ALTANA TECHNOLOGIES UK LTD

The Altana Atlas

The Altana Atlas platform and application layers, enable organisations across the public and private sector to generate and leverage unique insights on international supply chains as well as product-level value chains. Built on a federated data architecture, it enables global collaboration on a common operating picture of the supply chain.

Features

• Federated hub and spoke data architecture
• Highest fidelity knowledge graph map of the global supply chain
• Role based access controls for individual datasets
• Virtual private cloud secure digital environment
• UK Security Check cleared data engineering support
• Knowledge graph visualisation software for investigative analysis
• Aggregate analysis software of global trade and macro economic trends
• Entity resolution software to join any additional datasets
• Custom dashboard and reporting development with propagated security permissions

Benefits

• Evaluate security, compliance, sustainability, resilience impacts before policy implementation
• Partner internally and externally to design new industry value chains
• Automate screening of global firms for sustainability, compliance and resilience
• Identify upstream supply chain threats to the national interest
• Join and resolve government and private sector data together
• High fidelity representations of businesses, facilities, locations and products
• Regular product updates delivering fixes and new functionality
• Machine learning and artificial intelligence application layers
• Deployable in accredited government environments
• Analyse impact of policy and interventions on supply chain networks

£550,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom@altana.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

497937330966590

Contact

Altana Technologies UK LTD
07732595200
tom@altana.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements:
  • Internet (high speed to facilitate deep platform exploration)
  • Ability to access cloud-based applications
  • Capable of running currently supported web-browsers Chrome, Firefox, Microsoft Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours during business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support levels vary depending on the size and complexity of the engagement. Each customer will have access to an account manager, a cloud support engineer as well as a data engineer and a systems engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We work with the users of the service to provide training using a variety of onside and online trainings as well as extensive documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: This will be outlined in the master services agreement more fully.
• End-of-contract process: Access to the platform is removed in line terms laid out the master services agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: There are multiple user interfaces to query Altana's Atlas platform
• Accessibility standards: None or don’t know
• Description of accessibility: We are working on building out accessibility features.
• Accessibility testing: We have not yet done any testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: The Atlas platform encompasses a managed Spark platform via Databricks that allows exploratory queries and data analysis in the system. The underlying data is stored in S3 which the Databricks package can read from.; ; The Atlas Graph API then provides users with the ability to conduct advanced searches across the Atlas knowledge graph as part of their notebook-based analyses in Databricks. End user access to Databricks is authenticated using Single Sign-On (SSO). Access to the API is managed via user-specific API keys.; ; Data is provided both by Altana, and by customers. Altana graph Hub data is stored in s3/Databricks in AWS us-east-2 region. Customer data is stored in geolocations as requested by customers. All UK Government deployments are hosted in AWS eu-west-2 (London) region.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Customer environments are isolated via a hub-and-spoke model. Demand disaggregation is ensured by the implementation of dynamic DNS routing, gateways and elastic load balancing.

Analytics

• Service usage metrics: Yes
• Metrics types: Data coverage, user engagement metrics, Altana support SLAs
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest relies on Amazon S3 key management. AWS is the custodian of the keys. Access is controlled via RBAC and least privilege principles. Confidential data is stored via S3 and Key rotation is managed by AWS. Data is encrypted using AES-256.; Data is also sanitised and obfuscated.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can share or download to PDF any of the value chain insights reports which are generated on the platform. There is no way to extract the underlying data of the graph in order to export it outside of the established cloud environment.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: TLS (Version 1.2 or above) for data in transit and API Tokens utilise HMAC
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: TLS (Version 1.2 or above) for data in transit and data is encrypted utilising AES-256 encryption at rest. Data is accessible on a least privilege basis which restricts access to only individuals that require access to the data.

Availability and resilience

• Guaranteed availability: Contractual agreements are developed with customers based on explicit uptime requirements allowing the development of SLAs
• Approach to resilience: Altana utilises AWS Cloud components in separate regions to be resilient to potential DR responses. Also, data backups are taken on a daily basis. Altana has the ability to spin up a new spoke in the hub and spoke model in the case that a customer environment suffers an outage.
• Outage reporting: Email and internal alerts are used to report service outages. Also, the individual responsible for the customer relationship is responsible for reporting outages to ensure all customers are aware.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Authentication to ingest the Altana API is maintained by a generated API key provided to the customer using NIST-standard HMAC cryptographic signatures.
• Access restrictions in management interfaces and support channels: Access reviews are conducted on a recurring basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Access controls are regularly tested through quarterly access reviews, periodic incident response testing, biannual penetration testing, and annual disaster recovery testing. The frequency seems to range from quarterly to annual testing depending on the specific control and test involved.; ; Authentication to ingest the Altana API is maintained by a generated API key provided to the customer using NIST-standard HMAC cryptographic signatures.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Altana currently enforces the follow security policies and processes which the Chief Technology Officer owns and enforces any exceptions or deviations to the policies:; - Third-Party Management Policy; - Risk Management Policy; - Physical Security Policy; - Encryption Policy; - Asset Management Policy; - Acceptable Use Policy; - Secure Development Policy; - Access Control Policy; - Vulnerability Management Policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to information resources shall be managed and executed according to a formal change control process. The change control process will ensure that the proposed changes are reviewed, authorized, tested, implemented, and released in a controlled manner, and the status of each proposed change is monitored. Change management occurs through Altana’s Jira ticketing process where approvals are also tracked.; ; Change control applied to each to each of the following:; ● Information being corrupted and/or destroyed; ● Adverse impact on other organizational processes; ● Computer performance being disrupted and/or degraded; ● Productivity losses being incurred; ● Reputational damage
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Altana complies with industry standard vulnerability management processes that are inline with guidelines such as NIST 800-53, ISO 27001, and SOC2.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Incident Response plan for potential compromise or security incident. Altana is able to identify compromises and abnormalities via cloudtrail and cloudwatch logs and active monitoring of system changes.; ; S1 - Critical Severity: S1 issues require immediate notification to Security and Engineering management and escalation to the C-Suite to ensure proper oversight of the incident.; ; S2 - High Severity: Jira ticket completed and the appropriate manager notified via an email to Security@Altana.ai; ; S3/S4 - Medium and Low Severity: A Jira ticket must be created and assigned to the appropriate department for response.; ; All Incidents have a response time of 24 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: Altana has a structured incident management program that covers detection, response, containment, eradication, recovery, and analysis of security incidents impacting customer data. The program is documented, includes specific procedures, and is regularly tested.; More details on full internal process available upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: MoDNet

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality

  Fighting climate change

  As part of our product roadmap, we plan to work with data providers who have information on the carbon intensity of component materials to provide the visibility companies and suppliers to make better informed decisions - with the aim to guide purchasers toward lower carbon intensive alternatives in the future.

  Covid-19 recovery

  By removing friction in international supply chains, we can help improve the economic functioning of the Covid-19 economic recovery.

  Tackling economic inequality

  By providing greater supply chain visibility and clarity, we believe the global commercial system will become more inclusive and more fair - allowing legitimate entities to flourish while bad actors who foster an unfair and exploitative economic system are rooted out.

Pricing

• Price: £550,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom@altana.ai. Tell them what format you need. It will help if you say what assistive technology you use.