The Working Manager Limited


CareerBurst is a digital platform that empowers all individuals and managers to drive and support great careers through expert content and practical tools. CareerBurst challenges current career management mindsets by delivering structured career support that will address the challenges of each individual. It equips managers to support their people.


  • Expert content from career development and talent retention specialists
  • Practical tactic cards to help staff develop their career
  • Develop and collaborate with mentors on a Career Action Plan
  • Hold Career Conversations with your mentors
  • Develop mentors to support staff
  • Specific content for career development
  • Specific content to develop mentors and line managers
  • Built around a robust and proven methodology
  • Take an organisational or self driven approach to career development


  • Retain your best talent and develop their careers
  • Achieve high engagement with staff and create a supportive environment
  • Reduce costs of recruitment by retaining staff or internal appointment
  • Reduce staff churn
  • Retain the skills of your staff to grow your business


£4620 per instance per year

Service documents


G-Cloud 11

Service ID

9 8 6 9 4 8 8 3 2 1 6 0 6 2 7


The Working Manager Limited

Melanie Small

01285 657978

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
None. Only a web browser is required

User support

Email or online ticketing support
Email or online ticketing
Support response times
Target response is within 48 hours
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support is included to the administration team of CareerBurst. This is typically managed remotely. Onsite support is available from a consultant at a cost of £850 + VAT per day plus expenses at cost.
Support available to third parties

Onboarding and offboarding

Getting started
Our team of skilled account managers can help you analyse the opportunity of moving to CareerBurst and enable you to create a user centric environment where those wishing to develop their career will not only come to once but on a sustainable basis.

All of our account managers have been exactly where you are and can provide practical advice. Every TWM client is assigned a dedicated account manager who will be your primary contact and will work with you to manage the delivery, and importantly the help you drive adoption of your solution. Support is provided at every step from initial scoping through to delivery and continued use. We will help make sure that your CareerBurst portal evolves with your needs.

As our account managers are uniquely qualified and experienced as Learning and Development Managers or Organisational Development Managers, they are well equipped to advise you on the best approaches for both roll out and adoption, as well as how to best leverage benefits from the functionality you will have available to you.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Each user is able to export their Career Action Plan
End-of-contract process
At the end of a contract that is not renewed, the users CareerBurst solution will be archived with user access removed. Any data to be returned will be agreed. If a client requests that their solution is permanently deleted, this will be done within 30 days.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
None. CareerBurst uses a responsive design to adapt to mobile devices.
Service interface
Customisation available
Description of customisation
CareerBurst can be branded for each organisation and organisation specific content added


Independence of resources
Each client has their CareerBurst solution hosted on their own area of TWM's dedicated servers housed by Rackspace, a leading ISP. TWM monitors individual client usage and server performance to make improvements where necessary and maintain exceptional performance levels.


Service usage metrics
Metrics types
Metrics can be provided through the Account Manager so that managers can understand who is accessing content and when as well as progress. This helps identify engagement strategies to achieve the highest level of engagement possible.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Exported information must be carried out by our technical team and can be requested through a client's Account Manager.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • Content can be uploaded in any format
  • User data can be imported using CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability: 99.5% during the core day. Not more than 2 hours unavailability in any core day

All of the above service levels are measured on a monthly basis. A working day for the purposes of this Schedule shall be Monday to Friday, excluding public holidays and bank holidays. A core day for the purposes of this Schedule shall be (Monday – Friday 09:00 – 17:30hrs).

Availability shall be calculated using the following mechanism

A = (600 x WD) (D Dp) x 100
(600 x WD)

A = Availability in %
600 = Number of minutes per working day
WD = Number of working days per calendar month
D = Total downtime recorded in minutes
Dp = Planned downtime and agreed exclusions recorded in minutes which is scheduled in advance to perform system testing, upgrades, enhancements and routine maintenance activities.

Failure to meet availability levels will be discussed commercially with your Account Manager.
Approach to resilience
CareerBurst is hosted by Rackspace.

Rackspace are a Tier 4, ISO27001 compliant datacentre in the UK.

The technical resilience of the service is supported through:
• Use of an established data-­‐centre, Rackspace, registered to ISO27001
• Multiple data-­‐lines and ISPs to the data-­‐centre
• High specification dedicated servers for the application and data.

A managed backup plan at RackSpace causes a daily backup of live production data and each day takes an “image” of everything regarding the data and site configuration for the clients site.

Backups are retained for 14 days. The backups are not encrypted as they are retained onsite within the data centre, with the policy being that only backups taken offsite being encrypted. Encryption of backups can be made at request of the client but there may be an additional charge. After the backups have expired they are aged off and overwritten.

The application and database servers have multiple hard drives and use a combination of RAID types 1 and 5 depending on requirements to keep systems running in case of hard drive failure.

Prior to software upgrades we take a full backup of the server.
This enables complete recovery of a previous version if required.
Outage reporting
Clients will be notified of an outage by email from our support team in the event of any problems. We will always strive to rectify problems as soon as possible.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Support is given administrators only and identity is confirmed via security questions. The close working relationship between client and Account Manager helps reinforce this.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI accredited Rackspace. Certificate IS 636168
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Visa accredited Rackspace
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security is included in all staff induction and regular briefings are held with all staff.

All staff credentials are recorded securely
Any breach is recorded in a security incident log
The log and improvement are reviewed quarterly
Information security policies and processes
All information security is overseen by Chris Alexander in collaboration with Rackspace, our ISP used for hosting. Information security policies form part of all staff inductions. Any breach is reported directly to Chris Alexander.

All client data falls into two categories
Restricted – disclosure causes significant risk to clients and/or TWM
Private – disclosure causes moderate risk to clients and/or TWM
We are responsible for ensuring the security of data held
Access to systems:
- Auto-secure of unattended workstations
- Auto-secure of TFS Server
- User Authentication for each Developer
- All code changes tracked
- All versions of code maintained
- Rackspace – RDP Autosecure

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Where the CLIENT or TWM identifies the need for a Change then either party must submit a proposed change using the Change Control Form to the other.

No Change shall be valid until it is authorised in writing by the authorised representative of both parties.

Each Change shall be assigned a unique reference number and effective date of change.

Any improvement or addition to the Systems or Services which does not result in increased costs to the CLIENT shall not be subject to the above change control procedures.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible. Should an incident be identified or reported, we aim to respond to incidents within 4 hours.
Incident management type
Supplier-defined controls
Incident management approach
Whether incidents are internal or external, users are asked to complete our Incident Response Report Form which is then added to our Incident Log. Information captured includes a summary, notifications made and action taken.
For each incident there is a post incident analysis which generates a lessons learnt. Processes are then updated accordingly.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£4620 per instance per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑