datb limited

datb - Local Government Platform

datb’s Local Government Platform (LGP) provides a set of components for the development, deployment, and integration of cloud-hosted enterprise-scale applications for use by local government and similar organisations.
LGP enables the implementation of numerous line-of-business applications within a single technical framework, providing consistency of data and reducing effort and cost.

Features

• Citizen Model enables centralised recording of all customer interactions
• Administrator-defined questionnaires ease collection of data from public users
• Page Engine enables definition of custom pages for public access
• Case Management module allows definition of information types and workflows
• Configurable Risk Register designed for Local Authority needs
• Service Model allows definition of service providers and their services
• In-built reporting functionality to provide fully integrated reporting
• Full security model enables multiple user types & roles
• Support for mobile devices, including offline data entry
• Enables implementation of complex systems with no additional code

Benefits

• Configurable, pre-built components enable fast development of complex functionality
• Create applications for use by internal and external users
• Ideally suited to incremental and iterative development
• Far greater productivity than conventional development techniques
• Applications and data can be migrated between supported database platforms
• Suitable for the development of applications of all types
• Easily integrated with other systems using XML/JSON based web services
• Scaleable to thousands of concurrent users
• Support for desktop & mobile browsers (Edge, Chrome, Safari, Firefox)
• No client-side installation required for developer or end-user access

£50,000 a licence a year

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bushman@datb.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

807843164712440

Contact

Mark Bushman
020 7923 9239
mark.bushman@datb.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Browser for end-user, administrative and developer access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: One hour during business hours; additional out-of-hours cover by arrangement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support agreement covers faults in the application by telephone, email or online, plus assistance to administrative users in the configuration and operation of the application. Additional levels of cover (out-of-hours, business support etc.) can be arranged by agreement. Reported issues are assigned a priority that determines the target time to resolution: Priority 1 - One business day, Priority 2 - Three business days, Priority 3 - 10 business days, Priority 4 - Next scheduled release. Support costs are included in the platform licence cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users may request access to a cloud-hosted proof-of-concept environment to assess suitability. Typically, this will involve some developer familiarisation with the environment, which can be delivered in the form of a course, or using self-guided training materials. Documentation is available within the product as well as in the form of PDF documentation. Training can be undertaken online or on site as required
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is stored using conventional relational database structures in the database platform of the client's choosing (Oracle, SQL Server, MariaDb, MySQL). This can be accessed using conventional database tools from the DBMS provider or a third party. Alternatively, data can be accessed via web services defined within the application and described elsewhere in this document.
• End-of-contract process: No additional costs at the end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: LGP provides adaptive and responsive behaviours enabling use on devices of all sizes without application changes. Application content can be made specific to mobile devices if specific use-cases require it. A separate capability enables the delivery of forms and associated data to mobile devices when connected, to allow completion of forms (case notes, inspection results etc.) when the device is offline. Entered data is synchronised with the main application when network connectivity is regained. This offline functionality is device independent, relying only on modern browser capabilities.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The platform enables developers to implement web services supporting any XML- or JSON-based data interchange required by their application. Web services may operate as client (requesting data from an external interface) or as server (responding to requests from external systems). datb and our customers have developed interfaces to a wide variety of external systems including payments systems such as CivicaPay, financial systems such as SAP, Google Maps, SalesForce CRM, Microsoft 365 and many others.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: LGP is based on the kinodb development and deployment platform, providing a set of components designed for user by local authorities. The underlying platform is a full development environment that allows the definition of data models, security configurations, processing, reporting, interfaces and associated functionality to meet the requirements of applications of all types.; Development is undertaken in one or more development environments delivering their changes to a master environment and thence to test and production instances of the environment.

Scaling

• Independence of resources: Instances of the platform are isolated within the chosen cloud environment and do not share resources with those of other clients.

Analytics

• Service usage metrics: Yes
• Metrics types: User sessions are recorded within the platform. Resource usage (memory, sessions etc.) is logged hourly. Service availability and status are subject to automated monitoring.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Web services allow querying of data as XML or JSON. Exports can also be performed using tools provided by the database vendor or a third party. datb can implement other data export functionality (Excel, PDF, CSV or other) to meet clients' specific requirements.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • PDF
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Different cloud infrastructure providers offer various levels of availability. Oracle Cloud Infrastructure (OCI), which is our standard choice if no alternative is preferred, offers 99.9% or greater availability for the components that we deploy (server, database, load balancer etc.)
• Approach to resilience: Depends on the selected cloud infrastructure provider. For Oracle Cloud Infrastructure (OCI), please refer to https://www.oracle.com/a/ocom/docs/caiq-oracle-cloud-applications.pdf
• Outage reporting: A dashboard is available within the management console providing service status.; The management application queries the application server's status regularly.; Emails can be configured to inform administrative users of a variety of issues including a 'down' status.; datb performs automated monitoring of application instances; clients may elect to receive this information or rely on datb's monitoring, as appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to specific functionality such as configuration changes can be restricted to whitelisted networks if required. Access to the management interface is typically via SSO or user name and password, requiring additionally a second authentication factor (for instance a one-time code generated by Google Authenticator or similar, or emailed to the user). Access to the support portal is via user name and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification (UKAS 8320)
• ISO/IEC 27001 accreditation date: 15/03/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: The selected cloud infrastructure provider will have appropriate additional certifications.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO27001 certification and Cyber Essentials Plus. Our technical director holds overall responsibility for security policy. All staff are required to undertake a security self-assessment semi-annually; we conduct a semi-annual security questionnaire to ensure that staff are aware of correct processes. All security exceptions are logged within our internal management system and reviewed weekly at board level. We monitor threat reporting services to ensure that we are aware of emerging threats. End-user devices (desktops, laptops) are encrypted and centrally managed. Mobile devices with corporate access must be of defined types with biometric security, and are required to be kept up-to-date with security patches. Our activities are also controlled by our ISO 9001 certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of the service are subject to change management processes in compliance with ISO27001. All changes are subject to a quality review; this includes an assessment of all code and configuration changes with specific reference to any security impacts that they may have.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor a variety of threat notification resources weekly and assess these in terms of any threat that they may present. We deploy patches regularly, or in response to a newly-identified security issue. We commission comprehensive penetration testing at least annually - this involves a skilled third party with full knowledge of, and access to, a configured application server in order to attempt to exploit any vulnerability present in our standard build.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We monitor cloud infrastructure logs, network activity logs and application event logs. The application server monitors and records all external access attempts. Security exceptions (failed login attempts, CSP violations etc.) are recorded and reported to the management server, which is configured to alert administrative users of significant events / exceptions. If a potential compromise is suspected, our security exception process ensures that specific actions are taken to minimise impact, preserve evidence, ensure that appropriate people are informed and to prevent further compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: Our internal management application requires staff to record an 'exception' in response to any out-of-the-ordinary incident. Depending on the exception type, a variety of processes may be appropriate, but will generally result in the recording of an 'intervention', this being used to record the steps required to mitigate the incident. Exceptions and interventions are reviewed weekly in order to determine changes to processes, training needs etc. to prevent recurrence. Customers are notified of specific event types such as security exceptions.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Our staff have worked remotely since 2002, reducing the impact of transport emissions. We seek to minimise use of consumables in our work. datb recognises the importance of climate change issues and addresses these in the following ways: The company does not produce a physical product requiring tangible resources; All staff work from home, largely eliminating the carbon footprint of commuting; Staff equipment is selected with regard to its energy efficiency, longevity and recyclability; All of our servers are cloud hosted, which has been shown to reduce energy use and the carbon footprint; Suppliers providing cloud hosting are vetted by datb to ensure that they hold ISO27001 certification, this will ensure that these suppliers have considered the impacts of climate change upon their services. More significantly, our technology facilitates the development of systems enabling collaborative working by geographically separated teams, reducing travel requirements and greatly reducing the need for paper documentation.

Pricing

• Price: £50,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can provide a test instance of LGP suitable for a trial exercise, allowing potential clients to investigate capabilities with no commitment. This provides all functionality available within the full product. Timescales are subject to discussion with the potential client.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bushman@datb.com. Tell them what format you need. It will help if you say what assistive technology you use.