Civica UK Limited

Trac Recruitment System

The Trac recruitment system is an e-recruitment applicant tracking system that has been designed to meet the needs of public sector organisations, particularly NHS and local government. The system links with ESR and eBulk (DBS). It covers advertising, selection (shortlisting, interviews), offer letters and employment checks and includes multiple workflows.

Features

  • Flexible, optional, authorisation module
  • Vacancy advertising with links to external media
  • Application filtering, longlisting and shortlisting tools
  • Automated interview invite and booking system using email & texts
  • Conditional Offer letters built in and customisable
  • Identity check booking and recording system
  • Integrated eDBS system
  • Sophisticated reporting tools that link with organisational structures
  • Experienced trainers and support staff to ensure smooth deployment

Benefits

  • Speeds up recruitment
  • Makes recruitment activity easier to track and report on
  • Popular with hiring manager, recruitment staff and applicants
  • Improves efficency of recruitment staff
  • Improves communications with hiring managers and applications
  • Provides a modern efficient gateway for potential staff
  • Integrates with other systems, particularly ESR, eDBS (eBulk) and jobs.nhs.uk

Pricing

£1150 per licence per month

Service documents

Framework

G-Cloud 11

Service ID

8 0 4 1 3 2 3 0 6 8 5 7 1 2 2

Contact

Civica UK Limited

Civica UK Limited

01132441404

g-cloud@civica.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints No
System requirements
  • Chrome, Edge or IE browser with current vendor support
  • PDF document viewer
  • Sufficient RAM for the browser and any concurrent software applications

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Office is open 9am to 5pm Monday to Friday (excluding English Public Holidays. We aim to respond within 1/2 a working day during these times.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Trac Systems Ltd provides a free technical support (telephone and email) service for buyer's Super Users. This is open weekdays 09:00 to 17:00 (excluding English public holidays). The Trac Recruitment System has been designed to provide a fully functioning system, with many built in options available, that can be operated by a buyer with little support from Trac Sytems Ltd staff. Where additional support is required to carry out a task that can not be done by the buyer, for instance adding a new Super User, this is done for no additional cost. Trac Systems Ltd are also able to provide a paid for support service to carry out ad-hoc tasks that the buyer does not have the resources to carry out locally. For instance helping with Super User tasks when the buyer's Super Users are not available. Details of additional levels of support are in the Service Definition document.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Trac Systems Ltd has extensive experience of getting buyers up and running with the Trac Recruitment System. The start-up package, available as an optional extra for new buyers, includes: * An initial one day stakeholder/start-up meeting held at the buyer's premises * Setting up the buyer as a user organistion within the Trac Recruitment System, this includes: - adding a set of standard template emails and letters - adding up to eight buyer specific conditional or unconditional offer letters - creating a buyer sub-site for linking to the buyer's own web-site * A two day system review, process analysis and feature selection workshop held in Bakewell * Two day start-up training course for recruitment team staff on buyer's premises * Recruitment support service for four weeks * Two day handback training for recruitment team staff on buyer's premises * Two hour follow-up visit, 8-16 weeks after the handback training (review)
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction CSV downloads for bulk extraction of data and PDF document packs for the records of individual applicants.
End-of-contract process Buyer's have full access to all their own application and vacancy data and this can be extracted in CSV files. If additional support or bespoke exports are required these can be provided at our normal Ad-hoc support rates. The easiest off-boarding path is to run both old and new systems for a period, managing the newly-added vacancies in the new system. This saves the effort and risk associated with attempting to migrate data from the Trac Recruitment System, into its replacement. For organisations selecting this option the Trac Recruitment System can be made available for a fixed period of time, for a "tail-off" period, at a gradually decreasing monthly fee that is based on the standard monthly fee payable. Note that during this "tail-off" period no new campaigns or applications can be added to the Trac Recruitment System but the buyer's staff will be able to continue accessing and working on those already in the System. Buyer's can give Trac Systems Ltd a "hard" cut-off date at which point all data held will be deleted. Exit plans can be produced on request by Trac Systems Ltd with time taken for this work being charged at our normal Ad-hoc support rates.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The interface used by candidates to make and manage job applications is designed to work with mobile devices. The nature of the work carried out by recruitment staff - involving large amounts of data with lots of functionality - presently requires a desktop browser.
Service interface No
API No
Customisation available Yes
Description of customisation The Trac Recruitment System has been designed to provide a fully functioning system, with many built in options available, that can be operated by a buyer with little support from the Trac Systems Ltd. Many options can be controlled by the client's Super Users and can be set-up so that different parts of the buyers organisation have their own customisations. Most settings are controlled from the buyer (employer) table, with other settings at the next level down for different parts of the organisation. Options include different application and reference forms, reporting targets, authorisation area settings, employment checks and many more. See the Service Definition document for more details.

Scaling

Scaling
Independence of resources Computing load is monitored and resources scaled according to predicted demand.

Analytics

Analytics
Service usage metrics Yes
Metrics types The Trac Recruitment System has a clear and easy to use dashboard screen and in addition provides a broad set of template reports, details of which are in the Service Definition document.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can download their own personal data in PDF documents. Buyer's representatives can download data CSV and PDF formats.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The service level agreement, that is included in the Civica service definition document, sets out what levels of availability and support the buyer is guaranteed to receive for the Trac Recruitment System. It also explains what service credits will be applied by Civica should it fail to meet these service levels.
Approach to resilience All data is currently stored on hardware which is owned and managed by Trac Systems and is located in secure and resilient datacentres that operate dual power paths, at least N+1 generators, at least N+1 cooling and have multiple diverse network routes. The service itself is load balanced across multiple servers.
Outage reporting Outages are reported to customers by email alert. Customers may also call the service helpdesk if they suspect there may be an outage and need assistance in diagnosing whether there is a problem within their own computer networks or elsewhere.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels By way of firewalling and access credentials.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International Plc
ISO/IEC 27001 accreditation date 19/09/2011
What the ISO/IEC 27001 doesn’t cover The full service is covered, specifically: "The provision of online recruitment, selection and employment checking systems and associated support services, including interfacing with appropriate third parties".
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • ISO22301

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes In order to provide a wide range of services to public and private sector organisations, Civica maintains an active information security programme. This programme requires regular internal and external audit inspection of both physical and logical data protection structures. The policies and procedures are aligned to ISO 27001 and Cyber Essentials Plus certifications.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Changes to existing - and commissioning of new - information processing facilities are managed by way of written procedure which includes assessment of data security and privacy impact. Server management and software development functions are carried out in-house. Formal change control processes, including assessment of potential security impacts, are embodied into the workflow and tracked by project tracking software. Software revision control for the Trac application includes log of commits including descriptions and is tracked through project tracking software. DBS change control procedures are in place.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Civica subscribes to technical vulnerability alert services. Systems administrators monitor incoming notifications, assess their relevance and, once processed, mark them as such and if necessary a tracking ticket is opened to track the work and assigned the appropriate severity level and priority. Software configuration management and automated deployment software is used to manage the change. Vendor security releases are applied according to the nature of the patch. We have the capability to deploy a critical patch within hours of release. Important patches are applied within days and routine updates are applied with a month.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Civica operates an automated suite of protective monitoring tools including intrusion detection systems, data sanity checking, configuration compliance and hundreds of automated checks that constantly check the systems. All servers are tuned to generate log events as appropriate and send these in real time to a central log storage system and management console for analysis. Our monitoring systems run around the clock checking availability and running of all servers and services in detail. Alerts are handled by our systems administrators. We have 24-hour response for critical services, although the system architecture is designed to minimise single points of failure.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All staff are trained and encouraged to report suspected or actual information security events or weaknesses by way of an Information Security Incident Reporting Policy . Customers can report via their usual support team contacts. Incidents are handled by senior staff in accordance with a process to ensure that relevant data is preserved, investigations carried out, reports made and follow-up actions taken. Trac does have many pre-defined processes for common events, but security incidents are not common events and each is handled carefully as appropriate. Reports are provided to data controllers by email.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1150 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑