Eploy Applicant Tracking System & Recruitment CRM

Eploy Applicant Tracking System is the complete cloud-based ATS & pro-active recruitment platform for modern in-house recruitment teams. Eploy combines an Applicant Tracking System, Recruitment CRM (Candidate Relationship Management), Talent Pools and Analytics into a unified web-based platform integrated seamlessly with your careers site to provide an excellent candidate experience.


  • Job requisition & approval management
  • Talent pooling & pipelines
  • Candidate attraction & job posting
  • Candidate relationship management
  • Applicant tracking system (ATS)
  • Recruitment process workflows & optimisation
  • Candidate assessment
  • Job offers and onboarding
  • Recruitment analytics & dashboards
  • Compliance features for GDPR & name-blind hiring


  • Accelerate your time to hire
  • Reduce your cost of hire
  • Enhance your candidate experience
  • Improve your quality of hire
  • Communicate your employer brand
  • Build and nurture talent pools
  • Manage your PSL vendors efficienty
  • Improve your employee on-boarding
  • Measure your recruitment processes in real-time with Eploy ATS
  • Reduce unconscious bias with name-blind recruiting


£595 per instance per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

7 1 3 5 5 1 2 1 4 3 4 9 7 5 3



Bruce Groves

0800 073 4243


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Daily 01:00 am GMT - Application Pool Recycling
There is no downtime.
Daily 01:00 am - 2:45 pm GMT - Eploy System Updates (only when scheduled)
Downtime is less than a minute. However, Core System Users are logged out.
Microsoft Windows Updates
Updates happen once a month during “Update Week”.
Windows Updates on occasion may require a server reboot and can cause downtime. This would typically take no longer than 15mins.
On rare cases where a server reboot is required we may need to schedule the reboot for a different day during Update Week.
System requirements Standard web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority 3 Customer has a question regarding the use of the Services. Within 8 Normal Business Hours.
Priority 4 Certain non-essential features of the Services are impaired while most major components of the Services remain functional affecting any part of the user base.Within 8 Normal Business Hours.
Priority 5a Errors that are, non-disabling or cosmetic and clearly have little or no impact on the normal operation of the Services. Within 2 Business Days after initial response.
Priority 5b Requests for new features/functionality that does not exist in the current version of the Services , Within 5 Business Days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Eploy shall provide at least a 99.9% uptime service availability level (Uptime Service Level). This availability refers to the Customer's ability to access the Eploy Recruitment System, as the Customer is responsible for its own Internet access. Availability does not include Maintenance Events, Customer-caused or third party-caused outages or disruptions, or outages or disruptions attributable in whole or in part to events not within Eploy's control.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Eploy provides both onsite and online training. Eploy also has a dedicated training facility at the company's headquarters in Kidderminster. Full user documentation is also provided and training videos are available 24/7 within Eploy's online support centre. Eploy provide a standard implementation service to ensure the successful on-boarding of new customers - this is based on Eploy's proven Implementation Methodology.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At the end of the contract Eploy can provide the customer with a full data backup as per Eploy's back-up policy and MSA.
End-of-contract process (a) all licences and access to the Services granted under this agreement shall immediately terminate; (b) each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party; (c) Eploy may destroy or otherwise dispose of any of the Customer Data in its possession unless Eploy receives, no later than 10 business days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. This will be delivered to the Customer in accordance with the Eploy Backup Policy and within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by Eploy in returning or disposing of Customer Data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No key differences, Responsive Web Design is used for all Eploy portal interfaces including portals for candidates, hiring managers and recruiters.
Service interface Yes
Description of service interface Eploy provides browser based user interfaces for all aspects of the clients recruitment journey including core recruiter system and dedicated hiring manager, candidate and agency portals.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Eploy aim to test all user interfaces inline with accessibility guidance, including: CSS support for high contrast, compatibility with assistive technology such as screen readers, keyboard shortcuts, keyboard focus cursors, appropriate labelling etc.
What users can and can't do using the API The Eploy API can be used to sync company hierarchy, contacts, user data and associated look-up tables between Eploy and other systems. The API is standard so requires no setup but we include 2 days consultancy on its usage.
XML feeds are available for core recruitment process details including vacancies - i.e. for displaying/promoting lists of current vacancies. Private API's are also available for deeper integration - available and configured on request
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Eploy has many configuration options as standard including drop-down lists, email, document templates, fields, custom workflows. Access to configuration options is controlled by granular permissions/privileges.


Independence of resources We constantly monitor individual customer instance system usage levels, this enables us to increase resources proactively for customers with growing usage profile. Webservers are load balanced using a failover methodology to ensure high availability. All load balancers and firewalls also have redundancy built in.


Service usage metrics Yes
Metrics types User metrics (users, logins, activities etc.)
Candidate / application metrics (Candidates created, applications, vacancies created etc.)
Database size & bandwidth
Emails sent
SMS sent
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Eploy has a data export utility which enables the export of data as CSV and/or XLS. Alternatively a full SQL backup can be provided on request as per Eploy's backup policy.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Eploy guarantee a 99.9% uptime service availability level. This availability refers to the Customer's ability to access the Eploy System. Uptime includes the functioning of all network infrastructure operated by Eploy including routers, switches and cabling. Each Customer is responsible for its own Internet access.

Availability does not include Maintenance Events, Customer-caused or third party-caused outages or disruptions, or outages or disruptions attributable in whole or in part to events not within Eploy's control.
In the unlikely event the Customer are unable to access the Eploy System (other than in the event of Maintenance Events, Customer-caused or third party-caused outages or disruptions, or outages or disruptions attributable in whole or in part to events not wholly within Eploy's control) Eploy will refund 5% of the Monthly Fee detailed in the Customer Service Order Form for each 60 minutes of downtime (up to 100% of Monthly Fees payable in any month).
Eploy System downtime begins when a Customer is unable to access the Eploy System and Eploy has been notified of and has acknowledged such failure to the time the Customer is once again able to access the Eploy System.
Approach to resilience Available on request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Eploy includes its own user management and privileges system which enables users who have access to the service to be configured. Granular privileges ensure that each user only has access to the features and data they are responsible for.
Access to Eploy's helpdesk and ticketing system is also managed directly through the Eploy interface, ensuring that only customer nominated support users are able to access Eploy support services.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 21/10/2015
What the ISO/IEC 27001 doesn’t cover This certification covers the services provided by our hosting provider - Rackspace UK.
Eploy's Information Security Policies have been certified to the IASME standard
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Eploy's hosting provider, Rackspace UK is ISO/IEC 27001 accredited. In addition Eploy's Information Security Management processes have been certified to the IASME standard and Cyber Essentials Plus
Information security policies and processes Eploy’s Information Security Management System a has been accredited to the IASME standard. The IASME standard is written along the same lines as the ISO27001 but specifically for small companies. The gold standard of IASME demonstrates baseline compliance with the international standard.
Eploy has developed this Information Security Policy to:
Provide direction and support for information security in accordance with business requirements, regulations and legal requirements;
State the responsibilities of staff, partners, contractors and any other individual or organisation having access to Eploy’s information assets.
State management intent to support the goals and principles of security in line with business strategy and objectives.
Provide a framework by which the confidentiality, integrity and availability of Eploy’s information assets can be maintained.
Optimise the management of risks, by preventing and minimising the impact of Information Security incidents;
Ensure that all breaches of information security are reported, investigated and appropriate action taken where required;
Ensure that supporting policies and procedures are regularly reviewed and continual improvement is maintained to ensure progressive good working practices and procedures
Ensure information security requirements are regularly communicated to all relevant parties.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to information resources are managed and executed according to a formal change control process documented within Eploys Change Management and Control Policy (Ref: ESEC-CC-01 - available upon request). The policy includes the change management documentation and risk assessment procedures. In addition, all information assets are controlled in accordance with Eploy's IT Asset Management policy (Ref ESEC-AM-01)
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Eploy is audited by Netcraft on a rolling quarterly basis. This involves Netcraft testing our internet infrastructure and supplies us with the information we need to maintain security and eliminate vulnerabilities. The tests include a full TCP and UDP port scan to identify available services on each responding host. Each service is tested for information leaks, configuration errors and potential vulnerabilities. Netcraft’s database of vulnerabilities contains the collective experience gained from testing thousands of networks, using both public security advisories and our own research. It is continually updated, with over 250 new classes of vulnerability added each year.
Protective monitoring type Supplier-defined controls
Protective monitoring approach As per Eploy's Information Logging Standard (Doc Ref ESEC-CO-01) Eploy supports the formatting and storage of audit logs in such a way as to ensure the integrity of the logs and to support enterprise-level analysis and reporting. Including Microsoft Windows Event Logs collected by a centralised log management system;
In addition, Rackspace, Eploy's hosting provider, state Rackspace is responsible for the logging and monitoring of Rackspace employee access to the customer solution on bastion servers. These servers help protect the customer environment by logging all employee activity in the customer environment.
Incident management type Supplier-defined controls
Incident management approach Incidents are managed in accordance with Eploy's Security Incident and Event Management Procedure (Ref: ESEC-IM-02) . This states: "Events and weaknesses need to be reported at the earliest possible stage as they need to be assessed by the Information Manager. The Information Manager will identify when a series of events or weaknesses have escalated to become an incident. It is vital for the Information Manager to gain as much information as possible from users to identify if an incident is occurring."

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £595 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Eploy can provide a 30-day trial system (extendable upon request) for prospective clients to test the service before purchase. This includes access to all core system functions and features.

Service documents

Return to top ↑