IBM United Kingdom Ltd

IBM Kenexa Talent Acquisition Suite

IBM® Kenexa® Talent Acquisition Suite is a set of products that works together to help you streamline and optimise employee recruitment and onboarding. This comprehensive hiring solution helps you hire, and onboard top talent using an automated process, incorporating the latest mobile and enterprise grade social technologies.


  • One single integrated solution for all your talent acquisition needs
  • IBM Kenexa Lead Manager
  • IBM Kenexa Talent Acquisition BrassRing Application Tracking System
  • IBM Kenexa Behavioural and Skills Assessments
  • Integrated Onboarding
  • IBM Digital Analytics for Talent Acquisition
  • Accessible on any device including Mobile
  • Standard and ad hoc Reporting
  • Open HR Framework


  • One single solution with streamlined and automated workflows
  • Quick and easy access to priority tasks on any device
  • Superb candidate and new-hire experiences (on any device)
  • Improved decsion-making through analytics and insights based on behavioural science
  • Integrated and social onboarding
  • Branded emails and talent communities engage candidates and nurture talent
  • Better talent pipelines and qualified applications
  • Automated pre-screened pools of best fit candidates for faster hiring
  • Predict fit and performance before you make an offer
  • Start onboarding before day one for a smooth, simplified transition


£0.86 to £34.20 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

9 1 9 0 8 4 0 2 6 2 0 8 9 9 0


IBM United Kingdom Ltd

Alice Griffin

Please email

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Access via a standard operating system and a supported browser.
  • Screen layouts are designed for 1024 x 768 resolution.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity 1 - Within 1 business hour
Severity 2 - Within 2 business hours
Severity 3 - Within 1 business day
Severity 4 - Within 2 business days
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Standard Global Support Center Model – The Help Desk of our Global Support Center (GSC) provides the first line of technical support. Customers funnel support requests through a limited number of employees who serve as their designated contacts with our GSC. (No extra charge)

Outsourced Support Model – In our standard support model, customers funnel support requests through a small number of employees who serve as your designated contacts with the Global Support Center. In the outsourced support model, the GSC will serve as your internal help desk for all employees. (No extra charge)

(Optional) Named GSC Resource – If a client purchases a Named Resource, requests that require assistance beyond the initial support call will be handled by a named individual who will assist with all client escalations and will maintain proactive contact with client.

For larger contracts: In addition to the Help Desk, an IBM Client Success Manager (CSM) will serve as the main point of contact regarding ongoing satisfaction with the product (no extra charge). An optional arrangement may be scoped for a customer to have a dedicated CSM can work on site.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started During the final phase of implementation, the IBM project manager and implementation consultant transition the client to IBM’s ongoing support team on the Global Support Center (GSC). This transition phase includes training support.

The training program includes blended curriculum, such as interactive self-study courses, virtual classroom via webinars, and optional traditional instructor-led classroom delivery. Our course list includes training for new users, super users, training leaders, and hiring managers. We also provide ongoing training for skill refinement and system optimization. Our experienced, knowledgeable training consultants work closely with each client to help create the most appropriate training plan for the user base, designed for a successful deployment of the client’s talent acquisition solution.

Post implementation, few resources are required from a client to manage the system. Clients should plan to assign a project manager to be the main point of contact with the support team as well as approximately two system administrators or super users.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction IBM will promptly return or delete customer data. Standard procedure is to post the customer’s data in MS Access format on our secure FTP server for the customer to download.
End-of-contract process The term of the Cloud Service begins on the date IBM notifies the client of their access to the Cloud Service, as documented in the Proof of Entitlement Document (PoE). The PoE will specify whether the Cloud Service renews automatically, proceeds on a continuous use basis, or terminates at the end of the term. For automatic renewal, unless the client provides written notice not to renew at least 90 days prior to the term expiration date, the Cloud Service will automatically renew for the term specified in the PoE. For continuous use, the Cloud Service will continue to be available on a month to month basis until Client provides 90 days written notice of termination. The Cloud Service will remain available to the end of the calendar month after such 90-day period.

Numerous factors are taken into consideration when determining IBM Talent Management software and implementation pricing fees and annual subscription fees. The software subscription fee and implementation fee is primarily determined by overall employee size and scope of the project. Discount levels are provided for term of contract and for customers purchasing multiple solutions.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The features and functions of IBM Talent Management solutions can be rendered for mobile platforms (iOS, Android, Blackberry) and do not require an app for access.
Service interface No
What users can and can't do using the API The Talent Acquisition Suite supports standard APIs to facilitate both web services and XML-based integrations and batch file imports and exports.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Functionality is incorporated into the products that can be configured by client system administrators for each product. Hundreds of configuration “switches” enable client administrators to define the experience for their own user base. For instance, BrassRing allows for unlimited custom fields within requisition forms and the forms that are attached to candidates.


Independence of resources The Talent Acquisition Suite is designed for high availability, so multi-user contention or concurrency are typically not problems. The scalability of the suite is driven by the number of servers in the application pools and their processing capacity. IBM Cloud Operations, in coordination with the product operations team, adds additional web, application or database servers as network usage approaches our acceptable threshold.


Service usage metrics Yes
Metrics types The system is continuously monitored and tested regularly by the Performance Testing team in a dedicated test environment.
Cloud Operations uses a combination of third-party and internal monitoring to ensure the integrity of production sites. The production site undergoes continuous monitoring of performance through the use of tools that provide real-time monitoring of response times and issue alerts when important performance thresholds are reached. Members of the product team use tools to continuously watch performance in real time.

The Quality Assurance and Performance Engineering teams evaluate the performance of each application suite build. Performance testing focuses on evaluating response times.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Field-level encryption: The Talent Acquisition Suite offers field-level encryption using AES-256 for sensitive information such as a tax identification number.

Database encryption: Passwords are hashed in the database using SHA-512.

Backup encryption: All backups for all IBM Talent Management solutions is encrypted.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Clients can export their data using export tools. The individual applications in the suite can export ad hoc reports, typically in Excel or PDF file formats. Export options vary by application. IBM can work with the client to create a data extract in an agreed-upon format. In addition, if a client requires, data can be exported to a data warehouse, which can be integrated with the client’s environment.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network While all data is encrypted in public transit, not all internal traffic between tiers is encrypted. Where interfaces between tiers are not encrypted, internal traffic is secured using firewalled networks.

Logical segregation: IBM segregates customer data logically using unique client IDs that prevent other customers from accessing a client’s data.

Field-level encryption: The Talent Acquisition Suite offers field-level encryption using AES-256 for sensitive information such as a tax identification number.

Database encryption: Passwords are hashed in the database using SHA-512.

For components powered by Talent Insights, all data at rest is encrypted with AES-256 bit encryption.

Availability and resilience

Availability and resilience
Guaranteed availability IBM provides SLAs for availability in our standard agreement. For most IBM Talent Management applications, we agree to deliver 99.2% or better system uptime within each calendar month, excluding scheduled downtime for regular maintenance. Should availability fall below the 99.2% threshold in a calendar month, we offer prorated credits of the applicable service fee for that month as the sole remedy. The Service Description for each offering details whether this standard SLA for availability is provided.
Approach to resilience Cloud Operations support personnel are on call to maintain availability. Critical components are protected against failure through redundancy where available. Failover-capable components are used where available. Non failover-capable components are provisioned with stand-by equipment where possible. Cloud Operations deploys tools to monitor network, system, and application components. Components are monitored with alerts of failed components being issued to Cloud Operations support personnel. Under normal operating conditions, response is usually within 15 minutes of the failure alert.
Outage reporting Clients who have requested to be notified of our regular maintenance builds are notified through email in advance of scheduled maintenance.
In the case of unplanned system downtime, the technical support team will notify customers through email (that is, they will send emails to all affected customers only) and will post a Known Issue on the client support website. In addition, a downtime message will be displayed to users who attempt to access the system.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Single sign-on is an option for all IBM Talent Management SaaS solutions.
Access restrictions in management interfaces and support channels IBM limits access to customer data to personnel with a business need to know. Various security mechanisms control access to those authorized, with application access controlled through our centralized “gatekeeper” process. Access requests are tracked through the IBM Control Desk. Anyone who has access to customer data is either an employee who signs a confidentiality agreement or, rarely, a consultant or third party who has agreed contractually to protect the privacy of our data.

System access is controlled at the server, database, application, and network levels. The Cloud Operations, Database Administration, and Software Configuration Management teams have standing access.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bureau Veritas Certification Holding SAS – UK Branch
ISO/IEC 27001 accreditation date IBM’s ISO 27001 certificate for the IBM Talent Management SaaS applications was renewed in Q4 2015.
What the ISO/IEC 27001 doesn’t cover The following ISO 27001 controls were deemed not applicable because they are managed by our data centres.
- Section A.11 Secure Areas
- Section A.11.2 Equipment
All other ISO controls in sections 5 through 18 were covered in the IBM Talent Management SaaS applications audit. The controls under the two sections referenced above are covered in the ISO 27001 certification for the data centres in question and are addressed through data centre management controls rather than application controls.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Audit for compliance with SOC 2 standards annually

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IBM has an information technology (IT) security policy that establishes the requirements for the protection of IBM's worldwide IT systems and the information assets they contain, including networks and computing devices such as servers, workstations, host computers, application programs, web services, and telephone systems within the IBM infrastructure.

IBM’s IT security policy is supplemented by standards and guidelines, such as the Security Standards for IBM's Infrastructure, the Security and Use Standards for IBM Employees and the Security Guidelines for Outsourced Business Services. Our security policies and standards/guidelines are reviewed by a cross-company team led by the IT Risk organization at least annually.

The offices of the Chief Privacy Officer (CPO) and Vice President of IT Security collaborate regarding protection of data. The information security policy is enforced through protocols, regularly scheduled certification processes, technological controls, and management and staff dedication.

Our “Data Security and Privacy Principles for IBM Cloud Services” is available on IBM’s public website at In addition, IBM provides clients with product-specific information systems security overviews.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The development and security of SaaS applications follows industry standards. Standards-based processes are built into every step of the SDLC for products. Product teams use OWASP guidelines, SANS and IBM standards for web application security and review source code using a reputable standardized tool. Applications undergo annual security assessments and periodic independent application and infrastructure penetration and vulnerability testing.

Products are upgraded with new functionality on a regular release cycle. Major releases includes functionality added in minor builds and projects timed specifically for the release.

Notification for any visible change is completed before each build, and client enablement is provided.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach IBM conducts regular internal application and network scans and have engaged a third party to perform regular application scans. All critical findings are remediated to close.

The installation of patches and updates to the operating system is controlled and centrally managed. Patches are deployed either during regularly scheduled downtime or, for serious threats, fast tracked to prevent exploitation of the vulnerability. All patches and updates undergo QA testing prior to general installation.

All IBM systems and workstations are protected by antivirus software that performs real-time scans. Updates to virus definitions are checked and installed automatically on a daily basis.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Hosting Environment has redundant firewalls at its perimeter. Inbound firewall security policy limits access to essential services necessary to access application functionality and to remotely manage the systems. All other types of traffic are denied. A network-based intrusion detection system is enabled and a reputable managed service provider provides monitoring, correlation, and notification to the Cloud Information Security and Cloud Operations teams.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The IBM data incident response process serves to properly report and retain documentation for events, begin remediation, discover root causes, learn lessons, and prevent similar occurrences.

IBM has a Computer Emergency Response Team (CERT) which encompasses each department’s role based on the incident. The team is composed of specifically trained and equipped employees who, working with the software business teams and other subject matter experts manage an incident until resolution.

Should an incident occur while a client’s information is in IBM's possession, the client is notified of security breaches of customer data within two business days.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.86 to £34.20 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A Sandbox environment can be provided as a free trial. This has most features enabled but is not configured to meet client specific workflows. It is to demonstrate the features and functionality of the tools. The time limit is usually 2 weeks.

Service documents

Return to top ↑