Pronto is the most widely deployed mobile Policing solution in the UK. The service integrates with national and local systems, optimising information management in operational Policing, getting intelligence to the point of need, enabling efficiencies in the back-office and optimal workflow into partner agencies and the criminal justice system.


  • Applications for mobile data capture
  • Operational datastore for all information
  • Integration to existing back-office systems
  • Re-engineering of existing processes
  • Digitisation of existing processes
  • Library of applications to support operational business processes
  • Standardisation of business process across multiple organisations
  • Configuration of processes to meet bespoke requirements
  • Management information of organisational performance
  • In-life support of the system


  • Digital replacement of officers pocket notebok and operational processes/forms
  • Remote and mobile access to all operational policing systems
  • Upfront processes capture accurate and validated information
  • Reuse of information without rekeying, reducing bureaucracy
  • Increases productitive, visility and effectiveness
  • Removes middle office duplication costs and reduces estate costs
  • Fingerprint Search of Home Office Biometrics Services Gateway


£15.00 to £34.50 per person per month

Service documents


G-Cloud 11

Service ID

6 0 8 0 6 1 9 9 3 9 9 4 0 1 2



Andy Glover


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The Pronto solution can either deployed as a standalone systems or as an extension to existing systems. The provision of APIs by an existing back-office system will allow for the integration of the mobile applications to provide mobile workers complete 2-way communications for both querying and updating a back-office system.
Cloud deployment model
Private cloud
Service constraints
Solution can be provided as hosted service or on premises. Supported police systems for integration or requires professional services to integrate with additional custom systems.
System requirements
  • If on customer cloud:
  • Server infrastructure for hosting of hub component
  • MDM solution for security and deployment of mobile applications
  • VPN solution for security of data in transit
  • Provision of servers for a pre-production system
  • Provision of servers for a production system
  • Access to APIs for integration to 3rd party systems
  • Provision of suitable mobile devices

User support

Email or online ticketing support
Email or online ticketing
Support response times
For hosted Pronto customers, service affecting issues can be reported 24/7/365 via e-mail; telephone; or Service Management Terminal (SMT). Target response times for these are:
* 90% of calls are answered within 15 seconds
* 99% of calls are answered within 30 seconds
* Incidents raised via the SMT: to be picked up and acknowledged within 15 minutes of being raised.
* Incidents raised via email: the reference number is provided to the customer within an hour of receipt.
For reporting of software issues or requirements, responses are on a best endeavours basis Mon-Fri 9am-5pm, typically within 1 working day.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard support is included with the service. Users may raise a case 24/7 via helpdesk. Customers may also contact their Business Relationship Manager. Resolver groups for faults 24/7. Resolver groups for changes and requests Mon - Fri 9-5. Response target within 2 working days.
Support available to third parties

Onboarding and offboarding

Getting started
We provide Train the Trainer and Administration Training as a standard offering and additionally can offer End User training if required all courses cover the use of the service and its security. Civica (PNC) and MDM Training can also be supplied.
Service documentation
Documentation formats
End-of-contract data extraction
Data can be accessed via the desktop manager tool, which is web based solution.
End-of-contract process
To-date, no customer has come to the end of a contract and discontinued the use of the Pronto service. All Pronto data is stored in the Pronto database. The data in the Pronto database would be made available to users. For a hosted solution, a copy of the database would be provided to the customer. For an on premise solution, the customer would retain their existing database.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install
Compatible operating systems
  • Android
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile solution comprises of a number of integrated mobile applications to support a range of operational business processes. The back-office system is a web based interface for managing information submitted to the database, including reviewing, editing and processing documents relevant to the business process rules.
Service interface
What users can and can't do using the API
Pronto supports integration with 3rd party systems via SOAP and RESTful APIs, CSV and XML export and automated emails. Pronto integrates with police systems including Police National Computer (Civica and NDI), Command & Control (Steria STORM, Capita NSPIS, Integraph ICAD), RMS systems (e.g. Niche, Northgate Connect, Capita UNIFI), Pentip, CRASH. Pronto authenticates against Active Directory (Kerberos).
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The Pronto solution is designed to be configurable to meet customers' specific requirements. Customers' operational processes are analysed and the requirements are documented and agreed with the customer. The software applications are then configured by supplier (using professional services) to meet the customers' requirements.


Independence of resources
The solution had undergone extensive load testing and has been deployed to tens of thousands of users for over 10 years. The central hub architecture manages all transactions from all mobile devices and can be deployed over multiple servers and supports load balancing technologies.


Service usage metrics
Metrics types
Pronto provides usage based on forms and OTA transactions (such as number of PNC searches or C&C transactions).

Users can login to Pronto Web Manager to view reports on usage
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
The native Pronto client Android application, installed on mobile devices, stores its data in local device storage. This is an application private partition only accessible to Pronto. The MDM should be used to enforce additional security (such as data at rest encryption). Example: combination of Samsung KNOX and BES12 enforces data at rest encryption so all data is securely stored.
Once uploaded to Pronto Hub, data is stored in the Pronto database. This is protected by physical and IT access controls that prevent unauthorised access to data. The solution is accredited by Home Office to IL3 / Official Sensitive.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be accessed and exported using the desktop manager application, which is a web based application.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • Word
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • CSV files (eg picklilsts or users) via Pronto Web Manager

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
Other protection within supplier network
Access into supplier network is protected by firewalls and a VPN solution.
Supplier network then has strict internal security policies that segregate the internal network using virtual firewalls and virtual LANs.
These segregate data between systems that are customer specific and shared services used by multiple customers.
Customers are as a result only able to access shared systems or customer specific systems.
Supplier is ISO 27001 certified and datacentres are accredited both physical and Network by Home Office to IL3/Official sensitive.

Availability and resilience

Guaranteed availability
Service Level Targets of 99%+ (exclusive of planned maintenance)
Approach to resilience
Multiple servers are deployed with load balancing applied. Disaster recovery is provided by back-up infrastructure provided in a secondary data centre.
Outage reporting
On a hosted deployment, servers are protected by alarms that trigger if a service affecting issue arises.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Pronto uses a flexible Java Authentication and Authorisation service to authenticate users. User authentication is typically offboarded via Kerberos authentication against customer Active Directory system. This allows customer to maintain a single username/password for end users.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
No exclusions
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have our own internal business and process security policies supporting our ISO/IEC 27001 certification

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configure, Audit, Validate, Report exceptions, investigate exceptions, resolve.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Identify vulnerability through IT health checks or vendor supplied information, conduct risk analysis, implement security controls, monitor effectiveness of controls
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Collect events, look for pattern anomalies, report, manage through incident management
Incident management type
Supplier-defined controls
Incident management approach
Categorise, Prioritise, Triage, Diagnose, resolve, resolution and recovery, close incident

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
Public Services Network (PSN)


£15.00 to £34.50 per person per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑