Roxhill Media

Roxhill Media Database

Roxhill Media provides a Software as a Service platform that enables professionals in the Public Relations industry to efficiently and accurately analyze and engage with media outlets and journalists.


  • Topic search providing accurate, real-time, media lists
  • Journalist search providing accurate, real-time media lists
  • Social media (e.g. Twitter, Instagram) search for topics & journalists
  • Providing streams for journalist moves, topics & social media activity
  • Advanced briefing notes on journalists
  • GDPR functionality
  • Geographic search functionality
  • PR campaign distribution & analytics
  • Topic trend analysis
  • PR opportunities (guide to PR Opportunities across range of outlets)


  • Greater penetration for media campaigns
  • Greater ease & accuracy of journalist list generation
  • Competitive pricing
  • Most accurate and up-to-date journalist & media outlet content
  • Interrogate social media with greater ease and efficiency
  • Accessible through multiple devices
  • Briefing notes at your desk or on the move
  • Stay informed of journalist moves
  • Ensure GDPR compliance of your lists
  • Showcase allows reporting of coverage gained for a client


£2000 per transaction per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Roxhill Media

Phil Godson

+44 (0)20 3981 0035

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Access to the internet
  • Purchase of a license from Roxhill Media

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 5 minutes. Our Customer Service hours Mon-Fri 08:30-17:30 GMT from the UK and 17:30 - 22:30 GMT from our US office
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels We provide full training and technical training for our platform over as many sessions as required by the client, either on our clients' premises or online. There are no different support levels - we support all aspects of usage for our clients at no extra cost for all aspects of the platform.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite and/or online training, we provide comprehensive user guides and the Customer Service team are available during working hours
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customers can download any lists they have built during their subscription to an excel/csv file
End-of-contract process Customers' access is revoked at the end of their subscription

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is less functionality on the mobile app e.g. distribution is unavailable. We are updating the mobile app from July 2019 onwards
Service interface Yes
Description of service interface We are a SaaS platform providing an online media database via a web browser.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Testing has not been completed with a screen reader.
Customisation available Yes
Description of customisation The functionality is specific to our users. For example a user can build lists within the system that are only visible to them. However aspects of the system such as the interface are the same for all users.


Independence of resources The system is designed to be horizontally scalable such that it will adjust capacity to meet usage demand. We guarantee access through contractual service levels.


Service usage metrics Yes
Metrics types We can provide usage statistics in relation to log-ins. Other usage metrics are driven by saved lists
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Customers can export data to an excel/csv file
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats Other
Other data import formats Customers do not upload their own data

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Roxhill shall use commercially reasonable efforts to maximise the functioning time of the Roxhill Websites, and in the event of any downtime arising will strive to restore operation as soon as reasonably practicable, but any warranty, term or condition in respect of the content or operation of the Roxhill Websites is hereby specifically excluded.
User compensation is considered on a case-by-case basis.
Approach to resilience Our system is architected in a distributed way to run across multiple geographically-distinct availability zones.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Username, password and IP locks.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We follow established industry best practices in all areas.
Information security policies and processes Information security is a top priority when deciding how our service is implemented. Any security incidents are escalated to the senior management immediately, whether reported internally or externally.
Management is responsible for enforcing security policies and processes.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our system is fully cloud hosted, so all infrastructure components are virtual. We use the tools made available by our cloud hosting provider AWS in order to track those virtual resources. Any changes to our infrastructure are assessed to determine any additional exposure they might afford to attackers.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We limit ourself to using widely used and supported tools and services to ensure vulnerabilities are quickly resolved. We deploy any patches as soon as they are available. We monitor a variety of online industry sources that document new vulnerabilities including CVEs.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We keep extensive logs and metrics of our systems to identify unusual activity. In cases where unusual activity is detected we will isolate the system from the rest of the network. We respond to incidents as soon as they are detected.
Incident management type Supplier-defined controls
Incident management approach We have pre-defined steps for resolving incidents such as outages or intrusions. Users can report any incidents via our support team. In cases where an incident may impact users, we will provide a summary of the incident and steps taken to mitigate its impact, as well as what we are doing to prevent any reoccurrence.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2000 per transaction per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial All functionality except download and distribution

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑