Compliance is crucial to the work we do at Xpress. For details of our accreditations see below. Please contact us if you have any questions.

BSI ISO 27001

ISO 27001

We have an Information Security Management System (ISMS) which has been independently certified by BSI as compliant with the requirements of ISO27001 for the scope of managing personal data on behalf of our clients.

Cyber Essentials Accreditations

Cyber Essentials

Cyber Attacks exploit weaknesses in IT systems and software. ERS and the ERS Group are proud to have certificates of assurance with the Cyber Essentials scheme. This provides assurance that our ICT defences have been assessed as satisfactory against commodity based cyber attack. We monitor and reassess these regularly.

PCI-DSS compliance Accreditations


We regularly perform external PCI-DSS level scans to identify any vulnerabilities within our products and services.

Data Protection Act

Data Protection Act

We are registered as an authorised ‘Data Controller’ under the Data Protection Act 1998. The Data Protection Act gives rights to individuals in respect of the personal data held about them. Further information can be found in our privacy statement. The ERS Group’s Data Protection Officer can be contacted at:

Xpress Software - Crown Commercial Service Supplier, Digital Marketplace

Digital Marketplace

Xpress software products are available on the Government’s Digital Marketplace through the G-Cloud 10 Framework for Cloud Software. Buying services through frameworks is simpler, faster and cheaper than entering into individual procurement contracts. All public sector organisations, including agencies and arm’s length bodies, can use the Digital Marketplace.

AEA Association of Electoral Administrators Accreditations

Association of Electoral Administrators

As supporters of the AEA, we are proud to have 13 active members who hold the AEA Certificate.



It is imperative all work undertaken by The ERS Group is carried out in compliance with all relevant confidentiality and information security policies. All data stored/processed and associated with the delivery of the services for which we have been appointed will be undertaken in accordance with these and the requirements of the relevant current data protection legislation in force.