Matillion

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Hybrid cloud
Service constraints: Cloud vendors supported: GCP, Azure, AWS
Each cloud provider will have vendor-recommended hardware requirements (t2.large minimum for example)
Software limited on which cloud data warehouses it can feed data to (Snowflake, Redshift, BigQuery, Synapse)
System requirements: Modern browser (Chrome, Chromium, Firefox, Edge)

User support

Email or online ticketing support: Email or online ticketing
Support response times: Within 4 hours Mon - Fri 9am - 5pm
24/7 service is available on request at an additional cost depending on size of environment
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: We provide office hours support desk service via email, phone and video conference.
Support is provided free of charge for anything to do with ensuring that the software is working as it should. Support is only charged for work which would classify as consulting assistance - this is usually separately agreed with clients in advance.
All accounts have an assigned account manager.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Matillion is intuiitive in that it is very easy to start using and get results, but we offer professional services with Matillion that help you train your users and provide best-practices advice on both, workflow building, schedulling, data query, as well as peripheral infrastructure setup and advice. Training (both on- and off-site) is available at additional charge, and might be better utilised as part of project-based consultancy, however does not have to be. We also provide extensive range of articles written by our consultants that cover getting-started questions.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Matillion acts as an orchestrator of jobs, and therefore does not store customer data on it's server (beyond metadata that it requires for operation and connectivity to source services), however various matillion-specific objects (for example workflow jobs) can be extracted in json form. Beyond that Matillion is running on a VM (virtual machine) operating within your cloud environment, there is a full SSH access (sudo enabled) to that box.
End-of-contract process: You can delete (deallocated and terminate) VM that Matillion is running on which could effectively serve as end-of-contract process.

Using the service

Web browser interface: No
Application to install: No
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Service interface is part of the same IO, but all UI elements are permissions-controlled
Accessibility standards: None or don’t know
Description of accessibility: Accessible through web-based user interface
Accessibility testing: N/a
API: Yes
What users can and can't do using the API: REST API endpoints allow users to interact with various internal matillion components (database drivers), operate workflows, manage jobs, version control, password and authentication (oauth) management, manage queues, schedules and users. All API access is granted through user-level permissions, with fine-grained control on what can be modified.
API documentation: Yes
API documentation formats: HTML
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: Service is extendable, in that users are able to create and use custom drivers (for example custom SAP-drivers), custom APIs (through API Profile functionality). Use of custom scripting libraries (for example python libraries), installation of which requires admin-level access, is also permitted.

Scaling

Independence of resources: Number of concurrent users (as opposed to registered) are determined by VM (virtual hardware) size. From 2 to 24 users on single instance, with multiple instances and high-availability cluster support available as well. Realistically this is developer-centric platform so larger number of concurrent user is unusual pattern for this type of system, but measures to handle demand can largely be handled within your own infrastructure team.

Analytics

Service usage metrics: Yes
Metrics types: Matillion does collect telemetry data on most frequently used components to understand usage of it's service. The concent is entirely opt-in, clearly labeled within the UI. https://documentation.matillion.com/docs/2971426

On orchestration job level -- job monitoring is provided through UI task manager (also accessible through API). Admins can also download server log for troubleshooting.
Reporting types: API access

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Matillion

Staff security

Staff security clearance: Staff screening not performed
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Matillion does not store any user data, but acts as conduit between source system and target data warehouse database in terms of data transfers. Matillion does hold definitions of the orchestration jobs, metadata of both source systems and target systems, user data, which is exportable through UI as well as via API.
Data export formats: Other
Other data export formats: JSON
Data import formats: Other
Other data import formats: JSON

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: SLA are backed by and depend on the chosen public cloud provider, all three major cloud providers (AWS, Azure, GCP) guarangee at least 99.99% monthly uptime percentage, with service credit for any SLAs that are missed. For example if uptime drops to 99.00% 10% credit will be applied.
Approach to resilience: Resilience is backed and provided by the underlying public cloud infrastrucuutre (topology of which you manage in-house). Matillion is available on all three major clouds -- AWS, GCP, Azure.
Outage reporting: Alerting can be set up within individual cloud provider's environment, for example on AWS you are able to define alers through CloudWatch service, which can communicate outage in a any number of ways, including email, SMS, push etc depending on the cloud topology of your choice

Identity and authentication

User authentication needed: Yes
User authentication: Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password

Other
Other user authentication: SAML
Kerberos
Active Directory
OpenID
Access restrictions in management interfaces and support channels: Management Interfaces and support channels are secured using roles applied to users to maintain the separation of ability of users. The system is designed to allow only specific and absolutely necessary users the ability to alter authentication and authorisation. Default permission for new users is always set to deny all access until it is specifically granted by and administrative account.
Access restriction testing frequency: At least every 6 months
Management access authentication: Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: Data Security is taken very seriously, Matillion as organisation are working toward SOC and ISO 27001 compliance and haavean internal security governance policy, but this is not currently one that is accredited to an external standard. We have never had a security incident or breach.
Information security policies and processes: We have a detailed IT Policy (Security and Internet) which we can make available on demand. The key points of which are:
Roles and responsibilities - the policies are established, monitored and breaches investigated by the directors, but at a core level everyone has a responsibility for security.
Monitoring - we reserve the right to monitor employee use of IT resources, tracking and remote wipe software is installed on all devices
Damage and loss - defined actions in the event of damage or loss of equipment
Misuse and vandalism
Specific guidelines concerning encryption and security admin policies of portable devices, memory sticks, mobile phones, laptops, AV software, email attachments, commitments in emails, IM systems, licensing of software, and password policies.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: At platform level -- release notes for each major version of Matillion will list major fixes and general changes to the system since last release.

All jobs that matillion generates to orchestrate data movement from source system to target data warehouse are tracked server-side, with job versioning system built in (both in-house built system as well as open-source git integration available)
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: AWS (as well as other cloud providers eg GCP and Azure) have a built in vulnerability testing process which allows the on-demand testing of an VM instance (that we control / have access to).
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Amazon Web Services (as well as other major cloud providers) provide assurance that they take responsibility for identifying potential compromises and alert users on discovery. Response times for such incidents are managed by the underlying cloud provider's team.
Incident management type: Supplier-defined controls
Incident management approach: User reported incidents go to our support desk for triage. If the support desk cannot resolve it immediately it is escalated to the correct specialist within the team.
Incidents discovered by our team would be notified directly to the client. Minor issues would usually be resolved then alerted. Major issues would be alerted first and then the focus would move on to resolution.
Incidents are reported via email

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

We endeavour to do our best in fighting climate change and have made an active effort to switch our delivery to remote working vs onsite delivery where possible, thus reducing our travel & impact on the environment.
Covid-19 recovery: Covid-19 recovery

As COVID-19 continues to affect us all this year, we want to recognize the balance of time and energy it takes to keep our day-to-day responsibilities moving along. Whether you are managing a large family or living the single life, COVID seems to keep trying to throw a wrench in all of our plans.

To help handle this burden, we are putting a new PTO category in place. For 2022, we're making 80 hours available to each employee to be used for the time COVID is taking from us all. This time should be used specifically for:

Vaccine-Related. Attending a vaccine or booster appointment, either for yourself or a family member. Or, you are dealing with vaccine-related symptoms or are caring for a family member with vaccine-related symptoms.
Caring for Yourself. You have been diagnosed with COVID-19 and are experiencing symptoms, or are seeking medical diagnosis and help due to these symptoms.

Caring for Family. You are caring for a family member who has COVID, or you are caring for someone subject to a COVID-19 quarantine or isolation period. You are caring for a child whose school or place of care is closed or unavailable due to COVID-related closure.
Tackling economic inequality: Tackling economic inequality

We endeavour to try our best to tackle economic inequality.
Equal opportunity: Equal opportunity

We endeavour to try our best to offer equal opportunities.
Wellbeing: Wellbeing

We endeavour the try our best to supporting employee wellbeing

Pricing

Price: £0 to £2.30 a unit a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: 14 day trial period of fully functioning evaluation copy of the software, sufficient to establish viability and appropriateness of the solution plus any proportionate assistance. Cloud infrastructure charges (eg cost of VM hardware resources) still apply.
Not included: extensive custom development of bespoke solutions
Link to free trial: https://aws.amazon.com/marketplace/pp/Matillion-Matillion-ETL-for-Snowflake/B073GRSSZD

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Matillion

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents