Monster Manage is an applicant tracking system (ATS) that manages the recruitment process from requirement inception through to on boarding candidates. It is a modern, easy to use Software as a Service (SaaS) offering that allows large quantities of job vacancies to be managed with a small number of people.
- Well-designed and easy to use
- Unlimited users – the more participants the greater the efficiencies
- Automatically posts to job boards
- Work flows that speed up processes
- Your own branding on the portal
- Killer questions that filter out unsuitable candidates
- Integrations with; HR systems, video interviewing, & DBS testing
- Social media integration
- Email & text messaging to keep candidates engaged
- Processes more job vacancies with fewer staff
- Provides a professional and engaging candidate experience
- Can reduce recruitment spend by up to 50%
- Decreases time to hire by up to 60%
- Streamlined administration
- Ensures compliance with agreed processes
- Reports on all aspects of recruitment activity
- Screens out unsuitable candidates
- Quick adoption by being intuitive and easy to use
£10080 per unit
Monster Worldwide Ltd
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||There are no constraints. All data is hosted in the UK.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Customers are provided with an email service. Responses times are for working days only from between 09:00-17:30 (UK local time).
Severity #1 - assigned to a general question or requests for enhancement (Response time: 1 day)
Severity #2 - assigned to a situation that slows a clients' response time or limits the functions of part of the solution. (Response time: 4 hours)
Severity #3 - assigned to outages that keep a business from being able to access one or all of their applications. (Response time: 1 hour)
Monster Manage’ critical technical support operates 24/7.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The following support is included within the service pricing:
1. An email based support service is available between 0900-1730 (UK local time):
1.3 Nominated recruitment partners
2. Telephone based support for clients, candidates and nominated recruitment partners
3. Online contextual-based user help is available to client users throughout the solution, by clicking on the ‘Help’ icons within the solution
|Support available to third parties||Yes|
Onboarding and offboarding
To us, the service is as important as the solution itself. As such we take a hands on and proactive approach to all our partnerships with clients.
All clients are assigned an implementation and account team member, in the form of a dedicated relationship manager. All of our relationship managers have a thorough understanding of HR and recruitment, with all relationship managers being HR/Resourcing professionals and sharing a background of previously implementing e-recruitment solutions working within these functions.
We have developed a standard, structured and fully documented approach to all aspects of implementation.
The Monster Manage set up and configured to suit each customer's requirements. This includes:
* On-site meetings
* On-Line collaboration (Trello)
* On-Site Training
* Training sessions are recorded and provided to customers for subsequent viewing.
|Other documentation formats||Video recordings|
|End-of-contract data extraction||
At the end of the contract term Customers wanting to retain their data are provided with their data in either .csv or XML file formats.
Data is then removed from the servers in accordance with ISO 27001 standards.
|End-of-contract process||The delivery of the customer's data in .csv or XML formal is included within the price. Any additional requirements will need to be charged for.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The candidate experience as been designed specifically for mobile interaction.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
The candidate experience is AA Compliant.
The back-end solution has been tested and reviewed by a partially sighted customer. They reported that the application was very easy to use and made some minor recommendations to make it even easier.
|What users can and can't do using the API||
APIs are used to:
* provide an applicant data feed to a customer's HRIS
* To post jobs to job boards
* To display job vacancies on Career Sites
APIs are XML or RSS
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
Customers can "Configure" the service to reflect their operational procedures:
* Presentation and appearance of the candidate portal
* Customer work flows
* User roles and permissions
|Independence of resources||To ensure we have sufficient capacity to cope with a high demand from other customers we operate at 40% capacity to allow bursting. This is auto regulated within the virtual environment.|
|Service usage metrics||Yes|
All data within the system can made available. Typical metrics would be:
* Number of Job Applications
* Source of Applications
* Candidate Status; invited to interview, hired, rejected etc
* Response by age groupings
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Jobtrain Solutions Ltd|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||Data is AES256 encrypted at rest|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users can create any reports, in any format, including Dashboards. Scheduled reporting can be created and automatically emailed (or exported) in a wide variety of formats (CSV, Doc, PDF, XLS, Text).|
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||Communication with our Data Centre is achieved through an HTTPS secure connection with all communications between the Monster Manage browsers’ and the Data Centre being encrypted. There is no data flow between the Buyer's Network and Our Network. All data stays at the Data Centre and any access we have to the system is done via the same HTTPS access given to our clients via the web interface.|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
Monster Manage will use commercial best efforts to provide clients with 98.5% service availability relating to its hosting.
Service Availability is calculated by the number of hours the service is available to clients plus the total number of hours, if any, the service is scheduled to be unavailable, divided by the total number of hours in that month.
If the Service Availability is less than 99.9%, Monster Manage will issue a credit to the buyer.
Service Availability Credit Percentage
≥ 98.5 0%
≥ 95% > 98.5% 10%
≥ 90% > 95% 25%
≥ 85% > 90% 50%
|Approach to resilience||Monster Manage is hosted by Access Alto (part of Access Group). Access Alto delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable Jobtrain to build and manage a wide range of applications. The resilience of their data centre setup can be made available on request.|
Monster Manage reserves the right to plan a scheduled outage with forty-eight (48) hours advance notice. Monster Manage will use commercial best efforts to schedule these outages at non-peak hours as above and limit their occurrence to strictly necessary upgrades and required maintenance.
Notice of an outage will be by email.
It is the responsibility of Client administrators to notify all persons within their organisations of scheduled outages.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
The Passwords are MD5 encoded
The whole database is TDE encrypted
The whole system at rest is AES encrypted
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus ISOQAR|
|ISO/IEC 27001 accreditation date||18 November 2016|
|What the ISO/IEC 27001 doesn’t cover||
Scope of registration:
The information security management system in relation to hosting, payroll services, software development, client data and infrastructure related to the organisation’s products in accordance with the statement of applicability V1.0
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||
As an organisation we comply to a range of standards.
Our data centre is ISO/IEC 27001 compliant.
|Information security policies and processes||
Monster adheres to the following policies which can be made available on request:
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our configuration management policy says:
• Monster must manage configuration changes made to information systems through a defined and approved process.
• Configuration management must involve the systematic proposal, justification, implementation, test/evaluation, review, and disposition of changes to an information system, including upgrades and modifications.
• Configuration management includes changes to the configuration settings for information technology products (e.g., operating systems, firewalls, routers).
• After configuration changes have been made to a system, Monster must ensure that implemented security controls will continue operate properly.
• Monster must approve access privileges for individuals that make configuration changes to Monster’s information systems.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
NCC Group CESG certified penetration tests annually at both infrastructure and application layers.
Weekly Symantec's vulnerability testing and bi-weekly by Qualys Labs' Vulnerability Checker.
All pent tests check for OWASP vulnerabilities and all bi-weekly vulnerability checks include the latest OWASP alerts.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
* Event logging: Register information about access and actions of users, errors and events
* Protection of log information: All logs are protected to ensure a valid audit trail
* Administrator and operator logs: Privileges of administrators and operators of systems are different from the normal user privileges
* Clock synchronization: All systems share configured with the same time and date. This allow for a traceability test.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
ISO27001 compliance for Incident Management:
* Reporting information security events
* Reporting information security weaknesses
* Assessment of and decision on information security events
* Learning from information security incidents
* Collection of evidence
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£10080 per unit|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|