Experian

PowerCurve On Demand

PowerCurve OnDemand has been created for businesses who want to streamline their applications process and need to be sure that they are making the best decisions about applications for credit. It works in real time and provides access to multiple sources of data.

Features

  • Enrich credit applications with Experian Credit Bureau data
  • Apply analytical models and risk scores to the application
  • Apply business and credit policy rules to aid decisioning
  • Manage applications in a single work flow
  • Service as a Software implementation model
  • Highly secure PCI compliant infrastructure

Benefits

  • Automate your lending policy and ensure consistency
  • Provide a better customer journey for your applicants
  • Highly predictive credit scores drive better quality decisions

Pricing

£7000 per licence

Service documents

G-Cloud 9

191639970533106

Experian

Matthew Weston

0781 486 0044

matthew.weston@experian.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Fully supported release of web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In order to manage our client services effectively, and in line with ITIL best practices Experian have defined Service Levels across all core processes (incl. Incident, Service Request, Problem, Change Management etc). Our Tiered Service Framework allows us to provide differing levels of service and support offerings to meet our client’s needs. The Service Tier selected will define the SLAs we work to. Engagement via a SPOC our Experian Service Desk will ensure all interactions are recorded and assessed against impact and severity before being assigned a "Priority".
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We do offer (Incident Management) Support cover that extends beyond core hours for many products for P1 type incidents only.
Extended support hours are offered;
Mon-Fri: 08:00 -22:00
Sat – Sun: 08:00 -16:00
24x7
Experian provide a Self-Service Web Portal that gives our clients visibility to log tickets and review status.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a full set of product documentation and specifications, along with requirements workshops and on site training.
Service documentation Yes
Documentation formats Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction Users are provided with a daily data extract
End-of-contract process Not applicable

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Available on request
Accessibility testing None
API Yes
What users can and can't do using the API Standard interface which users must conform to, using soap API
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation A very small amount of customisation is available in data capture, policy rules, scorecards, derivations and existing customer lookup.

Scaling

Scaling
Independence of resources Yes, our infrastructure is completely scalable and will grow with the needs of all of our users.

Analytics

Analytics
Service usage metrics Yes
Metrics types O 10 standard reports will be available from PCoD delivered via web browser or by secure file transfer. These reports are as follows:
1. Application State Report
2. User Detail Report
3. User Activity Report
4. No Hit Report
5. Transaction Performance Report
6. External Datasource Report
7. Applications per Channel and User Report
8. Transaction Summary Report Report
9. Transaction Events Report
10. Decline Reason Report
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Experian provide users with a daily extract of their data, which is uploaded as csv onto a secure transport site.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Clients can select service offerings that best align to their business operations, and so we provide different options for availability, some are product specific. These options will be presented as scope is defined and a Service Offering Summary presented back to the client
Approach to resilience This information is available on request
Outage reporting Experian communicate progress on reported incidents only. Where a service outage is reported the impacted client is provided with a unique reference number for their Incident, this ensures the client is included in communications relating to that outage, even where multiple clients are impacted.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Users have their access controlled using a user role and security group function
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 DNV GL Business Assurance Limited
ISO/IEC 27001 accreditation date 20/12/2016
What the ISO/IEC 27001 doesn’t cover The following is covered by the scope of the certificate; the delivery and support of Experian IT infrastructure, operations, architecture and associated compliance and facilities management undertaken within the UK data centres.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Trustwave
PCI DSS accreditation date 28th October 2016
What the PCI DSS doesn’t cover Everything is covered
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Experian have a comprehensive global security policy based on the ISO27001 standard which covers: Organisation and Management, information security, asset classification, physical and environmental security, communications and operations management, system access, systems development and maintenance, compliance, personnel and provisioning, business continuity management, third party management. The policy is owned by Experian's executive risk management committee which is an executive level body, and which assumes ultimate responsibility for Experian's risk position. Information security is a key component of the risk management framework. Experian management supports security through leadership statements, actions and endorsement of the security policy and implementing/improving the controls specified in the policy. The policy is available to all Experian employees and contractors on the intranet. Changes to the policy are announced on the company's intranet computer based information security and data protection training, and this is repeated on at least an annual basis. Compliance to policy is overseen by internal audit.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Experian have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, processes, and procedures are regularly audited by independent auditors. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Servers and PCs are built to a documented secure standard, which includes anti-virus and malware defences. Information assets have a defined patching schedule, determined by the system's criticality and the level of threat the patch is mitigating. Experian actively monitors threat environment and checks the effectiveness of security controls by reviewing both free and paid for sources of threat information, including, public information, major vendor feeds and also receiving information from specialist closed group mailing lists. The overall process is also plugged into an automated patch and fix strategy, underpinned with a technology infrastructure to deliver corrective updates.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Monitoring processes and tools are in place to manage alarms generated by security related alerts and these are fed into the incident management process. Experian has a formally documented risk based incident management process to respond to security violations, unusual or suspicious events and incidents. In the event an incident occurs a team of experts from all relevant areas of Experian are gathered to form an incident response team, who manage activities until resolution. The incident response team are available 24/7 to resolve any incident. Out of core hours the dedicated incident hotline is routed to the command centre.
Incident management type Supplier-defined controls
Incident management approach The incident management process incorporates a number of participants and contributors, including: Global Security Office - who facilitate and coordinate activities under the business security coordinator's guidance; Business Security Coordinator - a representative of the impacted business area, responsible for coordinating resolution activities; Incident Response Team (IRT) - IRT is made up of a membership that are empowered to make key decisions surrounding the actions to be taken to reduce impact, control actions, and impose corrective activities. A client report would be created, including: high level overview; facts; overview of events; actions taken.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £7000 per licence
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑