Eploy Applicant Tracking System & Recruitment CRM

Eploy Applicant Tracking System is the complete cloud-based ATS & pro-active recruitment platform for modern in-house recruitment teams. Eploy combines an Applicant Tracking System, Recruitment CRM (Candidate Relationship Management), Talent Pools and Analytics into a unified web-based platform integrated seamlessly with your careers site to provide an excellent candidate experience.


  • Job requisition & approval management
  • Talent pooling & pipelines
  • Candidate attraction, recruitment marketing & job posting
  • Candidate relationship management & talent nurturing
  • Applicant tracking system (ATS)
  • Recruitment process workflows & optimisation
  • Candidate assessment and video interviewing
  • Job offers, onboarding & electronic signatures
  • Recruitment analytics & dashboards
  • Compliance features for GDPR & name-blind hiring


  • Accelerate your time to hire
  • Reduce your cost of hire
  • Enhance your candidate experience
  • Improve your quality of hire
  • Communicate your employer brand
  • Build and nurture talent pools
  • Manage your PSL vendors efficienty
  • Improve your employee on-boarding
  • Measure your recruitment processes in real-time with Eploy ATS
  • Reduce unconscious bias with name-blind recruiting


£595 an instance a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bruce.groves@eploy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 2 8 1 3 5 1 1 4 3 2 3 6 3 1


Eploy Bruce Groves
Telephone: 0800 073 4243
Email: bruce.groves@eploy.co.uk

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Daily 01:00 am GMT - Application Pool Recycling
There is no downtime.
Daily 01:00 am - 2:45 pm GMT - Eploy System Updates (only when scheduled)
Downtime is less than a minute. However, Core System Users are logged out.
Microsoft Windows Updates
Updates happen once a month during “Update Week”.
Windows Updates on occasion may require a server reboot and can cause downtime. This would typically take no longer than 15mins.
On rare cases where a server reboot is required we may need to schedule the reboot for a different day during Update Week.
System requirements
Standard web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 3 Customer has a question regarding the use of the Services. Within 8 Normal Business Hours.
Priority 4 Certain non-essential features of the Services are impaired while most major components of the Services remain functional affecting any part of the user base.Within 8 Normal Business Hours.
Priority 5a Errors that are, non-disabling or cosmetic and clearly have little or no impact on the normal operation of the Services. Within 2 Business Days after initial response.
Priority 5b Requests for new features/functionality that does not exist in the current version of the Services , Within 5 Business Days
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Eploy shall provide at least a 99.9% uptime service availability level (Uptime Service Level). This availability refers to the Customer's ability to access the Eploy Recruitment System, as the Customer is responsible for its own Internet access. Availability does not include Maintenance Events, Customer-caused or third party-caused outages or disruptions, or outages or disruptions attributable in whole or in part to events not within Eploy's control.
Support available to third parties

Onboarding and offboarding

Getting started
Eploy provides both onsite and online training. Eploy also has a dedicated training facility at the company's headquarters in Kidderminster. Full user documentation is also provided and training videos are available 24/7 within Eploy's online support centre. Eploy provide a standard implementation service to ensure the successful on-boarding of new customers - this is based on Eploy's proven Implementation Methodology.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
At the end of the contract Eploy can provide the customer with a full data backup as per Eploy's back-up policy and MSA.
End-of-contract process
(a) all licences and access to the Services granted under this agreement shall immediately terminate; (b) each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party; (c) Eploy may destroy or otherwise dispose of any of the Customer Data in its possession unless Eploy receives, no later than 10 business days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. This will be delivered to the Customer in accordance with the Eploy Backup Policy and within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by Eploy in returning or disposing of Customer Data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No key differences, Responsive Web Design is used for all Eploy portal interfaces including portals for candidates, hiring managers and recruiters.
Service interface
Description of service interface
Eploy provides browser based user interfaces for all aspects of the clients recruitment journey including core recruiter system and dedicated hiring manager, candidate and agency portals.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Eploy aim to test all user interfaces inline with accessibility guidance, including: CSS support for high contrast, compatibility with assistive technology such as screen readers, keyboard shortcuts, keyboard focus cursors, appropriate labelling etc. Eploy has worked closely with accessibility experts Digital Accessibility Centre (DAC) to help improve Eploy’s candidate portal accessibility. The various functions and controls that make up the portal are WCAG2.1 ‘AA’ ready. However, once a customer configures the portal and adds their wording, images and branding the only way to be sure whether it meets accessibility guidelines is to have it assessed by an accessibility expert. We recommend using experts like DAC, as indeed we do ourselves. Ultimately a successful project needs the input of three parties- Eploy with the underpinning technology, the customer’s processes & content, and an expert accessibility review.
What users can and can't do using the API
Eploy’s RESTful API is available as a series of components, each designed to help you to create integrations with the Eploy recruitment platform, including:
Applications - including workflows, questions and answers, assessments & feedback and source of application.
Candidates - Integrate with your candidate profile data to create candidate-centric solutions.
Vacancies - Access vacancies, job descriptions, locations and addresses.
Placements - Including offers, placed candidates, costs, salaries, locations, integrates with HR, Payroll and other back-office systems.
Contacts - Work with Contact records, including contact details, locations and addresses.
Companies - Keep internal & external company, department and structure up to date.
Files - Such as CVs, also includes integrating with Eploy documents and e-signatures.
Actions - Exposes actions, outcomes and statuses from your recruitment workflows.
Users - Work with users and permissions to update system user records and create solutions requiring access control.
Access to the Eploy API requires API keys and uses OAuth2 for authentication. Customers can generate API keys within their Eploy System. Each API Key is tied to a specific user record to ensure that keys only inherit and allow access to the data that the tied user record has been granted permissions.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Eploy has many configuration options as standard including drop-down lists, email & document templates, fields, custom workflows and forms (for example screening, application, feedback, surveys etc. Access to configuration options is controlled by granular permissions/privileges.


Independence of resources
We constantly monitor individual customer instance system usage levels, this enables us to increase resources proactively for customers with growing usage profile. Webservers are load balanced using a failover methodology to ensure high availability. All load balancers and firewalls also have redundancy built in.


Service usage metrics
Metrics types
User metrics (users, logins, activities etc.)
Candidate / application metrics (Candidates created, applications, vacancies created etc.)
Database size & bandwidth
Emails sent
SMS sent
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Eploy has a data export utility which enables the export of data as CSV and/or XLS. Alternatively a full SQL backup can be provided on request as per Eploy's backup policy.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Eploy guarantee a 99.9% uptime service availability level. This availability refers to the Customer's ability to access the Eploy System. Uptime includes the functioning of all network infrastructure operated by Eploy including routers, switches and cabling. Each Customer is responsible for its own Internet access.

Availability does not include Maintenance Events, Customer-caused or third party-caused outages or disruptions, or outages or disruptions attributable in whole or in part to events not within Eploy's control.
In the unlikely event the Customer are unable to access the Eploy System (other than in the event of Maintenance Events, Customer-caused or third party-caused outages or disruptions, or outages or disruptions attributable in whole or in part to events not wholly within Eploy's control) Eploy will refund 5% of the Monthly Fee detailed in the Customer Service Order Form for each 60 minutes of downtime (up to 100% of Monthly Fees payable in any month).
Eploy System downtime begins when a Customer is unable to access the Eploy System and Eploy has been notified of and has acknowledged such failure to the time the Customer is once again able to access the Eploy System.
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Eploy includes its own user management and privileges system which enables users who have access to the service to be configured. Granular privileges ensure that each user only has access to the features and data they are responsible for.
Access to Eploy's helpdesk and ticketing system is also managed directly through the Eploy interface, ensuring that only customer nominated support users are able to access Eploy support services.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Schellmann & Company
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
This certification covers the services provided by our hosting provider - Microsoft Azure.
Eploy's Information Security Policies have been certified to the IASME standard. Eploy is IASME & Cyber Essentials Plus certified.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials Plus
  • Helios Stage 2 FSQS

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Eploy's hosting provider, Microsoft Azure is ISO/IEC 27001 accredited. In addition Eploy's Information Security Management processes have been certified to the IASME standard and Cyber Essentials Plus
Information security policies and processes
Eploy’s Information Security Management System a has been accredited to the IASME standard. The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard.
Eploy has developed this Information Security Policy to:
Provide direction and support for information security in accordance with business requirements, regulations and legal requirements;
State the responsibilities of staff, partners, contractors and any other individual or organisation having access to Eploy’s information assets.
State management intent to support the goals and principles of security in line with business strategy and objectives.
Provide a framework by which the confidentiality, integrity and availability of Eploy’s information assets can be maintained.
Optimise the management of risks, by preventing and minimising the impact of Information Security incidents;
Ensure that all breaches of information security are reported, investigated and appropriate action taken where required;
Ensure that supporting policies and procedures are regularly reviewed and continual improvement is maintained to ensure progressive good working practices and procedures
Ensure information security requirements are regularly communicated to all relevant parties.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to information resources are managed and executed according to a formal change control process documented within Eploys Change Management and Control Policy (Ref: ESEC-CC-01 - available upon request). The policy includes the change management documentation and risk assessment procedures. In addition, all information assets are controlled in accordance with Eploy's IT Asset Management policy (Ref ESEC-AM-01)
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Eploy is audited by Netcraft on a rolling quarterly basis. This involves Netcraft testing our internet infrastructure and supplies us with the information we need to maintain security and eliminate vulnerabilities. The tests include a full TCP and UDP port scan to identify available services on each responding host. Each service is tested for information leaks, configuration errors and potential vulnerabilities. Netcraft’s database of vulnerabilities contains the collective experience gained from testing thousands of networks, using both public security advisories and our own research. It is continually updated, with over 250 new classes of vulnerability added each year.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
As per Eploy's Information Logging Standard (Doc Ref ESEC-CO-01) Eploy supports the formatting and storage of audit logs in such a way as to ensure the integrity of the logs and to support enterprise-level analysis and reporting. Including Microsoft Windows Event Logs collected by a centralised log management system;
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed in accordance with Eploy's Security Incident and Event Management Procedure (Ref: ESEC-IM-02) . This states: "Events and weaknesses need to be reported at the earliest possible stage as they need to be assessed by the Information Manager. The Information Manager will identify when a series of events or weaknesses have escalated to become an incident. It is vital for the Information Manager to gain as much information as possible from users to identify if an incident is occurring."

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£595 an instance a month
Discount for educational organisations
Free trial available
Description of free trial
Eploy can provide a 30-day trial system (extendable upon request) for prospective clients to test the service before purchase. This includes access to all core system functions and features.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bruce.groves@eploy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.