Idox Software Limited

Onsite Licensing Enforcement

This product will provide a mobile working solution to help Licensing Officers administer licensing enforcements, whilst providing them with the information and tools they need whenever and wherever they need it, even when offline.


  • Simple and easy to use
  • Displays an officer’s list of inspections on a map
  • Retrieve data and send updates back to Uniform
  • Officers can sync data at any time.
  • All required data about an inspection can be downloaded
  • Offline working - Have access to all active Licences
  • Complete inspections in the field
  • Take photos and upload seamlessly to EDMS case file


  • Low cost of implementation (no training required)
  • More efficient use of officer time
  • Lower mileage and therefore fuel costs
  • Environmental benefits
  • More time spent doing inspections (reduced travel time)
  • Can change plans during the day if required
  • Improved data security (paper case files not carried on site)
  • Work anywhere – even in areas with no internet connection


£5750 per unit

Service documents

G-Cloud 10


Idox Software Limited

Darren Moyes

0333 011 1200

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Uniform with Licensing Enforcement
Cloud deployment model Private cloud
Service constraints Available for
iPads running supported iOS versions, Windows and Android tablets running supported Windows and Android versions.
System requirements
  • Customer must have Uniform with Licensing Enforcement Module
  • Customer must have the Idox Cloud Connector Adapter
  • Customer must have appropriate devices i.e. Apple iPads/Windows tablets
  • The optional Automatic case download feature requires Idox Enterprise
  • The optional document features require Idox EDMS

User support

User support
Email or online ticketing support Email or online ticketing
Support response times When a support request is received, a priority level is set against the request dependent on its urgency and its impact on the customer’s business. Target initial response times are: -
High priority – one working hour,
Medium priority – four working hours,
Low priority – eight working hours,
Enquiries – 45 working hours.

The above is applicable to normal working hours and excludes weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Target response/resolution times depend on the priority level of the request, as follows: -

Target response times: -
High – one hour*,
Medium – four hours,
Low – eight hours,
Enquiries – 45 hours.

Target resolution times: -
High – eight hours,
Medium – 18 hours,
Low – 45 hours,
Enquiries – 180 hours.

*hour = working hour
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Idox will assign a project manager to plan and manage the project. This will involve the creation of a project plan with agreed milestones, a risk register and issue log. Idox will endeavour to utilise authority staff in an efficient manner avoiding any duplication of effort. The project plan will be actively maintained and used as a measure to monitor progress towards the deadlines set within it.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction No data is permanently stored within the cloud service used by the App.
End-of-contract process No data is permanently stored within the cloud service used by the App.

If the service is turned off at the back-office side then that data will no longer be available in the cloud.

Any offboarding would be handled as part of the migration away from Uniform.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service This is a mobile only offering.
Accessibility standards None or don’t know
Description of accessibility The OnSite suite of apps have been designed to be intuitive, simple to use and robust. Rather than trying to create an app for all officers we have focussed on delivering a suite of role based apps specialising in specific officer roles and processes. This means we can deliver a focussed, accessible and efficient experience for officers in different departments. There are no current accessibility standards for apps. These are due 23 June 2021.
Accessibility testing None
Customisation available No


Independence of resources The solution can be scaled to provide resilience by implementation of load balanced Application Servers and replication of Databases across multiple servers with failover where required. Depending on the criticality and scale of the system, various permutations of the supporting architecture can be deployed.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach No data is permanently stored within the cloud service used by the App.
Data export formats Other
Other data export formats N/A - No data permanently stored within the cloud service
Data import formats Other
Other data import formats Not applicable

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Data may only flow between relevant systems, and is on private network segments depending on role.

Availability and resilience

Availability and resilience
Guaranteed availability SLA subject to contract.
Approach to resilience All components of the system have redundancy built in to remove single failure points, and the application is horizontally scalable.
Outage reporting Outages are reported via the helpdesk and where applicable the login page.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International
ISO/IEC 27001 accreditation date 25/08/2016
What the ISO/IEC 27001 doesn’t cover No exclusions.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Hardware components are asset tagged, and tracked in our database of physical locations. Software components are deployed to servers and VMs with configuration management, and are tracked using that facility. Any changes to the environment must be submitted via a change request process, where they are assessed for any security or service impact, before being deployed to QA where they are vulnerability and QA checked for verification before a release to staging and production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches. Major releases of public facing applications undergo internally and/or externally conducted penetration testing.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Several layers of monitoring are in place to detect access attempts and attacks into the environment. These include the automated application functional monitors, network traffic analysis (NIDS), and unauthorised changes detected via configuration management.

Any potential compromise is raised in line with our security incident reporting procedure.
Incident management type Supplier-defined controls
Incident management approach Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5750 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑