Derilinx Ltd.

Open and Shared Data Catalogue

Data sharing between public service bodies, and sharing / opening with the public

Features

• Data Catalogue based on Open CKAN
• Visualisation based on Open Apache Superset
• Extensive Customisation
• Auditing and Inventory Building
• Planning and Strategy
• APIs
• Data Standardisation and Quality

Benefits

• Shared Data
• Open Data
• Better Data

£399.99 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenderawards@derilinx.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

668902159340292

Contact

Stephen Murray
00353877984808
tenderawards@derilinx.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Common user devices

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Hourly within business days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We assign a dedicated account manager and technical lead
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and documentation is normally enough as it is an intuitive application
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Users can extract via open formats
• End-of-contract process: Happy to transition platform to client / client appointed supplier hosting and maintenance if required

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile focussed interface with core navigation
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: API infrastructure
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Extensive testing and compliance
• API: Yes
• What users can and can't do using the API: Get JSON-formatted lists of a site’s datasets, groups or other CKAN objects; Get a full JSON representation of a dataset, resource or other object; Search for packages or resources matching a query; Create, update and delete datasets, resources and other objects; Get an activity stream of recently changed datasets on a site
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We are open to customisation, and sometimes clients co-own the code (python) with us. Some also adopt our code and take in its development and maintenance.

Scaling

• Independence of resources: We use load management and balancing and have near infinite scaling available.

Analytics

• Service usage metrics: Yes
• Metrics types: Portal usage by user behaviour
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Mainly csv via interface. Other forms also available e.g. API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • HTML
  • WML
  • JSON
  • PDF
  • TXT
  • RSS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS
  • WML
  • JSON
  • XML
  • TXT
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service credits available when SLA levels are not met.
• Approach to resilience: We use multiple redundant resources so any one failure does not affect service. This can span several cloud providers and network geographies for ultimate resilience
• Outage reporting: There is a public dashboard and email alerting

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: We can apply multi-level access management for elevated users, including for MFA
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: https://www.linode.com/legal-security/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have a third party security expert who oversees our platform security and reports to the Director independently
• Information security policies and processes: Tech team all accountable for security to CTO. Security expert is independent of internal lines of reporting and reports directly to the board director on security matters.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have full change management process with roll-back if required. There are separate testing and production environments for all our customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We update any threats to a register daily and respond according to the rating of the threat which may require immediate, daily, weekly or monthly roll-up actions.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We audit for compromise internally daily. We have weekly and monthly checks by an independent third party specialist.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined event response processes. ; Users report incidents via support channels and also have escalation paths to management and board. ; We provide full root cause analysis with learnings / actions to every incident

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Climate change is a multi-stakeholder and therefore a data sharing challenge. We have a track record of working with our clients on climate data to ensure everyone is working together to meet shared climate goals and targets.

  Tackling economic inequality

  Economic Inequality is a multi-stakeholder and therefore a data sharing challenge. We have a track record of working with our clients on economic inequality to ensure everyone is working together to meet social and economic goals and targets.

  Equal opportunity

  Equal Opportunities for all is a multi-stakeholder and therefore a data sharing challenge. We have a track record of working with our clients on these challenges to ensure everyone is working together to meet shared equality goals and targets.

  Wellbeing

  Health and wellbeing for all is a multi-stakeholder and therefore a data sharing challenge. We have a track record of working with our clients on these challenges to ensure everyone is working together to meet shared population health goals.

Pricing

• Price: £399.99 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Agreed based on client's requirements

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenderawards@derilinx.com. Tell them what format you need. It will help if you say what assistive technology you use.