Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

Experian

Experian Commercial Risk Analysis with Business Profile API

Speed up customer research and make it easy for your teams to understand a business and the people behind it. Experian’s Business Profile API lets you integrate high quality, comprehensive business and director information into your applications, in real-time.

Features

  • Easy to integrate high quality business/commercial information
  • RESTful API
  • Access to Experian’s commercial bureau
  • Provides official and standardised information for ERP and accounting applications

Benefits

  • Easy for customers to sign-up by auto-populating data
  • Enhance customer profiles, minimise cost and time of gathering information
  • Risk-averse approach to data management

Pricing

£0.01 to £3.75 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@experian.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 4 1 5 0 1 6 3 4 5 8 2 5 5 0

Contact

Experian Experian Public Sector
Telephone: +44 (0) 115 941 0888
Email: digitalmarketplace@experian.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Production and User Acceptance Environments will only be supported during normal office hours (09:00 – 17:00 Monday to Friday excluding bank holidays)
System requirements
N/A

User support

Email or online ticketing support
Email or online ticketing
Support response times
To manage client services effectively and consistently, Experian provides Major Incident Management, Incident Management, Service Request Management, Problem Management and Operational Change Management with standardised processes. Incidents and Major Incidents are given Priorities, with higher Priorities receiving faster responses and restoration times. Tracking these values and performing internal data analysis enables Experian to continually improve these services and reduce impact to all clients.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support is weekdays 09:00 - 17:00 UK time, excluding public holidays.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Integration guides, Swagger and Postman Projects available, plus paid-for integration
assistance available
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Excel
  • Swagger
End-of-contract data extraction
Data only held by Experian for support processes and is removed after period
End-of-contract process
Access to and use of the service to a defined period is included in the price. At the end of the
contract, should no renewal be agreed, the user(s) will no longer be able to access the service.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Full service functionality provided via API
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • Other
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Full load balancing, multiple data centres

Analytics

Service usage metrics
Yes
Metrics types
Usage metrics included on the invoice.
Reporting types
API access

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is not required to be imported by the Buyer to Experian's platform therefore data export is
not required
Data export formats
Other
Other data export formats
-
Data import formats
Other
Other data import formats
-

Data-in-transit protection

Data protection between buyer and supplier networks
  • Bonded fibre optic connections
  • Other
Other protection between networks
-
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
SOAP endpoint TLS/1.2
REST endpoint TLS1.2

Availability and resilience

Guaranteed availability
Availability SLAs will be defined case-by-case. There was no known downtime for UK&I clients in FY24.
Approach to resilience
Experian backs up all data that has an on-going business value for operational recovery purposes and to comply with business continuity plans. Backups are regularly tested for reliability and integrity, and restoration procedures are tested for effectiveness and acceptable performance. The confidentiality, integrity and availability of backup media is protected in storage using physical, environmental and technical controls, such as secure storage and encryption.

The primary data resides in Fairham House datacentre and backup data is transferred over dedicated dark fibre links to Experian’s DR site in Bulwell. This is a very secure transfer method and the data cannot be intercepted. This data then resides on tapes in robotic silo’s and NEVER leaves this location physically, if the data is needed, it will be recalled over the same dedicated dark fibre links to Fairham.
Outage reporting
Available on request

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Experian works on a policy of least required access. Access to all management systems
requires appropriate approvals and is subject to automatic quarterly reviews and audit.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DNV GL Business Assurance Ltd
ISO/IEC 27001 accreditation date
20/12/2016
What the ISO/IEC 27001 doesn’t cover
Everything is covered
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Trustwave
PCI DSS accreditation date
28/10/2016
What the PCI DSS doesn’t cover
Everything is covered
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Experian have comprehensive Global Security Policies based on the ISO27001 standard which covers;
- Organisation and Management
- Information Security
- Asset Classification
- Physical and Environmental Security
- Communications and Operations Management
- System Access
- Systems Development and Maintenance
- Compliance
- Personnel and Provisioning
- Business Continuity Management
- Third Party Management

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Modifications and improvements to information systems are managed through a controlled process. Experian's Change Management Policy is based on ITIL best practice. We use a Service Management tool that integrates Change Management, Incident Management, Problem Management, Configuration Management and Knowledge Management. Our policy, process and procedures are regularly audited independently. Business units will establish and maintain a process for documenting proposed changes to systems. The Change Management Group assess the impact of impending changes and produce an impact analysis document of results. The impact assessment considers possible risk exposures, business processes and systems.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
In line with our Global Information Security Policy, Experian performs regular vulnerability and integrity checks of our systems. The scheduling varies depending on criticality and exposure of the system being checked

Experian has regular network security assessment conducted of both internal and external deployments, in which the Firewall Infrastructure is tested, including internal components, applications, and employed servers

Vendor software patches are applied on a monthly cycle with a risk-based approach taken to prioritisation via an automated Patch & Fix strategy which is underpinned with a technology infrastructure to deliver corrective updates.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
GSOC protects Experian information assets through a four level process:
• Collect raw log data from systems across the enterprise.
• Analyse millions of events per day using an artificial intelli-gence based correlation and behavioral analysis engine.
• Identify incidents of interest based on asset and data classification
• Escalate incidents to the appropriate response, remediation or management teams
The Security Event Monitoring (SEM) system analyses raw log data from systems across the enterprise using an advanced statistical and rule based correlation engine to identify, prioritise and alert on significant security events.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Experian has a formally documented risk based incident management process to respond to security violations, unusual or suspicious events and incidents. This process is run by the Experian's Global Security Office and is owned by the Executive.
The purpose of this process is to limit further damage to information assets, identify root cause and execute corrective actions. In the event an incident occurs a team is gathered to form an Incident Response Team, who manage activities until successful resolution. Post incident reviews are held to analyse the effectiveness of the response and operational process in order to continually improve them.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

As an information services business, we have a relatively small environmental footprint compared to
many other industries. The biggest impact from our controlled operations relates to greenhouse gas
emissions from energy used to power, heat and cool our buildings and data centres, and from
business travel (pre-Covid-19). Every year we reduce our carbon footprint, yet we want to take it
further and accelerate our response to the climate change challenge
We’ve started our journey to becoming carbon neutral. Our global Corporate Responsibility team is
engaging with various teams across the organisation to discuss carbon reduction initiatives and get a
good understanding of what’s needed to achieve our target by 2030. This will allow us to develop a
detailed Carbon Neutral Plan, including initiatives, targets, costings and timeframes, for agreement by
end of November.

Covid-19 recovery

We have focused on supporting our people, clients and consumers throughout the COVID-19
pandemic, using data as a force for good, helping to navigate the crisis.
We quickly transitioned the majority of our employees to work from home. We introduced flexible
working and increased collaboration tools and support networks, such as mindfulness programmes, to
help our people navigate the challenges of home working. Webinars and senior leadership vlogs
helped us connect. Our employees around the world have shown incredible resilience, commitment
and flexibility during the COVID-19 pandemic and this is reflected in our results.
We maintained operational capacity throughout the pandemic, we have kept the health and safety of
our employees as the primary consideration of our pandemic response. Most of our employees are
still working remotely. An effort is underway to determine our strategy for work arrangements in the
future. We expect this to be guided by a consistent global framework and principles, with local
flexibility around the approach to account for legal and cultural nuances.
We continue to take industry-leading positions designed to protect and educate consumers, as well as
to promote the responsible reporting of data, with appropriate safeguards, in order to help the
economic recovery from the crisis.

Tackling economic inequality

We help millions of people and businesses around the world get fair and affordable access to
essential services and we work hard to make sure our business has a positive impact on the world,
never a negative one. Our responsibilities – to people, society and the environment – guide
everything we do.
By collecting and analysing data, we help people and businesses build up a financial track record and
gain access to essential, everyday services that have previously been out of reach. We’re also
pioneering the use of alternative data, such as rental or utility payments, to help people with limited
financial history build up and strengthen their credit profiles.
Our people’s talents and our business resources go beyond the workplace. We encourage our people
to use their skills to benefit society: many volunteer their time and skills to support their communities
and improve financial education.
We also help our people support local groups and charities by matching funding and giving donations.
At Experian we realise relationships with all our stakeholders are key to our success and sustainable
business growth. We also recognise that we have an impact on and responsibilities for the society we
trade within. We consider these responsibilities carefully and aim to have a positive impact wherever
we can.
Experian has developed a set of CR principles, endorsed by our Management Committee, to guide
and enhance the way we work with our customers (both clients and individual consumers),
colleagues, suppliers and communities. As a company, we are committed to working by these
principles and will regularly benchmark and assess our progress in each area and report through our
parent company.
Please see a copy of Experian’s supply chain principles on the following link:
https://www.experian.com/corporate/code-of-business-conduct

Equal opportunity

Each and every one of our people deserves to feel valued, represented, and that they belong at
Experian. We have over 30 employee-led groups globally that play a huge part in creating inclusion
and advocating on behalf of our people. These groups are not only a safe space for anyone who
needs it, but also drive change and build awareness across Experian, raising the standard for
everyone.
Experian are registered as ‘Disability Confident’ and are currently undertaking an assessment with the
Business Disability Forum. Our top 3 areas for focus this year is in learning & development,
communications and technology. Our ambition is to remove barriers for all employees with disabilities
at Experian.
Experian recognises that equal opportunities are fundamental to the Company’s success and is
committed to encouraging a working climate that respects and promotes equality. There is a
publicised Equality, Diversity and Inclusion policy which sets out the Company and employee
responsibilities for ensuring equality and embedding a culture and working environment that actively
safeguards against discrimination and unfavourable treatment of people in all aspects of employment
including recruitment, promotion and training opportunities. There is also a Dignity at Work policy
which sets out Experian’s commitment to creating a work environment free of harassment and
bullying, ensuring everyone is treated with dignity and respect. All of the policies are compliant with
the requirements of the Equality Act 2010 and the relevant clauses of the HRA.
More information can be found in Experian’s Diversity, Equity and Inclusion Report here:
https://www.experianplc.com/investors/reports/

Wellbeing

Since the pandemic we have increased our focus on the health and well-being of our teams across
the world. We quickly implemented regular pulse surveys so we could respond rapidly and ensure the
right support was available. We emphasised mental health, reflecting the challenges people faced
while working remotely. A response to the statement ‘I am feeling physically and mentally well’ was
75% favourable on average across five pulse surveys we ran during the year. We put in place a range
of initiatives to support our teams, for example #ReachOut, which gave all employees access to
resources to support their physical and mental health whenever they needed it.
Experian has an important role to play in helping everyone through these uncertain times. We
recognise the significance of the role we play in the UK economy and we are committed to ensuring
that our data services are being used to help, protecting vulnerable people, businesses and
communities.
At Experian, we work to create a better tomorrow for consumers, for businesses, and for our
communities. This ambition underpins our plans for our people – to ensure we have the best people,
working in a high-performing and inclusive environment where they feel they can do their best work in
support of our vision.
We help millions of people gain access to essential, everyday services by helping them make the
most of their data by Improving financial identities and access to credit, providing credit and financial
education and tackling unmanageable debt among vulnerable groups. We define our responsibility as
playing an active part in social and economic regeneration in our communities, at a local, national and
global level, and we have many motivations for this engagement.

Pricing

Price
£0.01 to £3.75 a transaction
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at digitalmarketplace@experian.com. Tell them what format you need. It will help if you say what assistive technology you use.