Melissa Data Ltd

Contact Data Verification

The service provides: Address lookup; Address verification; Name; Phone and Email verification. Simplifying the process of data capture at the point entry. The service is modular so that the licencee can select one, several, or all the contact data verification elements, depending on their requirement. Ideal for CRM systems.

Features

• Provides address suggestions in real time
• Email & Phone verification in real time
• UK and 240 other Countries address reference data
• Service uses verified UK & Global data
• Output addresses are standardised correctly for Country formats
• Fully customisable solutions with a range of end points
• Free technical support
• Rooftop Lats/Longs (Geocoding) append option for Addresses
• Ideal for CRM and similar applications

Benefits

• Reduces errors in data entry
• Reduces time taken to fill out forms
• Can capture UK and any other Countries addresses worldwide
• Improves the user experience
• Capture correct and verified contact data at point of entry
• Data entry is consistent and standardised
• Provides KYC when combined with our other services
• Output standardised to Country formats

£0.01 to £0.04 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@melissa.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

412715408297915

Contact

Barley Laing
020 7718 0070
info.uk@melissa.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: With a suitable licence, there are no constraints
• System requirements:
  • Licenced dependent on use case
  • Can be licenced as: Public; Private or Hybrid Cloud

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times are within 3 hours during week days, and by 12 noon for the following work day after a weekend.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Our web chat enables customers/users to communicate with Melissa representatives in real time via a web link. Typically this is through text in a pop-up window, with audio prompts.
• Web chat accessibility testing: N/A
• Onsite support: Onsite support
• Support levels: Standard support is 20 hrs a day Mon to Fri. This can be via email, phone or webex. This support is provided for free for the lifetime of the service licence, and includes service training and integration assistance. Standard support is based on a ticketed system and accesses all of our global support agents. SLA's - tailored support packages are available. These vary depending on requirement but can provide response times of within 3 hours 24/7, with named technical support engineers in a tiered escalation process. SLA costs are based on the individual requirements for uptime and support levels.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full service start up guidance is available through our online wiki: technical documentation; sample code; service URLs; FAQs etc. Onsite, Telephone, Online webex, and Email training is also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: This is clarified at the beginning of individual contracts, and is covered in our service Licence and T&C's, Melissa Data conform to the relevant regulations and procedures.
• End-of-contract process: Contracts & T/C's detail the period for which a service is licenced and how it can be used. Licencee's can renew at the end of the agreed initial licence, or stop licencing the service without penalty - as long as no agreed conditions or contractual arrangements have been breached.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Services can be delivered to any screen size resolution
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Melissa web services are typically delivered as API's but can also be accessed via pre-built interfaces such as ETL tools such as SQL SSIS components, and CRM's such as SalesForce & MS Dynamics etc
• Accessibility standards: None or don’t know
• Description of accessibility: Users access our web services via connected devices
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Users can consume the service through an API. As such it can be integrated anywhere in an organisations process flow. Users will use a Web Portal to determine transaction counts.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The format and integration of the service can be defined by the licence holder. As a cloud API the services can be integrated into any area of the users process flow.

Scaling

• Independence of resources: The service feature a clustered approach so incoming requests are equally distributed on many nodes ensuring consistency and failover. Service monitors have On-Demand instances ready to spin up at a moment's notice in response to load. Globally distributed DNS architecture means there aren't any single points of failure.

Analytics

• Service usage metrics: Yes
• Metrics types: A count of transactions and the date submitted is kept. SNMP metrics, Server metrics and network protocol metrics are also kept for a six month duration.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Supplied data is never stored.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The service returns real-time JSON requests and responses that are exported to the source system by program code.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats:
  • REST
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Services will be available during each calendar quarter at least 99.9% of the time, measured inside Melissa Data’s data centers. The measurement will be in 5 minute intervals, with each 5 minute interval of downtime counting as 3.5% (5/(60 * 24)) of the downtime for the day. The system is designed for full availability during routine maintenance.
• Approach to resilience: The Melissa Data cloud is running Windows servers using Network Load Balancing cluster technology in multiple geographically distributed commercial data centre locations. DNS Load balancing and web service health monitoring are enabled so unhealthy servers are removed from rotation automatically. All incoming requests are sent immediately to available servers in the cluster. Melissa Data provides monitoring and real time testing of all servers, so that any problems will be flagged and technicians notified. This design eliminates single points of failure and helps ensure high availability for critical systems.
• Outage reporting: Via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Staff accesses the production system through directly attached terminals, secure VPNs. Multi-factor authentication is used for staff when accessing production systems. Callers for support will need to provide an encrypted license key or have an email requesting support from an authorized person in the authorized distribution group for the requesting company.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Beyond Security
• PCI DSS accreditation date: 15/04/2022
• What the PCI DSS doesn’t cover: Melissa can attest to testing web service endpoints with the PCI-DSS standard penetration tests, however Melissa does not send or receive financial information.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type 1 & 2
  • HITECH

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SSAE16; SOC 2; PCI DSS; HITECH
• Information security policies and processes: Melissa Data's Information Security Policy ensures that information, as defined hereinafter, in all its forms--written, spoken, recorded electronically or printed--will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information. All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance. All activities identified by the policies and procedures must also be documented. Policies will be periodically reviewed for appropriateness and accuracy in reflecting current practices. At each department and/or department level, additional policies, standards and procedures will be developed detailing the implementation of this policy and set of standards, and address any additional information systems functionality in such department. All departmental policies must be consistent with this policy. All systems implemented after the effective date of these policies are expected to comply with the provisions of this policy where possible.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Web Service compatibility is maintained throughout the lifetime of the service. New versions are periodically rolled out but any deprecated elements are maintained to support existing client code. Changes are communicated well in advance and new URLs are sent out to facilitate a gradual migration to new service endpoints. All planned releases follow a security testing model that is OWASP compliant to ensure security.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Periodic training is conducted to keep all information security personnel up to date with security bulletins and vendor patches. All services are tested using the OWASP framework to ensure security guidelines are followed. Patches are deployed on a monthly basis, however, they could be applied in a day or two after release depending on severity. Information security personnel are briefed by enterprise vendors for equipment and antivirus software and stay informed using Open Threat Exchange, and other security professional sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Because Melissa Data does not store client supplied data and encrypts transmissions to and from the servers, the potential for breach is greatly reduced. However, even in this hardened architecture digital fingerprinting and audit techniques can be carried out. In the event of a security breach, Melissa will notify clients immediately via email.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Logging and audit trails are kept at every level and are reviewed continuously by company personnel. Users can report incidents directly to the IT staff and reports on outages and or intrusions will be sent out via a special web service bulletin email when a security breach is detected and when the postmortem is generated and the remedies identified.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Melissa launched its ‘Global Green Initiative’ in 2020, which is a cohesive programme of sustainable work practices implemented at corporate locations across UK, North America, Europe, Asia Pacific and India. Energy is sourced from green providers and power-saving equipment is programmed to turn off when not in use. The lights are on motion sensors, and the ventilation is only on when staff members are present. LED lights have replaced less efficient ones and all electrical appliances in the office are top rated for energy savings . We have a ‘reduce, re-use, recycle policy’ which means business operations are near paper free and rely on digital signatures and data transmission. Melissa employees worldwide will be the biggest asset when it comes to meeting the objectives set out in our Global Green Initiative. They have been educated on helping us achieve our objectives. We have also empowered them to make suggestions on how we can operate in an a more environmentally friendly way. Melissa encourages staff to come to work on public transport, when they are required in the office. In fact, travel has been reduced universally with staff encouraged, where possible, to undertake meetings, whether with customers, prospects, suppliers or colleagues, via online video. Melissa exists to help organisations to cut waste and improve sustainability via our data quality and ID verification services, and therefore lessen their impact on the environment. Our identity verification services that check for fraudulent activity, which includes document scanning / verification and biometrics capabilities, not only prevents materials and time being wasted in dealing with potential criminals, but enables ID checks and user onboarding to take place remotely, which has significant environmental benefits. Our Global Green Initiative is a big step in our mission to reduce emissions and carbon footprint, and deliver smarter, cleaner business operations.
• Covid-19 recovery:

  Covid-19 recovery

  Melissa is committed to ensuring staff work in a healthy and safe workplace. We continually assess and will react quickly to any escalation in the pandemic to ensure the safety of our staff, while at the same time ensuring clients are effectively served. We offer staff mobile and flexible working terms outside of the office environment. As well as helping to reduce their risk of catching Covid-19 by working from home, it’s an approach which ensures clients always have access to a team member for support. We consult staff on workplace safety plans and as part of our risk assessments, which all include Covid-19. We always encourage staff to flag concerns about unsafe processes at work. When the team meet up in-person we take all necessary precautions to ensure the safety of our staff, such as meeting in a well ventilated area. We have full employers’ liability insurance to not only protect the business, but that of our employees who experience illness.
• Tackling economic inequality:

  Tackling economic inequality

  Melissa is dedicated to tackling economic inequality, and playing our part in helping to lower the unequal distribution of income and opportunity between different groups in society. This involves creating new business and employment opportunities, ensuring diversity of the amongst our workforce and supply chain, through to improving education and training for our staff members.
• Equal opportunity:

  Equal opportunity

  Melissa is committed to fostering, cultivating and preserving a culture of diversity, equity, and inclusion. We embrace and encourage our employees’ differences in age, colour, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique. Melissa’s diversity initiatives are applicable to our practices and policies on recruitment and selection; compensation and benefits; professional development and training; promotions; transfers; social and recreational programs; layoffs; terminations; and the ongoing development of a work environment built on the premise of gender and diversity equity. All Melissa employees have a responsibility to treat others with dignity and respect at all times. Any employee found to have exhibited any inappropriate conduct or behaviour against others may be subject to disciplinary action.
• Wellbeing:

  Wellbeing

  The wellbeing of our staff is a top priority. We foster a supportive and open working environment with employees encouraged to raise any issues related to their wellbeing. We regularly engage with staff, who all work from home full time, to monitor their mental health, wellbeing and work-life balance, and act where support is needed, to ensure they remain healthy and assist them in reaching their potential.

Pricing

• Price: £0.01 to £0.04 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to API's for service testing. Testing is limited to a volume of transactions for throughput and/or time is limited to 3 weeks, but can be extended in certain circumstances
• Link to free trial: http://bit.ly/melissa-datacleansing

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@melissa.com. Tell them what format you need. It will help if you say what assistive technology you use.