GB Group plc

GBG Investigate Data Provision

Secure data quality, enhancement and verification service to update customer information to ensure compliance with PAF standards along with updated residency and contact information.

Features

• Provides clean, current and up to date contact information
• Uses sophisticated data validation and matching technology
• Ensures addresses are complaint with Royal Mail PAF standard
• Confirmation of current (and historical) residency
• Determines household occupancy
• Daily tele-append, enhancement and validation service
• Expertise to carry out insight and segmentation projects
• Incorporates ‘best in class’ address, individual and transactional data sources
• Secure environment and robust infrastructure
• Single customer view of individuals created

Benefits

• Ensures data within key government databases is up to date
• Allows individuals to be contacted quickly and reliably
• Ability to update and validate Business data
• Significant reduction in communication and contact costs
• Helps prevent error/fraud in the tax and benefit systems
• Confirms an individual’s status (Deceased, Mover, Goneaway etc)
• Daily and bi-weekly updates available to ensure recency
• Ensures compliance to government regulations and GDPR standards
• Highly secure hosting, support and transferring of data
• Flexibility to tweak business rules to meet client requirements

£5,000 an instance

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bid.Management@gbgplc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

941727305898454

Contact

Rhys Davies
01244 657333
Bid.Management@gbgplc.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Service is a managed service performed via batch.
• System requirements: A DPA number from the ICO

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Named Account Manager and named Technical Account Manager to support any output queries 9am to 5pm Monday to Friday.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Face to face meetings to agree requirements. User acceptance testing.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: GBG will destroy all data at end of contract in accordance with GBG's Media Disposal Policy or within agreed timelines.
• End-of-contract process: GBG will agree a mutual exit plan at the end of the contract.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Users can tweak business rules as required.; Changes to data sources used to perform the service can be made at agreed costs.

Scaling

• Independence of resources: Not applicable due to being an off-line batch service.

Analytics

• Service usage metrics: Yes
• Metrics types: A reporting dashboard is produced at the end of each batch run.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Data is encrypted at rest using one way hashing.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data cannot be extracted because it is a batch service.
• Data export formats: Other
• Other data export formats: Any data extracts will be in agreed format.
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Text
  • Flat File

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: All files are encrypted before being uploaded to government protected network.
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are referenced in the terms and conditions.; For a priority 1 fault, where the Service is not operational, we aim to respond within 4 hours of GBG’s acknowledgement of the fault.
• Approach to resilience: This is information is available upon request. In practical terms we run a process where we failover to a back-up data centre if the primary data centre goes off-line.
• Outage reporting: Email alerts to users and technical contacts.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access is based on user type. Only administrators can have access to management interfaces.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 07/05/2022
• What the ISO/IEC 27001 doesn’t cover: None.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The GBG Information Security Policy combines the development, delivery, management and maintenance of secure infrastructure and applications, in support of all GBG offerings. ; Within GBG, the Chief Information Security Officer (CISO) has overall accountability for Information Security and it is the responsibility of the CISO to make the appropriate provisions for establishing controls to ensure adherence to the GBG Information Security Management System. ; The CISO provides the Senior Leadership Team and GBG Board with an Information Security review at the end of the financial year. ; The Chief Regulation Officer (CRO) has overall accountability for risk and Data Protection. The CRO chairs the quarterly Internal Controls Board, and is the main document signatory for GBG. ; The CRO is also head of GBG’s Legal team, who are responsible for ensuring compliance to all relevant legislation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to the service must be delivered under the governance of the GBG Change Management Process. No change will be approved without clear remediation or back-out plan, properly identified, documented, tested and approved. There are three levels of configuration and change management: Standard Change, Emergency Change and Reviewed Change. The latter is not a routine or standard change. If there is uncertainty as to whether or not further review is required, a review will happen rather than a decision made to press forward with a change and have it fail.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The Vulnerability Management Process will involve assessing the extent to which the assets are vulnerable to the identified threat. Once the Vulnerability assessments have been conducted, the level of risk will then need to be determined. Risks with a risk rating which fall below the Risk Appetite for the business are ‘tolerated’. The Risk Appetite for GBG is Cautious. ; ; Risks that fall within the Risk Appetite will require the risk owner to create a treatment plan to reduce the level of risk. Treatment plans are proposed ideas or controls that can be implemented that would reduce the level of risk.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: This is ongoing process. The response is immediate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The process is defined as part of the Information Security policy.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  At GBG our Environmental, Social and Governance Strategy (ESG) – Environment, Everyone and Ethics – reinforces our commitment to embed a sustainable and ethical approach in everything we do. It represents what makes us unique and provides the framework to drive action on the most impactful and important areas.; As part of GBG’s participation on the G-Cloud14 Framework, we have a Social Value Action Plan that is updated annually, demonstrating our commitments to meeting PPN06/20. ; GBG commits to offering equal opportunities across our global workforce, achieved through our employment, training, and career development policies and practices, promoting equality of opportunity regardless of gender, sexual orientation, age, marital status, education, disability, race, religion or other beliefs including ethnic or national origin.; Everyone in our team has access to opportunities to learn, develop skills, grow their careers and progress. Through our training platform ‘be/developed’, we offer a broad range of power skills and job specific learning opportunities, updated regularly, promoting an inclusive and diverse culture. The platform is available to all GBG team members, including part-time and contractors, who are required to complete mandated training courses. We partner with different training providers globally to provide a mix of specialist and professional development for our team.; Influencing the behaviour of our staff and the communities we work in is imperative to GBG’s mission as an organisation. Examples include:; 1. Demonstrating our commitment to Equality and Diversity.; 2. Support LGBTQ+ team members, encouraging a culture of belonging and acceptance.; 3. Tackle barriers to entry that many people experience, especially women in the technology sector.; 4. GBG is a gold sponsor of Women in Identity’s flagship research, the ID Code of Conduct.; GBG’s ESG commitments can be found here: Environmental, Social and Governance | Investors | GBG (gbgplc.com)

Pricing

• Price: £5,000 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Bid.Management@gbgplc.com. Tell them what format you need. It will help if you say what assistive technology you use.