NSC LegacyData Solutions Ltd

DataNovata

Data migration and accessible archiving automation software tools to unlock legacy data at rest from any dependency on the legacy platform, to be rehosted in a cloud environment. The user interface is updated with a modern, intuitive, feature-rich, customisable and compliant web application, which is easily deployed in the cloud.

Features

• No-code automatic generation of database application
• Real-time, drill-down search capability
• Scan across multiple databases for all subject references
• Bookmark and Notes help curate and map content
• Policy-driven rules for lifecycle, privacy and access
• Works with any database with a jdbc or odbc connector
• Industry standard API interoperability
• HTML5 application layer with SSL encryption and SSO capability
• Customisable configuration for enriched data views
• Powerful search, reporting and accessibility features

Benefits

• Accelerates speed of data discovery
• Reduces dependency on aging infrastructure
• Improves UX for workforce
• Shrinks the operational footprint for data management
• Optimises the cost of application portfolio management
• Allows for data sharing models across siloed systems
• Enables data-as-a-service for customer-facing inquiries
• One-solution-fits-all reduces the procurement cycle
• Small, agile implementation that engages the business needs
• Highly-stable, worry-free, long-term solution

£5,000 to £11,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at howard.sherrington@nscgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

679134764453807

Contact

Howard Sherrington
0161 236 0535
howard.sherrington@nscgroup.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements: DataNovata software licence

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Priority 1 Contact within 4 Support Hours Immediate and continuing effort during Support Hours.; Priority 2 Contact within8 Support Hours Contact within 1 Business Days; Priority 3 Contact within 1 Business Days Contact within 2 Business Days; Priority 4 Contact within 2 Business Days Contact within 2 Business Days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Priority 1 The Software is unusable or causes a system using the Software to be functionally unusable. Priority 1 is reserved for Technical Problems that occur with Licensee’s production environment.; Priority 2 Use of the Software has materially degraded, or otherwise causes a Technical Problem more serious than a Priority 3 Technical Problem.; Priority 3 The Software has malfunctioned, but does not materially impact the functionality of the system.; Priority 4 Licensee’s inquiry requires information or assistance on the Software capabilities in accordance with the Documentation.; ; The nature of the technology is that all support can be delivered remotely. However, if the support cannot be remedied remotely due to a government policy reasons, the charge to deliver support services on-site would be at a standard day rate of £750/day. This fee is due on embarcation to the client site and is chargeable even in the event that the defect is not attributable to the software or services provided by LegacyData Systems and can therefore not be remedied by our technicians
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: 1. Users are asked to provide information on how they will use the application to retrieve data. Typically this is done by users providing example screens and reports of the data they commonly interact with.; 2. Once the DataNovata application has been configured users are invited to conduct acceptance testing. Training is provided for this purpose.; 3. Users will collaborate with our technicians during testing to perfect the solution within the scope of their requirement.; 4. Once accepted, any additional users will be trained and the operational user manual will be published.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: MS Word
• End-of-contract data extraction: The data will always remain the property of the user. ; The entire database may be copied/downloaded intact at any time. Only the UI application will be withheld at the end or curtailment of the license. Miscellaneoous administrative costs may be applicable for managing this service.
• End-of-contract process: On conclusion of the license the application will be locked from further use by the license key. We request the client to delete the software and provide documented evidence of such.; If the client chooses to extend the license by commercial arrangement, a new license key will be provided to retain/re-activate the application.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: The API allows users of different, but related application databases to interrogate content from the data history that is stored within the databases to which DataNovata is the primary access vehicle. ; ; The API, as with the DataNovata application, is read-only
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The entire application template can be customised to suit internal UI standards.; The screen maps for transaction inquiry can be customised to the familiar format of the source application from which the data originated.; Administrators can customise rules that govern life-cycle, access and privacy; Calculations, inquiries and reports can be customised to enrich data intelligence; All these customisation features are delivered as a service to the user

Scaling

• Independence of resources: There are control features within the application to limit the number of results that can appear on each page of an search form in order to reduce the volume of network traffic on broad searches.; ; All searches are fully-indexed on configuration to accelerate response times and reduce workload.; ; There are other optimisation features that can be applied for different circumstances, based on the database configuration, number of active/unused tables.

Analytics

• Service usage metrics: Yes
• Metrics types: Audit log of user access and application activity
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Any data can be exported odf compatible with MS Excel and will appear as a fully-structured worksheet in the same context as the online search screen or report. ; ; Users must be set up with authorisation to use this feature.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Any jdbc/odbc connected database
  • Flat file

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service is hosted on MS Azure, SLA are Azure SLAs based on level of resilience implemented into the environment.
• Approach to resilience: Service is hosted on MS Azure. Full details available on request
• Outage reporting: Dashboard and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: DataNovata allows any number of security roles to be configured, providing different sets of users with differing levels of access. For example, 'regular' users may only be able to see a limited set of data, 'supervisors' may be able to see and do more, whereas support users may be restricted to just resetting passwords with no access to data. DataNovata is completely flexible in how access is configured based on the business needs. It can also be linked to an LDAP service such as Active Directory.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Currently working towards ISO27001 standard.
• Information security policies and processes: The Company maintains an Acceptable Use Policy of operational requirements and security controls that all Company personnel adhere to.; All Company personnel are asked to sign the Acceptable Use Policy before being granted access.; Access to systems and data will be authorised based on business need, security requirements, and the principle of least privilege.; Access to sensitive data will be on a need to know basis.; Access to data will be managed through strong identification and authentication controls (including unique user IDs and strong passwords).; The Company will maintain a user access management process, including key personnel approval of access requests, to prevent unauthorised access to systems.; Access will be restricted to privileged system accounts (Domain Administrators, Database Admins, etc.) and access to such accounts reviewed periodically.; ; The Data Compliance Officer is responsible for ensuring the Company operates in compliance with this policy.; The Managers are responsible for ensuring their departments operate in compliance with this policy.; The Data Compliance Officer and the Management Team are responsible for ensuring personnel complete appropriate information security training periodically.; The Data Compliance Officer is responsible for ensuring this policy is reviewed periodically, or following any major change to the security programme.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Operating systems and software will be patched with up-to-date and relevant security updates on a timely basis.; Remote transfers of sensitive data will be performed over secure channels, e.g. SFTP, Site-to-Site VPN, HTTPS, etc. A new SFTP account is created for use only be the intended recipient, with the password sent separately. Once receipt of the data has been confirmed, the zip file will be deleted from the SFTP account.; All external facing systems are subject to regular vulnerability scanning. If any vulnerabilities are identified, appropriate and timely remedial action will be taken to reduce risk to an acceptable level.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: For the Software only, we monitor threat alerts constantly and test the software for vulnerability whenever the risk arises. ; ; Patches, if needed are deployed typically within a 24-36 hour period.; ; Potential threats are identified through notable public channels, our own security software provider services and client observation of potential threats to their particular estate. All potential threats are treated with the same degree of prioritisation.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The Company examines threats, vulnerabilities, the likelihood that the threat will take place and the impact of it should it occur. A 5-point scale is used to describe the likelihood of an event taking place and the impact that it is likely to have.; ; We deliver patch updates to clients/implementation as a preventive measure according to the scale and urgency of risk.
• Incident management type: Undisclosed
• Incident management approach: Each client is provided with details of the technical support helpline (office hours only, 24/7 support can be provided if required) and a dedicated email address to report incidents.; A ticket is raised on the support portal for each incident reported, the incident is acknowledged with the client in accordance with the agreed SLA and a ticket reference number is supplied.; Email updates are regularly provided to the client during incident resolution in accordance with the SLA, with a incident resolution report emailed at the conclusion of the process.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The company has implemented a hybrid working policy. Office space has been downsized and daily commutes reduced in order to reduce the company carbon footprint.

Pricing

• Price: £5,000 to £11,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at howard.sherrington@nscgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.