DIGITAL DATA CONSULTANCY LTD

Enterprise Data Catalogue- Suchee

An end-to-end data enterprise data catalogue SAAS solution combining AI enabled tooling, governance concepts and data models all designed to enable data in your organisation to be mobilised effectively for business growth, reporting and compliance, across all domains and constituents.

Features

• Data Cataloging, Data Assets Glossary
• Data Governance, Data Policies
• Digitisation of Business Process
• Metadata Management
• Data Quality- Single record of truth,
• Data Lineage
• Golden Record
• Data Hierarchy Management
• Data Integration ( Configuration Management)
• Data Modelling and Reference Data Management

Benefits

• Creates a single catalogue for business data entities
• Govern data entites with approval worklows
• Manage project level changes to the data entities
• Auto discover to classify metadata in data stacks
• Define lineage of data across business applications
• A business friendly data model for the enterprise

£10,000 to £100,000 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saikat.ghosh@digitaldataconsultancy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

538448833713842

Contact

Saikat Ghosh
07958 122688
saikat.ghosh@digitaldataconsultancy.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Governance of Enterprise Data, Analytics and Business Intelligence, Data Transformation and Modelling, Digitisation of Business, Data Profiling and Cleaning.
• Cloud deployment model: Public cloud
• Service constraints: None. ; Planned maintenance is carried out with minimal disruption to clients and in a managed way.
• System requirements: Any device with a browser and internet connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We will usually use the Project Management tool of the Buyer e.g Jira, Confluence, Asana for users to raise tickets.; If the Buyer does not have a tool, we will use a email id created by us (DDC) for users to raise tickets/post queries.; First response/Acknowledgement-2Within hours of raising the ticket and depending on its urgency we shall provide a resolution time (to be agreed between the Buyer's Project Delivery Manager and us); Weekends- ; We will respond within 4 hours but will not allocate resources to resolve the issue unless it is a critical issue.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support Levels- Email support; Support Levels cost- ; Zero if it is an issue during the course of the Project related to the work/coding being done by us.; If you need support for resolving an issue that has risen due to an error of an user/s from the Buyer's side , we will provide you full support in resolving it. However this could result in an extension to the Project Timeline and hence an unplanned further cost incurred by the buyer. ; We would expect the Buyer to understand this and will proceed to help the Buyer only after a clear discussion about the implications of the cost involved in such a situation. This is so the Buyer is not faced with any sudden increase in spending outside their planned budget.; Support Post Implementation/Project completion-At an agreed cost prior to the support being provided if it is required or as per Buyer's request after Implementation of the deliverables/completion of the Project.; Support Level Responsibility- We will provide a Technical account manager and the cost of this will be included within the price of the software.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We can provide all three (onsite training, online training, or user documentation) or a combination of all the three as agreed with the Buyer.; We can provide and will ideally need to provide a mix of onsite training, online training and User documentation which will be made available containing the best practices for using the features of the software.; We then provide online/onsite assistance and training for the users to understand the various features of the software and how it can be used to incorporate the business data model (bespoke data model ).; We shall help our client to onboard their organisation's details, data assets, relationships between the data assets, policies , data processes relating to the data assets into the software from their existing data sources which will provide them with a full picture and story of their data and its usage for their organisation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The Buyer would be able to extract all the data they need in relation to their organisation as and when required by downloading from the system in system supported formats like excel, files.
• End-of-contract process: The solution is sold in a SAAS model with a annual subscription - see pricing; ; The Buyer can have access to support relating to the software and this is either via email or via a ticket which can be raised within the software itself.; This additional support comes at a cost and it will be as per an agreed contract detailing the level of support and the cost involved between the Buyer and us. The buyer will be under no obligation to purchase the support.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The tool has a service portal for help and support
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We use Zoho platform which is support users of assistive technology
• API: Yes
• What users can and can't do using the API: The API can be used to upload and extract configuration scripts for enterprise master data tool sets
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can build their own connectors to various enterprise application data sets

Scaling

• Independence of resources: Suchee system has no user account restriction and depends on the elasticity of the cloud service it is hosted on currently AWS.; Each user will be working within their own environment (this will ensure adherence of GDPR).; A formal discussion and agreement before the software implementation to formalise the correct licence which will ensure elasticity is maintained for the no of users.; ; The software will consider the licence requirements dependent on the organisations scale and data.

Analytics

• Service usage metrics: Yes
• Metrics types: It will be dependent on the type of licensing purchased.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The data is protected behind a cloud firewall with 128 bit encryption on the API's accessing the data.; The data is accessed by a limited set of users. ; We have all standard measures of data integrity protection. ; Data is securely deleted once the customer leaves the service.; All data is backed up in short frequency to a geographically remote cloud back up service.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The software supports the export of data in various formats allowing data export to the client's systems.; To facilitate this the software allows export of data in various formats including json, csv, xlsx,
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Other
• Other protection within supplier network: The data resides in the application which is hosted on the AWS Cloud.; The security of the data will depend on the security of the Cloud System which we have chosen for our software, currently it is AWS.; We believe that AWS will be ideal in protecting the data within the network as it adheres to industry's standard data protection practices.; No data is transferred or held in the DDC's private network.

Availability and resilience

• Guaranteed availability: To be clear our Data Catalogue software is not a day-to-day usage tool it's not required for day-to-day operations of the business.; However we will have an agreed level of SLA between the buyer and us (Supplier).; The SLA agreement will detail the response times, support and availability dependent upon the client needs and request.; ; However as all Buyer's/client's needs are not similar we are open to drawing up a SLA based on the client's requirements and requests.; ; If for any reason we are not able to provide our services for a particular duration during the software implementation process, we shall not charge you for that time period.
• Approach to resilience: As the service is hosted on AWS it conforms AWS datacentre resilience protocols.
• Outage reporting: As our service is a SAAS solution (Data Catalog) which will be hosted on the AWS reporting of outage in the cloud service will be provided by AWS. Any outage besides a Cloud server outage, outage reporting will be provided by email alerts.; ; An outage of the software meaning the software itself or any of it features becomes unavailable for the users, the reporting will happen via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Here are key approaches; ; 1. **Role-Based Access Control (RBAC)**: Implement RBAC to ensure that users only have access to the resources necessary for their roles within the organization. Define roles clearly and assign permissions based on the least privilege principle, which means giving users the minimum level of access required to perform their jobs.; ; 2. **Multi-Factor Authentication (MFA)**: Require MFA for accessing management interfaces and support channels. MFA adds an additional layer of security by requiring users to provide two or more verification factors to gain access, reducing the risk of unauthorized access due to compromised credentials.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We follow and conform closely CSA CCM version 3.0.; We follow the GDPR guidelines though we don't hold PII Data.
• Information security policies and processes: We have a Information Security Policy in place and our main policies and processes for achieving them is as below:; ; INFORMATION SECURITY POLICIES; Install, or cause to be installed, any unauthorised software onto any DIGITAL DATA CONSULTANCY computer (your departmental IT officer can advise on what software is authorised); Allow malicious software (viruses ) to be loaded onto any DIGITAL DATA CONSULTANCY computer ; Access any system (application, hardware, workstation ) that you are not specifically authorised to access; Access any data that you are not specifically authorised to access; Operate any software that is not compatible with your job function; Circumvent any user authentication and other security measures or any DIGITAL DATA CONSULTANCY computing equipment; Use any DIGITAL DATA CONSULTANCY computing equipment for anything other than legitimate Digital Data Consultancy business.; ; SECURITY INCIDENT/DATA BREACH HANDLING PROCESSES; A security incident is any occasion when it is apparent that any of the stipulations in this document have been violated.; All security incidents must be reported to the head of IT who will direct the Digital Data Consultancy’s response to the incident. Records will be made of the incident, the response and the effectiveness of the response

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use the Asana (Software Management tool) which will track any developments/change management and maintenance of Suchee's features /components; The configuration changes that we make will be tested for the below:; dependencies; compatibility; performance ; potential security impacts
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Anti-virus, firewalls and the cloud server on which Suchee is hosted which will be responsible for assessing and blocking any threats.; The vulnerability /potential threats to Suchee will be the same as faced by the AWS Cloud service provider.; We continuously monitor the potential threats/vulnerabilities from the OWASP , identify the potential threats to our software.; We then at the same time start rectify the threats by deploying patches.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Log Management- Collecting and managing logs from all parts of the SaaS infrastructure, including application logs, system logs, and network logs. .; ; Security Information and Event Management (SIEM): Deploying SIEM systems to aggregate, correlate, and analyze data from different sources to identify patterns that may indicate a security threat. ; ; Vulnerability Scanning: Regularly scanning the infrastructure for vulnerabilities that could be exploited by attackers. ; ; Incident Response and Management**: Establishing a structured process for responding to detected security incidents.; ; Regular Updates and Patch Management**: Ensuring that all software and systems are regularly updated to defend against known vulnerabilities.
• Incident management type: Supplier-defined controls
• Incident management approach: The everyday running of business will not be impacted by any failure from our Software as it is not an operational software.; However for common events which will have an impact on the usage of the software features we have pre-defined processes:; Our Users can use a Incident Reporting Form, by raising Tickets on the Software webpage.; Tippu/Hasan: Incident Report

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Reduces data requests over internet leading to lower carbon footprints.

Pricing

• Price: £10,000 to £100,000 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Base license for three months
• Link to free trial: Www.thesuchee.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saikat.ghosh@digitaldataconsultancy.com. Tell them what format you need. It will help if you say what assistive technology you use.