Geographic Solutions, Inc.

Labour Market Information, Job Board, and Aggregated Jobs Feed Solution

Virtual OneStop is a robust labour exchange delivery solution, providing advanced career pathway tools for jobseekers and powerful recruitment tools for employers. The solution provides advisers with programme service tracking, labour market information, staff mediated labour exchange, and dynamic reporting capabilities integrated seamlessly into a single, web-based system.


  • Real time national job listings from thousands of websites
  • Job skills analysis, analysis of certifications, credentials in real time
  • Automated job and CV searches for jobseekers and employers
  • Intergrated free online learning for jobseekers
  • Integrated occupational self-assessments
  • Comprehensive CV builder using wizard with ability to upload files
  • Adviser tools to match qualified candidates to available jobs
  • Real-time tracking of jobseeker, employer, and adviser activity
  • Comprehensive employer access and fraud monitoring tools
  • Comprehesive internal communcation tools for jobseekers, employers and advisers


  • Data integration of labour exchange and labour market information
  • Tracks user activity to improve coaching and for outcome reporting
  • Real-time parsing of job listings for local labour market analysis
  • One site serving jobseekers, employers, and advisers
  • Comprehensive employer screening tools and functionality to prevent fraud
  • Adaptable software for changes to business rules and service expansion
  • Thousands of pre built, real time ad hoc reporting options
  • Ability to create bespoke reports with report building wizard
  • Online language translation by user into any language
  • Extensive administration of role based security access for advisers


£166000 per licence per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 0 1 4 6 4 0 6 0 8 3 1 1 2 9


Geographic Solutions, Inc.

Paul Toomey


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints There are no service constraints. Because maintenance is completed on a scheduled basis, there is little, if any, down time due to the no single point of failure within the infrastructure.
System requirements
  • Windows Server 2016 and SQL Server 2016 Enterprise, Microsoft .NET
  • Virtual Web Server, Physical SQL Servers, McAfee AV

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Geographic Solutions provides technical support on a 24/7/365 basis for issues that prevent users from accessing or using the website; we will respond to these incidents immediately. For all other issues, we will provide technical support from 7:00 a.m. to 8:00 p.m., Eastern Time, Monday through Friday, excluding regularly scheduled Geographic Solutions holidays. Clients will be able to report incidents via phone, fax, email, or the intranet, but must report a Severity 1 issue via telephone to ensure an immediate response. The severity level of the incident will determine the guaranteed response and resolution times.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels To provide the best technical support service in the most efficient manner, we divide our support into tiers as follows:
Tier 1 – Clients can handle these issues internally. Client staff are the first tier to resolve system issues for staff, employers, and individuals. Typically, these are simple user issues, such as problems navigating the system, etc. If staff cannot resolve the issue, they will escalate it to Tier 2 support.
Tier 2 – These are issues escalated from Tier 1 by the client or reported directly as Tier 2 issues by client staff. If Geographic Solutions’ help desk support staff cannot resolve the issue, they will escalate it to Tier 3.
Tier 3 – These are issues escalated from Tier 2 by Geographic Solutions’ help desk or reported directly as Tier 3 issues by the client or Geographic Solutions staff. Subject matter experts, such as project managers, business analysts, systems analysts, developers, database administrators, etc., handle these issues. We handle all incidents (bugs), system issues, and network issues at Tier 3.
There is no additional cost for support. Our Future Proof software maintenance program is our highest-level support service and is the most comprehensive service available in the industry.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Geographic Solutions has an outstanding record of providing training support for clients around the world, including User Acceptance Testing training, Staff training, Train-the-Trainer training, and/or Administration training, depending on user roles. Training normally occurs before final deployment, but our Training Team can adapt the training schedule to fit the needs of the client. Our skilled instructors have experience using and implementing systems in many different situations. We train users in a classroom setting, with opportunities for questions and answers, emphasize real-world examples, and carry out “hands on” exercises, using the latest computer hardware and software. We also offer web-conference training as a distance-learning tool to reduce costs. Virtual OneStop also features training videos for many aspects of the system, which is accessible by all users. Geographic Solutions supports system training with full documentation, including Staff and Administrator User Guides, the Online Project Communication System Guide, training course material, and Quick Reference cards. We provide clients with editable, electronic copies. Geographic Solutions continually revises these guides as appropriate, throughout the life of the project and with subsequent system upgrades, as required, and client staff will have access to the guides and other documentation through the Staff Online Resources portal.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction User data is routinely exported to users on a time schedule selected by the user (e.g. daily, weekly, etc.). Once a contract ends, a "complete" extract from the SQL Server backups that are maintained will be provided to the client.
End-of-contract process At contract end, Geographic Solutions team works with our customers to develop a transition schedule. Included in this service is delivery of client data in machine readable format.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Virtual OneStop features a responsive web design for users to access the system from their mobile device. This design creates a flexible, fluid, and adaptive website by using media queries to determine the layout of the site’s pages. The system displays web content for small screens on portable devices using a touch screen interface, where the layout of the website automatically adjusts to the user’s screen resolution. In addition, we have an optional Mobile Application module that shares data with the main database and has mobile capabilities like finding jobs near me on a map.
Service interface Yes
Description of service interface Virtual OneStop is entirely web-based and supports full and true public access to labour exchange programmes. The system has no requirements for client-side software. A user can access the application’s state-of-the-art functionality from anywhere there is an Internet connection, including a work place, library, or at home, and via mobile devices. The system provides full self-service functionality for the complete spectrum of users: individuals (jobseekers), employers, advisers, and system administrators. The system provides ready access to information, regardless of a user’s educational level, computer ability, or experience.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Geographic Solutions develops and tests all versions of our software for accessibility compliance and ease of use by persons with disabilities. We investigate, test, and integrate new third-party software regularly to ensure that our products remain current with other assistive technologies. Accessibility testing is done at all stages of new development, during code updates, and in the review of current pages. Geographic Solutions employs testing and development personnel with experience using assistive technologies. We test new features for accessibility at the development level in the Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome browsers. Quality Assutance testing uses Windows, Mac, and mobile device operating systems and follows a checklist of the WCAG 2.0 guideline standards at an AA level during this process. The methods we use to test for accessibility include the automated Web Accessibility Evaluation Tool (WAVE), Visual Studio 2013 Accessibility Validation tool, Tenon HTML Accessibility Checker, Firefox Accessibility Extension, manual evaluation with use of the Job Access With Speech (JAWS) screen reader, visually impaired user review with assistive technologies, Windows 7 Magnifier and browser zoom, Dragon Speech Recognition software, WebAIM Color Contrast Checker, and keyboard-only without the use of assistive technology.
What users can and can't do using the API Geographic Solutions fully embraces the use of message-based APIs and web services, which are an integral part of the system’s architecture. Although an API is not needed for users to work with our service, the following list contains several of the uses of message-based APIs and web services we employ: Message-based APIs enable communication with third-party and legacy systems and other COTS solutions that use standard Internet and open source protocols. Geographic Solutions supports direct interface between systems using an API. Geographic Solutions has used this web service technology to communicate, in real time, with numerous legacy labour exhange systems and will be equally effective with third-party client service solutions in operation across the UK; Web services call third-party services for data validation. For example, during initial registration, Virtual OneStop can validate a user’s Driving Licence number by calling the web service provided by the Driver and Vehicle Licensing Agency; Web services permit maximum reuse and extensibility of components across platforms. For example, the system's mobile phone application can call web service components to perform the same queries that are available in the browser-based application; and Web services allow communication between databases across political boundaries.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Virtual OneStop is a Customisable, Modular Commercial off-the-Shelf (CM-COTS) bespoke solution to each client’s exact needs. By design, our modular system embodies innovation and is available at a reasonable cost. Typically a labour exchange system will require less than 20% customisation, most of which will relate to branding, local information, and interfaces that the client requires. An advantage of the CM-COTS approach is that it is simple to add to or modify the prebuilt modular components. The system currently offers 71 functional configurable and modifiable modules and components that will meet the exact needs of each client. Literally hundreds of items are configurable without requiring code changes. Examples of the system’s configurable items include the number of search results returned, the content of system alerts, and user account registration requirements. Because of the system's modular structure, clients can determine which modules meet their requirements and which settings and configurations within those modules meet their exact needs. We handle some configuration settings at the time of implementation. However, nontechnical client staff can manage many settings through the Administration System module.


Independence of resources Each client’s (user's) data is isolated in a separate database instance of the same data structure. This ensures the integrity and security of user's information. Each user has access to only their data. Another significant advantage to this design is that the system performs efficiently at all times, even when heavy batch processing and data extracts are running.


Service usage metrics Yes
Metrics types Dynatrace is used to monitor and analyse user interactions and business transactions to the code level. The web based interface tools, SmarterStats and Google Analytics, are used to measure website traffic, website performance, and page load times, as well as to capture data such as browser and device type, operating system used, and users' geographic location information.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users may export their data by running either pre defined reports, or on an ad hoc basis.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • .doc, docx
  • .xls, xlsm,
  • .pdf
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • SQL
  • BAC

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Data between the end user and web server is via Secure Socket Layer, between the web and SQL server via IPsec, and the data is encrypted AES-256 FIPS 140-2 when at rest.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Data between the end user and web server is via Secure Socket Layer, between the web and SQL server via IPsec, and the data is encrypted AES-256 FIPS 140-2 when at rest.

Availability and resilience

Availability and resilience
Guaranteed availability The design and architecture of Virtual OneStop will ensure the system is available to all clients and users around the clock. Geographic Solutions will guarantee a service level of 99.9% up time, excluding planned maintenance. If the SLAs are not met on a monthly basis, the client is refunded an amount that is agreed to in the contract.
Approach to resilience Available on request
Outage reporting If there is an outage, an email is sent to the client in conjunction with a phone call from the client represented.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Our role-based security solution provides administrators fine control over the operation of the entire system. Authorized administrators control these permissions and other security features from the Administration System. Their base credentials allow users access to the system, while permissions and privileges configured for their login control their access to the system’s features, functions, and specific data.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • SOC 1 Type 2
  • SOC 2 Type 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards NIST 800-53
NIST 800-122
NIST 800-95
NIST 800-63
Information security policies and processes Geographic Solutions communicates our written information security policies to all staff members and makes these policies readily accessible to employees on the corporate SharePoint site. We review and update policies annually. Geographic Solutions’ information security policies include the following policy documents:
GSI-SEC-001 System and Data Security
GSI-SEC-002 Acceptable Use Policy
GSI-SEC-003 Data Access
GSI-SEC-004 Data Destruction
GSI-SEC-005 Visitor Control
GSI-SEC-006 Access Control and User Authentication
GSI-SEC-007 Security Incident Response Plan
GSI-SEC-008 Information Availability
GSI-SEC-009 Information Audit and Assessment
GSI-SEC-010 Information Classification
GSI-SEC-011 Patch Management
GSI-SEC-016 Internet Usage Policy
GSI-SEC-017 Email Policy
GSI-SEC-018 Encryption Policy
GSI-SEC-020 Remote Access Policy
GSI-SEC-021 Information Security Policy
GSI-SECP-001 Security Plan
All Geographic Solutions policies, processes, and procedures reduce the risk of human error, theft, fraud, or misuse that could affect our clients' information assets and business continuity adversely. In addition to the policy and plan documents listed above, our Security Team regularly issues notices and notifications to sustain security awareness.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes are processed through the Change Control Process tracked by our online ticketing system (OPC). The OPC is reviewed by the Change Control Board, which includes the Development, Configuration Management, Systems, and Process and Standards Teams. Final approval is by a member of the Senior Management Team.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Geographic Solutions uses Tenable Security Center Continuous View, which incorporates Nessus to scan our internal environment. Our application is scanned using Fortify On Demand and AppScan Standard. Any vulnerabilities identified are patched according to severity:
Critical: Patch immediately or assigned target date.
High: Within 30 days
Medium: Within 90 days
Low: Patch when time allows
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Geographic Solutions uses McAfee products to help monitor our network for potential compromises. These products provide Firewall, Intrusion Prevention and Detection, SIEM, DLP, etc. When a potential compromise is identified, we respond in accordance to our Security Incident Response plan, which also defines how quickly incidents are responded to.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Geographic Solutions' Incident Management process uses pre-defined classes under which each incident severity falls. Users report the incident via a ticket within our OPC system, which will be received and triaged by our Network Operations Center. Incident Reports are provided as per contractual or statutory requirements.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks
  • TLS (Version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections


Price £166000 per licence per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑