Social referral

Rather than focusing on just one, at SocialReferral, we wanted to create a platform that helps referrals, brand awareness and employee engagement.
Easily setup automated imports from your social channels, easily publish what you want with one button and have your employees sharing it on social media


  • Social Hub page on your site
  • Referral gamification
  • Integration
  • Mobile app.


  • Aggregate all of your content into one place.
  • Motivate employees with giftsto refer you on social media.
  • Track your referrals into your ATS.
  • Push notifications and let employees share on their phone.


£1200 per unit per year

Service documents


G-Cloud 11

Service ID

4 1 2 4 4 9 4 1 8 6 9 3 1 6 7



Alexandros Fourlis


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Multiple ATS offer Broadbean as a module.
Cloud deployment model Public cloud
Service constraints No.
System requirements
  • Latest internet browsers are optimal.
  • We do not guarantee support Internet Explorer 7 or older.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours on a business day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide each client with access to a client portal that allows them to place support tickets and monitor their progress directly with our technical support team. On call support is available during working hours through our Customer Service line. Premium clients have access to a Customer Success Manager during working hours for any type of question or request. SLAs are provided depending on the criticality of each issue and support cost are fully incorporated in license costs, there are no add-on support costs.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a Project Manager and complete implementation documentation and workbook, the whole implementation process is a step by step process that the Project Manager goes through with the client.
There are onlive learning sessions and training but we also provide as part of the implementation live remote training. Our Project Manager is responsible to stage calls and meetings with the client to progress and make sure the client is fully opearational in using the service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We provide web services and full export options in XML format.
Its a contractual clause for us to offer the data in an easy to use format for the client to be able to use the data as he/she pleases after contract end.
End-of-contract process Full XML export and public APIs are available at no cost at the end of the contract. We have other easy to use capabilities to export data in CSV formats as well. We do not charge additional costs for export of data unless the client requires something completely out of scope.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Fully mobile optimised and native app available.
Service interface No
What users can and can't do using the API Broadbean is an integration platform between Job Boards and ATS systems so API is at the core of what we do.
We provide multiple API for posting and distribution of jobs and for application tracking and collection from job boards to broadbean platform, for resume searching into jobsite Resume Database, for application data export to ATS and CRM systems, for reporting and trackign application data and many other.
Please refer to for detailed information and API support.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation During the implementation process we ask the clients their preferences in customising and configuring a range of options, customers development teams can also use the APIs available to integrate and customise the service according ot their needs.
In our process we allow customers to customise multiple elements, some examples are:
1. Requisition approval process. Who and how approves openings before being posted.
2. Application workflow, customers can customise if application will flow directly into their ATS or will they be screened in Broadbean platform using a systes of flags.
3. All job description fields can be customised. Like locations, job categories and hierarchy, stages etc.
5. Reports can be fully customised.
Many other elements as well.


Independence of resources The system is hosted in the cloud so all users are using the same services, we provide SLA guarantess within the contract and we use AWS services in order to do load balancing and be avle to scale resources to demand.


Service usage metrics Yes
Metrics types There is a full reporting suite with Real-time dashboards, regular reports. Also our team during implementation or support can build reports for the client.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach XML and CSV, XLS formats available.
Fully customised report module allows exporting of data.
Also APIs and webservices are available.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Available upon request. Variable according to selected product configuration.
Approach to resilience Available upon request.
Outage reporting Email alerts.
Public Dashboard is also available.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Management and sales departments have no access to client systems, only customer support and technical support personell have clearly defined access rights that allow them to access clients systems and compliance training is offered on a yearly basis.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We align ourselves with ISO/IEC 27001 but we have not completed the audit process yet.
Information security policies and processes CareerBuilder has defined, approved,published, and communicated to teammates a set of information security policies designed to govern and direct business practices so that information security objectives are met through the organization’s business practices. These information security policies address business strategy, compliance with regulations, legislation and contracts, as well as the current and projected information security landscape. The full suite of information security policies include policies that cover the following:
• Organization of Information Security
• Human Resources Security
• CareerBuilder Asset and Data Management Security
• Acceptable Use of CareerBuilder assets and data
• Access Control for CareerBuilder assets and data
• Cryptography Standards for data management
• Physical and Environmental Security of CareerBuilder infrastructure
• CareerBuilder Operational Security
• Communication and Information Transfer Security
• Secure Development and System Acquisition Security
• Supplier and Vendor Relationship Security
• Information Security aspects of Business Continuity and Incident Response Management
• Information Security Compliance

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach CareerBuilder shall document and enforce formal change control procedures through change management policies defined by the relevant operating group or business unit to ensure the integrity of systems and applications throughout the entire development lifecycle. The introduction of new systems and major changes to existing systems shall follow the same process for documentation, specification, testing, quality control, and managed implementation. A Software Version Control Standard shall be implemented to standardize the above process. CareerBuilder should perform security functionality testing during software development.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All CareerBuilder networked roduction systems must have a process for regularly reviewing and installing all newly released systems software patches, bug fixes, and upgrades. Technology owners in charge of every production information system at CareerBuilder must establish a time period approved by management for the non-­‐emergency periodic installation of patches, fixes, and upgrades to software. Vendor-­‐supplied software patches, fixes, and updates should not be installed on any CareerBuilder production system unless they have first been tested in a development environment. Systems Critical patches shall be tested and applied within 30 days.
Protective monitoring type Supplier-defined controls
Protective monitoring approach There are multiple audit processes internal and we also employ external monitoring. There is an incident response management plan that is activated once an incident is identified and an incident manager is appointed. Once criticality of issue is identified there are specific timed restrictios to follow up.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach There is a standard incident response plan and we have a Risk & Compliance Department team email, pager and hotline that allows us to report any incident. Incident reporting is provided internally and externally (e.g to ICO) if certain conditions are met.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1200 per unit per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑