Access Screening
Access Screening is one of the UK’s most respected background screening providers offering comprehensive vetting capabilities.
Harnessing state-of-the-art functionalities, Access Screening delivers a highly automated cost-effective, user-friendly compliance solution that is already integrated into Access's own front office CRM system and can be integrated into HR and recruitment platforms.
Features
- Screening technology platform, Cloud hosted
- Large array of screening checks including Financial, Criminal, RTW, International
- Real time dashboard, reports & live tracking
- Digitial Signing integration
- JSON API, Easy integration with ATS/HR systems
- Responsive User Interface - PC, Tablet, Mobile
- Self configuration available, Branding & White labelling
- PDF Export of Candidate Information & MI Reporting
- Full Audit history of actions & Flexible data collection configuration
- Right to Work App - Compatible with IOS & Android
Benefits
- Speeds up the recruitment process so placements are quicker
- Reduces your recruitment costs
- One stop shop screening compliance, no separate links to disclosures
- Great Candidate & User experience - Easy to use
- MI reports in real time
- Can be accessed from any location or device
- Assists with compliance and legislative changes
- Integration with front/back office solutions means less re-keying
- Automated data results allow swifter decisions
- Ticketing system, fast responses, no waiting in long call queues
Service scope
Software add-on or extension | Yes, but can also be used as a standalone service |
What software services is the service an extension to | ATS, Front Office CRM Recruitment Systems, HR & Payroll - front and/or back office |
Cloud deployment model | Private cloud |
Service constraints |
Planned maintenance occurs between 11PM & 4AM Mon-Fri, 8AM & 5PM Sat-Sun. Notification 60 Hours ahead of time if more than 1 hours downtime expected. |
System requirements |
|
User support
Email or online ticketing support | Email or online ticketing |
Support response times | SLA's detailed in service agreement to ensure timely response |
User can manage status and priority of support tickets | Yes |
Online ticketing support accessibility | None or don’t know |
Phone support | Yes |
Phone support availability | 9 to 5 (UK time), Monday to Friday |
Web chat support | Yes, at an extra cost |
Web chat support availability | 9 to 5 (UK time), Monday to Friday |
Web chat support accessibility standard | None or don’t know |
How the web chat support is accessible | Technology dependent |
Web chat accessibility testing | Freshworks / SalesForce Service Cloud Dependent |
Onsite support | Yes, at extra cost |
Support levels |
Support Team - Ticketing System/Phone Support Implementation Consultant - Initial set up/training Account Manager - To include quarterley reviews, face to face meetings Technical & Cloud Account Manager - if required Escalations to: Customer Success manager Head of Access Screening |
Support available to third parties | No |
Onboarding and offboarding
Getting started | An implementation consultant is assigned to see project through to go-live, this includes training onsite & remote, manuals and system setup assistance. |
Service documentation | Yes |
Documentation formats |
|
End-of-contract data extraction | When termination notice is served a date will be agreed on which access will be revoked, and all data exported. Data will be represented as XML, individual JSON records & a directory structure containing static files. This will be supplied either via a secure transfer, or encrypted physical media. |
End-of-contract process | When termination notice is served a date will be agreed on which access will be revoked. Included in the contract price is a data extraction in our default format, any customisation to this format will be chargeable. Un-used credit balances will be refunded according to the contracted terms. |
Using the service
Web browser interface | Yes |
Supported browsers |
|
Application to install | No |
Designed for use on mobile devices | Yes |
Differences between the mobile and desktop service |
All functionality available on mobile & desktop devices. The Right to Work App is downloadable from Apple Store, Google Play etc and is fully compatible with IOS and Android devices |
API | Yes |
What users can and can't do using the API | JSON API available for process initiation, completion polling & result (both as data & PDF export) gathering. |
API documentation | Yes |
API documentation formats |
|
API sandbox or test environment | Yes |
Customisation available | Yes |
Description of customisation |
Customisation/configuration can be accessed from within the system provided a User has the correct permission level: Brands, Workflows, Check Types, Turnaround Times, Supplied Documents, Requested Documents, Candidate Questions, Referee Questions/Ratings, Brand logo & colours, Emails and templates, System Templates, Validation Timings, Users/Permissions with Password Resets |
Scaling
Independence of resources | Screening is a single instance / multi tenant application hosted on load balanced infrastructure with redundancy between scaling servers. |
Analytics
Service usage metrics | Yes |
Metrics types | Customers can review service usage in the system, via real time dashboards & MI reports. These show numbers of users, number of candidates, data checks, references submitted, etc. |
Reporting types |
|
Resellers
Supplier type | Not a reseller |
Staff security
Staff security clearance | Conforms to BS7858:2012 |
Government security clearance | Up to Baseline Personnel Security Standard (BPSS) |
Asset protection
Knowledge of data storage and processing locations | Yes |
Data storage and processing locations |
|
User control over data storage and processing locations | No |
Datacentre security standards | Complies with a recognised standard (for example CSA CCM version 3.0) |
Penetration testing frequency | At least once a year |
Penetration testing approach | ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider |
Protecting data at rest |
|
Other data at rest protection approach | AWS RDS & S3 Encryption |
Data sanitisation process | Yes |
Data sanitisation type |
|
Equipment disposal approach | A third-party destruction service |
Data importing and exporting
Data export approach |
Individual Candidates available as PDF / JSON (Via API) Bulk meta-data via MI reports Bulk data via XML Export, or data-export procedure as part of offboarding |
Data export formats |
|
Other data export formats |
|
Data import formats |
|
Other data import formats | JSON (Via API) |
Data-in-transit protection
Data protection between buyer and supplier networks | TLS (version 1.2 or above) |
Data protection within supplier network |
|
Other protection within supplier network | AWS Security Groups define permitted intra-server connections |
Availability and resilience
Guaranteed availability | We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance. |
Approach to resilience | Application hosted on multiply redundant virtual infrastructure, hardware managed by AWS. More details available on request. |
Outage reporting | Email Alerts & In-System Tooling |
Identity and authentication
User authentication needed | Yes |
User authentication |
|
Access restrictions in management interfaces and support channels |
User Role / Permission system, and data segmentation within customer accounts. Nominated contacts within customers have escalation route. |
Access restriction testing frequency | At least every 6 months |
Management access authentication |
|
Audit information for users
Access to user activity audit information | Users have access to real-time audit information |
How long user audit data is stored for | At least 12 months |
Access to supplier activity audit information | Users have access to real-time audit information |
How long supplier audit data is stored for | At least 12 months |
How long system logs are stored for | At least 12 months |
Standards and certifications
ISO/IEC 27001 certification | Yes |
Who accredited the ISO/IEC 27001 | Alcumus |
ISO/IEC 27001 accreditation date | 26/07/2018 |
What the ISO/IEC 27001 doesn’t cover | Nothing is excluded. |
ISO 28000:2007 certification | No |
CSA STAR certification | No |
PCI certification | No |
Other security certifications | No |
Security governance
Named board-level person responsible for service security | Yes |
Security governance certified | Yes |
Security governance standards | ISO/IEC 27001 |
Information security policies and processes | All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request. |
Operational security
Configuration and change management standard | Supplier-defined controls |
Configuration and change management approach | All change management in line with Secure Development Policy & IS27001, using ticketing system, automated tests & staged release process. |
Vulnerability management type | Supplier-defined controls |
Vulnerability management approach | Both Application and Infrastructure subject to regular penetration & load testing. All servers have unattended-upgrades enabled for automatic installation of security updates. Logs retained in write-only storage & regularly reviewed. All physical infrastructure managed by Amazon. |
Protective monitoring type | Supplier-defined controls |
Protective monitoring approach | Real-time monitoring and alerting enabled of application and all server infrastructure. Traffic, Load, Database Performance & API Volume via Dashboards. Response time derived from severity, details in Service Level Agreements contract section. |
Incident management type | Supplier-defined controls |
Incident management approach | We operate a robust incident management process in line with ISO27001: Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Intranet site. Incident reports will be provided following forensics and closure. |
Secure development
Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Public sector networks
Connection to public sector networks | No |
Pricing
Price | £1 per transaction |
Discount for educational organisations | Yes |
Free trial available | No |