Ideal Postcodes Address Validation

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: HTTP API can be rate limited
System requirements: Internet access

Ability to make HTTP requests

User support

Email or online ticketing support: Email or online ticketing
Support response times: Support@ideal-postcodes.co.uk

Questions are responded to as soon as reasonably possible.

Emails are monitored on the weekends.

However, only critical issues are handled outside of UK working days.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Chat.ideal-postcodes.co.uk

Users can turn on alerts and audio as notifications based on messages.

ARIA attributes are used to define strings that label the element and role attributes are used to help assistive technology users understand what the element does.
Web chat accessibility testing: None
Onsite support: Yes, at extra cost
Support levels: Support is free. We can be reached by email, phone and live chat. We also provide free support to assist with any integration or technical queries. Premium support SLA available at an additional cost with 24/7 monitoring.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Get started by creating an Ideal Postcodes account on ideal-postcodes.co.uk. Once signed in, you may create Keys via your dashboard and use them to query for addressing data. All Keys are instantly usable on our API with test requests. We provide a wide range of test methods to allow you to develop a rigorous and correct implementation. Test requests do not affect your lookup balance. To take your Key live and query genuine addressing data, you will need to purchase a lookup balance for your key or a licence that grants data access. Requests that retrieve addressing data (i.e. using the /addresses and /postcodes API) will deduct one lookup from your balance. You can also setup Automated Top-Ups to reload your balance when it runs low.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Past API usage data may be extracted via the API. We can also extract your data for you upon request.
End-of-contract process: Access to the API will no longer be available. No additional costs are applicable.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: There is no difference between the HTTP API for mobile and desktop users. Integrations may differ between end users; however, depending on the user interface and accessibility requirements. We provide a range of integrations which provide Address Validation and Postcode Lookup functionality.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Accounts, keys, usage, billing and datasets can be managed via a dashboard on https://ideal-postcodes.co.uk.
Accessibility standards: None or don’t know
Description of accessibility: Address Validation is WAI-ARIA compliant which is a screen reader.
Accessibility testing: We use automated accessibility testing tools to meet WCAG 2.1 standards.

In doing so, we strive to make sure:
- all images have alternative text
- all form buttons have a descriptive value
- all form inputs to have associated text values
- embedded multimedia to be identifiable via accessible text
- semantic markup is abided by standards
- tables are used for tabular data and data cells are associated with their headers
- ARIA labelling is used where standard HTML is insufficient and ARIA is used to convey HTML semantics accordingly
- no page content flashes more than 3 times per second
- web pages have descriptive titles
- the purpose of links can be determined from the link text alone and from its context
- the language of the page is identified using the HTML lang attribute
- required form elements have corresponding labels
- form validation errors are efficient, intuitive and accessible
- if input errors are detected, suggestions are provided to resolve the issue
API: Yes
What users can and can't do using the API: Users can accomplish the following via the HTTP API: Query addressing data (Postcode Lookup, address search, Address Finder, UPRN search, address geocoding), check availability of API key, check API key balance and check historical usage of API key.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Integrations with our services are highly customisable. We provide browser libraries which can integrate address validation capabilities building on the addressing APIs we provide. The most basic integration for a website or application can be setup very quickly. These libraries contain a large number of configuration options to customise behaviour and styling of the integration. Users can apply their own CSS classes and styles, specify custom DOM elements to use for the integration and hook into various events in the address lookup process using callback functions. Buyers can also build their own front or backend integrations based around their own requirements. This can be accomplished by modifying our existing open-source implementations or creating a new integration altogether. We also accept pull requests to add more functionality into our existing libraries. Our integrations are all available on GitHub.com (https://github.com/ideal-postcodes). We are happy to provide any assistance and technical advice in this regard via our support channels.

Scaling

Independence of resources: All our internal services are scaled horizontally. Should any part of our service hit a bottleneck in terms of processing, memory or storage requirements, we are able to create new virtual machines within 30 minutes to expand our resource pool. Services are monitored 24/7 and an engineer is alerted should any of our services trip one of our (conservative) resource utilisation thresholds. We also over-provision our services in terms of computing resources, which affords us more time to deal with any potential resource issues.

Analytics

Service usage metrics: Yes
Metrics types: Users can retrieve their usage data via the dashboard or API. These metrics include paid requests per day as well as per request metrics (including IP address, request type, search term and HTTP referrer).
Reporting types: API access

Real-time dashboards

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Royal Mail, Ordnance Survey, OSNI, Eircode

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with another standard

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Users can export their historical usage data via the dashboard or HTTP API. The former method requires the correct username and password to access the dashboard. The latter method requires a secret user token included in the API request.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: All hosts block network traffic on every interface for all ports for both private and public networks by default. Only network data from recognised IP addresses and specifically authorised ports are permitted. Furthermore data travelling across our private network can only be accessed by our hosting provider.

Availability and resilience

Guaranteed availability: Historical availability and current service status is retrievable from status.ideal-postcodes.co.uk. We strive to maximise our uptime. 99.99% SLA is provided for Public Sector Licensees.

External availability is tracked by a third party monitoring service. The historical data from our 3rd party monitoring service is also reported on our status page.
Approach to resilience: Every layer of our service (including our webservers, application services and our database services) is distributed and horizontally scalable. Each of these services are designed to have nodes readily added (or removed) to support greater resiliency as well as enabling higher throughput if required. Upon the failure of a node caused by hardware failure or a broken build, traffic is subsequently rerouted to healthy nodes in order to minimise disruption.
Outage reporting: Outages are reported on status.ideal-postcodes.co.uk.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password

Other
Other user authentication: API Key
Access restrictions in management interfaces and support channels: Management interfaces are only available behind username and password authentication. Sensitive support requests are handled over phone, email or a private chatroom.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Centre for Assessment
ISO/IEC 27001 accreditation date: 18/01/2022
What the ISO/IEC 27001 doesn’t cover: Address Validation is covered by ISO 27001
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: We follow all processes and procedures outlined and indicated by ISO 27001. We maintain a standardised security document which determines our security policies for our software and hardware infrastructure. This document determines security protocols including: storing of system secrets and keys, provisioning and securing of our servers, procedures for checking and applying updates for the software and libraries and common vulnerabilities to build test suites around. With regards to securing our hardware assets, all our servers are deployed using a standardised script and tested over a thousand times a day to ensure they meet the security requirements laid out in the policy. For our software deployments, software is reviewed and tested for common vulnerabilities and exposures listed in our policy. These tests are stored in a test suite which are continually run on our software to detect any bugs or regressions.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Our services are tracked and deployed via secured, centralised, private code repositories. In order to reduce the possibility of introducing security lapses with changes in code, we maintain thousands of automated tests that check the low level functionality of the code as well as the high level interaction between our services. To reduce the risk of security lapses or regressions, our test suite also tests our software in hundreds of security scenarios and edge cases after every change and prior to every new build being deployed.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: We have a two part strategy for discovering vulnerabilities in the software we use. Firstly, we periodically check our vendors for security notifications and patches. Secondly, we are subscribed to a number of services which track the underlying dependencies in our software and send us automated notifications if any new versions are released. We consider vulnerabilities that would affect the availability of our services or leak data to be critical. Critical security updates are applied as soon as possible as a first priority. Non-critical updates, (e.g. performance improvements, bug fixes) are periodically applied over a longer period of time.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: All our hosts send logs (both system logs and process specific logs) to a centralised logging service which aggregates, indexes, encrypts and archives all our log files. These logs can be viewed and queried in realtime. Each log line is scanned for unusual behaviour on a host. Any suspicious activity is then emailed to the server administrators who will investigate. If a host or process is found to be compromised, the host will be removed from our resource pool and inspected before deletion. Based on the outcome of the investigation, remedial action will be taken, e.g. bug fixing or patching.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: We are alerted to incidents via internal and external monitoring services. These services are monitored throughout the week for critical errors. If a critical error takes place, an on call engineer is immediately notified as critical alerts are sent via multiple channels: SMS, email and push notification. Upon notification, an engineer will log into our system remotely to determine and fix the issue. If a user detects an issue, they may report this to us via our support email or chatroom, which is monitored throughout the week. Incident reports are uploaded to our status page - status.ideal-postcodes.co.uk.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Equal opportunity: Equal opportunity

Ideal Postcodes is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination.

All staff should understand they, as well as their employer, can be held liable for acts of bullying, harassment, victimisation and unlawful discrimination, in the course of their employment, against fellow employees, customers, suppliers and the public.
Take seriously complaints of bullying, harassment, victimisation and unlawful discrimination by fellow employees, customers, suppliers, visitors, the public and any others in the course of the organisation’s work activities.
Such acts will be dealt with as misconduct under the organisation’s grievance and/or disciplinary procedures, and appropriate action will be taken. Particularly serious complaints could amount to gross misconduct and lead to dismissal without notice.
Further, sexual harassment may amount to both an employment rights matter and a criminal matter, such as in sexual assault allegations. In addition, harassment under the Protection from Harassment Act 1997 – which is not limited to circumstances where harassment relates to a protected characteristic – is a criminal offence.
Make opportunities for training, development and progress available to all staff, who will be helped and encouraged to develop their full potential, so their talents and resources can be fully utilised to maximise the efficiency of the organisation.
Decisions concerning staff being based on merit (apart from in any necessary and limited exemptions and exceptions allowed under the Equality Act).
Review employment practices and procedures when necessary, to ensure fairness, and also update them and the policy to take account of changes in the law.
Monitor the make-up of the workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability in encouraging equality, diversity and inclusion, and in meeting the aims and commitments set out in the equality, diversity and inclusion policy.

Pricing

Price: £2.00 to £2,000 a licence
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: We provide a free test balance for 3 months. Test methods are available to access the API without affecting your balance. We also provide small, provisional test balances for users that wish to make live queries against the API.

Ideal Postcodes Address Validation

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Ideal Postcodes Address Validation

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents