Postcode Pro - Postcode lookup finder and address validation

Our easy to use postcode and address validation service uses the latest UK address data. With incredibly easy setup and advanced search methods, you can improve your online customer experience and support internal customer service staff. This service is quick, mobile-responsive and very easy to integrate with other business applications.


  • Rapid, real-time address finder
  • Mobile-responsive
  • Easy to integrate
  • Intuitive for users
  • Uses the latest Royal Mail Postcode Data for accuracy
  • Works internationally
  • Easy to understand pricing model
  • For websites, CRM and business applications
  • Secure https model


  • Improve the customer experience
  • Reduce abandoned forms and carts
  • Improve quality and accuracy of data
  • Increase lead and sales conversions
  • Integrates with your CRM to enable a single data source


£50 per instance

Service documents

G-Cloud 10



Clare Millar

0131 541 2159

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are based on priority levels. Response times are the same at weekends though an out-of-hours support agreement is required for out-of-hours cover.

Priority 1: Urgent and essential
Response: within 1 business hour.
Investigation: within 2 business hours.
Action: within 3 business hours.
Priority 2: Non-urgent operational matters
Response: within 3 business hours.
Investigation: within 4 business hours.
Action: within 7.5 business hours.
Priority 3: General enquiries
Response: within 7.5 business hours.
Investigation: within 2 business days.
Action: based on agreement with the Client
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use third party live chat tools which allow two way messaging - if there is a specific requirement to use a tool which is specifically WCAG compliant then we would be happy to implement this.
Web chat accessibility testing We use third party live chat tools which allow two way messaging - any assistive technology testing is done by the live chat provider. As above, if there is a specific requirement to use a tool which is specifically WCAG compliant then we would be happy to implement this.
Onsite support Onsite support
Support levels Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation.
User guides: these can either be documented or video guides for users and contain quick tips and handy reference information.
Online training: we can provide online training if required - typically to larger groups of users.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft PowerPoint
End-of-contract data extraction All data can be exported as a SQL Server database backup or via reporting tools.
End-of-contract process The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No differences
Accessibility standards WCAG 2.0 A
Accessibility testing Websites we develop are built to be compliant with accessibility standards as required by the buyer and these typically include the Postcode Pro service.
Customisation available Yes
Description of customisation PostcodePro can be fully customised in line with client needs.


Independence of resources There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance.


Service usage metrics Yes
Metrics types Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis. For usage metrics we typically recommend Google Analytics on a public website.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All data can be exported as a SQL Server database backup or via reporting tools and a file system backup. The way in which we would recommend this be done would depend on customer need and the target environment.
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our guarantee for service level uptime is 99.9%.
Approach to resilience The underlying solution is based on a high availability configuration on a private cloud using vMWare vSphere. Further information is available on request.
Outage reporting Administrator dashboard with automatic error reports via alerts and notifications.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Authentication is based around username and password with role based authentication within the application itself. All access to the application is over a TLS 1.2 encrypted secure channel.
Information security policies and processes We are working towards ISO 27001 certification and as such we follow industry standard best practices for information security. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the Technical Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:
Request: Initiation of a change with a request for change (RFC);
Classification: Assigning a priority to the change after assessing its urgency and impact;
Authorisation: Processing the RFC through to the change advisory board;
Development: Developing the change, release management;
Release Management: Releasing the change for testing;
Review: Conducting post-deployment review.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We limit exposure by only allowing access via firewall control to services which need to be accessed externally and have an account lockout process whereby after 15 attempts, an account will automatically be locked as suspicious activity would be assumed. We track and monitor invalid login attempts via standard Windows event logging mechanisms. We respond based on the SLA times as detailed earlier in this section.
Incident management type Supplier-defined controls
Incident management approach Users report incidents online using our incident reporting tool or by phone or email if required. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50 per instance
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑