TribePad - Applicant Tracking System (ATS) and Onboarding

TribePad provides the most configurable Applicant Tracking System, Onboarding and Video Interviewing platforms on the market. Using TribePad helps organisations find high calibre candidates, deliver a superb candidate experience, reduce cost and time taken to hire talent, whilst freeing up valuable recruiting staff time. Used by 15 Million candidates worldwide.


  • Applicant Tracking System
  • Video Interviewing
  • Optional psychometric testing
  • Talent Pool Management
  • Onboarding for new employees
  • Powerful Real-time reporting dashboard
  • Recruitment CRM
  • Talent acquisition software
  • Freelancer / contractor management
  • Available in 13 languages including Welsh


  • Enables smooth recruitment of single or multiple roles simultaneously
  • Video Interview to improve efficiency and save travel
  • Utilise best practice psychometric approaches to sift applicants
  • Automated communication to improve candidate experience
  • Automated candidate shortlisting to assist volume recruitment
  • Fully-branded and mobile optimised user interfaces
  • Multiple user types to customise features and restrict data access
  • The fastest talent search - 2 million CVs a second
  • Powerful and transparent reporting
  • GDPR tools to manage compliance


£1000 to £25000 per unit per month

Service documents


G-Cloud 11

Service ID

9 8 8 4 9 9 0 4 8 7 3 4 8 7 1



Jason Collis

07526 183797

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints No Service Constraints envisaged as service is accessible via any web browser on any device (computer, phone, tablet, etc.). Available in 13 language including UK English and Welsh.
System requirements
  • Internet access
  • Device with a web browser, PC/Laptop, Phone, Tablet, TV, Console

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority 1 issues are responded to within 30mins, 24/7.
Priority 2 issues are responded to within 2 working hours.
Priority 3 and 4 issues are responded to within 8 working hours.
Normal working hours are 8.30am to 5.30pm, Monday to Friday.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web chat support is available within the application and recognises the user and context. We also have an AI enabled support bot which aims to guide users to appropriate support videos.
Web chat accessibility testing Ongoing as part of our chat bot development.
Onsite support Onsite support
Support levels Every customer is assigned their own Account Manager, who will conduct initial training, ongoing reviews, ongoing training, discussions on platform improvements, help with technical questions, assist with raising support tickets where needed, as well as liaise with TribePad departments on the customer' behalf.
Technical Support is accessible via phone or ticket, and working within the previous SLAs. A technical engineer or develop will also be available to the customer's Account Manager at all times.
Our Senior Management Team are extremely hands on and frequently available to support the customer in conjunction with the Account Manager and Technical Engineer. There are no added costs for these support services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Each customer's requirements are slightly different, and therefore the implementation plan is bespoke for each customer. However, we offer as standard. Initially we offer 4 starter courses covering the main aspects of using the system: 1) MIS/Reporting, 2) Video Interviewing, 3) Admin tools, 4) everything else (including recruiter tools) As well as this, for the admin users we offer a "training the trainer" type course. We also offer each customer a free online manual, as well as a free online LMS for TribePad training, including videos and quizzes. To ensure that training is working we take surveys, and look at tickets coming in after go-live, quizzes, feedback etc. There is also an ongoing program of free multi-customer bite sized webexs throughout the month, where customers will be notified of the training topic and are free to choose what they attend. 2 free ad-hoc training sessions at our HQ, topics chosen by the customer. Free cross-customer training sessions once a quarter at our HQ. Finally, we can offer paid for on-site customer training as requested. Costs dependent on the location and the number of attendees.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We can offer data dumps to retrieve data, or the customer can simply use our APIs to pull all of their data out. After contract ends, any live data will be deleted a week after termination, and any backups will be removed over a period 1 month and 1 day (due to us taking daily backups where these will be naturally cycled out.)
End-of-contract process As the platform is entirely cloud based there are no requirements to remove any equipment from the customer's site. Even if the solution has been linked to the customer's ERP, simply disabling the API will remove that link. So aside from either securely giving the customer a dump of their data, or allowing the customer to take their data via the API, there are no costs. It should be stressed that TribePad work ethically with their customers, and will ensure that even at the end of any contract, that customer satisfaction is never compromised. It is this approach that has contributed to us having almost a 100% customer retention rate.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No noticeable difference aside from screen layout thanks to the adaptive and responsive design of the solution.
Service interface Yes
Description of service interface TribePad Manage is a super-user tool accessible via 2FA for a sub-set of administrators only. It allows organisations to self-serve changes to organisational structure, user permissions, data retention policies, branding, communication and much more.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing N/A
What users can and can't do using the API We have multiple APIs that the users can use to interact with almost every aspect of our platform. As we created the platform, and have complete ownership of the IP, we can also develop APIs on request for customers as part of any contractual roll-out. As examples, uploading, amending, and removing of jobs or candidates, or using an API for reporting, even an API for taking a complete data copy of the customers data, can all be done via APIs. As part of the contractual roll-out, we will configure the APIs for the customer/users, and ensure that full training is undertaken on their use.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Many aspects of the service can be customised, through simple rebranding for the customer to reflect their corporate image, to the user choosing what layout for job role advertisements. Adding questionnaires to the application, how many interview stages, interview slots, what type of interview i.e. face to face or video interview, which job boards to publish to, whether to advertise to internal or external candidates, (or both), allowing ring fencing of jobs, and inviting passive candidates are just some of the areas that the user can customise to their requirements.


Independence of resources TribePad believes in over-resourcing our infrastructure. Our topography includes not just a large number of physical servers, and virtual servers for each customer, but also load balancers and vast storage availability. As our system is accessed by the user using https, and we have a 1GBps connection to each datacentre, we do not see bottlenecks in accessing the system either. Therefore we are never running "hot" and always have availability for significant increases in use by customers.


Service usage metrics Yes
Metrics types Everything that the customer does can be reported upon.
Examples include :-
How many roles have been created,
How many applicants have applied,
How long between application and candidate communication,
Which user did what action and when,
How many interviews are scheduled etc.,
In reality, whilst most metrics are available through our secure reporting tool, we can provide whatever metrics the customer requires.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Simply using our API to take a copy of all of their data whenever they wish is the usual way. Alternatively, if this is a regular requirement for the customer/user and the use of an API is not required, we can organise a secure transfer of data to the user, and incorporate that as part of any contractual agreement.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our standard SLA for availability is 99.9% outside of any agreed maintenance periods. However, we don't have standard penalty clauses as any penalties for failure to adhere to the SLA are usually agreed on a contract by contract basis.
Approach to resilience TribePad is hosted from two UK-based Tier 3 ISO27001 compliant data centres. Further details of our Business Continuity and Disaster Recovery policies are available on request.
Outage reporting Because of the resilience we build into our infrastructure, we have not encountered any outages to date. However, we have built the ability to report outages into our platform, and in the unlikely event that there is an outage, customers will be notified by email, through their API, and via their account manager.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Our platform allows restrictions to whatever level the customer requires. As standard, for customers, we offer 2 factor authentication for the customer to access only their data. For TribePad staff, we have a very strict data access policy, and access can only be granted to the whole system by the CEO or the COO. Our system is regularly Pen tested by our customers incl. BBC and G4S, and security levels are far above industry standards.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ACS Registrars and LRQA
ISO/IEC 27001 accreditation date 07/08/2018 and 24/01/2019
What the ISO/IEC 27001 doesn’t cover We use accredited datacentres to host our platform, hence why 2 certificates and 2 certifying bodies. There are no areas within the datacentre not covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus accreditation

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of our QMS, we have a comprehensive list of policies and processes covering every aspect of Information Security. These include, but are not limited to, Business Continuity, Incident Management, Operations, Access requests, Data Access, Data Protection and Retention, Data Storage and Disposal, Security Testing, Human Resources, Physical Security, Visitors, and Encryption. All Policies are available on request, and are fully compliant with Industry standards. All Policies are tested, reviewed regularly, updated when required, and are clear and unambiguous. All Policies are fully sponsored by Senior Management, and are version controlled and approved by either the COO or the CEO before adoption. On adoption, all staff are trained on the contents of the policies, and Senior Management ensure that Policies are enforced completely. This enforcement is frequently through the implementation of control systems that ensure Policies cannot be contravened. Any Information Security Incidents, as well as any possible non-conformance to the Policies, are immediately reported on our central ticketing system. This creates a report document that is disseminated straight to the COO and CEO. They will immediately investigate and prioritise any Information Security aspects above any other BAU. Report levels are reviewed weekly by the Quality Management Team.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach TribePad works in line with ISO 9001 requirements. For this question please see the following excerpt from our quality policy. 1. regular gathering and monitoring of customer feedback through the use of case studies 2. System testing including security, data storage, protection and integrity, and UAT 3. Measuring TribePad against specific customer SLAs including quarterly customer round table meetings 4. training and development for our employees 5. regular audit of our internal processes, including miscellaneous policies 6. measurable quality objectives which reflect our business aims 7. management reviews of audit results, customer feedback and complaints.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We work to ISO 9001 standards and have multiple procedures and processes for vulnerability management, all available on request. To summarise 1) All hardware and software is patched to the latest firmware/version within 24 hours of release. 2) Regular Pen tests are performed by internal staff, and also by customers using recognised 3rd parties. 3) Membership of industry bodies, as well as customer feedback, identifies potential threats that are not fully scoped yet 4) Testing of security fixes through our Alpha, Beta, Gamma and pre-release system before live 5) Use of Web Application, and Hardware, firewalls.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All of our developers are trained in penetration testing and perform tests every time new code is tested. We run Qualys scans every week to ensure that there are no new vulnerabilities, and certain customers also conduct their own penetration tests regularly. Our platform has also been tested and approved by Kroll and BAE Systems. New code is run through Alpha, Beta, Gamma and pre-live systems, before final live systems, and is tested and signed off at each stage. If a new vulnerability is found, we secure the system, and aim to rectify the vulnerability within 4 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach As part of our overall approach to quality, we have a fully defined procedure for incident management, and we take any incident very seriously. The full procedure is available to customers on request, this broadly follows ITIL standards, however a brief summary follows. Incidents can be reported by staff or customers and are immediately notified to the CEO, with relevant information where possible, including type/description of incident, time of incident, IP address or physical premises, and purpose of system incident detected against. An incident report is created and logged, and our Security Incident Response Procedure is implemented.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1000 to £25000 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full access to trial the system, with certain integration into job boards and a customer-branded demo site. Usually, a trial is over a 30 day period, however, extensions can be agreed
Link to free trial

Service documents

Return to top ↑