Xpand Group Ltd.

Xpand Access

GDPR compliant on-boarding for business support programmes. Better understand the insights of supported industries through live data.

Xpand Access provides businesses with the information needed to get to market faster. Connect to the relevant organisations, on-board onto support services and start to understand how each business relates to other markets.


  • GDPR Compliant Support Programme On-Boarding
  • Signposting tool for Services, Funding and Events
  • Customisable Business Evaluation Tools
  • Self-Service Application
  • Generate Market Analysis Reports in Minutes
  • Tools and eLearning to help businesses expand
  • Market and Export Opportunity Sizing Tools
  • International Business Development and Collaboration Connection
  • Market Research Tool to help support businesses
  • Simplified Cloud hosted mobile friendly platform


  • Facilitates strong data control processes quickly
  • Supports businesses to connect to relevant growth services
  • Tracks the effectiveness of programmes and required support services
  • Delivers value and support to all businesses seeking support
  • Supports Economic and Business Development Strategy
  • Provides data needed to help businesses and economies grow
  • Platform to host Self-Service eLearning support materials
  • Encourages International development through export and FDI
  • Simplified market analysis information to support business growth
  • Highly available cost effective solution requiring no training


£0 to £0 per licence per year

Service documents


G-Cloud 11

Service ID

1 3 4 5 5 1 9 7 9 9 0 3 9 7 0


Xpand Group Ltd.


+44(0)20 323 97263


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Xpand Insights (www.xpandinsights.com)
Xpand Insights provides visualisations and analysis for the data captured through Xpand Access.

Xpand Ability (www.xpandability.com)
Xpand Ability uses the evaluation data from Xpand Access to provide custom eLearning path / content as it becomes available.
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Internet Connected Device
  • IE11+ / Safari / Firefox / Chrome
  • App Store Account if using Mobile Application

User support

Email or online ticketing support
Email or online ticketing
Support response times
For free customers there is a 48 hour window for tickets.
This is between Monday - Friday
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
Web chat accessibility testing
Slack is used for web chat and has been extensively tested with assistive technology users.
Onsite support
Yes, at extra cost
Support levels
Community Support
Organisations who are on the free version of Xpand applications can submit calls via the community GitLab / Jira Service account,
No dedicated manager provided.

Basic Support - £4,000 p/a
No dedicated manager - access to call raising and change request functionality. Ability to request and track support issues against SLA.

Standard Support - £10,000 p/a
Calls can be raised through the Jira Service desk and responded to between Monday - Friday (9am - 5pm)
Dedicated account manager provided.

Premium Support - £25,000 p/a
Customers can raise calls on a 24 / 7 basis with out of hours support available. Calls raised will receive expedited support targeted against SLA's.
Dedicated account manager provided.

On-Site Support & Training £1,000 / £1,500 per visit
Optional on-boarding, training and induction packages start from £1,000 per visit with in-person training and on-site support provided.
Support available to third parties

Onboarding and offboarding

Getting started
Onsite on-boarding services are available.

Documentation is available as to how to use the application.
Walkthrough Videos are also available to guide users how to use Xpand Access.

A support messaging platform is available.
Webinars are scheduled once a month to answer questions on request.

On-Site Training is available at £1,000 - £1,500 per day to train as many users as wished with as many sessions as requested throughout that day.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Xpand Access business users can extract their data by : -

1) Logging onto the Xpand Access website
2) Visit My Profile Page
3) Click Download My Data
4) CSV with data will download

Organisations can request an extract of the data of their users and team through the Self-Service Xpand Insights application on the My Profile Page.

The designated data controller for the organisation will receive a link to download the file via secure transfer on the email address when it's available.

The data controller will need to re-enter their password or have 2 factor authentication setup to confirm that they will be able to download the file.
End-of-contract process
Where annual pricing has been agreed : 60 / 30 days before the end of the contract customers will receive a notification of automatic renewal in order to ensure continuation of service (Quotations will be automatically issued).

Where monthly pricing has been selected : Notification of automatic monthly payment will be provided. Payments must be paid up to the end of the agreed monthly period.

60 days notice is required for requests for cancellation of service.

If the contract is renewed the information will be retained on the Application.

If the contract is discontinued - access to existing data will remain for 60 days with all access to additional data requests suspended until the contract resumes.

All buyer reports and custom data will be made available to extract according to individual data licensing.

Included in Cost: -
Access to current data
Analysis and usage statistics

Additional cost : -
Additional Support / Hosting of data
Additional analysis and reporting
On-Site SLA / Contract Meetings outside of Support Package

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile application is optional and the application will work as a web based application via the website through mentioned browsers.

All functionality is available via the mobile application
Service interface
Customisation available
Description of customisation
GDPR related content, messaging and questions can be customised using Xpand Insights application to set up the customisation.

Key messaging and signposting content can also be customised through the Xpand Insights partner application.

Buyers can set who within their organisation can carry out the customisations.


Independence of resources
The application has been designed on a scalable infrastructure incorporating containerisation to support independent resource management for each customer.


Service usage metrics
Metrics types
Usage Report : User Activity reports
Credit Reports : Usage of Credits
Client Usage Reports : How many clients have used the service and how they have used the service

Organisations can request full historic metrics via the Xpand Insights control panel and service requests via Service desk.

These will be provided in CSV / Dashboard
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Xpand Access users can individually export their data via the following steps.

1) Log onto application
2) Visit My Profile page
3) Select 'Download my details'

Xpand Access organisation users can make a request through the following options.

Option 1
1) Log onto Xpand Insights
2) Visit My Profile Page
3) Select request data download file as CSV file
4) When available the data-controller will receive an email with a link to download organisation file which will require 2 factor authentication to be set up in order to download

Option 2
1) Raise service call via the provided support panel
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
95% service availability SLA between 9am - 5pm Monday - Friday excluding bank holidays and agreed service notifications.

Users will receive a credit note for the next year to the value of 1% of their contract for each additional 1% of service unavailability.
Approach to resilience
Full Information available upon request - support@xpandaccess.com

Multi data centre setup with manual failover procedures
Outage reporting
Outage details are visible on the Xpand Access website via a publicly accessible dashboard. (www.xpandaccess.com/servicestatus)

Outage alerts are sent to organisations when a significant outage is predicted or has occurred for longer than 3 hours.

Information on outages are available via the Xpand Service twitter handle.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Username and Password for each person using support and management interfaces authenticated by Xpand Support team or 2 Factor Authentication.

Support data is only available to allocated, identified and trained members of the Xpand Group teams. Users must have Xpand domain level email address to access support data.

Data Controllers and those requiring access to additional user data are requested to have 2-factor authentication set up in order to access or export any user data.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Xpand works with external security governance advisors.

Xpand are working with continuous security testing tools as part of the ongoing Live governance checks surrounding coding.

Security details are documented and recurring checks are in place with each code release.
Information security policies and processes
Security and governance policies are in place; .

Recurring internal and external audits are conducted.

Training surrounding security policies are part of the induction process.

Procedures surrounding release are agreed by directors ensuring that adequate security processes are in place.

Policies are reviewed on a quarterly basis.

Documents are available via intranet and each member of staff who must sign their agreement to the latest procedures to continue contract / employment with the company.

Incident Management policies are in place surrounding information breaches.

ICO registration has been completed and complies with all relevant data control measures.

Privacy By Design has been implemented on this solution.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Each detail of the service solution is documented through a central repository - including changes per release. Change logs are tracked and each release has associated documentation and checks.

All major changes require an information security sign off - upcoming change requests are impact assessed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As part of an ongoing monthly review Xpand has a sprint planning session including governance, vulnerability and security,

Critical patches are implemented within 7 days

Change logs are reviewed as well as upcoming activities to identify required activities to resolve vulnerabilities.

Threat information comes from supplier forums and are handled as a SEV 2 service calls.

Incident management processes are followed where there is a confirmed impact to users.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Access logging has been implemented into the AWS application and API services, meaning all access is tracked.

Potential compromises can be raised by staff at any time and will be handled through service desk SLA's (Acknowledge / Response / Resolve times)

Incident response policy follows industry standards.

Daily scripts check for unusual activity.
Where unusual activity is tied to a specific account - a notification will be sent to affected users and data controllers to recommend actions.

Where unusual activity has been detected on an application level, further investigation will be conducted.
Incident management type
Supplier-defined controls
Incident management approach
Incident Management process documents have been generated and are stored on our local intranet and securely stored in physical format.

These documents form part of the induction programme and must be signed by each team member.

Users can report serious incidents through support@xpandaccess.com, +44(0)20 3239 7263 or SMS to dedicated account manager.

Incidents are logged via support channels and summary reports of each incident are provided via email, and meetings upon request for premium support customers.

Processes have been established to allow for out of hours response to serious incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£0 to £0 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Free version provides a high level view of market evaluation data, supporting events, funds and support.

Not included for free is the ability for an organisation to evaluate applicant requirements or provide custom content this requires Xpand Insights.

The free version of this application is available to the public.
Link to free trial

Service documents

Return to top ↑