Underlying technology

The IntelliPen system utilises Microsoft Windows server running Internet Information Services (IIS) and SQL Server. All IntelliPen implementations are based on a single-core software version. This core can be amended to comply with legislation in different countries and individual customer and scheme implementations are data configurations of the core software. The final level of customisation is at the user or user-group level, where screen and workflow behaviours can be modified depending on the user profile. Developments that create specific customer IPRs are held logically at the configuration level. Procentia supports the current and two previous versions of software that are backwardly compatible with customisations to your implementation.

Integration, no problem

Integration with existing enterprise tools and systems is a matter of course and facilitated by Procentia’s IntelliFeed solution, Microsoft technologies and IntelliPen’s open software architecture. We routinely integrate our solution with the market’s leading payroll and HR systems to further automate processing. And the pensioner payroll engine uses the same database and calcs engine simplifying record keeping. Large data integrations and migrations are by an automated SFT mechanism integrated with IntelliFeed that validates, processes and handles exceptions without human intervention.

Hosting solutions

IntelliPen can be installed and operated in-house, as a hosted solution from IntelliVault private cloud, or as a true cloud deployment (installed in Microsoft Azure to date) to suit your business needs.

Running the software as a hosted solution is simple and cost-effective. Software updates are applied by us, and you do not have to pay for running your own servers or for specialist IT staff. You are free to focus on your core business, safe in the knowledge that your system is reliable and secure.

Innovation revelation

Procentia has an exciting innovation roadmap for IntelliPen and other pensions-related solutions. Get in touch to learn more about what we’ve got planned.

Data Security and Compliance

Procentia combines enterprise-grade security, rigorous governance, and independent attestation to give our clients complete confidence in how their data is protected. 

Information Security Management

• ISO 27001 certified through 2025, demonstrating our commitment to internationally recognised information security practices.
• SOC 2 Type II attestation achieved, evidencing the design and operational effectiveness of our controls around security and availability. 
• On the journey towards Cyber Essentials and Cyber Essentials Plus to further demonstrate resilience against common cyber threats through external technical testing.

Data Protection by Design

• Encryption in transit and at rest using modern cryptographic standards. 
• Role-based access control (RBAC), configurable down to scheme and employer level, enforcing least-privilege access. 
• Regular penetration testing and vulnerability assessments conducted by CREST-accredited third parties. 

Regulatory Compliance and Framework Alignment 

• Fully aligned with UK GDPR, Data Protection Act 2018, and broader international data protection laws. 
• Security and resilience strategies informed by the NCSC Cyber Assessment Framework (CAF) and the NIST Cybersecurity Framework. 
• Ongoing roadmap towards DORA compliance for clients in the financial services sector.

Operational Security and Monitoring 

• 24/7 threat monitoring and event management via an integrated Security Information and Event Management (SIEM) platform. 
• Proactive threat detection and anomaly alerting, with layered intrusion prevention across our Microsoft Azure environment. 
• Secure Software Development Lifecycle (SSDLC) practices including static code analysis, peer reviews, and external audits.

Client Assurance and Governance 

• Audit-ready documentation and evidence packs available to support client governance and due diligence. 
• Optional security assurance packages offering: 
  • Patch management and vulnerability reporting;
  • Quarterly governance calls.
• Support for contractual security requirements and bespoke data protection schedules.