WhenFresh Limited

WhenFresh Property Data Bureau

Hosted property database

Features

• RESTful API interrogating UK property information
• Royal Mail PAF
• Ordnance Survey UPRN
• Property Title Number
• Property Research
• Property description information
• Property pricing and valuation information
• Property risk information
• Property listings and transaction information
• Property Sales and Rental Information

Benefits

• real time UK property information and insight
• automated decisioning
• reduction of manual processes and interventions
• single location of UK property information
• desktop research decision support
• online surveying capability
• fraud identification
• enhance debt recovery
• local authority property insight
• housing condition support

£0.01 to £10.00 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Helen.Morley@whenfresh.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

330414672385588

Contact

Helen Morley
+44(0)2079935818
Helen.Morley@whenfresh.com

Service scope

• Service constraints: 24/7 Service has 99.35% availability; Includes regular weekly update window at 14:00 UK time every Saturday
• System requirements:
  • No specific licenses required.
  • For .NET implementations, a NuGet package is available.
  • Other languages require an HTTP capability.
  • http://docs.api.whenfresh.com/overview/overview.html

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: UK office hours 09:00 to 17:00; Best endeavours outside of these hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Default support package provides a 3 line triage in UK business hours with a support request response SLA of 1 business day days. Greater support levels are available subject to arrangement
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide user documentation ; ; http://docs.api.whenfresh.com; ; and can arrange for online training if required.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data extraction will be covered by contract
• End-of-contract process: PAUL

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: Users can set up the service by following these documents held here:; http://docs.api.whenfresh.com/overview/overview.html
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Max request per second is on Average 2,000 rps. Hard limit of 10,000 rps per account at which point alerting will kick in.; If clients are going to be pushing a large volume of traffic through they should alert us so we can maximise the servers
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Level of availability is 99.35% - includes regular weekly update window at 14:00 UK time every Saturday; SLAs are available on request and can be defined by contract.; Service credits - 10% of the monthly charges for missing the availability and response time levels
• Approach to resilience: Available on request
• Outage reporting: A public dashboard; an API; email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: 2 factor authentication using Okta
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 17/07/2018
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a Information Security Policy which we can supply on request. ; The board of directors has created an Emergency and Response Team (ERT) to both assess and identify the main risks to the business, from IT System malfunctions, utility failures (such as the internet, electrical and phone lines) natural disasters, malicious acts to sabotage and terrorism. Once identified the ERT have also paired up the potential disaster with a solution to ensure that WhenFresh runs as smoothly as possible.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The only person that has access to Production systems and services is the Technology Director. All changes to production must be agreed by the Technical Director and the Commercial Director prior to implementation.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Any threats are assessed and managed by AlertLogic - patches can be deployed within 24 hours; Pen tests are performed annually
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Systems are monitored by AlertLogic. All access to production sytems is removed.; Incidents are responded to immediately; We have a Business Continuity Policy available upon request.
• Incident management type: Undisclosed
• Incident management approach: We have a Business Continuity Policy and Information Security Policy available on request which sets out incident management process,

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: KVM hypervisor
• How shared infrastructure is kept separate: Dedicated servers

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: All data is held on Rackspace and AWS

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We are involved in supporting green energy initiatives in the lending space ie Green mortgages , through our data.

Pricing

• Price: £0.01 to £10.00 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Sample data. 90 day analysis and evaluation period

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Helen.Morley@whenfresh.com. Tell them what format you need. It will help if you say what assistive technology you use.