ID Medical Group Ltd

ID Clarity Agency

IDClarityAGENCY has been built to manage temporary staffing agencies used by a hiring organisation. It is a bespoke web-based, end-to-end recruitment management system that handles all aspects of the temporary hiring process. Authorised users simply need a computer, access to the Internet, the appropriate URL and login details.

Features

  • Excellent supply chain management controls
  • Automation and monitoring of total temporary staffing process
  • Real-time management information
  • Compliance monitoring / enforcement tool
  • Rate adherence / enforcement
  • Activation and adherence of framework rates
  • Direct Engagement (PAYE and Limited companies)
  • Self-billing and e-timesheeting tool
  • Links to Bank and Roster management solutions Benefits
  • Truly unified total workforce solution

Benefits

  • Save time, money and resource by process automation
  • Greater visibility across the temporary workforce
  • Adherence to pricing – manage costs down
  • Adherence to clinical compliance – reduces clinical risk
  • HMRC compliance removes risks regard to unclaimed tax and NI
  • Technology can accommodate any organisational structure
  • Interoperable easy to integrate as part of overall technology solution
  • Manage costs with greater visibility through powerful MI
  • Direct engagement savings of up to 20%
  • Exception hours are flagged and escalated to timesheet authorisers

Pricing

£5,000 an instance a month

Service documents

Framework

G-Cloud 12

Service ID

7 5 3 0 2 0 3 3 6 3 0 2 3 5 2

Contact

ID Medical Group Ltd Stefan Thygesen
Telephone: 01908 552820
Email: management.solutions@id-medical.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Consultant Job Planning

ESR

Time & Attendance
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • Access through a reputable browser provider.
  • Web browsers: Internet Explorer 8/9/10+,
  • Microsoft Edge, Firefox, Chrome, Safari,
  • Supported devices: PC, Mac, Smartphone, Tablet

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 & 2 - under 2 business hours

Priority 3 - within 8 business hours

Priority 4 - within 24 business hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
The support service covers operational, technical and training aspects.

Support service types are covered through Service desks, email, phone and technical support.

Support is provided for all users including third party suppliers

Support desk is available to client & agency users during business hours – 8.30am-5.30pm, Monday to Friday, excluding Bank Holidays

Priority 1 & 2 reply under 2 business hours
Priority 3 reply within 8 business hours
Priority 4 reply within 24 business hours

Incident escalation process available.
Support available to third parties
No

Onboarding and offboarding

Getting started
IDClarity has been designed in a way that means it is intuitive to use and will allow its users to quickly pick up the actions required of them with precise calls to action. To ensure that all users have all the guidance they may require multiple approaches to training and informing users of change in the system are employed.

During the implementation of the product and also during the life of a contract the below methods will be used:
• Onsite class room training during implementation
• Webinar training for remote users or supporting agencies
• User guides/ crib sheets in PDF format for workers and other users to access when they require
• Online videos for workers and other users to access when they require
• Technical Support phone line in case of any issues occurring
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Several parameterised Excel-format data extracts are available via the app at any time. Further data extract options are available on request.
End-of-contract process
Towards the end of the contract HCLMS will initiate an exit plan with the client. Within this plan details of the timescales and the data to be provided to the client will be agreed. If required at this point HCLMS could engage with the new supplier to provide them with the information required. Upon request an exit plan can be provided and then the details agreed.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Reporting accessibility is more suitable for desktop users

Mobile service has been streamlined for touch screen actions

User interface and view differs slightly

Mobile app available for workers using the Roster product.
Service interface
Yes
Description of service interface
IDClarity has an API available via REST(ful) Web Service for the means of communication to facilitate interaction between it and required 3rd party applications.
Accessibility standards
WCAG 2.1 A
Accessibility testing
IDClarity is assessed using online accessibility checkers and maintained in line with appropriate standards
API
Yes
What users can and can't do using the API
Currently the API is designed to handle the posting, updating, publication and status of vacancies, but the product roadmap plans to extend the API to cover all aspects of recruitment and workforce management
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
A large number of configurable options are presented during project discovery phase. Options are also available to enhance the feature set with tailored development if required.

Scaling

Independence of resources
As this is a web-based application, we are able to scale the service according to demand. Intensive processes are farmed-out to services on separate hardware to mitigate against resource contention.

Analytics

Service usage metrics
Yes
Metrics types
Reports can be produced based upon any data held in the system. A requirements gathering exercise is used to establish client requirements and a suite of metrics is provided in line with this.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Several parameterised Excel-format data extracts are available via the app at any time.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9%
Approach to resilience
The app consists of multiple services replicated over multiple hardware nodes. Failing services are reported and automatically restarted. Data is replicated to a standby environment and nightly backups are retained for one week
Outage reporting
Layered monitoring of the application, its supporting services and the underlying hardware notify the ops team whenever configured thresholds are breached

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to each and every resource within the app is controlled using a combination of their assigned roles, organisational visbility and by whom they are employed (or assigned to work for in the case of contingent workers)
Access restriction testing frequency
At least every 6 months
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certified International Systems
ISO/IEC 27001 accreditation date
First accredited in 04/2015 and have been assessed yearly since to retain certification
What the ISO/IEC 27001 doesn’t cover
Our certification covers the entire business
ISO 28000:2007 certification
Yes
Who accredited the ISO 28000:2007
We do not hold an ISO 28000:2007 accreditation
ISO 28000:2007 accreditation date
N/A
What the ISO 28000:2007 doesn’t cover
Nothing
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • IG Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow the information security policies and processes of the ISO 27001 standard

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our configuration and change management processes are governed by our ISO 27001 accreditation which include the following phases:
• Logged Change Requests;
• Identification, prioritisation and initiation of change;
• Proper authorisation of change;
• Requirements analysis;
• Inter-dependency and compliance analysis;
• Impact Assessment;
• Change approach;
• Change testing;
• User acceptance testing and approval;
• Implementation and release planning;
• Documentation;
• Change monitoring;
• Defined responsibilities and authorities of all users and IT personnel;
• Emergency change classification parameters.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
IDClarity keeps an asset inventory of all information assets and who is responsible for each one. We are constantly monitoring reference sources to ensure we are up to date with any vulnerabilities and correction measures. We also use a Vulnerability Incident Report Form to officially record and ascertain the level of perceived vulnerability and escalate it appropriately
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
All IDClarity staff have undergone the HSCIC security e-learning modules and all new joiners are issued with the IDClarity Handling Sensitive Information Guidelines, which sets out IDClarity's opertional security procedures. We also use a Security Incident Resport Form to record, monitor and respond to any perceived threats
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We follow the ISO 27001 process of reporting all potential incidents via the IDClarity Security Incident Report Form which is then reviewed by the Information Governance Manager and escalated accordingly

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5,000 an instance a month
Discount for educational organisations
No
Free trial available
No

Service documents