Idox Software Limited

Taxi Licensing Application Customer Journey

This product will provide an online solution for the submission of Taxi Licensing applications.


  • Applicants may submit taxi licensing applications online.
  • Applicants upload supporting documentation and pay the fee online.
  • Completed applications are available for download.
  • Completed applications may be automatically integrated with Uniform back office.


  • Low cost of implementation
  • Removes the need to rekey information
  • Reduces incomplete applications
  • Online payment removing the need to process cheques
  • Applications submitted at a convenient time for the applicant
  • Document uploaded removes the need to return original documents


£8500 per unit

Service documents

G-Cloud 10


Idox Software Limited

Darren Moyes

0333 011 1200

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to This may be used in standalone mode or optionally integrated to Uniform
Cloud deployment model Hybrid cloud
Service constraints None
System requirements
  • Optional integration will require: a supported version of Uniform
  • Installation of the Idox Cloud Adaptor
  • Configuration of an integration task

User support

User support
Email or online ticketing support Email or online ticketing
Support response times When a support request is received, a priority level is set against the request dependent on its urgency and its impact on the customer’s business. Target initial response times are: -
High priority – one working hour,
Medium priority – four working hours,
Low priority – eight working hours,
Enquiries – 45 working hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Target response/resolution times depend on the priority level of the request, as follows: -

Target response times: -
High – one hour*,
Medium – four hours,
Low – eight hours,
Enquiries – 45 hours.

Target resolution times: -
High – eight hours,
Medium – 18 hours,
Low – 45 hours,
Enquiries – 180 hours.

*hour = working hour
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Idox will assign a project manager to plan and manage the project. This will involve the creation of a project plan with agreed milestones, a risk register and issue log. Idox will endeavour to utilise authority staff in an efficient manner avoiding any duplication of effort. The project plan will be actively maintained and used as a measure to monitor progress towards the deadlines set within it.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Not applicable - data is passed on once the application has been submitted.
End-of-contract process As a transactional service, once the contract has expired applicants will no longer be able to use the service for new applications. Existing applications will be transferred to the authority before being deleted from internal systems.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Screens will be resized and buttons repositioned when working on a mobile device. Field controls such as date pickers will display as appropriate for the device.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing None
Customisation available Yes
Description of customisation The service supports customisation to:
basic styling, fees, questions, required uploads.


Independence of resources The solution can be scaled to provide resilience by implementation of load balanced Application Servers and replication of Databases across multiple servers with failover where required. Depending on the criticality and scale of the system, various permutations of the supporting architecture can be deployed.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Applications will be transferred as pdf attachments to email or via integration with Uniform. The data may be exported from Uniform using any OGC-compliant reporting tool.
Data export formats
  • CSV
  • Other
Other data export formats Where integrated with Uniform, export format depends on reporting tool.
Data import formats Other
Other data import formats Not applicable

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Data may only flow between relevant systems, and is on private network segments depending on role.

Availability and resilience

Availability and resilience
Guaranteed availability SLA subject to contract.
Approach to resilience All components of the system have redundancy built in to remove single failure points, and the application is horizontally scalable.
Outage reporting Outages are reported via the helpdesk and where applicable the login page.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International
ISO/IEC 27001 accreditation date 25/08/2016
What the ISO/IEC 27001 doesn’t cover No exclusions.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Hardware components are asset tagged, and tracked in our database of physical locations. Software components are deployed to servers and VMs with configuration management, and are tracked using that facility. Any changes to the environment must be submitted via a change request process, where they are assessed for any security or service impact, before being deployed to QA where they are vulnerability and QA checked for verification before a release to staging and production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches. Major releases of public facing applications undergo internally and/or externally conducted penetration testing.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Several layers of monitoring are in place to detect access attempts and attacks into the environment. These include the automated application functional monitors, network traffic analysis (NIDS), and unauthorised changes detected via configuration management.

Any potential compromise is raised in line with our security incident reporting procedure.
Incident management type Supplier-defined controls
Incident management approach Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8500 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑