Idox Software Limited

Electoral Management Call Centre Solution

Browser-enabled, read-only access to the Register for Contact Centres. Searches can be done by property and electors, and answer questions eg ‘Where is my polling station?’, ‘elected representatives?’, ‘What elections can I vote in?’, ‘Why haven’t I received a poll card?’ and ‘Can I have a postal vote?’


  • Web enabled Call Centre Module
  • Can be used by other council departments to reduce calls
  • Read only access to Register
  • Permission levels control access
  • Enables multiple search criteria


  • Integrates with Council's CRM system for easy access
  • Able to fulfill simple requests such as PV requests
  • Easy to use with minimal training
  • Allows staff easy access to information eg PV arrival timescales
  • Information displayed in list and map format to aid explanation


£3000 per instance

Service documents

G-Cloud 10


Idox Software Limited

Darren Moyes

0333 011 1200

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Our call centre solution can only be used in conjunction with our Electoral Management system as it pulls the electorate data from the EMS database.
Cloud deployment model Hybrid cloud
Service constraints No
System requirements
  • Support all major browsers
  • Support current version and previous 4 versions
  • Software licensing required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within a couple of hours. Support calls are prioritised according to perceived importance. There is no support at weekends, apart from when we provide extended support during elections
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Webchat is a service which is available as an option should our customers require it but is not currently used.
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels The support teams’ business hours are 8:30-5:30, Monday to Friday. For the majority of our extended support sessions leading up to key electoral activities we cover the hours from 7.30am up until 10pm on weekdays and 9am till 2pm on weekends and bank holidays.

For any support requirements, you can email or telephone: all cases are prioritised according to urgency and importance as a matter of course. We believe we have the greatest proportion of support desk officers to customers amongst all of the EMS suppliers in the UK – hence our reputation for the best levels of support provision. Our target is to answer the telephone within three rings and resolve 95% of queries there and then before the end of the call.

We employ both experienced IT technicians, AEA Certified electoral administrators on our support team. Within the team we also have people with vast amount of experience of working on elections and election policy with both central government and the Electoral Commission. This ensures that the perspective on customer and stakeholder expectations that we have is unique in the EMS supplier community.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Documentation
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Uses main Electoral database. All data will be available in EMS SQL database.
End-of-contract process Minimal as data accessed from main EMS

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
Customisation available Yes
Description of customisation We don’t make an APIs available for users, although we do have numerous APIs that are used for communications between our client-server applications, and other APIs that communicate with other products of ours.
Whilst we don't provide APIs for users, since we have many internal APIs available we will be happy to work with our customers to provide whatever APIs they need, if we have the data for those needs and the feature rich-ness that these APIs will provide will depend on customer budgets.


Independence of resources Private cloud, hybrid offerings would be with tier 1 service providers


Service usage metrics Yes
Metrics types We do not provide service metrics information unless specifically requested. However we do have the capability to provide reports on certain metrics such as support response time, cases resolved within SLAs and uptime etc. If our customers require particular stats to be produced, then this can be negotiated as required.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Via EMS
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks HTTPS and TLS 1.2, AES 256 bit end to end encryption
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Multi layered security including 256 bit encryption, OAuth2 authentication and static encryption at volume level

Availability and resilience

Availability and resilience
Guaranteed availability For AWS and Azure based systems, 3 levels based on type of asset (99%, 99.9% and 99.99%). SLA subject to contract.
Approach to resilience AWS or Azure standard resilence (some detail available on request)
Outage reporting AWS + IDOX agreed comms mechanism (per customer)

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International Ltd
ISO/IEC 27001 accreditation date 25/08/2016
What the ISO/IEC 27001 doesn’t cover No exclusions
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach IT change management processes are carried out using Change Requests and records are maintained within the Change Management system. All concerned parties are informed of the status of the request as changes or progress is made as applicable.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, software patches or new releases.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Several layers of monitoring are in place to detect access attempts and attacks into the environment. These include the automated application functional monitors, network traffic analysis (NIDS), and unauthorised changes detected via configuration management.
Any potential compromise is raised in line with our security incident reporting procedure.
Incident management type Supplier-defined controls
Incident management approach Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3000 per instance
Discount for educational organisations No
Free trial available Yes
Description of free trial N/A
Link to free trial N/A


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑