datb limited

datb - kinodb Enterprise Application Platform

datb's kinodb is a cloud-hosted platform for the development, deployment and integration of cloud-hosted enterprise-scale applications.
kinodb is a metadata-driven development and deployment environment enabling the specification of entire suites of applications entirely in data, rather than as code. This brings significant benefits in productivity and reliability.

Features

• Metadata-based application development allows definition of complex systems in data
• Based on standard relational database technology (Oracle/MSSQL/MariaDB/MySQL)
• Full-lifecycle support including automated deployment and change tracking
• In-built reporting functionality to provide fully integrated reporting
• Full security model enables multiple user types & roles
• Full web service support (XML/JSON) makes integrations simple
• Platform updates ensure continued compatibility as browser etc. standards change
• Management console controls backups, service status etc.
• Support for mobile devices, including offline data entry
• Enables implementation of complex systems with no additional code

Benefits

• Far greater productivity than any conventional development techniques
• Ideally suited to incremental and iterative development
• Defined purely in metadata, applications are far easier to maintain
• Technology updates provided by the platform, not by application changes
• Applications and data can be migrated between supported database platforms
• Suitable for the development of applications of all types
• Managed migration of changes from dev to test & production
• Scaleable to thousands of concurrent users
• Support for all standard browsers (Edge, Chrome, Safari, Firefox)
• No client-side installation required for developer or end-user access

£60,000 a licence a year

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bushman@datb.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

570491333756008

Contact

Mark Bushman
020 7923 9239
mark.bushman@datb.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Browser for developer, administrator & end-user access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: One hour during business hours; additional out-of-hours cover by arrangement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support agreement covers faults in the application by telephone, email or online, plus assistance to administrative users in the configuration and operation of the application. Additional levels of cover (out-of-hours, business support etc.) can be arranged by agreement. Reported issues are assigned a priority that determines the target time to resolution: Priority 1 - One business day, Priority 2 - Three business days, Priority 3 - 10 business days, Priority 4 - Next scheduled release. Support costs are included in the platform licence cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users may request access to a cloud-hosted proof-of-concept environment to assess suitability. Various training resources are available:; Online technical documentation,; Training materials,; On-site or online training,; Ongoing training / consultancy to ensure productive client use.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is stored using conventional relational database structures in the database platform of the client's choosing (Oracle, SQL Server, MariaDb, MySQL). This can be accessed using conventional database tools from the DBMS provider or a third party. Alternatively, data can be accessed via web services defined within the application and described elsewhere in this document.
• End-of-contract process: No additional costs at the end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The platform provides adaptive and responsive behaviours enabling use on devices of all sizes without application changes. Application content can be made specific to mobile devices if specific use-cases require it. A separate capability enables the delivery of forms and associated data to mobile devices when connected, to allow completion of forms and collection of data (video / images / voice notes etc.) when the device is offline. Entered data is synchronised with the main application when network connectivity is regained. This offline functionality is device independent, relying only on modern browser capabilities.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The platform enables developers to implement web services supporting any XML- or JSON-based data interchange required by their application. Web services may operate as client (requesting data from an external interface) or as server (responding to requests from external systems). Access to web services requires a token generated by the application; separate tokens may be assigned to individual users, organisations or systems to control access and to audit data access / updates as required.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As a full development environment, the kinodb platform allows the definition of data models, security configuration & user roles, data processing, reporting, interfaces and associated functionality to meet the requirements of applications of all types.; The platform includes a full development environment accessible to authorised users. Development will typically be undertaken in one or more development environments delivering their changes to a master environment and thence to test and production instances of the environment.

Scaling

• Independence of resources: Instances of the platform are isolated within the chosen cloud environment and do not share resources with those of other clients.

Analytics

• Service usage metrics: Yes
• Metrics types: User sessions are recorded within the platform. ; Resource usage (memory, sessions etc.) is logged periodically.; Service availability and status are subject to automated monitoring.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Exports can be performed using tools provided by the database vendor or a third party.; Applications can define data export functionality allowing export to Excel, PDF, CSV formats.; Web services can be defined to allow querying of data as XML or JSON data structures.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • PDF
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Different cloud infrastructure providers offer various levels of availability. Oracle Cloud Infrastructure (OCI), which is our standard choice if no alternative is preferred, offers 99.9% or greater availability for the components that we deploy (server, database, load balancer etc.)
• Approach to resilience: Depends on the selected cloud infrastructure provider. For Oracle Cloud Infrastructure (OCI), please refer to https://www.oracle.com/a/ocom/docs/caiq-oracle-cloud-applications.pdf
• Outage reporting: A dashboard is available within the management console providing service status.; The management application queries the application server's status hourly.; Emails can be configured to inform administrative users of a variety of issues including a 'down' status.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the management interface is typically via user name and password, requiring additionally a second authentication factor (for instance a one-time code generated by Google Authenticator or similar, or emailed to the user).; Access to the support portal is via user name and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification (UKAS 8320)
• ISO/IEC 27001 accreditation date: 15/03/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: The selected cloud infrastructure provider will have appropriate additional certifications.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO27001 certification and Cyber Essentials Plus. Our technical director holds overall responsibility for security policy. All staff are required to undertake a security self-assessment semi-annually; we conduct a semi-annual security questionnaire to ensure that staff are aware of correct processes. All security exceptions are logged within our internal management system and reviewed weekly at board level. We monitor threat reporting services to ensure that we are aware of emerging threats. End-user devices (desktops, laptops) are encrypted and centrally managed. Mobile devices with corporate access must be of defined types with biometric security, and are required to be kept up-to-date with security patches. Our activities are also controlled by our ISO 9001 certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of the service are subject to change management processes in compliance with ISO27001. All changes are subject to a quality review; this includes an assessment of all code and configuration changes with specific reference to any security impacts that they may have.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor a variety of threat notification resources weekly and assess these in terms of any threat that they may present. We deploy patches regularly, or in response to a newly-identified security issue. We commission comprehensive penetration testing at least annually - this involves a skilled third party with full knowledge of, and access to, a configured application server in order to attempt to exploit any vulnerability present in our standard build.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We monitor cloud infrastructure logs, network activity logs and application event logs. The application server monitors and records all external access attempts. Security exceptions (failed login attempts, CSP violations etc.) are recorded and reported to the management server, which is configured to alert administrative users of significant events / exceptions. If a potential compromise is suspected, our security exception process ensures that specific actions are taken to minimise impact, preserve evidence, ensure that appropriate people are informed and to prevent further compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: Our internal management application requires staff to record an 'exception' in response to any out-of-the-ordinary incident. Depending on the exception type, a variety of processes may be appropriate, but will generally result in the recording of an 'intervention', this being used to record the steps required to mitigate the incident. Exceptions and interventions are reviewed weekly in order to determine changes to processes, training needs etc. to prevent recurrence. Customers are notified of specific event types such as security exceptions.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Our staff have worked remotely since 2002, reducing the impact of transport emissions. We seek to minimise use of consumables in our work. datb recognises the importance of climate change issues and addresses these in the following ways: The company does not produce a physical product requiring tangible resources; All staff work from home, largely eliminating the carbon footprint of commuting; Staff equipment is selected with regard to its energy efficiency, longevity and recyclability; All of our servers are cloud hosted, which has been shown to reduce energy use and the carbon footprint; Suppliers providing cloud hosting are vetted by datb to ensure that they hold ISO27001 certification, this will ensure that these suppliers have considered the impacts of climate change upon their services. Most significantly, our technology facilitates the development of systems enabling collaborative working by geographically separated teams, reducing travel requirements and greatly reducing the need for paper documentation.

Pricing

• Price: £60,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can provide a test instance of the platform suitable for a trial exercise, allowing potential clients to investigate capabilities with no commitment. This provides all functionality available within the full product. Timescales are subject to discussion with the potential client.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bushman@datb.com. Tell them what format you need. It will help if you say what assistive technology you use.