Collibra

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: In the fully managed service, planned downtime is kept to a minimum and users are notified in advance. Maintenane is performed on weekends to minimize impact. Collibra's SLA calls for target availability of 99.5% for each calendar month.

Support hours for the standard support offering are Monday through Friday, 9:00 a.m. to 6:00 p.m. excluding public holidays. Severity 1 issues (production outages) are covered 24/7/365 for all customers. An optional premium support service is also available at an additional cost, offering 24/5 support.
System requirements: There are no specific system requirements

User support

Email or online ticketing support: Email or online ticketing
Support response times: Basic support is for the resolution of product defects/incidents and reporting feature enhancement requests. This is commonly referred as traditional ‘break-fix’ support.

Collibra commits to maximum response and resolution times based on the criticality of the incident.

Severity 1: Target response time is 2 business hours.
Severity 2: Target response time is 4 business hours.
Severity 3: Target response time is 1 business day.

Standard support hours for North America and Europe are Monday through Friday, 9:00 a.m. – 6:00 p.m., excluding public holidays. Severity 1 issues (production outages) are covered 24/7/365 for all customers.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: No
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Standard support is provided to every Collibra customer at no extra charge as part of their subscription agreement. Additional support at extra cost.

If you require additional on site support from a Billigence consultant, the charge is £750 per day.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Collibra appoints an onboarding manager to guide the customers through a series of sessions to get them set up. The Customer Onboarding Program includes:

> Guidance to build your success plan
> Initial high-level enablement sessions and training recommendations
> Access to Collibra experts to validate technical prerequisites
> Coordination with your implementation partner or Collibra Services
> Introduction to all our Customer Success resources

In addition:

> Collibra University: A free, self-paced training platform that is available at university.collibra.com, includes modules that cover all aspects of Collibra product functionality including application configuration and customization.

> Community: The online community includes a wealth of resources including a knowledge base, solution template marketplace, product documentation and an active product question and answer forum.

> Instructor-led education classes: Collibra instructor remotely leads and monitors students in either public courses or private courses specific to the organisation. The objective is to train a group who can lead and guide others.

> Virtual Labs: Virtual Labs provide in-depth, web-delivered training content, delivered as an annual subscription. Features of the offering include recordings of Collibra instructor-led bootcamps, live training instance of the Collibra platform, instructor office hours, and an “Ask the Experts” forum for help.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: The metadata stored in Collibra can be exported in tabular format in XLS or CSV.

Lineage visualisations (which include business traceability as well as technical lineage) can be exported in PDF or PNG formats.

The entire content in a Collibra Instance can be exported as a Collibra Backup file, which can be encrypted or not, and then re-imported in another Collibra Instance.

Metadata can be extracted from Collibra through its APIs as well.
End-of-contract process: At the end of the contract, client will have, upon request, access for up to 30 days to obtain its data uploaded to the Collibra Services. Clients can use the solution's export feature to extract artifact collections at no additional cost.

After this period, Collibra will begin the process of permanent deletion from its systems (secure wipe). This process, including removal of any copies that exist within backup in accordance with the normal backup lifecycle, may take up to 120 days.

For so long as any Customer Data remains on Collibra's systems, we remain subject to all applicable confidentiality, use, and non-disclosure terms within the Agreement, including the Data Processing Agreement.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: > Web interface: The standard way to interact with the Collibra Data Intelligence Cloud. Each user has their own dashboard to configure and manage day-to-day activities.

> Collibra for Desktop (Windows or macOS): Desktop application to effectively search in Collibra Data Intelligence Cloud from other applications. Users can select any piece of text on their desktop, press a keyboard shortcut, and Collibra for Desktop will provide a list of all the matching assets.

> Collibra for Mobile (iOS and Android): To search and browse Collibra Data Intelligence Cloud content on a mobile phone or tablet and manage tasks.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: Collibra is browser based. Each information asset (metadata—e.g., columns, tables, reports, policies, business rules, etc.) has its own page, which will display the characteristics of that asset as well as the links to other assets, roles, and responsibilities relevant to that asset, and where in the hierarchy it is located. Assets can be grouped into data domains, which can be grouped into communities, roles, and responsibilities. Access and visibility can be assigned at a community or domain level and inherited all the way down to asset level.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: Collibra is committed to complying with WCAG 2.0 A & AA guidelines. For each minor version, we make a WCAG 2.0 accessibility assessment available, to document our progress towards this compliance. We have a certified 'Trusted Tester' within the Product Management and User Experience team that regularly test our conformance to the Section 508 standards, and works closely with all teams to ensure for each new feature accessibility is taken into account.
API: Yes
What users can and can't do using the API: Collibra exposes extensive and well documented REST and Java APIs. Collibra's approach is "API first", which means all the functionality available through the browser interface is also available through APIs. Full API documentation can be accessed at developer.collibra.com.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: >Operating Model<

Collibra has an extremely flexible operating model based on a semantic model that will allow you to configure any type of entity (business term, data type, business rule, quality rule, process, etc.), any reference data, and any type of relationship.

Collibra supports adapting the data model in terms of domain definitions, data family, etc., from the term / definition itself. Users can also change and modify their business terms, definitions, domains, and so on right from their dashboard view, without even having to navigate to the data asset. The operating model can be customised (configured) by users with administrator access rights.

>Dashboards<
Each user can configure their own dashboard/landing page via dragging and dropping widgets.

>Workflows<
Adapting workflows will require more technical users to be involved; knowledge of BPMN and scripting in Groovy are required.

>Email Templates<
The email templates for sending out notifications, lists of actions, etc. as part of workflows can be configured by editing the corresponding files in a system backup file, then re-importing the backup. Admin access required.

>Look and Feel<
The look and feel of the browser interface can be customized via CSS scripting. Admin access required.

Scaling

Independence of resources: Collibra’s Cloud Operations team will size your SaaS instance according to the number of assets and concurrent user volumes. Collibra works with some of the largest organizations in the world, which support millions of assets and have thousands of active users.

Analytics

Service usage metrics: Yes
Metrics types: Collibra is a data governance tool and supports connections with BI tools such as Qlik, Tableau, etc.

Collibra provides metrics within the system for reporting purposes.

Finally, custom views can be created on which dashboards and reports can be generated.

There are many metrics available to be measured such as regulatory compliance, tasks, glossary terms etc.
Reporting types: API access

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Collibra supports the extraction of data into CSV and XLS. Via the APIs, a range of other formats, such as JSON and XML, are possible as well. Users can download connectors from Collibra's Marketplace for integration with a very wide varirty of systems. See more information at https://marketplace.collibra.com/
Data export formats: CSV

Other
Other data export formats: XLS

JSON

XML

PDF
Data import formats: CSV

Other
Other data import formats: XLS

XML

JSON

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: All communication can be split in two sections. The customer data flows and the management flow of the operation of the cloud environment. All backend communication is done over SSH and protected using the SSH protocol. All customer data is HTTP data and all connections are HTTPS only.

Availability and resilience

Guaranteed availability: Collibra SLA calls for target availability of 99.5% for each calendar month.If there is a verified failure of the Service to meet Target Availability in a particular month and Customer makes a request for service credit within thirty (30) days after the end of such month, Customer will be entitled to a credit based on the monthly portion of the annual fees due for the affected Service in such month (“Service Credit”). See more information about uptime calculations and service credit levels at https://www.collibra.com/service-level-agreement.
Approach to resilience: Collibra has developed plans and processes to address significant events, such as natural disasters, that may impact Collibra's service to the extent that it would be unavailable for an extended period of time. In such a scenario, the service would be instantiated in another location in the customer’s region. To support this activity, Collibra maintains customer data in multiple cloud provider backup locations in the customer’s region, stored in an encrypted manner.
Outage reporting: Collibra has implemented monitoring and alerting solution to identify any potential outage before customers are aware. Unplanned outages cannot be pre-advised. All outages will be formally notified - scheduled or unscheduled. Collibra also maintains a service status page at https://www.collibra.com/us/en/trust/status-dashboard.

Identity and authentication

User authentication needed: Yes
User authentication: Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: For authorised Collibra employee access to the cloud environment where customer data is hosted, Collibra uses a zero trust solution requiring second-factor authentication. This access solution requires connecting devices to meet a specific set of criteria before connections can be made. For example, the connecting device must be a Collibra owned endpoint, with active firewall, full-disk encryption, active anti-malware, and current OS security patches installed. The zero trust solution cannot be accessed directly from the Internet nor by an employee just being present in a Collibra office.
Access restriction testing frequency: At least once a year
Management access authentication: Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Schellman
ISO/IEC 27001 accreditation date: 06/09/2023
What the ISO/IEC 27001 doesn’t cover: The scope of the certification is the hosting of the cloud environment and the development of the application and there are no exclusions in the statement of applicability.
ISO 28000:2007 certification: No
CSA STAR certification: Yes
CSA STAR accreditation date: 06/04/2021
CSA STAR certification level: Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover: CSA STAR certification applies to the Collibra Data Intelligence Cloud.
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: SOC 2 Type 2, SOC 2 Type II

SOC 1 Type 1, SOC 1 Type I

FedRAMP Moderate Compliance Level

GDPR

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: SOC 1, SOC 2
Information security policies and processes: Information security policies are created by the information security team and approved by the security board. In the security board are members from the executive committee. The policies are reviewed at least annually and adapted depending on risk and changes within the organization.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Each item is tracked in multiple ways. The first is through our asset management and configuration management, the second from a security point of view is agent based tracking. Each change is validated and tested in our test environment prior to pushing it to production. Security validations are done every 4 hours to ensure changes occur controlled and don't increase the overall risk exposure.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Each instance (each customer is given a dedicated instance) in our cloud is given an agent. This agents does a full inventory, security and compliance check every 4 hours. This data is send to our central tool and matched against external threats. If a new finding is discovered, a ticket is created with the security team to inform them that patching is required. Critical and high findings are to be fixed in 30 days.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Each instance is given a host based intrusion prevention system. When an issue is discovered of a certain level, a ticket is raised in the ticketing system and emails are being send to notify the correct parties. These are investigated within 24 hours.
Incident management type: Supplier-defined controls
Incident management approach: A standard incident management process has been developed which includes reporting to stakeholders and affected customers, as well as authorities when required. At the end of the incident handling, a report is created with an overview of items which occurred and lessons learned. This report is shared with the stakeholders. Customers can report issues to Collibra via the Community portal.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Equal opportunity

Fighting climate change

We endeavour to do our best in fighting climate change and have made an active effort to switch our delivery to remote working vs onsite delivery where possible, thus reducing our travel & impact on the environment.

Equal opportunity

Being an equal opportunity employer cultivates a workplace where diversity is embraced and valued. It fosters inclusivity, ensuring all individuals have fair opportunities for employment and advancement regardless of race, gender, age, religion, or background. By prioritizing diversity and inclusion, organizations harness the full spectrum of human potential, driving innovation, creativity, and problem-solving. Embracing equality in employment not only reflects ethical responsibility but also enriches company culture, improves employee morale, and enhances productivity. Ultimately, as a social value, being an equal opportunity employer promotes fairness, equity, and respect, contributing to a more just and harmonious society.

Pricing

Price: £0 a licence a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Collibra offers a managed workshop that provides a hands-on experience for users and includes users’ own data. Typically this lasts 2 days. Users may then continue to use the software for a further period of time to be agreed.
Collibra also offers a “test-drive” accessible from the website.
Link to free trial: https://www.collibra.com/us/en/try-collibra

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Collibra

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents