Snowflake

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Snowflake is offered in multiple editions, which customer can choose from. Access to features, support and any constraints are driven by the Edition type.

For more information please refer to: https://docs.snowflake.com/en/user-guide/intro-editions
System requirements: Chrome 47 - Snowflake recommends using Google Chrome

Safari 9

Firefox 45

Opera 36

Edge 12

User support

Email or online ticketing support: Email or online ticketing
Support response times: Premier Support response time targets:
Sev 1: 1 hour
Sev 2: 2 business hours
Sev 3: 1 business day
Sev 4: 2 business days

Priority Support response time targets:
Sev 1: 15 minutes
Sev 2: 2 hours
Sev 3: 4 business hours
Sev 4: 1 business day

For more details, please refer to the below:
https://www.snowflake.com/support/
https://www.snowflake.com/legal/support-policy-and-service-level-agreement/
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Onsite support
Support levels: Premier Support is included in your contract.

Priority Support can be purchased in addition. Priority support services include Support Account Management.

For more details please refer to the below:
https://www.snowflake.com/support/
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We can support by setting up a Snowflake account and initial objects, users and roles to get you started.

We also provide online and/or onsite Snowflake training.

Our team of certified experts can support you throughout the whole process, from providing best practices to resource augmentation to developing end-to-end solutions.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Data can be unloaded to flat files to one or multiple cloud providers storage services (AWS, Azure, GCP). This process will come at a cost, depending on data volume and the chosen cloud provider for your Snowflake account.
End-of-contract process: At the end of a contract, customers can choose to extend it or, if choosing to end it they won't be able to access their accounts.
Upon termination customers will have up to 30 calendar days to retrieve customer data.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: Yes
Compatible operating systems: Linux or Unix

MacOS

Windows
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Web interface - Snowsight
Command line tool - SnowSQL
Accessibility standards: None or don’t know
Description of accessibility: Through web browser
Standard ODBC/JDBC connectors
Through any partner connectors
Accessibility testing: NA
API: Yes
What users can and can't do using the API: The Snowflake SQL API is a REST API that you can use to access and update data in a Snowflake database.
API documentation: No
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Customers can customise their package and services dependant on their needs.

Scaling

Independence of resources: Usage of resources defined by each customer. Customer can enable auto scaling of the virtual warehouses. There is possibility to use multi-cluster set- up.
For more details, please refer to: https://docs.snowflake.com/en/user-guide/warehouses-multicluster

Analytics

Service usage metrics: Yes
Metrics types: There is Snowflake build-in monitoring tools. Which can help proactively optimize and manage query performance and prevent overrunning costs.
There is also possibility to use third party monitoring tools.

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: Snowflake

Staff security

Staff security clearance: Staff screening not performed
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Other
Other data at rest protection approach: N Snowflake, all data at rest is always encrypted and encrypted with TLS in transit. Snowflake also decrypts data when data is transformed or operated on in a table, and then re-encrypts the data when the transformations and operations are complete.

For more information please refer to:
https://docs.snowflake.com/en/user-guide/security-encryption-end-to-end
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Manual CSV Upload
You can manually download from Snowflake and load data into Google Sheets, ideally for one-off use cases. You can do this by writing a simple query in the Snowflake console and downloading the results in CSV format. Then, upload the CSV file to Google Sheets to start using it.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: Monthly Availability Percentage for Snowflake Service is 99.9.%.

Complex approach available at:
https://www.snowflake.com/legal/support-policy-and-service-level-agreement/
Approach to resilience: Snowflake leverages the cloud to ensure redundancy and transparent failure recovery, whether from failure of a single component or even of multiple availability zones. This resiliency is built into the Snowflake service and is available out of the box without setup or management.
Outage reporting: A Public Dashboard - https://status.snowflake.com/

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Snowflake support personnel can only obtain access to customer accounts once customers grant explicit access and permissions to their account. This access is logged and is temporary, expiring within 24 hours or upon manual termination by the customer.

Customers control the level of access granted to the support personnel and can review logs as needed to determine what was performed by the support personnel.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: A-Ling
ISO/IEC 27001 accreditation date: 5/20/2022
What the ISO/IEC 27001 doesn’t cover: Certification covers entire production environment of the Snowflake service.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: Yes
Who accredited the PCI DSS certification: A-Ling
PCI DSS accreditation date: 5/19/2022
What the PCI DSS doesn’t cover: The PCI DSS certification covers the entire production environment of the Snowflake service.
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: FedRAMP Moderate

HITRUST

SOC 1 Type II

SOC 2 Type II

IRAP (Protected)

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: Please refer to Snowflake’s compliance website for security governance standards/certifications: https://www.snowflake.com/snowflakes-security-compliance-reports/
Information security policies and processes: See Security Addendum which describes security processes in place. These processes are put in place based on documented policies and procedures. https://www.snowflake.com/legal/security-addendum/

All employees are required to read and acknowledge policies and procedures (including the Information Security Policy) as part of their annual training.

Logging, monitoring, and alerting are in place for security processes to help ensure policies are followed. Periodic information security and governance audits also occur multiple times per year.

Policies are managed by the Security Compliance team and require approvals from leadership at least annually. The Security Compliance team reports to the VP of Security who reports to the CFO.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Production system and software changes are reviewed, tested, and approved prior to deployment to production to ensure the change meets the authorization, design, acquisition, implementation, configuration, and testing requirements to ensure security, availability and confidentiality as outlined in the Secure Development Life Cycle at Snowflake Policy.

For more details on this process please view compliance reports such as the SOC 2 on this website: https://www.snowflake.com/snowflakes-security-compliance-reports/
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Regular internal and external vulnerability scans are automatically performed weekly using an up-to-date vulnerability database.

Scans that detect vulnerabilities meeting Snowflake-defined risk criteria automatically trigger notifications to Security personnel and are remediated according to the documented policy.

● Alerts are evaluated by Security personnel.
● Critical, High and Medium vulnerabilities are documented and tracked to closure.
● Critical vulnerabilities are reported to the Security Committee.

Patches are deployed to the service based on internal policies and procedures.

Information regarding potential threats are also gathered based on industry threat and security alerts from US-CERT, CISA, OWASP, CIS, vendor-supplied notifications and others.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Network activity within Snowflake infrastructure, as well as access to Snowflake, is monitored, logged, and automatically analyzed for suspicious activity to ensure continued system security, integrity, and
availability. Included within this monitoring is the implementation of an Intrusion Detection System (IDS) for systems and networks. Snowflake uses a dedicated Snowflake database, the Snowflake Security Analytics Warehouse (SAW) as its security information and event management (SIEM) tool.

Tickets are automatically generated and reviewed by Security personnel.

Incidents are responded to based on criticality rating and the internal Security Incident Response Process.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: The Snowflake Security Incident Process consists of three major phases, Detect, Analyze, and Respond, which are documented in detail in the Snowflake Incident Process Policy. Snowflake records, investigates, and resolves production problems reported by internal and external Snowflake users in a timely manner. All incidents that are classified as high impact must go through a post-mortem process to identify changes to policies, procedures, best practices, and documentation to improve the prevention, detection, containment, analysis of or response to applicable incidents.

Incidents are reported/communicated to customers and/or other parties according to contracts, laws, and regulations.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Equal opportunity

Fighting climate change

We endeavour to do our best in fighting climate change and have made an active effort to switch our delivery to remote working vs onsite delivery where possible, thus reducing our travel & impact on the environment.

Equal opportunity

Being an equal opportunity employer cultivates a workplace where diversity is embraced and valued. It fosters inclusivity, ensuring all individuals have fair opportunities for employment and advancement regardless of race, gender, age, religion, or background. By prioritizing diversity and inclusion, organizations harness the full spectrum of human potential, driving innovation, creativity, and problem-solving. Embracing equality in employment not only reflects ethical responsibility but also enriches company culture, improves employee morale, and enhances productivity. Ultimately, as a social value, being an equal opportunity employer promotes fairness, equity, and respect, contributing to a more just and harmonious society.

Pricing

Price: £0 a unit
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Free Snowflake trial which includes $400 worth of free usage for 30 days use.
Link to free trial: https://signup.snowflake.com/

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Snowflake

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents