Cybersecurity functionality critical for CAEHRS digital employability solutions

The Department of Work and Pensions (DWP), as part of its Commercial Agreement for the Provision of Employment and Health Related Services (CAEHRS), prioritises the role of digital solutions to employability programmes. How do providers ensure that the digital solutions they offer are cybersecure?

The Department of Work and Pensions (DWP) outlined eight characteristics the right supplier would need. As we know, criteria seven says there is a “commitment to increase and improve digital services as part of DWP’s ambition to be the most effective and efficient delivery organisation in the public sector.”

This criterion makes good sense. In the autumn, the UK is likely to face rising unemployment, particularly when furlough is wound down. However, those newly unemployed have a very different skill set to the long-term unemployed. They are ‘work ready’ and well equipped to search and find new employment opportunities.

Aptem Employ, with its knowledge gap-filling eLearning and excellent job search and tracking tools, offers the kind of end-to-end management these job seekers need. They don’t need extensive hand-holding. What they do need is the most broad-ranging and intuitive technology that can be accessed by phone, tablet or computer.


We also know the DWP, like other government agencies, places critical emphasis on cybersecurity for any products procured to deliver their contracts. All digital services need to ensure the privacy of the recruitment process for job seekers and employers alike. They will expect employability providers and their digital partners to provide evidence against published guidance and independent assessment.


The UK has some pretty strict data protection laws, including the Data Protection Act 2018 and GDRP. The whole purpose is to protect user data and ensure privacy and control over the use of private data. And government data also needs to have the highest level of protection. But it’s also about politics and crime.

In July 2020, Wired produced a list of the biggest hacks and phishing breaches that have occurred this year. Among them is the hacktivist network Anonymous who broke into US law enforcement databases and stole 269 gigabytes of data. Cyber attacks by nation stakes have escalated in recent years. Security Boulevard reported that, in the first sixth months of 2020, nearly 16 billion records had been exposed and various Fortune 500 companies have experienced significant data breaches. 

More familiar perhaps is the attack on Twitter, where 130 high profile, verified accounts were targeted and fake posts with a Bitcoin money scam posted from these profiles.

Sounds scary. But tech companies are also getting good at evading criminals and scammers. And we’re one of them.

Aptem is cybersecure

We’ve always known that we’re good at cybersecurity. Our company is highly tech aware, we train our staff regularly, and we are ISO 27001 and Cyber Essentials Plus certified.

We also have a unique approach to client databases. The industry standard is a single shared database that the software provider manages.

We, however, recognised the sensitive nature of the personal information in our database. So to facilitate increased security – as well as scalability, customisability and performance – we designed a multi-tenant environment. Each customer has its own entirely separate database. This innovation is unique to Aptem, and it has meant that among our clients are security-sensitive organisations such as the Ministry of Justice, police and the NHS.

Aptem Employ, our employability training and job-seeking platform is being relaunched in September, and we wanted to make absolutely sure it had reached the gold standard of security expected from Aptem. So we hired a cybersecurity specialist to audit the platform.

The result? Independently assessed and audited against the ‘10 Steps to Cyber Security’, designed by the UK’s NCSC (National Cyber Security Centre) and which includes assessments of risk management, malware prevention, network security and user privacy, we have been rated as ‘strongly aligned’ to the ten steps that will protect organisations from cyber-attack.

The report says:

“In terms of its use of technology and the technical controls it has in place, there is no doubt that the company benefits from its whole-system dependency on a single vendor technology stack, including Azure for its servers, SQL Server for databases, Microsoft 365 for its office applications, and Windows 10 on all endpoints.

“The combination of the company’s size, their use of up-to-date technology, and their ability to act quickly result in a strong security posture.

“Most importantly, the leadership recognise the serious consequences which could arise for the business if they don’t take information risk seriously. This has resulted in an organisation where a healthy security culture is grown and where the resulting behaviours align well with the intent of the 10 Steps.”

So if you are looking for a company to deliver an employability platform with the secure digital services the DWP have in mind, then take a look at Aptem Employ.