Spend & Data Categorisation / Classification
Data categorization is the process of grouping transactions, products or assets or entities into categories (often called taxonomies) of any kind.
Best of breed AI data Classification / Categorisation. Map data, select rule priorities, select/edit a taxonomy. Approvals workflow. Visualise & Edit classification. Consume results to taste. Repeat on demand.
Features
- Automated
- Accurate
- Fast
- Best of Breed
- Editable
- Visualize
- Mapping
- Tagging
Benefits
- Quickly Categorise AnyData
- Any Taxonomy
- Consume results to taste
Pricing
£416 a licence a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 0 4 5 7 2 8 6 1 1 1 0 6 8 2
Contact
AnyData Solutions
James Courtis
Telephone: 07980793556
Email: jcp@anydatasolutions.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Analytics, Business Intelligence, ERP systems and ESG reporting.
- Cloud deployment model
- Private cloud
- Service constraints
- No constraints
- System requirements
- Up to date browser access (most browser)
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- Against an agreed SLA.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- To agreed SLA
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Load data through a software as a service interface. Online Training and user help guide provided as part of implementation.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Excel, Parquet, CSV sent through SFTP
- End-of-contract process
- Agreed to spec.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Compacted menus.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- Full get and post API throughout the entire platform.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Taxonomies, Mapping, Tagging and BI
Scaling
- Independence of resources
- Automatically scaling servers based on demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Reports on request.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- In the GUI there are multiple places to extract data and reports. Data can be extracted as Excel, CSV or PDF
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Excel
- SFTP for larger datasets
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Service Credit Availability Percentage
Service Credit
< 99.5% and not below 99%
10% Credit
< 99% and not below 95%
25% Credit
< 95%
100% Credit - Approach to resilience
- Available on request
- Outage reporting
- Email alerts and dashboards
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
To restrict access in management interfaces and support channels, we adopt the following best practices:
Interface Management Profiles:
Assign an Interface Management profile to interfaces (e.g., Ethernet, VLAN, loopback).
Define permitted protocols (e.g., SNMP, SSH) and services (e.g., HTTPS).
Avoid enabling HTTP or Telnet due to security risks1.
Management Interface:
Restrict management access (HTTP, HTTPS, SSH, Telnet) from untrusted zones.
Replace the certificate for inbound management traffic.
Scan all traffic destined for the management interface - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We conform to ISO/IEC 27001
- Information security policies and processes
- ISO/IEC 27001 & ISO 9001
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Configuration Management:
Tracking Components:
We use version control (e.g., Git) to track changes to code, configuration files, and infrastructure-as-code (IaC) templates.
IaC defines infrastructure components, and changes are version-controlled.
Change Assessment:
Baseline configurations are established for different environments (e.g., development, production).
Automated deployment tools enforce consistent configurations.
Change Management:
Assessing Security Impact:
Changes undergo impact assessment, including security implications.
Testing occurs in staging environments.
Timely Deployment:
Urgent patches (e.g., critical security updates) are deployed promptly.
Regular patch cycles address non-urgent vulnerabilities.
Security Impact Assessment:
Evaluate changes’ impact on security (e.g., authentication, data protection, network security, vulnerabilities). - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Our vulnerability management process involves ongoing steps to identify, assess, and remediate security vulnerabilities:
Discovery: Continuously scan systems for vulnerabilities.
Categorisation and Prioritisation: Assess vulnerability severity using industry standards.
Resolution: Promptly deploy patches for urgent vulnerabilities; regular cycles for non-urgent ones.
Reassessment: Regularly review and update vulnerability status.
Reporting: Communicate findings and actions taken. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Our protective monitoring processes involve the following key aspects:
Identification of Potential Compromises
We rely on logging and monitoring to detect threats and unusual activity.
Host-based logs provide rich data on file systems, processes, and network connections.
Monitoring helps identify indicators of compromise.
Response to Potential Compromises:
When we find a potential compromise, we initiate an incident response process.
This includes investigation, containment, and remediation steps.
Timely Incident Response:
Urgent incidents are addressed promptly to minimise impact.
Regular incidents follow a predefined response timeline. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Our incident management process involves the following steps:
Incident Logging:
Users report incidents, and we log them.
Categorisation and Prioritisation:
We categorise incidents based on severity.
Prioritization ensures efficient handling.
Incident Assignment:
Assign responsible teams or individuals.
Task Creation and Management:
Create tasks to resolve incidents.
SLA Management and Escalation:
Monitor service level agreements (SLAs).
Escalate if needed.
Incident Resolution:
Resolve incidents promptly.
Incident Closure:
Close incidents after resolution.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Covid-19 recovery
- Equal opportunity
- Wellbeing
Covid-19 recovery
Collective Responsibility:
Recognising that the pandemic affects everyone, individuals and communities come together to support recovery efforts.
Collective actions, such as employment opportunities, community support, and health initiatives, aid in recovery.
Equity and Inclusion:
Ensuring fair access to resources and support for all.
Addressing disparities exacerbated by the pandemic.
Resilience and Adaptability:
Embracing new ways of working and living.
Building resilience to future challengesEqual opportunity
Equity and Inclusion:
Ensuring fair access to resources and opportunities for all.
Addressing disparities and promoting diversity.
Meritocracy:
Valuing individual abilities and achievements.
Providing equal chances based on merit.
Social Mobility:
Enabling upward movement regardless of background.
Supporting education and career advancement.Wellbeing
Collective Responsibility:
Recognising that well-being impacts everyone, individuals and communities come together to support each other.
Collective efforts, such as promoting mental health awareness and community care, contribute to overall well-being.
Health and Wellness:
Prioritizing physical and mental health.
Encouraging healthy lifestyles, exercise, and balanced nutrition.
Inclusion and Support:
Fostering a sense of belonging and social connectedness.
Providing emotional support and reducing isolation.
Pricing
- Price
- £416 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No