Experian Decision Management Solutions with PowerCurve CMS

CMS is a solution designed to offer customer insight, decision management and effective collection processes. Created specifically for Housing Associations, CMS combines credit data, coupled with analytical assessment and industry tools, to help Housing Associations effectively deploy resources, engage with customers, reduce rent arrears and minimise bad debt.


  • Enrich tenancy accounts with Experian data assets
  • Apply analytical models and behavioural scores to the data
  • Behavioural variable calculations using historical performance and bureau data
  • Historical database of account performance
  • Provision of a consultancy service to configure the strategies
  • Quarterly strategic reviews with consultant
  • Test and learn decisioning capabiltiy
  • Trigger actions based on the segmentation
  • Provision of quarterly MI reports to the Housing Association


  • Assign a combination of pre-defined automated or manual steps
  • Ensure consistent revenue levels
  • Identify cost effective contact channels
  • Identify payment plans for individuals where appropriate
  • Improve customer service and experience using better customer insight
  • Increase operational collection and recovery efficiency
  • Prioritise accounts falling into arrears
  • Risk-averse approach to data management


£94860 per licence

Service documents


G-Cloud 11

Service ID

2 2 6 0 7 8 6 5 4 3 5 2 6 5 9



Damian Kenny

+44 (0) 7976 702247


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
CMS is a standalone service that can also be utilised alongside PowerCurve Collections.
Cloud deployment model
Private cloud
Service constraints
No known constraints
System requirements
  • Java Version 8
  • PowerCurve Strategy Design Studio Licence

User support

Email or online ticketing support
Email or online ticketing
Support response times
Acknowledgement email will be sent within 30 minutes.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We offer a standard support offering that can be extended with a range of add on services so that your support requirements can be defined to fit your needs.
The cost of the standard support offering is included within the annual licence fee.
Support available to third parties

Onboarding and offboarding

Getting started
In order for the CMS to operate a data extract needs to be produced on a regular basis. The business user is provided with detailed documentation outlining the data definition for the input files and the format and contents of the output files. Along with these documentation the business user is supplied with a service specification detailing the solution in detail.
Service documentation
Documentation formats
End-of-contract data extraction
Not applicable
End-of-contract process
The business user stop providing data extracts and the hosted solution is deleted along with any associated data.

Using the service

Web browser interface
Application to install
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices
Service interface
Customisation available
Description of customisation
The customer management strategies in place can be customised by business users using a strategy design studio. Users can be provided with training to maintain the strategies or can work with a consultant who can apply any changes on the buyers behalf.


Independence of resources
Each business user have a dedicated time slot scheduled to process the data extract.


Service usage metrics
Metrics types
The following types of report are examples of reports that can be provided to proactively monitor the portfolio and the on-going effectiveness of services provided:
• Portfolio Assessment
• Decision outcome monitoring
• Scorecard monitoring
• Analysis of key customer segments
• Portfolio performance monitoring
• Overall Collections strategy monitoring
• Champion-Challenger analysis
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The process of exporting data is automated so an extract of the tenancy and tenant data is produced on a weekly basis and uploaded to an SFTP site, at which point it is collected and processed within the CMS .
Data export formats
  • CSV
  • Other
Other data export formats
ASCII/Text/Display sequential flat file
Data import formats
  • CSV
  • Other
Other data import formats
ASCII / Text /Display Sequential

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability SLAs vary by support level between 95% and 99.5%.

Service availability is defined as the availability of the application and/or data provided by Experian, during the contracted support hours and outside of the scheduled maintenance windows.
Availability Calculation:
A (Contracted Support Hours) – B (Cumulative Outage Time) x 100=% Availability
A (Contracted Support Hours)

Note: Definition of Contracted Support Hours – The Silver Tiered Support Option provides support: Mon-Fri 08:00-22:00 (GMT), Sat-Sun 08:00-16:00 (GMT) for P1 Incidents – (Incidents with potential to impact service availability), and Core Hours support Mon-Fri 09:00-17:30 (GMT).
Approach to resilience
This information is available on request
Outage reporting
Emails are sent to affected clients

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Users have their access controlled using a user role function within the design studio.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
DNV GL Business Assurance UK Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The following is covered by the scope of the certificate; the delivery and support of Experian IT infrastructure, operations, architecture and associated compliance and facilities management undertaken within the UK data centres.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Everything is covered.

Should it be necessary we can provide our Attestation of Compliance
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Experian have a comprehensive global security policy based on the ISO27001 standard which covers: Organisation and Management, information security, asset classification, physical and environmental security, communications and operations management, system access, systems development and maintenance, compliance, personnel and provisioning, business continuity management, third party management. The policy is owned by Experian's executive risk management committee which is an executive level body, and which assumes ultimate responsibility for Experian's risk position. Information security is a key component of the risk management framework. Experian management supports security through leadership statements, actions and endorsement of the security policy and implementing/improving the controls specified in the policy. The policy is available to all Experian employees and contractors on the intranet. Changes to the policy are announced on the company's intranet computer based information security and data protection training, and this is repeated on at least an annual basis. Compliance to policy is overseen by internal audit.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Experian have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, processes, and procedures are regularly audited by independent auditors. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Servers and PCs are built to a documented secure standard, which includes anti-virus and malware defences. Information assets have a defined patching schedule, determined by the system's criticality and the level of threat the patch is mitigating. Experian actively monitors threat environment and checks the effectiveness of security controls by reviewing both free and paid for sources of threat information, including, public information, major vendor feeds and also receiving information from specialist closed group mailing lists. The overall process is also plugged into an automated patch and fix strategy, underpinned with a technology infrastructure to deliver corrective updates.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Monitoring processes and tools are in place to manage alarms generated by security related alerts and these are fed into the incident management process. Experian has a formally documented risk based incident management process to respond to security violations, unusual or suspicious events and incidents. In the event an incident occurs a team of experts from all relevant areas of Experian are gathered to form an incident response team, who manage activities until resolution. The incident response team are available 24/7 to resolve any incident. Out of core hours the dedicated incident hotline is routed to the command centre.
Incident management type
Supplier-defined controls
Incident management approach
The incident management process incorporates a number of participants and contributors, including: Global Security Office - who facilitate and coordinate activities under the business security coordinator's guidance; Business Security Coordinator - a representative of the impacted business area, responsible for coordinating resolution activities; Incident Response Team (IRT) - IRT is made up of a membership that are empowered to make key decisions surrounding the actions to be taken to reduce impact, control actions, and impose corrective activities. A client report would be created, including: high level overview; facts; overview of events; actions taken.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£94860 per licence
Discount for educational organisations
Free trial available

Service documents

Return to top ↑