IndexR

IndexR - Workforce Application Tracking and Skills e-portfolio

IndexR provides a comprehensive end-end, automated and mobile candidate application tracking software. Our Intelligent software, quickly filters applications with online interviews and built in approval workflow. We accelerate the overall process and remove manual error, capturing skills, mandatory training and standard employment checks via a skills e-portfolio.

Features

  • Real-time view of application tracking and approval status.
  • Instant view of availability
  • Single view of skills, mandatory training, CPD, employment checks, references
  • Automated workflow
  • Multi-speciality and role capability

Benefits

  • Mobile enabled, offline working.
  • Accelerated end-end application and skills tracking process.
  • See all candidate and employee skills status from one system.

Pricing

£10 to £25 per user per year

  • Education pricing available

Service documents

G-Cloud 10

834030166228832

IndexR

Paul Glover

07525833616

paul@indexr.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements All modern browsers: Safari, Firefox, Chrome, IE 10+, Opera

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4hr Response; Next Business Day Resolution as standard.
Enhanced support available.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Infrastructure and Technical support is provided as standard within the Service. This includes an online ticketing service desk which links directly to the development team. Support, customisation and training during the setup phase is also offered onsite or remotely by telephone.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We want to make sure you have an excellent experience using the platform. We have developed a standard methodology for success. Assess & Define: IndexR onboarding is carried out as standard to determine risks, gaps, identify opportunities and develop key outcomes for the customer to maximise the benefits of the system. Transition: Onsite System Familiarisation, Configuration and Training is provided to groups of stakeholders at varying level including examiners, administrators, assessment teams. Transformation: Online Knowledge Base documentation is also provided as a way of referring back to more complex tasks. This is continually updated when new features are rolled out and as we receive customer feedback. Support is also available for your end-user community in the form of training materials, workshops etc - upon request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We will provide a full output of all your data as standard. Accompanying documentation may require professional services.
End-of-contract process At the end of the contract a single full data export is provided in the cost of the license. Accompanying documentation may require professional services. If you wish the online platform to remain active in any capacity (e.g. in read only mode) then this will be an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The application is fully responsive and contains all the same features and functionality from whichever device you are accessing from.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing No specific testing of assistive technology has been carried out. We would be happy to work with clients and 3rd parties to approve equipment for use with our system.
API No
Customisation available Yes
Description of customisation The platform is designed to be customised by each organisation in relation to the skills e-portfolio activities required. We will provide continuous support and assistance and help onboard our customers via the IndexR onboarding methodology in order to setup the most appropriate roles, permissions, question/station banks, workflows, standard setting, blueprinting and reports with you. Each of these elements is then completely maintainable by local administrators to eliminate the need for further development every time a change is requested. Permissions can be assigned to each user to determine who should be able to make changes to the various areas of the platform under version control. There is no special editing interface it is all simply done through the simple user focussed UI with no technical expertise required. We are always available for support and advice via the Service Desk to help you make the most of the platform and all new features.

Scaling

Scaling
Independence of resources All organisations within the same region are served from the same cloud infrastructure. This infrastructure has been carefully designed to dynamically scale when larger loads are detected specifically to negate the issue of traffic affecting performance.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We will facilitate the export of data for organisations wishing to extract a dump of all of their data. All reports within the system can also be exported to CSV.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Service shall be available 99.9%, measured monthly, excluding UK public and bank holidays and weekends and scheduled maintenance. Any downtime resulting from outages of third party connections or utilities or other reasons beyond the Company’s control will also be excluded from any such calculation. Downtime shall mean a period whereby the Customer is unable to access the Service for a period exceeding sixty (60) consecutive minutes, shall be a credit for 2% of the pre-paid Service Fees (calculated on a monthly basis: for example, the pre-paid annual Service fee divided by 12) for each period of 60 or more consecutive minutes of Service downtime; provided that no more than one credit for Service downtime can be claimed by the Customer per day and five credits in any one (1) month. In order to receive a downtime credit, the Customer must notify the Company in writing within five (5) days from the time of downtime, and failure to provide such notice will forfeit the right to receive such downtime credit. The Company will issue a credit note, as calculated in line with the provisions of this Section, as a refund against annual Fees already paid.
Approach to resilience Information available on request.
Outage reporting We notify the client if there are any unplanned outages. If there is a service failure during a critical period we have a telephone support like which will provide instructions for recovering the data, either by restoring the service or talking through the direct download.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the system is either by service login, in which case management and support staff are subject to the same role based access control and audit trail as all users, or by secure public key authentication for devops to gain direct access to the software and database. Public key distribution is part of our automated deployment, configured so that only developers on the specific project team (and senior technical staff overseeing the development) have access to any specific server.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We follow the principles of ISO27001, we have a risk assessment, and risk treatment plan, which has informed the creation of an Information Security Policy. Staff receive training on EU data protection requirements, and our Information Security Policy with an annual refresher. Our policy is reviewed annually and updated inline with changing legislation and client needs.
Information security policies and processes We have an Information Security Policy that staff receive annual training (along with EU Data Protection requirements). Staff completion of this training is logged in our internal Continuing Professional Development system (we use our own product for this). The Information Security Manager is responsible for checking the training has been carried out, and also receives all incident reports. The Information Security Manager reports directly to the board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use automated deployment methods to ensure consistency of deployment. Configuration is built into the automated deployment so that changes made the configuration can be repeatedly deployed. Components of services are allocated to clients, and do not change between clients during their lifetime. As part of our software development release procedure we check the security implication of any changes, assign a risk level. For high risk features additional specific testing may be required before releasing the new feature.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use a formal process as defined in "Information Security Risk Management for ISO27001/ISO27002" (Calder and Watkins, 2010). This process starts by identifying the assets we need to protect, then the threats that may exist to them. Then each one is assigned a risk and impact assessment, and this is used to develop a risk treatment plan (where risks are mitigated, accepted, eliminated, or transferred). We have a fast track release procedure for critical fixes, that allows low risk fixes to be rapidly deployed. We subscribe to industry standard security notification sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All accesses to the server are logged and monitored, and attacks are automatically detected, and system administrator notified. After a potential compromise has been detected, the information security manager must be notified. There will then be an investigation and analysis of the severity of the compromise and a plan of action decided. Internally security incidents are highly prioritised, and we make all reasonable efforts to address them immediately.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents through the service desk. We capture responses in our knowledge base so that common events can be resolved by clients directly. Our response to the incident will be through the service desk, and this is our report to the user. We can complete incident reports if requested.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £10 to £25 per user per year
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑