BRANDBANK LIMITED

Digital Food & Other FMCG Product Content

NIQ Brandbank creates and maintains a vast repository of food (and near food) product data and images, driving the eCommerce platforms of the UK's leading supermarkets. This data can be used (via our Content Licensing service) by any party requiring up-to-date data for multiple other purposes.

Features

• Current Product Data
• Brand/Supplier-Approved Product Data
• Automated Data Delivery
• Leading Industry Insight
• Food Information Law Insight (applied online)
• Additional (inferred) Label Data
• Nutrition & Diet-led Data

Benefits

• Supports evidence-based policy making
• Leading Industry Insight (e.g. reformulation trends)
• Understand efficacy/impact of policy & regulation
• Informs strategic thinking
• A ready-to-go comprehensive view of today's eCommerce grocery market

£1,250 to £45,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at philip.gabillia@nielseniq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

989181793765072

Contact

Philip Gabillia
0330 555 3344
philip.gabillia@nielseniq.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Retail Measurement Services; Nutritional Profiling Services; PIM (Product Information Management); DAM (Digital Asset Management); GDSN Data pool systems
• Cloud deployment model: Public cloud
• Service constraints: Regular planned maintenance in two categories: ; 1) Software updates (monthly releases); ; 2) Monthly system patches (Operating System Updates). We publish planned maintenance for the year in advance
• System requirements: None. Is a cloud-based service (SaaS) accessed through a browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support teams have 2 hours to respond to initial query - within our operating hours and days (Mon-Friday 8:00-17:00hrs UK time)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Provided via: FreshDesk, which publishes it's accessibility compliance here: https://www.freshworks.com/accessibility/
• Onsite support: Yes, at extra cost
• Support levels: We will provide an account manager (operational & technical) all of which is underpinned with support structures (SLAs)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation is available to access online via a login. A video call can be arranged to answer any questions following review of the documentation. Onsite can be provided as an additional service as required.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Web Pages
• End-of-contract data extraction: For data where the user retains ownership prior to termination of the contract, this could be downloaded manually from the user interface or can be delivered in the format required, csv, xls etc. Any specific custom requirements can be reviewed upon request.
• End-of-contract process: At the end of your contract period, use of NIQ Brandbank services and applications will be removed. This can include a requirement to remove all NIQ Brandbank content from systems. Any contract includes all deliverables mutually agreed by the parties against each requirement/contract. Any changes in requirements or additional offboarding support will be reviewed separately

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service available via an API
• Accessibility standards: None or don’t know
• Description of accessibility: The service is available to all users capable of using API technology
• Accessibility testing: Not applicable for API service
• API: Yes
• What users can and can't do using the API: NIQ Brandbank sets up the API for the User and provides credentials to use the API.; ; Users cannot set up the service themselves, or make changes.; ; The API is typically used to 'get' product data. Other API-related methods are available depending on the service requirements.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Depending on the service, customisation can be implemented at a developmental level and cost if it is not already in place.

Scaling

• Independence of resources: Services are auto scaled based on demand

Analytics

• Service usage metrics: Yes
• Metrics types: Consumption metrics:; Frequency of downloads; call-ins to the API; log-ins; Volume of product content
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Managed by Microsoft, according to relevant standards, including: https://learn.microsoft.com/en-us/azure/security/fundamentals/platform
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: APIs are available to receive content. Data can also be extracted via Excel files manually. There is also a web-based UI where users can be granted relevant permissions to extract data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
  • Xlsx
• Data import formats: Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Business Up time ; ; Subject to circumstances outside of NIQ Brandbank’s reasonable control, NIQ Brandbank aims to keep the NIQ Brandbank Applications operational: ; ; a)for a minimum of 99% of the time during *Core Working Hours ; ; b)95% of the time overall; and ; ; c)so that 95% of all Users can log-on within five minutes of their first attempt on any occasion. ; ; NIQ Brandbank shall use reasonable endeavours to publish the times of planned system outages in the NIQ Brandbank Applications. So far as is reasonably practical, NIQ Brandbank shall aim to keep any planned system outages outside of Working Hours and shall aim to keep such outages under four hours’ continuous duration on each occasion ; ; *Core Working Hours 08:00 - 17:00 UKT; ; Due to NIQ Brandbank not working on a credit system, there is no set criteria for refunds based on availability.
• Approach to resilience: Disaster Recovery ; ; The NIQ Brandbank IT estate is designed not to have any single points of failure and we have a combination of physical and cloud-based resiliency. For primary data, this is hosted within the Azure Cloud with resilient servers and solutions. For local based servers at our head office, these also have resiliency and are regularly backed up but do not hold our primary data and systems. Within NIQ Brandbank we also have a very robust remote working solution with the majority of departments able to work remotely if required. ; ; Further details can be supplied if required.
• Outage reporting: In the case of a wide scale outage or high degradation to major services, the major incident process is initiated and communications will be sent to all NIQ Brandbank staff on a regular basis until resolved. If customers are impacted then the designated customer service managers will communicate the details and if required questions can be raised to the NIQ Brandbank Major Incident team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces & support channels is restricted to global admins and this account status is time-limited and subject to governance by NIQ Global CyberSecurity.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Managed by MS Azure, which adheres to following: https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security#compliance
• Information security policies and processes: We heavily align ourselves to NIST CSF. Reporting structure includes a CTO who reports into the Board and a CISO who reports into the CTO. Below the CISO sits Governance, Risk and Compliance, Cybersecurity Engineering, Security Architecture, Identity and Access Management, Cybersecurity Strategy and Operations, and Crisis Security Management & Health & Safety

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Two change processes. First process is a bi-weekly IT release; all changes are tested in development, staging. If successful will go into a set IT release. Changes then tested when live. Includes a set time for testing and reversing in case of any complications. ; ; For non-IT release changes, these follow the next stages:; ; -All changes made in a development environment including testing; -Staging is then implemented; a replication of the live environment, including testing.; If all testing successful, changes are required to go through an ITIL-based Change Approval system and Board. ; ; Ticket review: weekly IT CAB review; approved or rejected.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: NiQ Brandbank have dedicated Enterprise Cyber Risk & Security software which was implemented in 2023. This software consistently scans for Vulnerability, Configuration management issues and threat detection. Following any detected issues we also have an initiative in place to remediate (or provide a remediation plan for) any Critical or High security risk within 21 days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Qualys to proactively monitoring our systems. Any alerts generated are assessed based on impact and risk, and are all actioned with the appropriate priority.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow the ITIL framework and best practices, including Incident Management processes and procedures. Sits alongside Major Incident management for Urgent Priority issues causing (or could cause) Impact to NIQ Brandbank and it’s customers.; ; Users within NIQ Brandbank have access to a dedicated IT Service Desk and can report any fault-type. Escalation process exists if issues deemed a Major Incident, causing large scale impact. We have defined scale of Low-to-Urgent priority. Issues deemed to be a Major Incident follow a pre-defined process. Once resolved, an Incident report is created and shared to the business

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  NIQ Brandbank data has the potential to support full life cycle assessment (Scope 3) environmental targets. Under our Content Licensing model, we are excited to explore any opportunities to do so.

  Equal opportunity

  NIQ Brandbank, and it's parent company, NIQ, value Diversity, Equity & Inclusion (DEI). A quarterly DEI newsletter is published to all associates providing an overview of the initiatives we have focused on throughout the quarter. ; ; We also have a DEI podcast 'unboxing diversity through real conversations', with the aim of inspiring and energizing our associates. ; ; We have a 'MOSAIC' (Multinational Organisation Supporting an Inclusive Culture) Employee Resources Group, which focuses on enabling professional development & supporting community engagement.; ; As a business, we are focused on a systemic approach to equal opportunities by integrating diversity & inclusion into our organizational and HR processes. This direction helps elevate our standards for internal representation and culture; aligning with our operating principles to create authentic external alignment.

  Wellbeing

  NIQ Brandbank data can be used to inform health policy & related activities. For example, a number of existing NIQ Brandbank customers use our data to help improve the national diet (or other health aspects) through their services. We also already work with government departments (such as DHSC) who use our data for such purposes.; ; As part of the wider NIQ group, NIQ Brandbank belongs (and contributes) to a Well-being Community, which promotes understanding of the 5 elements of wellbeing: Physical, Emotional, Professional, Social, and Financial. ; ; We encourage adoption of various programmes designed to help our staff take charge of their well-being, including: Employee Resources Groups; our, 'Me & You' Series; Affinity Month celebrations; People & Planet Day; Mentoring, and our Menopause program. ; ; Further information can be provided upon request.

Pricing

• Price: £1,250 to £45,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Limited period of access.; Limit on volume of products.; Limited use of deliverables (e.g. internal testing-only).; Limited number of Users.

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at philip.gabillia@nielseniq.com. Tell them what format you need. It will help if you say what assistive technology you use.