VALCON GROUP UK LIMITED

Valcon's Tibco EBX Master Data Management(MDM) Managed Service

Valcon's proven data delta approach to building a data platform is available as a managed service. We offer a standardised, technology-agnostic application and cloud reference architecture that can be applied to any customer objective or requirement, with the focus on delivering rapid business value.

Features

• Standardised
• Service Strategy and Design
• Incident and Problem Management
• 3rd Party Product/Supplier Management
• Capacity and Availability Management
• Change and Release Management
• Application/Infrastructure Monitoring and Management
• Product fixes, patches and upgrades
• Service Management reporting and Planning
• Tibco EBX Master Data Management (MDM)

Benefits

• Rapid delivery of business value
• Shared service evolution across customers
• AWS ans Azure Hosted Models
• DevOPS / ITIL Hybrid delivery model
• Tailored incident portal with knowledge base integration
• Best of breed tools for monitoring and alerts
• Designated Service Lead
• Cloud migration expertise
• Rapid access to the wider Valcon services
• Flexible and evolving Service Portfolio

£500 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stuart.mcdonald@valcon.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

109080115282353

Contact

Stuart McDonald
+44 (0)1795 415800
stuart.mcdonald@valcon.com

Service scope

• Service constraints: None
• System requirements: Tibco Software Licences

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Responses are subject to the Service Level Agreement and the prioritisation matrix.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided for the platform, data management tools and operational users (user support). A Technical Account Manager is provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided onsite or online along with appropriate user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This will need to agreed based on the service requirements.
• End-of-contract process: At the end of contract, the data will be made available to the client at an agreed additional cost.

Using the service

• Web browser interface: Yes
• Using the web interface: Users are able to administer and configure the data management tools through the web-interface.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We use the Atlassian product suite for the service interface. This is tested using a variety of screen readers and browsers.
• API: Yes
• What users can and can't do using the API: All of our APIs are individual to our customers particular requirements.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: All services are delivered using dedicated resources.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • HTTP request and response status
  • Number of active instances
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Databases and Files
• Backup controls: Backups are scheduled and not under the control of users.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Connectivity protection can be arranged to implement the required security level.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We target 99.99% availability within service hours and 99.5% availability outside of service hours.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role based security restricts access in management interfaces and support channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: ISO/IEC 27001 practices, working to accreditation.
• Information security policies and processes: Valcon follows ITIL best practice, this document defines how ITIL is implemented in the Valcon process. The Service is defined at a level of detail to allow the high-level service objectives to be confirmed. Operating procedures which may evolve and change from time to time will be held separately as appendices or in the Runbook.; ; ITIL is a widely adopted approach for IT Service Management in many countries. It provides a practical framework for identifying, planning, delivering and supporting IT services to the business. (For more details see https://www.axelos.com/best-practice-solutions/itil ); ; ITIL is mapped in ISO 20000 Part 11. This recognizes the way that ITIL can be used to meet the requirements set out for ISO 20000 certification and the interdependent nature with ITIL. It’s the first such mapping that ISO (the International Organisation for Standardisation) has allowed to be part of their standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are requested, authorised and recorded using a tracking tool. All changes to the service are tracked, with potential security impact being reviewed as a part of the authorisation stage.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are assessed based on alerts and review of relevant materials relating to the services, products and other components in-use for service delivery. Patches are deployed on a schedule determined by severity.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Compromises would be identified through review of abnormalities flagged in review of traffic/logs. The service in question will be checked and if necessary access suspended until integrity is assured. Monitoring is 24/7 with alerts.
• Incident management type: Undisclosed
• Incident management approach: Common events such as alerts for capacity or any form of loss of service are responded to according to a play-book approach. User report incidents in using email/web/telephone support channels. Incident reports are issued to affected users by email following any incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Red Hat Virtualisation
• How shared infrastructure is kept separate: Virtual infrastructure is utilised, separate networks and machines are used to ensure that organisations are kept apart, no multi-tenant components are used.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Valcon's Environmental Policy and Procedure is documented in the Employee Handbook. This document details the environmental policy that we employ to reduce any deleterious effect we may have on the environment.; - We conduct business in a manner which, as far as possible, has minimal adverse effects on the environment.; - We will maintain an awareness of all legislation, regulations and codes of practice on; environmental matters and take all reasonable actions to comply with them.; - We will, where viable and consistent with its clients and expectations, use materials and products from sustainable sources.; - We will maintain an open communication environment whereby all we can all actively participate in minimising adverse effects on the environment.; ; Valcon Group UK are a professional service organisation, with low carbon outputs, we encourage colleagues to minimise their footprint through the use of public transport. Valcon Group UK has recently renewed its CSR Strategy for the FY22 which includes its further commitment to Carbon Reduction. We have engaged Carbon Managers Ltd to undertook a Carbon Footprint Report for the FY 2021 with a Decarbonisation Plan for FY 22+.; ; In addition, Valcon has signed up to the United Nations Global Compact.

  Covid-19 recovery

  Covid-19 has affected everyone across our communities; it appears that the worst of the impact is over and the United Kingdom and global economies are opening up. To help local communities manage and recover from the impacts of COVID-19 Valcon have created employment and re-training opportunities. Valcon encourage our staff, suppliers and customers to support our communities where possible.; ; We have several initiatives and tools to support staff with the impact of the COVID-19 pandemic. Mental health support is available at all times to all of our staff and their families through our wellbeing provision, and where required we have programmes in place to tailor a gradual return to health and work following illness.; ; Valcon has had a flexible and remote/hybrid working philosophy in place before the Covid pandemic, and therefore our working practices have not had to adapt too much, but of course there are policies to support COVID-19 recovery to reduce demand on health and care services.

  Tackling economic inequality

  It is our policy to ensure equality of opportunity for all job applicants and to select people for employment on the basis of their individual skills, abilities, experience, knowledge and, where appropriate, qualifications and training. In line with the Equality Act 2010 we are committed to promoting equal opportunities and do not discriminate on the grounds of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, religion or belief, sex or sexual orientation.; ; We specifically have a Recruitment of ex-offenders policy; the aim of this policy is to state our approach towards employing people who have criminal convictions to ensure fair and equal treatment. Valcon undertakes not to discriminate unfairly against any job applicant who has declared a conviction or where a conviction has been identified through a criminal record check.

  Equal opportunity

  Equal Opportunities Policy and Procedure - We are committed to promoting equal opportunities in employment, in line with the Equality Act 2010. You and any job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, religion or belief, sex or sexual orientation (protected characteristics).; ; Recruiting, selecting and developing the right people is significantly important to the success of; Valcon. It is our policy to select people for employment, develop and promote people on the basis of their individual skills, abilities, experience, knowledge and, where appropriate, qualifications and training and in so doing to ensure equality of opportunity for all job and career paths.

  Wellbeing

  Valcon has a range of Wellbeing programmes in place and recognising the criticality and benefits of a healthy and supported workforce. These programmes include a 24/7 Employee Assistance programme, Mental Health First Aiders and Professional speaker sessions on mental health awareness. In the new model of home and hybrid working since 2020, various initiatives have been created to maintain and improve both mental and physical health when working remotely. This had included the setting up of desk yoga, mystery coffee meetups to allow colleagues to make sure they are taking break from the new working model and stay connected with each other. Additional Valcon invests in its people helping them to improve their skills and professional careers attaining the Investor In People level Silver.

Pricing

• Price: £500 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stuart.mcdonald@valcon.com. Tell them what format you need. It will help if you say what assistive technology you use.