bxp software

bxp software

Cloud based software that drives efficiencies in customer contact, contact centre management and HRM


  • Cloud based
  • Data encrypted at all times
  • Systems integration
  • Built-in/bespoke/meta-data reporting
  • Online/offline facility
  • Workforce & talent management
  • HRM self-service
  • Knowledge management
  • Web site integration
  • Automatic data load


  • Access from anywhere on any device
  • Banking level security
  • Integrates with existing applications
  • Turns any of your data into valuable information
  • Secure solution for field-based users, in or out of coverage
  • Comprehensive human resource management including self service
  • Will link to your website (or we build new one)
  • We can securely upload your existing data in moments


£25 per licence per month

  • Free trial available

Service documents

G-Cloud 11


bxp software

Chris Thomson

0207 692 0705


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Initial response within one business hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Vis system, authorised users
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Support level and costs are assessed on a case by case basis

All clients are assigned a technical account manager
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We work very closely with the client during acceptance and provide comprehensive post-rollout support, online or on-site, as appropriate
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Word
End-of-contract data extraction In compliance with GDPR, all client data can be downloaded in a compatible format such as Excel
End-of-contract process The client can readily download their own data. We can do this on their behalf on a scope-and-quote basis.

Once the data has been copied down, we will erase in compliance with GDPR

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no specific adaptations related to device type. The service works on any device with a browser
Service interface No
What users can and can't do using the API Comprehensive information relating to our API can be found here
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Virtually any aspect of the system can be tailored to organisation and user needs. This can be done either by the client or by us on a contracted basis


Independence of resources Significant over-capacity. High-availability architecture. Network protection provided by Sungard AS


Service usage metrics Yes
Metrics types All user log-ins are time and date stamped and a complete audit trail, including user IP address can be created.

The report will include content accessed and/or updated
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Each client can download on a campaign by campaign basis, or contract with us to download their entire data warehouse.
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks We have extensive security documentation and this topic is covered in full at https://www.bxpsoftware.com/wixi/index.php/Bxp_-_End_to_End_encryption_and_High_Availability

We also provide a custom cipher suite which increases the security of TLS
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99.8% system access
Approach to resilience Our servers are hosted by Sungard Availability Services and comprehensive documentation on their resilience policy can be found here
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication Active Directory LDAP integration possible.
Access restrictions in management interfaces and support channels All users have a custom set of permissions and access. When a client deploys the system they appoint a System Champion and this 'Super-user' can decide what permissions/access a user has.

A complete audit trail of all users interactions is provided by the "System Access Management" module. Additional details can be found below:
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Sungard Availibilty Services are certified to ISO 27001.

All n One Ltd are currently awaiting Stage One ISO27001 audit.
Information security policies and processes Our dedicated security department undertakes daily, weekly and monthly checks on adherence to policies and procedures.

These are comprehensive and cannot adequately be described here.

The security department reports to the board on a monthly basis

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Code is created, checked and put into a testing environment before release.

Clients are notified in advance of all updates and service pack releases.

Changes are assessed for potential security impact by internal resource and by selected clients on a pre-release basis
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerability testing is conducted by the Security Department, using Kali Linux.

Detected vulnerabilities are sent to the board operations for remedy.

The Security Department reviews appropriate blogs and supplier websites to remain up to date about any new threats. Any threat without a patch is prioritised for mitigation.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We utilise SunGard AS' network monitoring service to allow us to see any potential back end compromises. With regard to front end, bxp software provides a full audit log of all user interactions and all users can have custom permissions and access. If data has been downloaded/deleted a complete audit log of user,time date etc can be provided.

When an issue is discovered we follow our data breach process in compliance with GDPR. More information in link below.

We respond to incidents immediately and aim to mitigate them ASAP.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our incident process is described here:

Users can report incidents via phone/e-mail or a help me button within the software.

We provide an initial incident response report within 2 hours. We provide a further update once the incident has been investigated in detail.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £25 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer a limited sample system based on client requirements and the system elements provided or denied are agreed on a case by case basis.

We would generally provide the trial for a month.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑