Experian

Experian Background Checking Services with Candidate Verifier

Candidate Verifier will help you recruit for roles with confidence. It provides a simple and effective way to screen your potential new employees. You chose from a number of background checks relevant to the role you are recruiting for.

Features

  • Full suite of screening checks
  • Comminication via channel of choice i.e. live chat, email, telephone
  • Full audit trail
  • Ability to tailor screening checks to your job role
  • Data provided to you as and when it is available
  • Easy to view real time Management Information
  • Configurable options for you to choose from
  • Expert customer support team at your finger tips
  • Brand the system to your own specification
  • Multiple delviery methods. i.e.standalone web service, full integration

Benefits

  • Excellent candidate experience
  • Reduces risk associated with onboarding a new recruit
  • Simple to view & export management information
  • Helps to eliminate fraud
  • Allows you to adhere to regulation
  • Reduce costs associated with recruitment
  • Risk-averse approach to data management

Pricing

£7 to £61 per unit

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

8 5 7 4 1 4 7 6 1 6 1 1 0 5 1

Contact

Experian

Damian Kenny

+44 (0) 7976 702247

damian.kenny@experian.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Available on Internet Explorer 11 and above. All other major browsers supported
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All support tickets are aimed to be answered within four hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Full testing carried out on our own live chat portal
Onsite support Yes, at extra cost
Support levels Account Management, initial training and roll out and access to our experts and customer support team are standard service provision. Any additional requests will be reviewed on a case by case basis
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On-site training is available.
User guides are available
A simple and intuitive system with "I" buttons to support the operator, along with FAQ's
Service documentation No
End-of-contract data extraction Data extraction and export requirements can be discussed in detail
End-of-contract process This will be discussed with your account manager

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None - services have been optimised using responsive style sheets ensuring a uniformed experience
Service interface No
API Yes
What users can and can't do using the API The API supports the ordering
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The system has a number of configurable options to align with the variable on-boarding processes of our customers

Scaling

Scaling
Independence of resources Many of our screening services are automated to ensure the quickest turn around time. Where manual checks are required we look to work with our customers to have a forecast of recruitments levels over a 3 month period. This allows us to provide the best service to our customers.

Analytics

Analytics
Service usage metrics Yes
Metrics types Our screening services all have metrics associated with them and can be viewed via dashboards within the system
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There is no need for data extraction as you will have access to all your data in the system
Data export formats Other
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The platform is available 24/7/365, however SLA's for the product can be discussed as part of the commercial agreement
Approach to resilience This information is available on request
Outage reporting Email alerts and account management support where incidents are reported and impact service provision

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Users have their access defined upon set up using user role settings and configuration
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 DNV GL Business Assurance Ltd
ISO/IEC 27001 accreditation date 20/12/2016
What the ISO/IEC 27001 doesn’t cover The following is covered by the scope of the certificate; the delivery and support of Experian IT infrastructure, operations, architecture and associated compliance and facilities management undertaken within the UK data centres
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Trustwave
PCI DSS accreditation date 28/10/2016
What the PCI DSS doesn’t cover Not applicable
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Experian have a comprehensive Global Security Policy based on the ISO27001 standard which covers: Organisation and Management; Information Security; Asset Classification; Physical and Environmental Security; Communications and Operations Management; System Access; Systems Development and Maintenance; Compliance; Personnel and Provisioning; Business Continuity Management; Third Party Management. The policy is owned by Experian's Executive Risk Management Committee which is an executive level body, and which assumes ultimate responsibility for Experian's risk position. Information security is a key component of the risk management framework. Experian management supports security through leadership statements, actions and endorsement of the security policy and implementing / improving the controls specified in the policy. The policy is available to all Experian employees and contractors on the intranet. Changes to the policy are announced on the company's intranet and followed up with training and awareness programmes. New hires are required to undertake computer-based information security and data protection training, and this is repeated on at least an annual basis. Compliance to policy is overseen by internal audit.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Experian have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, process and procedures are regularly audited by independent auditors. Formal risk analysis is employed using an approved information risk analysis methodology as a part of the project analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Experian actively monitors the threat environment and checks the effectiveness of security controls by reviewing both free and paid for sources of threat information, including; public information, major vendor feeds and also receiving information from specialist closed group mailing lists. The overall process is also plugged into an automated patch and fix strategy, underpinned with a technology infrastructure to deliver corrective updates.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Monitoring processes and tools are in place to manage alarms generated by security related alerts and these are fed into the incident management process. Experian has a formally documented risk based incident management process to respond to security violations, unusual or suspicious events and incidents. In the event an incident occurs a team of experts from all relevant areas of Experian are gathered to form an incident response team, who manage activities until resolution. The incident response team are available 24/7 to resolve any incident. Out of core hours the dedicated incident hotline is routed to the command centre.
Incident management type Supplier-defined controls
Incident management approach The incident management process incorporates a number of participants and contributors, including: Global Security Office - who facilitate and coordinate activities under the business security coordinator's guidance; Business Security Coordinator - a representative of the impacted business area, responsible for coordinating resolution activities; Incident Response Team (IRT) - IRT is made up of a membership that are empowered to make key decisions surrounding the actions to be taken to reduce impact, control actions, and impose corrective activities. A client report would be created, including: high level overview; facts; overview of events; actions taken.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £7 to £61 per unit
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑