ProxyAddress

ProxyAddress

ProxyAddress is a unique, award-winning service providing secure 'proxy' address details to those facing the instability of homelessness. A ProxyAddress helps to establish consistency and can be used like a normal address to securely access vital services and support, regardless of location or how often an individual moves.

Features

• Helps remove barriers and avoid stigma for those facing homelessness
• Provides fast and secure access to crucial services and support
• Cost-effective and rapid results with potential for same-day impact
• Uses existing data through network of partners
• All address data provided with explicit consent of the owners
• Secure service compliant with anti-fraud legislation
• Suitable for those with both prevention and relief duties
• No impact on existing address' security, credit rating, or post
• Provides easy access to multiple services in one easy step
• Works across rough sleeping, sofa surfing, and temporary accommodation scenarios

Benefits

• Stable address improves access to services and support
• Improves expected outcomes in fast and cost-effective way
• Provides cross-sector support across a network of partners
• Consistent communication with employers, social services, and healthcare providers.
• Reduces administrative barriers for job applications and benefits claims
• Increases likelihood of securing stable housing and support
• Enhances dignity and self-esteem, fostering stability and belonging
• Prevents individuals from falling through support system gaps
• Streamlines communication, improving efficiency for service providers
• Facilitates data collection for effective resource allocation and policy

£21,200 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris@proxyaddress.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

553170196236685

Contact

Chris Hildrey
02074594328
chris@proxyaddress.org

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours during working week. Within 48 hours during weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The buyer will be provided with a dedicated account manager who owns and manages the account. They will be available for all questions and queries via email and phone. This support is provided at no extra cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding begins with a launch meeting between the buyer and the ProxyAddress account manager to plan the deployment of the product, identify internal staff 'champions', and identify actions to be undertaken.; ; Instructive sessions will then be held with the buyer's internal champions, wider teams, and external referral services to outline how to refer members to ProxyAddress and onboard them both in person and remotely.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When the contract ends, ProxyAddress will retain limited contact information (name, gender, email, phone number, date of birth) for a period of 7 years to assist in identifying users if they get back in touch with ProxyAddress. ; ; However, all other data (other than limited contact information) will be deleted 2 years after the user's case is closed or the buyer ceases to be a ProxyAddress partner.; ; Users can request a copy of the information that ProxyAddress holds about them, including personal data, by sending an email to dpo@proxyaddress.org. ProxyAddress will provide this information free of charge, though may charge a reasonable administrative cost for further copies.
• End-of-contract process: Buyers can renew their subscription online or in writing. Should the buyer wish to end the subscription, they should notify ProxyAddress in writing (either by email or by letter) with not less than three months’ notice that they would like to end their contract. Notifications are acknowledged and appropriate arrangements made to cancel the contract at the end of current licence year.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The portal is designed to be responsive and useable in both formats.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The service interface takes the form of a secure online portal. Features include authentication, user roles, encrypted data storage, and audit trails. The portal offers straightforward navigation, privacy controls, search functionalities, and customizable dashboards for efficient information retrieval and decision-making.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Interface testing with users of assistive technology involved working with participants representing diverse disabilities and using common assistive tools like screen readers. In a controlled environment, we evaluated user interactions, navigation, comprehension, and functionality. Feedback sessions allowed users to express difficulties and suggest improvements, which we integrated into iterative testing cycles.
• API: No
• Customisation available: No

Scaling

• Independence of resources: We ensure user independence by scaling our infrastructure dynamically to ensure robust resource allocation. Through load balancing and auto-scaling features, we ensure high availability and fault tolerance regardless of fluctuations in demand. ; ; Our architecture prioritizes user experience, ensuring each user receives consistent service irrespective of others' activity. Continuous monitoring and proactive capacity planning further allow us to to meet user demands.

Analytics

• Service usage metrics: Yes
• Metrics types: Yes, we offer comprehensive service usage metrics to ensure informed decision-making. Our metrics cover essential, anonymised, aspects of the active cohort such as user counts, engagement, service referrals, number escaping homelessness, and retention rates. ; ; For the server side, information on data throughput and uptime percentages can be provided on request. These metrics enable both our team and users to gauge platform performance, identify usage patterns, and optimize service utilization effectively.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users are able to export their data via the platform's admin interface in standard formats including CSV. We ensure security and transparency throughout the process, maintaining the confidentiality and integrity of users' information.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee a high level of availability for our SaaS platform, ensuring that users can expect uninterrupted access to our services. ; ; Our service level agreements (SLAs) outline specific uptime percentages of 99.95% during office hours. In the rare event that we don't meet our guaranteed levels of availability, we have transparent refund policies in place. Users are promptly compensated according to the terms outlined in our SLAs. Our commitment to reliability extends beyond contractual obligations; we continually invest in redundant infrastructure, proactive monitoring, and rapid incident response protocols to minimize downtime and ensure user satisfaction.; ; Our redundant systems and failover mechanisms bolster resilience, mitigating the impact of potential disruptions. Additionally, our dedicated support contact details remain accessible around the clock to address any issues promptly.
• Approach to resilience: We have implemented a robust approach to resilience to ensure mitigation against issues relating to infrastructure, dependent services, misconfigurations, transient network issues, and load spikes. ; ; We deploy our services across multiple availability zones to mitigate single points of failure and enhance fault tolerance. Our datacentre setup incorporates redundant networking, power supply, and storage systems to maintain operational continuity. ; ; We employ automatic scaling and load balancing mechanisms to dynamically allocate resources and handle fluctuating demand. Regular data backups and disaster recovery procedures are integral parts of our resilience strategy, ensuring data integrity and availability even in the face of unforeseen events. ; ; Additionally, we conduct routine audits and performance monitoring to proactively identify and address any potential vulnerabilities or bottlenecks.
• Outage reporting: Any service outages are reported through multiple channels, ensuring transparency and timely communication. ; ; We maintain a public dashboard that provides status updates, enabling users to stay informed about any disruptions. Additionally, our email alert system notifies users directly, ensuring they are promptly informed of any incidents affecting service availability. ; ; Furthermore, our support team remains available to provide additional assistance and updates as needed, ensuring minimal disruption to critical operations.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only engineers and designated buyer team administrators have the ability to make a user an admin or revoke that privilege. All edits to data, records, and uploads are tracked and prepared for audit to assist in privilege review.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: CyberEssentials
• Information security policies and processes: ProxyAddress adheres to stringent information security policies and processes to safeguard sensitive data and ensure compliance with regulatory requirements. Our policies encompass data encryption, access controls, incident response, and regular security assessments. We have established a clear reporting structure for overseeing policy implementation and compliance. ; ; Audits and assessments are conducted to evaluate adherence to security policies and identify areas for improvement. Training is provided to employees to ensure awareness of security best practices and their role in maintaining a secure environment. By integrating robust security policies, proactive monitoring, and continuous improvement initiatives, we uphold the confidentiality, integrity, and availability of data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our procedures prioritise minimising disruptions and maintaining the integrity of our services. We track service components throughout their lifecycle using version control and documentation. ; ; All changes undergo thorough assessment, including security impact analysis, before implementation, with all code updates run through an automated testing suite before deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We employ a proactive vulnerability management process. We continuously assess potential threats through threat intelligence sources and internal security audits. Rapid deployment of patches is prioritised, with updates typically implemented within days or hours of their release. We stay informed about potential threats through industry alerts, security advisories, and collaboration with trusted partners and communities, ensuring timely mitigation of vulnerabilities and maintaining the security of our services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Upon detecting a potential compromise or being notified of an error, our security team initiates a predefined incident response plan, which includes isolating affected systems, investigating the incident thoroughly, and implementing necessary remediation measures. Our goal is to respond to incidents promptly, typically within minutes or hours, to minimise any impact.
• Incident management type: Supplier-defined controls
• Incident management approach: Established incident management processes are in place to ensure prompt resolution and user transparency. Pre-defined protocols for common events reduce response times. Users can report incidents on the website by contacting hello@proxyaddress.org. Following resolution, detailed incident reports are provided to affected users, outlining causes, actions taken, and preventive measures.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  ProxyAddress contributes to tackling economic inequality by creating employment opportunities for marginalized individuals, particularly those facing barriers to employment. By providing a secure address, ProxyAddress enables individuals to access essential services and avoid stigma, thereby supporting economic growth and job creation.

  Equal opportunity

  ProxyAddress promotes equal opportunities by providing individuals experiencing homelessness with a secure address, enabling access to essential services such as banking, healthcare, universal credit, employment opportunities, and public resources like libraries. ; ; By offering a stable address, ProxyAddress can also facilitate engagement in the democratic process, ensuring individuals can exercise their right to vote. ; ; ProxyAddress also benefits from a broad network of partners and stakeholders who help to raise awareness and advocate for policies that promote equal access to services and reduce stigma. Through these efforts, ProxyAddress contributes to fostering a more inclusive society where everyone has equitable access to essential resources and participation in civic life.

  Wellbeing

  ProxyAddress enhances wellbeing by providing a stable address to those facing - or at risk of - homelessness. This benefits people facing a range of situations, including individuals leaving the care system and those escaping domestic abuse. ; ; For individuals leaving care, ProxyAddress offers a foundation for stability, enabling access to essential services as they transition into independent living and promoting overall wellbeing. Similarly, for survivors of domestic abuse, ProxyAddress provides a secure means to establish a new identity and access support services without fear of being traced, contributing to their safety and mental health recovery. ; ; By addressing the fundamental need for a secure address, ProxyAddress plays a vital role in promoting the wellbeing and empowerment of vulnerable people, facilitating their access to critical resources and opportunities for a brighter future.

Pricing

• Price: £21,200 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris@proxyaddress.org. Tell them what format you need. It will help if you say what assistive technology you use.