Due-diligence tool that gathers data from insurance companies, mobile phone networks, law enforcement and device recycle companies and reports the matched information on the advised serial number.


  • Real-time blacklist checking
  • Real-time reporting
  • Real-time data checks
  • Instant alerts


  • Restrict trading of stolen/lost mobile devices
  • Reduce mobile device insurance fraud
  • Recover loss/stolen/insured mobile devices


£0 to £0.50 per unit

Service documents


G-Cloud 11

Service ID

6 9 9 1 9 4 4 8 7 0 9 5 8 1 0



Peter Kirby

07514 937938

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Extension is linked to other services;
MobiCheck Share
Cloud deployment model Public cloud
Service constraints Global blacklist service that currently supports 120 mobile phone operating networks worldwide, however there is full coverage of U.K. networks.
System requirements Web-based or App access - no restrictions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Service Level Agreement - Monday - Sunday between 9am - 5pm 4 hour initial response time.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible The web chat is a third party designed software and has not been specifically designed with consideration to EN 301 549 9 but follows best practices and current HTML standards.
Web chat accessibility testing No testing has been carried out.
Onsite support No
Support levels The support level provided is email and tickets Monday - Sunday 9am - 5pm and support is inclusive with the product. The allocation of Technical Account Manager is optional at the request of the customer and is at no extra charge.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once user has created an account, there are user guides available with their account, access to help desk function and where relevant training videos.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All user activity can be downloaded from the online portal.
End-of-contract process User accounts are disable and will no longer be able to access portal and respective data. There is no overall contract cost as customers pay for the service as they use it.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Developed native applications to have the ability to work on iOS and Android.
Service interface Yes
Description of service interface The interface is through a web browser or mobile application. User will follow a number of menus and prompts to navigate the service.
Accessibility standards None or don’t know
Description of accessibility Our website/portal currently has not been specifically designed with consideration to EN 301 549 9 but follows best practices and current HTML standards.
Accessibility testing None.
What users can and can't do using the API The user has the ability to obtain API credentials and documentation via the online portal. The API only gives the ability to access the service, the user is unable to make changes.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available No


Independence of resources Live monitoring of server performance and overheads. Provisioning of resources that have capacity over and above historical and expected requirements.


Service usage metrics Yes
Metrics types Full user activity report are available and can be viewed via an on screen dashboard, this can be filter by date and services.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold GSM Association

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There are export facilities within the online portal which are exported CSV or Excel and also a PDF certificate is available for each MobiCheck process.
Data export formats
  • CSV
  • Other
Other data export formats
  • Xlsx
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats Xlsx

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The service aims to be available 24 hours a day, 7 days a week , 365 days a year. In the event of planned maintenance of the server, the customer will be given at least 30 days notice and endeavor that updates will take place between 22:00 and 06:00 GMT.

We endeavor to notify in advance for any critical updates where possible but such updates would be outside of planned maintenance.

All refunds are processed on a case by case basis. A refund will be awarded in the unlikely event that a service activity has failed and meets the refund policy requirements for condition of the mobile device.
Approach to resilience Information for datacentre resilience is available on request.
Outage reporting Service outages are reported via a public dashboard and email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access is controlled by role-based permissions allocated to pre-defined account types controlled by senior management.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Secure by Design

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach There is a risk based approach to security governance that is in line with the requirements of ISO 27001. This included carrying out information security risk assessment/treatment plan for the business with policies and procedures developed in accordance with the Statement of Applicability in line with ISO 27001.
Information security policies and processes Policies and procedures are created in line with the requirements of ISO 27001. Internal full-time Compliance Officer to manage and monitor the implementation of policies and procedures.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach - Change identification
- Assessment of requirements and impact
- Impact assessment on legacy systems
- Assessment of security and vulnerability
- Creation of implementation plan
- Sign off by senior management
- Tracked through use of version control
- Notification to affected parties where changes will have an impact with a date of implementation
- Implementation and testing of changes in development environment
- Push to live environment
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Monitoring of bulletins from providers of underlying technology.
Where applicable patches are applied at the earliest available opportunity.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Server based monitoring in real-time to identify potential malicious activity. Rule-based system automatically blocks access. Potential compromises are investigated on a per incident basis immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident management process is defined in line with the requirement of ISO 27001. Users report incidents via the dedicated support desk and are provided a report through this service.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0 to £0.50 per unit
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑