ICONI Software Ltd

Customer Engagement & Progression CEP Software

ICONI’s Customer Engagement & Progression (CEP) platform is designed to help organisations that support individuals. It enables organisations to case manage their support programmes and achieve optimal outcomes, ensure compliance and accelerate performance. CEP can be used for Employability, Health & Wellbeing, Skills & Learning, Rehabilitation and Economic Development.


  • Customer/Individual Engagement Tracking: with full support journey with progression stages
  • Referral Management: external referrals/enquiries and internal referrals
  • Diary/Calendar Management: with meetings, correspondence and SMS/Email reminders
  • Event & Course Management: single and multi-session with attendance tracking
  • Integrated, Customer & External Assessments: sector-specific assessments with distance travelled
  • Action Planning: support interventions/sessions catalogue with action plan generation
  • Outcome Management: hard/soft progression outcome recording, goals and approval process
  • Supply Chain & Organisation Management: profiles, sites/locations, expenses and contacts
  • Reporting: real-time activity, user defined custom export and Business-Intelligence Interface
  • Sector Specific: Vacancy/Employer Relationship/Specialist Support, Portal, optional PbR Financials


  • Sector specific, designed by experts and streamlined for operational delivery
  • Visualisation of individual support journey and progression optimising positive outcomes
  • Multi-programme configurable, for similar projects or different sector-based programmes
  • Supply-Chain ready to manage delivery partners, sub-contractors and specialist providers
  • Intervention Catalogue capturing your support services, resources and delivery knowledge
  • Comprehensive and extensive range of reusable features to fast-track on-boarding
  • Accessible Customer Portal, bridging the digital divide and enabling self-service
  • Continual evolving and improving platform that delivers return on investment
  • Easy to use user interface reducing training/on-boarding overheads across programmes
  • Designed in a secure, ISO27001 accredited environment, hosted within Azure


£65 per user

Service documents


G-Cloud 11

Service ID

1 6 4 9 4 0 6 8 8 4 2 8 1 1 5


ICONI Software Ltd

Liam Jordan

028 90319300


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
There are no constraints to the CEP solution as it is optimised for the number users, however full training for users is advised before use of the system.
System requirements
  • CEP is accessed via a standard browser
  • There are no other system requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial response times during normal business hours are as follows:

- Critical Faults: 4 hours
- Serious Faults: 6 hours
- Minor Faults: 8 hours
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
There is a single support level for the CEP service, which is covered in the costs. Users can access support via phone, email or via the built-in help within the service. Support is provided during normal business weekdays and from 09:00 to 17:00 and incidents can be raised 24x7x365.
Support available to third parties

Onboarding and offboarding

Getting started
The ICONI Help-desk would issue the authorised user with a username and password via email. Users must change their password on login to access the service. Users can then start to use the service, assuming they have received the appropriate operational and system training. Training will be agreed as part of the high-level analysis of the project. ICONI can offer on-site training, user-guides or WebEx training.
Service documentation
Documentation formats
End-of-contract data extraction
When the contract ends, an authorised user would request the data from the CEP service via the Helpdesk. The Helpdesk would then arrange to extract the data to a SQL backup, which will be fully encrypted and securely transferred to the authorised user.
End-of-contract process
At the end of the contract, all user access will be removed and the access to the system will be terminated. Additional off-boarding costs apply where further services are required and this would be agreed as part of the End-of-Contract process. For example, this could include data extraction and transfer with backup services being shut down.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The ICONI advisor based solution is desktop only, however, the Customer Portal provides a responsive web design experience that fully supports access by Customers through Mobile, Tablet and Desktop devices.
Service interface
Description of service interface
The service interface is accessed via a standard Internet browser.
Accessibility standards
None or don’t know
Description of accessibility
The Customer Portal is accessible to W3C Web Content Accessibility Guidelines (WCAG) 2.0 up to conformance level AA.
Accessibility testing
The Customer Portal interface has been successfully tested with Keyboard-only, Voice Activation, Screen Reader and Low Vision assistive technology.
What users can and can't do using the API
We expose key APIs in the form of a secure web service which can be configured within CEP solution to transfer data (pull or push). This approach ensures data integrity and security. These APIs enable data (e.g. Enquiries) to be captured on external systems (such as a website) and transferred to the CEP solution.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
CEP contains a wide range of features and these can be enabled and customised for users. To customise, users would contact our Helpdesk and request the changes which would then be analysed, configured and enabled as part of the service.


Independence of resources
Each CEP solution is dedicated to the buyer and is designed to be optimised for the number of users that can concurrently access it.


Service usage metrics
Metrics types
CEP metrics are provided on request via the Help-desk (based on ITIL best practice) and includes: number of current registered users, the number of tickets (and types) in the time frame, support trends and breakdown of all tickets.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Authorised users can export data via CEP lists and or the built-in data export reports which outputs the data in a structured CSV file format.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
CEP availability is 99% and can be increased under SLA options. In the event that CEP experiences downtime during the contract for a period longer than five consecutive business days and where such downtime is wholly attributable to the supplier, the supplier shall pay to the customer a service credit of 1% of the equivalent annual charges.
Approach to resilience
CEP has been designed under ISO27001 for security, high availability and resilience. The service is continually monitored by our Helpdesk and contingency plans are in place in case of failure. CEP is hosted on the Microsoft Azure cloud platform which has a range of resilience options.
Outage reporting
Email alerts are sent to key users as part of the Helpdesk support and problems managed under ITIL standards and best practice.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access in management interfaces and support channels is restricted via the user’s pre-defined role, which can then be adjusted via the functions they are authorised to access. The user roles and access authorisation is confirmed with the Helpdesk before access to CEP solution is enabled.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
SGS United Kingdom Ltd
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
In the ISO27001:2013 Statement of Applicability the following are not covered: A.13.1.3, A.14.1.2, A.14.1.3, A.14.2.7
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ICONI Software is involved in the design, implementation and support of a range of software systems and as such, it is the policy of ICONI to provide the highest possible quality of services to all our clients in accordance with the requirements of our ISO9001, ISO27001 accreditations and ITIL best practice. Our site and CEP solutions are fully secure and we are committed to ensuring that information security is given the highest possible degree of importance. Information is central to our business and it is our aim to ensure that the confidentiality, integrity and availability of this information is protected at all times. External audits are carried out twice yearly alongside periodic internal auditing and continual reviews for potential non-conformance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Ongoing system configuration and changes to a CEP solution will be managed by the Helpdesk under a defined change control process. Changes can be requested via the Helpdesk and their impact is analysed, estimated and agreed before implementation. All changes are tracked within our development environment. Changes may impact existing functional components or new components may be added. In both cases, changes are fully tested for potential security impact following our ISO27001 accredited policies and procedures.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
CEP is hosted on Microsoft Azure which has options for vulnerability assessments. Our development team regularly accesses the CEP framework for vulnerabilities and any threats detected are prioritised with our Help-desk. Depending on the threat level, patches to the CEP service can be deployed on the same day of detection. Information on potential threats comes from the Azure Security Centre.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
ICONI's CEP solution has in-built reporting for potential compromises, which is linked the Helpdesk. A priority incident is automatically generated and notified to the Helpdesk team for investigation, analysis and resolution. Potential compromises are acted upon immediately and escalated to the relevant team for resolution e.g. the update may require a patch and deployment which can happen on the same day.
Incident management type
Supplier-defined controls
Incident management approach
CEP incident management process follows ITIL best practice, which is integrated into the Help-desk and is also linked directly to the CEP solution so that users can submit support tickets directly. Users can also contact the Helpdesk for support via telephone or email. Once the incident has been reported, the user receives a unique ticket number reference. Incident reports are generated from the Help-desk system and provided to the users on a periodic basis via email.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£65 per user
Discount for educational organisations
Free trial available

Service documents

Return to top ↑