NSC LegacyData Solutions Ltd


Data migration and accessible archiving automation software tools to unlock legacy data at rest from any dependency on the legacy platform, to be rehosted in a cloud environment. The user interface is updated with a modern, intuitive, feature-rich, customisable and compliant web application, which is easily deployed in the cloud.


  • No-code automatic generation of database application
  • Real-time, drill-down search capability
  • Scan across multiple databases for all subject references
  • Bookmark and Notes help curate and map content
  • Policy-driven rules for lifecycle, privacy and access
  • Works with any database with a jdbc or odbc connector
  • Industry standard API interoperability
  • HTML5 application layer with SSL encryption and SSO capability
  • Customisable configuration for enriched data views
  • Powerful search, reporting and accessibility features


  • Accelerates speed of data discovery
  • Reduces dependency on aging infrastructure
  • Improves UX for workforce
  • Shrinks the operational footprint for data management
  • Optimises the cost of application portfolio management
  • Allows for data sharing models across siloed systems
  • Enables data-as-a-service for customer-facing inquiries
  • One-solution-fits-all reduces the procurement cycle
  • Small, agile implementation that engages the business needs
  • Highly-stable, worry-free, long-term solution


£5,000 to £11,000 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at howard.sherrington@nscgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 7 9 1 3 4 7 6 4 4 5 3 8 0 7


NSC LegacyData Solutions Ltd Howard Sherrington
Telephone: 0161 236 0535
Email: howard.sherrington@nscgroup.co.uk

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
System requirements
DataNovata software licence

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Priority 1 Contact within 4 Support Hours Immediate and continuing effort during Support Hours.
Priority 2 Contact within8 Support Hours Contact within 1 Business Days
Priority 3 Contact within 1 Business Days Contact within 2 Business Days
Priority 4 Contact within 2 Business Days Contact within 2 Business Days
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Priority 1 The Software is unusable or causes a system using the Software to be functionally unusable. Priority 1 is reserved for Technical Problems that occur with Licensee’s production environment.
Priority 2 Use of the Software has materially degraded, or otherwise causes a Technical Problem more serious than a Priority 3 Technical Problem.
Priority 3 The Software has malfunctioned, but does not materially impact the functionality of the system.
Priority 4 Licensee’s inquiry requires information or assistance on the Software capabilities in accordance with the Documentation.

The nature of the technology is that all support can be delivered remotely. However, if the support cannot be remedied remotely due to a government policy reasons, the charge to deliver support services on-site would be at a standard day rate of £750/day. This fee is due on embarcation to the client site and is chargeable even in the event that the defect is not attributable to the software or services provided by LegacyData Systems and can therefore not be remedied by our technicians
Support available to third parties

Onboarding and offboarding

Getting started
1. Users are asked to provide information on how they will use the application to retrieve data. Typically this is done by users providing example screens and reports of the data they commonly interact with.
2. Once the DataNovata application has been configured users are invited to conduct acceptance testing. Training is provided for this purpose.
3. Users will collaborate with our technicians during testing to perfect the solution within the scope of their requirement.
4. Once accepted, any additional users will be trained and the operational user manual will be published.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Word
End-of-contract data extraction
The data will always remain the property of the user.
The entire database may be copied/downloaded intact at any time. Only the UI application will be withheld at the end or curtailment of the license. Miscellaneoous administrative costs may be applicable for managing this service.
End-of-contract process
On conclusion of the license the application will be locked from further use by the license key. We request the client to delete the software and provide documented evidence of such.
If the client chooses to extend the license by commercial arrangement, a new license key will be provided to retain/re-activate the application.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
User support accessibility
What users can and can't do using the API
The API allows users of different, but related application databases to interrogate content from the data history that is stored within the databases to which DataNovata is the primary access vehicle.

The API, as with the DataNovata application, is read-only
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The entire application template can be customised to suit internal UI standards.
The screen maps for transaction inquiry can be customised to the familiar format of the source application from which the data originated.
Administrators can customise rules that govern life-cycle, access and privacy
Calculations, inquiries and reports can be customised to enrich data intelligence
All these customisation features are delivered as a service to the user


Independence of resources
There are control features within the application to limit the number of results that can appear on each page of an search form in order to reduce the volume of network traffic on broad searches.

All searches are fully-indexed on configuration to accelerate response times and reduce workload.

There are other optimisation features that can be applied for different circumstances, based on the database configuration, number of active/unused tables.


Service usage metrics
Metrics types
Audit log of user access and application activity
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Any data can be exported odf compatible with MS Excel and will appear as a fully-structured worksheet in the same context as the online search screen or report.

Users must be set up with authorisation to use this feature.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • Other
Other data import formats
  • Any jdbc/odbc connected database
  • Flat file

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service is hosted on MS Azure, SLA are Azure SLAs based on level of resilience implemented into the environment.
Approach to resilience
Service is hosted on MS Azure. Full details available on request
Outage reporting
Dashboard and email alerts

Identity and authentication

User authentication needed
User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
DataNovata allows any number of security roles to be configured, providing different sets of users with differing levels of access. For example, 'regular' users may only be able to see a limited set of data, 'supervisors' may be able to see and do more, whereas support users may be restricted to just resetting passwords with no access to data. DataNovata is completely flexible in how access is configured based on the business needs. It can also be linked to an LDAP service such as Active Directory.
Access restriction testing frequency
At least once a year
Management access authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Currently working towards ISO27001 standard.
Information security policies and processes
The Company maintains an Acceptable Use Policy of operational requirements and security controls that all Company personnel adhere to.
All Company personnel are asked to sign the Acceptable Use Policy before being granted access.
Access to systems and data will be authorised based on business need, security requirements, and the principle of least privilege.
Access to sensitive data will be on a need to know basis.
Access to data will be managed through strong identification and authentication controls (including unique user IDs and strong passwords).
The Company will maintain a user access management process, including key personnel approval of access requests, to prevent unauthorised access to systems.
Access will be restricted to privileged system accounts (Domain Administrators, Database Admins, etc.) and access to such accounts reviewed periodically.

The Data Compliance Officer is responsible for ensuring the Company operates in compliance with this policy.
The Managers are responsible for ensuring their departments operate in compliance with this policy.
The Data Compliance Officer and the Management Team are responsible for ensuring personnel complete appropriate information security training periodically.
The Data Compliance Officer is responsible for ensuring this policy is reviewed periodically, or following any major change to the security programme.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Operating systems and software will be patched with up-to-date and relevant security updates on a timely basis.
Remote transfers of sensitive data will be performed over secure channels, e.g. SFTP, Site-to-Site VPN, HTTPS, etc. A new SFTP account is created for use only be the intended recipient, with the password sent separately. Once receipt of the data has been confirmed, the zip file will be deleted from the SFTP account.
All external facing systems are subject to regular vulnerability scanning. If any vulnerabilities are identified, appropriate and timely remedial action will be taken to reduce risk to an acceptable level.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
For the Software only, we monitor threat alerts constantly and test the software for vulnerability whenever the risk arises.

Patches, if needed are deployed typically within a 24-36 hour period.

Potential threats are identified through notable public channels, our own security software provider services and client observation of potential threats to their particular estate. All potential threats are treated with the same degree of prioritisation.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The Company examines threats, vulnerabilities, the likelihood that the threat will take place and the impact of it should it occur. A 5-point scale is used to describe the likelihood of an event taking place and the impact that it is likely to have.

We deliver patch updates to clients/implementation as a preventive measure according to the scale and urgency of risk.
Incident management type
Incident management approach
Each client is provided with details of the technical support helpline (office hours only, 24/7 support can be provided if required) and a dedicated email address to report incidents.
A ticket is raised on the support portal for each incident reported, the incident is acknowledged with the client in accordance with the agreed SLA and a ticket reference number is supplied.
Email updates are regularly provided to the client during incident resolution in accordance with the SLA, with a incident resolution report emailed at the conclusion of the process.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

The company has implemented a hybrid working policy. Office space has been downsized and daily commutes reduced in order to reduce the company carbon footprint.


£5,000 to £11,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at howard.sherrington@nscgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.