Monster Worldwide Ltd

Monster Manage - Applicant Tracking System

Monster Manage is an applicant tracking system (ATS) that manages the recruitment process from requirement inception through to on boarding candidates. It is a modern, easy to use Software as a Service that allows large quantities of job vacancies to be managed with a small number of people.

Features

  • Well designed and easy to use
  • Unlimited users – the more participants the greater the efficiencies
  • Automatically posts to job boards
  • Work flows that speed up processes
  • Your own branding on the portal
  • Killer questions that filter out unsuitable candidates
  • Integrations with; HR systems, video interviewing, & DBS testing
  • Social media integration
  • Email & text messaging to keep candidates engaged

Benefits

  • Processes more job vacancies with fewer staff
  • Provides a professional and engaging candidate experience
  • Can reduce recruitment spend by up to 50%
  • Decreases time to hire by up to 60%
  • Streamlined administration
  • Ensures compliance with agreed processes
  • Reports on all aspects of recruitment activity
  • Screens out unsuitable candidates
  • Quick adoption by being intuitive and easy to use

Pricing

£9000 per unit

Service documents

G-Cloud 9

650110696069887

Monster Worldwide Ltd

Malcolm Stirling

0785 051 7456

malcolm.stirling@monster.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints There are no constraints. All data is hosted in the UK.
System requirements
  • An internet connection is required
  • An internet browser is required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Customers are provided with an email service. Responses times are for working days only from between 09:00-173:0 (UK local time).

Severity #1 - assigned to a general question or requests for enhancement (Response time: 1 day)
Severity #2 - assigned to a situation that slows a clients' response time or limits the functions of part of the solution. (Response time: 4 hours)
Severity #3 - assigned to outages that keep a business from being able to access one or all of their applications. (Response time: 1 hour)

Monster Manage’ critical technical support operates 24/7.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The following support is included within the service pricing:

1. An email based support service is available between 0900-1730 (UK local time):
1.1 Clients
1.2 Candidates
1.3 Nominated recruitment partners

2. Telephone based support for clients, candidates and nominated recruitment partners

3. Online contextual-based user help is available to client users throughout the solution, by clicking on the ‘Help’ icons within the solution
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started To us, the service is as important as the solution itself. As such we take a hands on and proactive approach to all our partnerships with clients.

All clients are assigned an implementation and account team member, in the form of a dedicated relationship manager. All of our relationship managers have a thorough understanding of HR and recruitment, with all relationship managers being HR/Resourcing professionals and sharing a background of previously implementing e-recruitment solutions working within these functions.

We have developed a standard, structured and fully documented approach to all aspects of implementation.

The Monster Manage set up and configured to suit each customer's requirements. This includes:
* On-site meetings
* On-Line collaboration (Trello)
* On-Site Training
* Training sessions are recorded and provided to customers for subsequent viewing.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Video recordings
End-of-contract data extraction At the end of the contract term Customers wanting to retain their data are provided with their data in either .csv or XML file formats.

Data is then removed from the servers in accordance with ISO 27001 standards.
End-of-contract process The delivery of the customer's data in .csv or XML formal is included within the price. Any additional requirements will need to be charged for.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The candidate experience as been designed specifically for mobile interaction.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The candidate experience is AA Compliant.

The back-end solution has been tested and reviewed by a partially sighted customer. They reported that the application was very easy to use and made some minor recommendations to make it even easier.
API Yes
What users can and can't do using the API APIs are used to:
* provide an applicant data feed to a customer's HRIS
* To post jobs to job boards
* To display job vacancies on Career Sites

APIs are XML or RSS
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customers can "Configure" the service to reflect their operational procedures:
* Presentation and appearance of the candidate portal
* Customer work flows
* User roles and permissions

Scaling

Scaling
Independence of resources To ensure we have sufficient capacity to cope with a high demand from other customers we operate at 40% capacity to allow bursting. This is auto regulated within the virtual environment.

Analytics

Analytics
Service usage metrics Yes
Metrics types All data within the system can made available. Typical metrics would be:

* Number of Job Applications
* Source of Applications
* Candidate Status; invited to interview, hired, rejected etc
* Response by age groupings
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Jobtrain Solutions Ltd

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Data is AES256 encrypted at rest
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can create any reports, in any format, including Dashboards. Scheduled reporting can be created and automatically emailed (or exported) in a wide variety of formats (CSV, Doc, PDF, XLS, Text).
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
  • Word
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Communication with our Data Centre is achieved through an HTTPS secure connection with all communications between the Monster Manage browsers’ and the Data Centre being encrypted. There is no data flow between the Buyer's Network and Our Network. All data stays at the Data Centre and any access we have to the system is done via the same HTTPS access given to our clients via the web interface.
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Monster Manage will use commercial best efforts to provide clients with 98.5% service availability relating to its hosting.

Service Availability is calculated by the number of hours the service is available to clients plus the total number of hours, if any, the service is scheduled to be unavailable, divided by the total number of hours in that month.

If the Service Availability is less than 99.9%, Monster Manage will issue a credit to the buyer.

Service Availability Credit Percentage
≥ 98.5 0%
≥ 95% > 98.5% 10%
≥ 90% > 95% 25%
≥ 85% > 90% 50%
<85% 100%
Approach to resilience Monster Manage is hosted by Access Alto (part of Access Group). Access Alto delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable Jobtrain to build and manage a wide range of applications. The resilience of their data centre setup can be made available on request.
Outage reporting Monster Manage reserves the right to plan a scheduled outage with forty-eight (48) hours advance notice. Monster Manage will use commercial best efforts to schedule these outages at non-peak hours as above and limit their occurrence to strictly necessary upgrades and required maintenance.

Notice of an outage will be by email.

It is the responsibility of Client administrators to notify all persons within their organisations of scheduled outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels The Passwords are MD5 encoded
The whole database is TDE encrypted
The whole system at rest is AES encrypted
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 18 November 2016
What the ISO/IEC 27001 doesn’t cover Scope of registration:
The information security management system in relation to hosting, payroll services, software development, client data and infrastructure related to the organisation’s products in accordance with the statement of applicability V1.0
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • VeriSign SSL with Secure Site Pro with Extended Validation
  • ISO 22301:2012 certified
  • ISO 9001:2008 certified
  • NGFW (next generation firewalls)
  • Intrusion Prevention Services
  • Cisco MARS security reporting
  • SSL Policy has been verified by Qualys SSL Labs

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards As an organisation we comply to a range of standards.

Our data centre is ISO/IEC 27001 compliant.
Information security policies and processes Monster adheres to the following policies which can be made available on request:

Acceptable_Use_Policy_English
Audit_and_Accountability_Policy
Backup_and_Archive_Policy
Bring_Your_Own_Device
Certification_and_Accreditation_Policy
Configuration_Management_Policy
Contingency_Planning_Policy
Cryptographic_Policy
Data_Classification_Policy
Desktop_Laptop_Security_Policy
Email_Use_Policy
External_Disclosure_Policy
File_Integrity_Monitoring_Policy
GTI_Change_Control_Policy
Identification_and_Authentication_Policy
Incident_Response_Plan
Incident_Response_Policy
Internet_Intranet_Use_Policy
Maintenance_ Policy
Media_Protection_Policy
Mobile_Device_Policy
Network_and_Server_Security_Policy
Personnel_Security_Policy
Physical_and_Environmental_Protection_Policy
Remote_Access_Telecommuting_Security_Policy
Risk_Assessment_and_Management_Policy
Security_Awareness_and_Training_Policy
Stolen_or_Lost_Equipment_Policy
System_and_Communication_Protection_Policy
System_and_Information_Integrity_Policy
System_Security_Planning_Policy
Systems_and_Services_Acqusition_Policy
Telephone_Use_Policy
User_Access_Policy
Virus_Protection_Policy
Vulnerability_Management_Policy
Wireless_Security_Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration management policy says:

• Monster must manage configuration changes made to information systems through a defined and approved process.
• Configuration management must involve the systematic proposal, justification, implementation, test/evaluation, review, and disposition of changes to an information system, including upgrades and modifications.
• Configuration management includes changes to the configuration settings for information technology products (e.g., operating systems, firewalls, routers).
• After configuration changes have been made to a system, Monster must ensure that implemented security controls will continue operate properly.
• Monster must approve access privileges for individuals that make configuration changes to Monster’s information systems.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach NCC Group CESG certified penetration tests annually at both infrastructure and application layers.

Weekly Symantec's vulnerability testing and bi-weekly by Qualys Labs' Vulnerability Checker.

All pent tests check for OWASP vulnerabilities and all bi-weekly vulnerability checks include the latest OWASP alerts.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach ISO27001 compliant
* Event logging: Register information about access and actions of users, errors and events
* Protection of log information: All logs are protected to ensure a valid audit trail
* Administrator and operator logs: Privileges of administrators and operators of systems are different from the normal user privileges
* Clock synchronization: All systems share configured with the same time and date. This allow for a traceability test.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach ISO27001 compliance for Incident Management:
* Reporting information security events
* Reporting information security weaknesses
* Assessment of and decision on information security events
* Learning from information security incidents
* Collection of evidence

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £9000 per unit
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑