desk response within 1 working day, Monday - Friday 9.00am - 5.30pm|
|User can manage status and priority of support tickets||No|
|Web chat support||No|
|Onsite support||Onsite support|
The support levels we provide are as follows:
Priority 3_Normal: Standard response level. Resolve according to standard process, schedule and prioritization. Next appropriate
Priority 2_High: High response level. Best effort. Prioritized resources.
Resolve quickly with exceptions to standard release process. Next Appropriate Release
Priority 1_Critical: Highest response level. Continuous effort. All resources committed. Resolve right away. Hotfix/Point Release
as soon as possible (0-5 Days)
Description of standard support provided:
• Consulting expertise to provide implementation and ongoing technical client support, delivering process improvements and ensuring smooth and clear organisational integration
• CRM tool to administer user contacts and manage client hand-offs
• Email point of contact for technical user queries
• Provision of dedicated, experienced resources to manage customer contacts and respond to technical system queries.
Monster delivers Service Management following ITIL processes that integrate with the client’s processes and standards. This ensures alignment with the service boundaries agreed to deliver an efficient and effective service that aligns with the client’s stated objectives. Those processes include:
• Incident Management
• Problem Management
• Release Management
• Change Management
• Configuration Management
• Capacity Management
• Availability Management
• Disaster Recovery and Business Continuity
• Service Level Management
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||On-site train-the-trainer training is included within our standard service. User documentation for all user groups is available and updated regularly as service enhancements are introduced.|
|End-of-contract data extraction||A detailed exit plan is developed which includes full details of data migration. Required data will be extracted from the system by Monster and provided in an agreed format to the client. Monster will support the transfer of data from the service to enable continued provision of the Service by either the Client or a Replacement Contractor. This will include schema definitions and appropriate Entity Relation Diagrams to show the relationships between the elements of data sets provided. This would allow the Client or (if applicable) a Replacement Contractor to take the data and use it in connection with any successor solution. Additionally, Monster personnel will be available to collaborate closely with the Client’s transition team and provide responses to questions during Transition.|
Maintenance of registers.
Management of Exit Plan.
Transfer of relevant documentation.
Full migration of all data at once.
No fewer than four full data sets to support client testing.
The data housed within the service that shall be migrated is briefly described below:
Recruiter account data.
Data associated with a specific vacancy announcement.
Current profile data, saved jobs, saved searches, and account settings.
Historical data for application submission.
All uploaded documents.
Audit and history data maintained in the service.
Job Seeker created searches.
User entered profile questions, captured as part of Monster’s Adaptive Authentication tool.
Front-end design and layout of the Services, and all static content used on the Services.
Monster will support two Dry Runs of the migration. Data quality analysis is to be performed by the Client with full extracts and sample sets, prior to subsequent Dry Run activities.
Monster will complete decommissioning and purge activities in line with the Exit Plan.
Software covered by Monster IPR.
Additional services and charges to be discussed and agreed as required. Details of the Exit Plan can be provided on request
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There are no functional differences between the desktop and mobile versions of the service. Our solution is device-sensitive and will reformat for phone, tablet or personal computer.|
|Accessibility standards||WCAG 2.0 AAA|
|Accessibility testing||Client-led testing completed with vision-impaired and physically disabled users|
|What users can and can't do using the API||
A standard API is provided allowing 3rd parties to deploy a job search widget on their own web sites. This provides access to the available job content on the service.
A simple portal allows job seekers to search for and apply for jobs online.
Separate APIs exist for transmission of relevant data to the EURES platform, including mapping to ISCO8 codes and NUTS codes from current SOC codes.
Conversion to ESCO codes can be configured for an additional cost.
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
The front-end UI of the Job Seeker service can be customised to meet client requirements. The registration and login process can be amended to meet varying security needs, e.g. currently 2-factor authentication using Government Gateway is used, however this can be configured to bypass Government Gateway if required.
Users can customise their dashboards to determine what information they would like to display. Users can also save different search terms to reduce time spent searching for jobs or candidates.
The current APIs in use to transmit data to the EURES platform can be amended to allow additional/alternative data to be transmitted in line with requirements. This includes sharing of CV data and mapping to ESCO codes.
An aggregated jobs feed can be deployed on the service, or specified feeds from selected organisations. The aggregated feed is de-duplicated and provides a feed of high-quality postings that display as if they were posted by the originating employer. An apply API keeps traffic on the site, maximising the seeker experience.
Employer brand advertising can be added to the service to highlight relevant organisations or job opportunities. Please refer to the service specification document for further details of customisable elements of the service
|Independence of resources||We monitor the service constantly and follow capacity-management processes to ensure that service continuity and service levels are maintained at all times. Our data centres operate in active-active mode, and can therefore share resources to ensure that user demands can be met comfortably. Additional resources can be quickly deployed to the Monster stack to maintain the required levels of service|
|Service usage metrics||Yes|
|Metrics types||A series of pre-defined reports is available for the service covering a large portion of system usage and is based on client requirements that have developed over time. An ad-hoc reporting tool is also available to allow specific users to create and manage their own reports|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||
• Encryption of physical media.
• Use of technical access control via ACL (access control list)
• Physical Access Control via location restriction (role-based access control to Level 1 and Level 2 environments)
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Client users can export reports in various formats including CSV, PDF. This is limited to users with user profiles with access privileges.|
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
|Other protection within supplier network||
We use load balancers, firewalls and Intrusion detection/protection Systems (IDS/IPS).
Annual PEN testing is carried out to assure the service.
All staff are vetted to a minimum of BPSS level, and relevant resources to SC level.
Availability and resilience
Our standard SLA for Availability is 99.90% covering up-time of critical service components within defined service boundaries, measured over a monthly period.
Our standard SLA for System Response Time is 99.90% covering live internet operational response times, within defined service boundaries, measured over a monthly period.
Penalties are awarded via service credits and are an agreed percentage of the monthly service charge for any months where SLA is not met.
|Approach to resilience||The Monster service is supported by a highly-resilient datacentre configuration which is tested on an annual basis and is witness-tested by DWP. A more detailed description can be made available on request.|
For planned outages public messages are displayed on the service to advise users.
We utilise Gomez service monitoring tools which generate system alerts; the service is monitored 24x7x365. If required, email alerts are sent to the end-client.
A clear escalation process is mapped out.
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||We use secure profiles to restrict access. These profiles are managed by the Monster team and the client. We also have physical separation between networks and separate workstations for cleared users.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||04/09/2015|
|What the ISO/IEC 27001 doesn’t cover||N/a|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||DWP in process of accrediting service to 'OFFICIAL' level|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Security Standards|
|Information security policies and processes||
Monster adheres to the following policies which can be made available on request:
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Monster utilises a standard ITIL approach to managing configuration and change which may be initiated in several ways, such as:
1. Incident Management
2. Problem Management
3. Request for Change (Continuous Improvement or amendments to code)
Information about configuration items are recorded within the configuration management system and are maintained throughout their lifecycle by service asset and configuration management. Configuration items are under the control of change management.
TechNow is used to record and manage formal RFCs. Changes are classified using pre-defined rules regarding priority and impact. Following internal test cycles, formal customer acceptance testing is conducted prior to release.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
• Use of IDS, Web Application Firewalls, and continuous vulnerability scans
• Monthly patch management approach
• Advisory Websites – Cisco, Microsoft, Linux, Trustwave, NIST, Common Vulnerabilities and Exposures (CVE), UK/US-CERT, Rapid7 Cyber Security Advisory Services, National Cyber Security Centre (NCSC) etc
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
• Use of IDS, Infrastructure/Application Firewalls and continuous vulnerability scanning of entire estate to track/identify unusual outbound/inbound network traffic patterns. Tracking anomalies in privileged user accounts. Identification of geo irregularities of probes and attempts to bypass/compromise access controls. Active log analysis.
• Identifying the exact incident checking affected system(s), match potential compromise into categories.
• Finally, after normalcy, a lesson-learnt process then follows
• Once the incident is identified and determined concerning the threat it poses to our network, a measured response is applied immediately.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Tools (e.g. Gomez) measure and monitor critical business processes to ensure optimal availability and performance. This is done on three levels:
• End user management – We run synthetic transactions through the system and measure the performance of the key processes (e.g. logins, searches, etc). Response time metrics are recorded as well as any errors that are generated during the test.
• Real use management – We capture work flow data and error messages of real users in real time
• System availability management – We monitor the performance, disk space, uptime and some customised items of our infrastructure.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Public Services Network (PSN)|
|Price||£4747000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|