Experian

Experian Commercial Credit Management with Business IQ

BusinessIQ is a clearly defined approach to managing commercial credit through one interface. Access Experian’s data covering businesses worldwide, displayed in clear dashboard views so you can easily pinpoint areas of risk and opportunity. Risk-averse approach to data management

Features

  • Access Experian’s limited company, non-limited or sole trader credit reports
  • Combines business and consumer data for high quality, reliable information
  • Customisable alerts to monitor individual, groups, or portfolios of businesses
  • Easily understand credit risk for businesses outside of the UK
  • Easily embed your credit policy
  • Access Experian’s unique business, director, consumer and payment history data
  • Categorise individual, groups or whole segments of risk
  • Easy to understand views of your entire portfolio
  • Onboard Processing via an API
  • International credit reporting and alerting facilities

Benefits

  • Understanding where risk lies
  • Know which customers to extend credit to and how much
  • Be informed when customers/suppliers have a change of circumstance
  • Find out who ultimately owns the business
  • Identify which customer/supplier might go out of business
  • Establish where staff should focus their time
  • Limit the threat of fraud
  • On-board the right customers/suppliers quickly
  • Assist with your auditing requirements
  • Trade abroad with confidence

Pricing

£1.75 to £10.00 per unit

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 6 8 2 7 1 6 1 8 1 8 2 2 1 9

Contact

Experian

Damian Kenny

+44 (0) 7976 702247

damian.kenny@experian.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Experian's databases are updated on a daily basis to ensure our information is current and accurate. Whilst updates take place, our databases are taken offline.

Online database access for UK and European Reports
Monday - Saturday: 06:00 – 23:59
Sunday: 09:00 – 22:00 (3:4)
Sunday: 09:00 – 18:00 (1:4)

Online database access for US Reports
Monday - Friday: 09:00 – 23:59
Saturday: 12:00 – 23:59
Sunday: 15:00 - 18:00
Maintenance: Sunday evening from 21:00 to 23:59, except for one Sunday per month when Experian reserve the right to use an extended maintenance window from 18:00 to 23:59.
System requirements
  • Default browser settings with cookies and JavaScript enabled,
  • Pop-up block disabled, network settings allow access to https websites
  • Memory: 1 GM RAM, 1 GB of free hard disk
  • Flash
  • Plug in Requirements: Adobe Acrobat Reader v7.X and above

User support

Email or online ticketing support
Email or online ticketing
Support response times
To manage our client services effectively, and in line with ITIL best practices Experian have
defined Service Levels across all core processes (incl. Incident, Service Request, Problem,
Change Management etc). Our Tiered Service Framework allows us to provide differing levels
of service and support offerings to meet our client’s needs. The Service Tier selected will define
the SLAs we work to. Engagement via a SPOC our Experian Service Desk will ensure all
interactions are recorded and assessed against impact and severity before being assigned a
"Priority".
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support is 09:00 - 17:00, enhanced packages offer up to 24/7 support availability, Enhanced support costs are determined by the user requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once an agreement is in place, Experian will send access details to relevant users. The users can start accessing the product and use the online help ('Resources') if required. Experian can also arrange for onsite training should it be required.
Finally, there are webinars help roughly every two weeks that users can register for.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Excel
  • Swagger
End-of-contract data extraction
BusinessIQ has storage and reporting facilities within the product. Users can extract (with relevant user permissions) information in to .CSV files.
End-of-contract process
Access to and use of the service to a defined period is included in the price. At the end of the contract, should no renewal be agreed, the user(s) will no longer be able to access the service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
Of the four modules in BusinessIQ, one module, DecisionIQ can be accessed via an API.
The API is available in JSON format.
For more details on integrating the API, please speak to the Experian contact.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
There are four modules available, each is optional.
Within the modules there are optional services (e.g. Business Reports module and access to International Reports).
A client can also configure different access within their chosen service, providing varying levels of access/permission to different users within their organisation.

Scaling

Independence of resources
Experian work to a best practice delivery approach which ensures that proposals that mature into solutions are reviewed with sufficient governance and are assessed and approved in the context of; Service Design, Security, Service Support, Solution Design Authority; Service Acceptance; Capacity & Demand.

Analytics

Service usage metrics
Yes
Metrics types
BusinessIQ has an integrated Report Manager logging and storing reports purchased for a year.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
A number of areas within the online solution allow users to export data in .CSV format.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99% per month
Approach to resilience
Experian is not only committed to ensuring that our staff are prepared; our third parties and outsourcing suppliers are required to meet the same standards and controls. Our approach is in line with industry best practice and includes the following considerations;
• Business Impact Analysis
• Business Continuity Planning
• Crisis Management.
• Notification & Escalation
• The Global Risk Management process
• Disaster Recovery Services
• Recovery Work Area
Outage reporting
Internal monitoring and alerting in place which is managed 24 x 7.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Experian works on a policy of least required access. Access to all management systems requires appropriate approvals and is subject to automatic quarterly reviews and audit.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DNV GL Business Assurance Limited
ISO/IEC 27001 accreditation date
20/12/2016
What the ISO/IEC 27001 doesn’t cover
Everything is covered
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Trust Wave
PCI DSS accreditation date
28/10/2016
What the PCI DSS doesn’t cover
Experian (UK&I) maintains a complex PCI data environment which includes both service provider elements and Merchant payment processing activities. As of October 2010, this has resulted in Experian being classified as a Level 1 PCI DSS Service Provider and also compliant for the Merchant services it performs.

Experian has contracted with Trustwave to perform a Payment Card Industry (PCI) assessment to determine the compliance of their facilities with major Card Companies’ published PCI security guidelines and requirements.

As a result of this assessment, Experian UK&I achieved COMPLIANT status with the PCI DSS security requirements and have successfully recertified in line with requirements
Other security certifications
Yes
Any other security certifications
Cyber Essentials Certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Experian have a comprehensive global security policy based on the ISO27001 standard which covers: Organisation and Management, information security, asset classification, physical and environmental security, communications and operations management, system access, systems development and maintenance, compliance, personnel and provisioning, business continuity management, third party management. The policy is owned by Experian's executive risk management committee which is an executive level body, and which assumes ultimate responsibility for Experian's risk position. Information security is a key component of the risk management framework. Experian management supports security through leadership statements, actions and endorsement of the security policy and implementing/improving the controls specified in the policy. The policy is available to all Experian employees and contractors on the intranet. Changes to the policy are announced on the company's intranet computer based information security and data protection training, and this is repeated on at least an annual basis. Compliance to policy is overseen by internal audit.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Experian have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, processes, and procedures are regularly audited by independent auditors. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Servers and PCs are built to a documented secure standard, which includes anti-virus and malware defences. Information assets have a defined patching schedule, determined by the system's criticality and the level of threat the patch is mitigating. Experian actively monitors threat environment and checks the effectiveness of security controls by reviewing both free and paid for sources of threat information, including, public information, major vendor feeds and also receiving information from specialist closed group mailing lists. The overall process is also plugged into an automated patch and fix strategy, underpinned with a technology infrastructure to deliver corrective updates.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Monitoring processes and tools are in place to manage alarms generated by security related alerts and these are fed into the incident management process. Experian has a formally documented risk based incident management process to respond to security violations, unusual or suspicious events and incidents. In the event an incident occurs a team of experts from all relevant areas of Experian are gathered to form an incident response team, who manage activities until resolution. The incident response team are available 24/7 to resolve any incident. Out of core hours the dedicated incident hotline is routed to the command centre.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The incident management process incorporates a number of participants and contributors, including: Global Security Office - who facilitate and coordinate activities under the business security coordinator's guidance; Business Security Coordinator - a representative of the impacted business area, responsible for coordinating resolution activities; Incident Response Team (IRT) - IRT is made up of a membership that are empowered to make key decisions surrounding the actions to be taken to reduce impact, control actions, and impose corrective activities. A client report would be created, including: high level overview; facts; overview of events; actions taken.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.75 to £10.00 per unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Up to 50 free UK credit reports with 2 weeks access.

Service documents

Return to top ↑