ID Medical Group Ltd

ID Clarity Agency

IDClarityAGENCY has been built to manage temporary staffing agencies used by a hiring organisation. It is a bespoke web-based, end-to-end recruitment management system that handles all aspects of the temporary hiring process. Authorised users simply need a computer, access to the Internet, the appropriate URL and login details.


  • Excellent supply chain management controls
  • Automation and monitoring of total temporary staffing process
  • Real-time management information
  • Compliance monitoring / enforcement tool
  • Rate adherence / enforcement
  • Activation and adherence of framework rates
  • Direct Engagement (PAYE and Limited companies)
  • Self-billing and e-timesheeting tool
  • Links to Bank and Roster management solutions Benefits
  • Truly unified total workforce solution


  • Save time, money and resource by process automation
  • Greater visibility across the temporary workforce
  • Adherence to pricing – manage costs down
  • Adherence to clinical compliance – reduces clinical risk
  • HMRC compliance removes risks regard to unclaimed tax and NI
  • Technology can accommodate any organisational structure
  • Interoperable easy to integrate as part of overall technology solution
  • Manage costs with greater visibility through powerful MI
  • Direct engagement savings of up to 20%
  • Exception hours are flagged and escalated to timesheet authorisers


£5,000 an instance a month

Service documents


G-Cloud 12

Service ID

7 5 3 0 2 0 3 3 6 3 0 2 3 5 2


ID Medical Group Ltd Stefan Thygesen
Telephone: 01908 552820

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Consultant Job Planning


Time & Attendance
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Access through a reputable browser provider.
  • Web browsers: Internet Explorer 8/9/10+,
  • Microsoft Edge, Firefox, Chrome, Safari,
  • Supported devices: PC, Mac, Smartphone, Tablet

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 & 2 - under 2 business hours

Priority 3 - within 8 business hours

Priority 4 - within 24 business hours
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
The support service covers operational, technical and training aspects.

Support service types are covered through Service desks, email, phone and technical support.

Support is provided for all users including third party suppliers

Support desk is available to client & agency users during business hours – 8.30am-5.30pm, Monday to Friday, excluding Bank Holidays

Priority 1 & 2 reply under 2 business hours
Priority 3 reply within 8 business hours
Priority 4 reply within 24 business hours

Incident escalation process available.
Support available to third parties

Onboarding and offboarding

Getting started
IDClarity has been designed in a way that means it is intuitive to use and will allow its users to quickly pick up the actions required of them with precise calls to action. To ensure that all users have all the guidance they may require multiple approaches to training and informing users of change in the system are employed.

During the implementation of the product and also during the life of a contract the below methods will be used:
• Onsite class room training during implementation
• Webinar training for remote users or supporting agencies
• User guides/ crib sheets in PDF format for workers and other users to access when they require
• Online videos for workers and other users to access when they require
• Technical Support phone line in case of any issues occurring
Service documentation
Documentation formats
End-of-contract data extraction
Several parameterised Excel-format data extracts are available via the app at any time. Further data extract options are available on request.
End-of-contract process
Towards the end of the contract HCLMS will initiate an exit plan with the client. Within this plan details of the timescales and the data to be provided to the client will be agreed. If required at this point HCLMS could engage with the new supplier to provide them with the information required. Upon request an exit plan can be provided and then the details agreed.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Reporting accessibility is more suitable for desktop users

Mobile service has been streamlined for touch screen actions

User interface and view differs slightly

Mobile app available for workers using the Roster product.
Service interface
Description of service interface
IDClarity has an API available via REST(ful) Web Service for the means of communication to facilitate interaction between it and required 3rd party applications.
Accessibility standards
WCAG 2.1 A
Accessibility testing
IDClarity is assessed using online accessibility checkers and maintained in line with appropriate standards
What users can and can't do using the API
Currently the API is designed to handle the posting, updating, publication and status of vacancies, but the product roadmap plans to extend the API to cover all aspects of recruitment and workforce management
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
A large number of configurable options are presented during project discovery phase. Options are also available to enhance the feature set with tailored development if required.


Independence of resources
As this is a web-based application, we are able to scale the service according to demand. Intensive processes are farmed-out to services on separate hardware to mitigate against resource contention.


Service usage metrics
Metrics types
Reports can be produced based upon any data held in the system. A requirements gathering exercise is used to establish client requirements and a suite of metrics is provided in line with this.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Several parameterised Excel-format data extracts are available via the app at any time.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Approach to resilience
The app consists of multiple services replicated over multiple hardware nodes. Failing services are reported and automatically restarted. Data is replicated to a standby environment and nightly backups are retained for one week
Outage reporting
Layered monitoring of the application, its supporting services and the underlying hardware notify the ops team whenever configured thresholds are breached

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to each and every resource within the app is controlled using a combination of their assigned roles, organisational visbility and by whom they are employed (or assigned to work for in the case of contingent workers)
Access restriction testing frequency
At least every 6 months
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Certified International Systems
ISO/IEC 27001 accreditation date
First accredited in 04/2015 and have been assessed yearly since to retain certification
What the ISO/IEC 27001 doesn’t cover
Our certification covers the entire business
ISO 28000:2007 certification
Who accredited the ISO 28000:2007
We do not hold an ISO 28000:2007 accreditation
ISO 28000:2007 accreditation date
What the ISO 28000:2007 doesn’t cover
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials
  • IG Toolkit

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow the information security policies and processes of the ISO 27001 standard

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our configuration and change management processes are governed by our ISO 27001 accreditation which include the following phases:
• Logged Change Requests;
• Identification, prioritisation and initiation of change;
• Proper authorisation of change;
• Requirements analysis;
• Inter-dependency and compliance analysis;
• Impact Assessment;
• Change approach;
• Change testing;
• User acceptance testing and approval;
• Implementation and release planning;
• Documentation;
• Change monitoring;
• Defined responsibilities and authorities of all users and IT personnel;
• Emergency change classification parameters.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
IDClarity keeps an asset inventory of all information assets and who is responsible for each one. We are constantly monitoring reference sources to ensure we are up to date with any vulnerabilities and correction measures. We also use a Vulnerability Incident Report Form to officially record and ascertain the level of perceived vulnerability and escalate it appropriately
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
All IDClarity staff have undergone the HSCIC security e-learning modules and all new joiners are issued with the IDClarity Handling Sensitive Information Guidelines, which sets out IDClarity's opertional security procedures. We also use a Security Incident Resport Form to record, monitor and respond to any perceived threats
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We follow the ISO 27001 process of reporting all potential incidents via the IDClarity Security Incident Report Form which is then reviewed by the Information Governance Manager and escalated accordingly

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£5,000 an instance a month
Discount for educational organisations
Free trial available

Service documents