Deep Miner Ltd

Public Sector Data Unification Platform

DeepMiners Public Sector Data Unification Platform deploys AI to unify private and public data, breaking down data silos, enabling rich analysis across multiple attributes supporting decision-making and, economic policy design, delivery and measurement.

The service enables a practical, incremental approach to guide stakeholders through the change to a data-driven organisation.

Features

• Multidimensional relationships between multiple data points enabling multiple data views
• AI and database technology driven data acquisition, processing and matching
• Accepts un-processed and unstructured data in multiple formats and interoperable
• Creates unique identifiers for core data points e.g. business, person
• Permission-based analysis across multiple dimensions e.g. place, organisation, person
• Data integration facility into business systems and reporting tools
• Data unification and retention rules fully customisable, agreed with DPOs
• Guided GDPR-compliant data governance and data sharing policy development
• Customisable user views, dashboards and APIs
• Exceeds Government Data Standards. Cyber Essentials plus certified

Benefits

• Drives Public Service Reform enabling efficiencies and collaboration
• Breaks down silos, saves time for data collation, connection, cleaning
• Standardises data formats, generating metadata without need for expensive ETL
• Enables analysis across multiple, cross-cutting public and private data sets
• Unified data to inform, target and measure policy across sector
• Supports data connections and linkages without requiring expensive centralised systems
• An incremental, practical approach facilitates stakeholders through the change journey
• Scalable solution enabling incremental growth with iterative release of value
• Multi-layer security model facilitating intra-organisation data sharing policies
• User driven, accessible, highly customisable

£25,000 a licence

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan@deepminer.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

342626196577475

Contact

Duncan Hart
07958470315
duncan@deepminer.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Newly available data will be processed and updated daily during an agreed maintenance window. Users can access the service via the internet but their network administrators may need to share the network IP address(es) or greenlight the service DNS. Data can be shared back with user systems via REST API.
• System requirements: Software licence, including updates and maintenance

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions and tickets will receive an initial response within 24 hours during core hours (9 a.m. to 5 p.m.). If there is something to be troubleshot, an indicative timescale for correction will be shared once the issue has been explored, and progress updated directly to the consumer.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Support levels are agreed with each customer and will include any required changes to standard response times and services hours for break fix support as well as ongoing data uploads/refresh in line with specifications. ; User questions and issues will be dealt with according to the process outlined above. ; An account project manager is assigned to each customer to deal with any other issues and to direct the further development of the product, including the addition of new data sources and functionality.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The DeepMiner solution is typically implemented as a core component of a broader data-driven change and collaboration programme. Our onboarding approach is therefore tailored to support the customer's programme particularly aimed at facilitating visualisation and exploring the art of the possible in the early stages, addressing data sharing challenges and enabling incremental release of value as the implementation scales. ; ; The approach follows the government's digital standards and typically incorporates the following stages.; ; Exploration - includes customer needs, uses cases, data sources and ownership, risks and data governance.; Key success factors are identified along with risks, governance principles and Alpha Definition.; ; Alpha - includes refining of use cases (up to 3); User sessions; Identification of data required, sources and ownership; Data Sharing/Processing agreements and GDPR Compliance along with Security Governance.; Key success factors are identified along with initial Architecture, Data Sharing, Data unification and cleaning, Data quality, Accessibility considerations and an initial Alpha product.; ; Beta Launch followed by Implementation v1.0 deployment live ; Our post-live service supports long term Continuous improvement as a pathway to a unified data organisation.; ; Full documentation, training and user familiarisation sessions are provided at key stages of the process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can extract all of their data at any time during the contract. ; ; At the contract end, all proprietary user data can be extracted and deleted following customer requirements and proof provided.
• End-of-contract process: End of the contract is usually negotiated with the customer.; ; Typically a detailed process and timeline is agreed and put into place with agreed outcomes.; ; Generally, any proprietary data is deleted from the system, should access be required beyond the contract end date, an extension would need to be agreed to cover any costs to effect any transfers.; ; Following execution of the termination process, all access to the system would be disabled, and proof of data deletion provided.; ; Any additional Developer work required for example to transfer data to a new system would be negotiable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Certain applications may not be suitable for mobile use, for example, PowerBI and certain features may not be available depending on customer requirements. depending on customer UI development certain features may not be optimised for mobile.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: DeepMiners platform has been developed to be interoperable with multiple user Interfaces.; ; DeepMiner offers 3 methods to access the data held in the system.; ; 1. Dashboards ; Due to the complex and multi-layer nature of Public Sector data, it can be necessary to develop custom-built dashboards.; DeepMiner can develop with their customer a suitable solution.; ; 2. Self-service ; Users are able to have a self-service interface that allows them to build their own interfaces using in-house or external teams.; ; 3. Interoperability; Customers are able to request that outputs are pushed to their preferred interface whether that be legacy or new.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our interface technology is designed with our customer users in mind and would typically include design and then direct user testing to ensure that feedback from the most appropriate users is obtained.; DeepMiner normally identifies customer requirements and builds towards them, taking into account functionality.
• API: Yes
• What users can and can't do using the API: Configurable upon discussions with customers; Numbers are unrestricted; Endpoints can be set up for different use cases
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Service has been designed as a platform. ; Customers can take data from API and create own solutions/dashboard/UI and/or integrate with other Line of Business applications and reporting systems.

Scaling

• Independence of resources: The platform has been developed for delivery at scale including backups, flexibility on compute power, load balancing, etc.; ; The size and scale of the platform is normally discussed with the customer to ensure the most efficient architecture is employed to deliver data processing and storage at the most effective and cost-effective level.; ; Typically, we find customers have varying scale demands and can range from small to large teams.

Analytics

• Service usage metrics: Yes
• Metrics types: Dependent on Customer requirements and normally negotiated with the customer, but typically involves user logging of activities (such as sign-on, data downloads etc.)
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data exporting would be agreed upon as part of the service delivery. ; ; Multiple options are available, whether this be through an admin dashboard, User Interface, API's, or CSV's through a self-service platform.; ; Typically data extraction is permission based and restricted based on the users access privileges, and would be logged.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is agreed with the customer. Typically above 95% during core hours (9 a.m. to 5 p.m. GMT) is the target to meet or exceed.; ; DeepMiner will look to agree on the exact levels of required availability with the customer to ensure that the optimum level of service and support is delivered.
• Approach to resilience: Available on request.
• Outage reporting: Outages are reported via email alerts, either automated or manual when an outage occurs. ; ; Regular updates would then follow by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Yes
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: DeepMiner ensures that security meets or exceeds a level of CSA CCM version 4.0. The architecture and technical processes are agreed with clients and staff are trained accordingly. The application is pen-tested annually and any remediation suggestions are implemented swiftly, prioritised by their severity and potential impact. Risk management, business continuity and operational resilience form part of governance and development, as do change control and configuration management. Endpoint management, cryptography, encryption and key management are core to application architecture and cloud management. Human resources are trained and access the product using identity and access management systems. Incident management in place.
• Information security policies and processes: Information security is assured in the product using the onion model of defense in depth and with the company using governance standards and staff training. The application is designed to answer data integrity, confidentiality and availability at every level as required by permissions. Risk management and disaster and incident planning are used prospectively as well as retrospectively in order to ensure the highest level of protection possible. The technical product owner reports on implementation as part of the monthly reporting cycle and the senior developer checks ongoing development work and maintenance to ensure that all features comply with the policies. The technical product owner also checks the press regularly to identify whether any newly-identified risks are potentially relevant to the product. The CTO is in charge of ensuring that the product is secure to a level commensurate with the CSA CCM version 4.0 standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Each dataset and feature is reviewed with the client and any work is planned in agreement with them. User experience review of features is tested and user feedback is reviewed by the product owners on both supplier and customer sides. All technical updates are assessed for impact using technical and non-technical risk management and subject to the change management process agreed with customer DPOs, i.e. any proposed change to the underlying data or matching processes need to be agreed with the latter prior to any work being undertaken.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Threats are assessed with regard to potential severity and sensitivity. The product architecture and access protocols were designed to reduce the threat of attack and developers are trained to identify and report any issues or potential issues they find.; ; Security patching is implemented within 24 hours during working days, immediately where possible. Other patches are scheduled in accordance with their severity and impact on the system, but within 7 working days maximum. ; ; Threats are identified from software providers, in the press, from security newsletters and from penetration and other prospective testing we do ourselves as part of a red-hat exercise.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Access to the application is logged and is by password and IP greenlisting. These records will be analysed for benchmarking and then an automated system will be implemented to identify potential compromises. The response will differ depending on the compromise, but will include the following steps:; 1. identify the potential route of compromise and shut it down immediately.; 2. Inform the customer that an issue has been found and is being investigated.; 3. Identify the scale and risk of the issue. ; 4. Inform the customer of the outcome of the investigation.; 5. Undertake remedial works and/or inform data owners/ICO.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: There is a pre-defined process for any issues users confront. Users can report incidents and issues via email. (Serious incidents can of course also be reported directly to the product owner.) Any reported issues will be acknowledged within one working day. If unclear, the user will be contacted for more detail on the problem. The issue will then be categorised and prioritised, and any suggested action will be shared with the customer for review, except in the case of highly sensitive or security-relevant technical issues, which will be addressed immediately. Reports given to the users and product owner (monthly).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • CRM2
  • HIE CRM
  • SOSE CRM

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  DeepMiner is working hard to reduce our carbon footprint. We are part of a member organisation who plants trees on our behalf for every year we’re in membership to ensure offset of carbon emitted. ; ; To ensure the security and scalability of our solutions we develop and deploy primarily through AWS, a cloud provider. AWS is working towards being fully powered by renewable energy by 2025, partly by investing in renewable energy in Scotland and other UK.; ; When reviewing additional suppliers, apart from Technical performance commitments to reducing environmental impact is a significant selection criterion.; ; DeepMiner seeks to use existing resources, physical and technical, wherever possible, which unlocks further value from client sunk costs and improves efficiency and speed of development and deployment.; ; DeepMiner powers off resources that are not in use, saving both resources and expense. While we are currently working remotely, we have encouraged the switch to renewable-powered energy suppliers for home offices.; ; DeepMiner prefers public transport for business travel and commuting, where possible, which both keeps expenses down and is better for the environment.; ; DeepMiner is in the process of preparing an Environmental Sustainability Plan and setting targets to decrease our carbon footprint further, based on the Net Zero Nation suggestions for business ; (https://www.netzeronation.scot/take-action/businesses/greener-business).

  Covid-19 recovery

  On of the core reasons for the development of our systems was due to COVID-19. Our mission is to help national governments use data to help drive economic development and support.; ; The objective of our platform is to enable policy to be designed using the best possible data, to drive employment opportunities in high growth sectors, by making it easy to identify these companies and to understand the demographics of the nation to ensure upskilling and re-skilling can be developed.; ; By identifying companies accurately and quickly, Governments can create policy and delivery mechanisms that target those sectors that generate growth and opportunity. ; ; Creating efficiency and collaboration across agencies can ensure that organisations and those communities worst affected by covid receive the correct financial and non-financial support that is correct for their circumstances and not just one size fits all.; ; As a company, DeepMiner is an organisation based in its community. We actively take part in local initiatives and meetings to support companies and often give advice to organisations who are looking to use Data for their business pro bono.

  Equal opportunity

  DeepMiner is committed to enhancing equality and diversity within not just our team, but our sector.; By offering a four-day week we have introduced a reduced work pattern for all genders, thereby destigmatising part-time and flexible working for women, those with caring responsibilities or those with disabilities.; ; We have also changed our recruitment practices to minimise unconscious bias through the use of name-blind sifting, adapting the wording used within job descriptions and offering interviews avoiding times schools typically start or end.; ; Our current team come from a mix of socio-economic backgrounds, genders, religions and countries. 20% of the team would consider themselves disabled, a further 20% of the team is neurodiverse, 50% of our team are female, and, of course, we have a female co-founder.; ; The team are committed to bringing more diversity into our sector and regularly take part in outreach through the STEM Ambassador programme, SmartSTEMs and various opportunities to talk to both school children and university students about our field.

Pricing

• Price: £25,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan@deepminer.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.