Vacancy Filler Ltd

Vacancy Filler Recruitment and Candidate On-boarding Software / Applicant Tracking System (ATS)

Vacancy Filler is an end-to-end Applicant Tracking System designed for Public Sector for Recruitment of full-time, part time and volunteering staff. It also manages candidate on-boarding, redeployment and staff engagement using its own App. Functionality includes confidential short listing, candidate scoring, referencing, re-deployment, video screening and equality and diversity reporting.


  • Recruitment and On-boarding of Full-time, Part-time and Volunteering staff
  • Unlimited licence and campaign posting; candidate e-mail, SMS, video screening
  • Integrated careers site, posting to job-boards, social media & agencies
  • Manages high volumes of applicants consistently and collaboratively
  • Customised Application form, CV only or CV parsing options
  • Confidential shortlisting, candidate scoring facilities, E&D reporting
  • Integrated candidate e-mails, online testing, SMS & self-service interview management
  • Integrated Candidate Testing & Video Screening / Interviewing
  • Job offer, contract of employment and candidate induction App.
  • Fixed Price, Fixed Scope implementation based on PRINCE2™


  • Significantly reduce cost of hiring or redeployment of staff
  • Allows a consistent and auditable process engaging hiring managers
  • Significantly reduces the time to hire making further operational savings
  • Simple creation of careers page & site without bespoke development
  • Auditable authorisation process
  • Reduces central administration allowing hiring managers to appoint directly
  • Open interfaces to careers pages and HR systems saves re-keying
  • Real time management information including equality and diversity
  • Rapid Staff Induction and Engagement using BOYD mobile devices
  • Technical support for hiring managers and candidates within fees


£10,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 5 1 8 4 4 5 0 0 3 7 6 6 6 2


Vacancy Filler Ltd Richard Thomas
Telephone: 01509 236 434

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
An up-to-date browser and reliable internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response Time: Urgent/High < 2 Hours, Medium/Low < 4 Hours.
Resolution Time: Urgent < 1 day, High < 2 days, Medium/Low < 5 days.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is available on line via our web site.
Web chat accessibility testing
No testing has been done to date with assistive technology users. Our application author ZenDesk conduct the testing.
Onsite support
Yes, at extra cost
Support levels
We have a standard remote support model with 1 hour response for critical issues
Support available to third parties

Onboarding and offboarding

Getting started
We have a templated implementation process loosely based on PRINCE2. We have online tools to collaborate with the client's project manager / administator. Training is provided on-line to the project team within the implementation costs and optionally to the hiring managers. On-site training and workshops can be provided based on the SIFA rate card.
Service documentation
Documentation formats
End-of-contract data extraction
We have a service to provide an extract of the candidate data to a standard format
End-of-contract process
The service will terminate at the end of the contract and optionally the candidate data can be extracted in a standard format. other options are available subject to scope.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The application is mobile enabled for candidate as part of the application and on-boarding process. Optionally there is a mobile App. for candidate induction.
Service interface
What users can and can't do using the API
Customers can pull job listings from the API to an internal or external careers page. In addition we can post third-party job boards using APIs. Applicant data can also be pulled to an existing HR system.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Bespoke careers page and customised applicant journeys can be done by both the customer and supplier


Independence of resources
We continually monitor the infrastructure loads and operates at typically 30% of capacity across a load balanced environment. The resources are able to auto-scale based on demand.


Service usage metrics
Metrics types
We can provide metrics on system usage, throughput and system performance
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
There is a standard feature to export a candidate record or small batch of records. A full data extract needs to be provided by our service desk.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
We use packet encapsulation within the AWS VPC

Availability and resilience

Guaranteed availability
P1 Critical Business Impact - 1 hour response time, target fix 1 working day;
P2 High Business Impact - 2 hour response time, target fix 2 working day;
P3 Medium Business Impact - 4 hour response time, target fix 10 working day;
P4 Low Business Impact - 8 hour response time, target fix as agreed;

We do not provide service credits
Approach to resilience
Available on request
Outage reporting
A system dashboard

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Authentication is provided via username (email address) and password with a strong password policy enforced.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The software development is not covered by ISO/IEC 27001 but our hosting provider AWS is.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
The software development is not covered by ISO/IEC 27001 but our hosting provider AWS is as follows;

CSA STAR Levels 1-3;
Level 1 - AWS participates in the voluntary CSA Security, Trust & Assurance Registry (STAR) Self-Assessment to document our compliance with CSA-published best practices

Level 2 - AWS aligns with the CSA STAR Attestation and Certification based on third-party audits for System and Organization Controls (SOC) 2 Reports and ISO 27001:2013.

Level 3 - AWS provides customers with the tools they need to meet continuous monitoring requirements. They include the AWS Security by Design (SbD) program to provide control responsibilities outlines, the automation of security baselines, the configuration of security, and the customer audit of controls for AWS customer infrastructure, operating systems, services, and applications running in AWS. This standardized, automated, prescriptive, and repeatable design can be deployed for common use cases, security standards, and audit requirements across multiple industries and workloads.
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials
  • Annual penetration testing by a CREST supplier

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials
Information security policies and processes
Available on request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
An inhouse change management process is followed, based upon a mix of DevOps and ITILv3.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use a Web Application Firewall and monitoring tools on the platform to detect and block any possible vulnerability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We continually monitor the platform with a number of tools for suspicious activity, capacity planning and thread management. If an incident does occur we can use our content delivery network and WAF to mitigate the incident.
Incident management type
Supplier-defined controls
Incident management approach
Users report an incident into our service desk through the usual channels, incident reporting is done through our service dashboard and we use our service desk ticketing tools to manage the process.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£10,000 a unit a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.