Pronto is the most widely deployed mobile Policing solution in the UK. The service integrates with national and local systems, optimising information management in operational Policing, getting intelligence to the point of need, enabling efficiencies in the back-office and optimal workflow into partner agencies and the criminal justice system.


  • Applications for mobile data capture
  • Operational datastore for all information
  • Integration to existing back-office systems
  • Re-engineering of existing processes
  • Digitisation of existing processes
  • Library of applications to support operational business processes
  • Standardisation of business process across multiple organisations
  • Configuration of processes to meet bespoke requirements
  • Management information of organisational performance
  • In-life support of the system


  • Digital replacement of officers pocket notebok and operational processes/forms
  • Remote and mobile access to all operational policing systems
  • Upfront processes capture accurate and validated information
  • Reuse of information without rekeying, reducing bureaucracy
  • Increases productitive, visility and effectiveness
  • Removes middle office duplication costs and reduces estate costs
  • Fingerprint Search of Home Office Biometrics Services Gateway

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The Pronto solution can either deployed as a standalone systems or as an extension to existing systems. The provision of APIs by an existing back-office system will allow for the integration of the mobile applications to provide mobile workers complete 2-way communications for both querying and updating a back-office system.
Cloud deployment model Private cloud
Service constraints Solution can be provided as hosted service or on premises. Supported police systems for integration or requires professional services to integrate with additional custom systems.
System requirements
  • If on customer cloud:
  • Server infrastructure for hosting of hub component
  • MDM solution for security and deployment of mobile applications
  • VPN solution for security of data in transit
  • Provision of servers for a pre-production system
  • Provision of servers for a production system
  • Access to APIs for integration to 3rd party systems
  • Provision of suitable mobile devices

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For hosted Pronto customers, service affecting issues can be reported 24/7/365 via e-mail; telephone; or Service Management Terminal (SMT). Target response times for these are:
* 90% of calls are answered within 15 seconds
* 99% of calls are answered within 30 seconds
* Incidents raised via the SMT: to be picked up and acknowledged within 15 minutes of being raised.
* Incidents raised via email: the reference number is provided to the customer within an hour of receipt.
For reporting of software issues or requirements, responses are on a best endeavours basis Mon-Fri 9am-5pm, typically within 1 working day.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is included with the service. Users may raise a case 24/7 via helpdesk. Customers may also contact their Business Relationship Manager. Resolver groups for faults 24/7. Resolver groups for changes and requests Mon - Fri 9-5. Response target within 2 working days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide Train the Trainer and Administration Training as a standard offering and additionally can offer End User training if required all courses cover the use of the service and its security. Civica (PNC) and MDM Training can also be supplied.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be accessed via the desktop manager tool, which is web based solution.
End-of-contract process To-date, no customer has come to the end of a contract and discontinued the use of the Pronto service. All Pronto data is stored in the Pronto database. The data in the Pronto database would be made available to users. For a hosted solution, a copy of the database would be provided to the customer. For an on premise solution, the customer would retain their existing database.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile solution comprises of a number of integrated mobile applications to support a range of operational business processes. The back-office system is a web based interface for managing information submitted to the database, including reviewing, editing and processing documents relevant to the business process rules.
Service interface No
What users can and can't do using the API Pronto supports integration with 3rd party systems via SOAP and RESTful APIs, CSV and XML export and automated emails. Pronto integrates with police systems including Police National Computer (Civica and NDI), Command & Control (Steria STORM, Capita NSPIS, Integraph ICAD), RMS systems (e.g. Niche, Northgate Connect, Capita UNIFI), Pentip, CRASH. Pronto authenticates against Active Directory (Kerberos).
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Pronto solution is designed to be configurable to meet customers' specific requirements. Customers' operational processes are analysed and the requirements are documented and agreed with the customer. The software applications are then configured by supplier (using professional services) to meet the customers' requirements.


Independence of resources The solution had undergone extensive load testing and has been deployed to tens of thousands of users for over 10 years. The central hub architecture manages all transactions from all mobile devices and can be deployed over multiple servers and supports load balancing technologies.


Service usage metrics Yes
Metrics types Pronto provides usage based on forms and OTA transactions (such as number of PNC searches or C&C transactions).

Users can login to Pronto Web Manager to view reports on usage
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach The native Pronto client Android application, installed on mobile devices, stores its data in local device storage. This is an application private partition only accessible to Pronto. The MDM should be used to enforce additional security (such as data at rest encryption). Example: combination of Samsung KNOX and BES12 enforces data at rest encryption so all data is securely stored.
Once uploaded to Pronto Hub, data is stored in the Pronto database. This is protected by physical and IT access controls that prevent unauthorised access to data. The solution is accredited by Home Office to IL3 / Official Sensitive.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be accessed and exported using the desktop manager application, which is a web based application.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • Word
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • CSV files (eg picklilsts or users) via Pronto Web Manager

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network Other
Other protection within supplier network Access into supplier network is protected by firewalls and a VPN solution.
Supplier network then has strict internal security policies that segregate the internal network using virtual firewalls and virtual LANs.
These segregate data between systems that are customer specific and shared services used by multiple customers.
Customers are as a result only able to access shared systems or customer specific systems.
Supplier is ISO 27001 certified and datacentres are accredited both physical and Network by Home Office to IL3/Official sensitive.

Availability and resilience

Availability and resilience
Guaranteed availability Service Level Targets of 99%+ (exclusive of planned maintenance)
Approach to resilience Multiple servers are deployed with load balancing applied. Disaster recovery is provided by back-up infrastructure provided in a secondary data centre.
Outage reporting On a hosted deployment, servers are protected by alarms that trigger if a service affecting issue arises.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Pronto uses a flexible Java Authentication and Authorisation service to authenticate users. User authentication is typically offboarded via Kerberos authentication against customer Active Directory system. This allows customer to maintain a single username/password for end users.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 01/12/2018
What the ISO/IEC 27001 doesn’t cover No exclusions
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have our own internal business and process security policies supporting our ISO/IEC 27001 certification

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configure, Audit, Validate, Report exceptions, investigate exceptions, resolve.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Identify vulnerability through IT health checks or vendor supplied information, conduct risk analysis, implement security controls, monitor effectiveness of controls
Protective monitoring type Supplier-defined controls
Protective monitoring approach Collect events, look for pattern anomalies, report, manage through incident management
Incident management type Supplier-defined controls
Incident management approach Categorise, Prioritise, Triage, Diagnose, resolve, resolution and recovery, close incident

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)


Price £15.00 to £34.50 per person per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑