DGM AGILITY LIMITED

Open Banking Account Information Service (Fully Integrated)

DGM Agility is an authorised Account Information Service Provider (AISP) which enables us to provide a gateway to the Open Banking service.
This service enables access to an aggregation of financial information for an individual or business. We collect, store, and make available the information as a service

Features

• Aggregation of Financial information for an individual or business
• access and view multiple sources of account information
• collect, store and make available financial information as a service
• Fully integrated service
• Mobile connected service
• Multiple service support options
• Professional Services
• Secure by Design
• Artificial Intelligence dramatically improving decision making
• Machine Learning meaning better outcomes

Benefits

• Aggregate and analyse large volumes of financial data
• Identify patters, trends and anomalies and behaviours
• Personalised recommendations to an individual
• Enhance fraud detection
• Risk profiling
• Automating and improving end to end processing.
• Aligned to Secure by Design
• Continuous Improvement

£200 to £1,200 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.muizelaar@dgmagility.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

990854454359855

Contact

Darren Muizelaar
07538122855
darren.muizelaar@dgmagility.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: DGM Agility is regulated by the Financial Conduct Authority which removes the pain from our customers requiring authorisation for this service. The customer must still adhere to Financial Conduct Authority policy and guidance and must agree to operate to ensure better outcomes.
• System requirements:
  • There is a an annual or monthly subscription fee
  • There is a small per transaction fee for large organisations.
  • First 20 transactions per month are free.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times; ; DGM Agility will respond to tickets within agreed Service Level Agreements (SLAs). Any response times will depend on the urgency and priority classification. Typically: P1 - 15 Minutes P2 - 30 Minutes P3 - 60 Minutes
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use 3rd party off the shelf solutions; Zendesk uses the Voluntary Product Accessibility Template (VPAT), to publish an Accessibility Conformance Report (ACR), which documents an audit of our systems relative to WCAG 2.1 AA performed by a third party accessibility vendor.; ; We pay attention to Accessibility throughout our release cycle. This includes:; ; Following the standards and documentation created by our Product Accessibility team.; Training everyone involved in delivering our products around assistive technology and Accessibility best practices. This includes, designers, engineers, product and program managers, and content writers. At a personal level we try to make sure all Zendesk product and engineering employees think about the humans at the other end of the internet by sharing stories and feedback.; Leveraging Garden, our design system, from early design through development to ensure an accessible foundation for all our products; Testing our products before release using both manual and automated techniques.; Conducting regular research with agents, admins and end users who rely on assistive technology to collect feedback and help us prioritize improvements.; Systematically tracking both remediation and new feature progress to drive quality improvements; Engaging third-party auditors to conduct regular compliance audits of our products.; Listening to feedback from customers.
• Onsite support: Yes, at extra cost
• Support levels: Our onsite support levels are on a consultancy basis and are charged at the appropriate rate which is detailed within our SIFA Rate Card.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide online documentation along with and integration and testing plan. For a fully integrated service you will need to carryout integration testing and confirm to our code of connection prior to go live. ; Training will be provided for staff who will be using the service on a day to day basis. Any development or systems integration work required will be charged in line with our SFIA Rate Card.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users will be informed of the data extraction process before contract end. This data extraction will be in a format chosen by the user.
• End-of-contract process: Hosting and 9-5 basic support is included in the service, Extended support or out of hours will negotiated during call off as there are varying support packages available. 6 months prior to contract end you must inform us of contract end, DGM will carryout preparations to end the service.; ; Data will be cleaned from all storage devices before placing back into the resource pool provided by the cloud provider. all applications data, compute will be removed 14 days after contract end.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Although the application will work on a mobile device it is more practical using a full screen for our fully integrated option.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is usually required for members to via and analyse the collected data.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have carried out limited testing
• API: Yes
• What users can and can't do using the API: Our fully integrated offering where it integrates wit your website or portal will allow access to all our services. we also have a redirect where the user is redirected to our portal seamlessly.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Yes the solution can be customised with common logo and custom themes

Scaling

• Independence of resources: As a SaaS solution we have logical separation between each customer where resource management is constantly monitored. Should the environment require further resource it will automatically scale up when required and scale down when resources are no longer required.

Analytics

• Service usage metrics: Yes
• Metrics types: We record when a user has signed up/in/out; Which records were Crated, updated, read, and deleted ; We also provide an aggregation of financial, management information, Artificial Intelligence and Machine Learning data surfaced through our platforms portal which is accessible to all users who have the correct role to review the data.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export individual data by downloading the full record in PDF format for staff storage. Alternatively data can be downloaded in CSV format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF for non raw data.
• Data import formats:
  • CSV
  • Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, we use industry-standard secure transport protocols, such as TLS/SSL, between user devices and the Microsoft datacentres. We enable encryption for traffic between your allocated resources. We use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and our solution should it be required.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All data in transit and at rest are encrypted with our industry standard PaaS instances provided by the cloud providers platform. Further enhanced security can be applied upon request.

Availability and resilience

• Guaranteed availability: With our Open Banking Service we take advantage of the PaaS service and tools provided by the Cloud providers platform making the platform as a whole more cost effective, secure and available. ; ; The platform provides 95.0% uptime per month for a single region. Within the region, marketplace services and products have their own service-level agreements (SLAs). How they are configured will dictate their overall availability within a region. A multi region configuration approach will greatly improve uptime. Should the platform or service provided by the platform supply fail to meet an SLA then a service credit will be issued by the platform provider.; ; The Open Banking systems and service deployed within the DGM Agility environment will provide an availability of 99.5% per month. Should the service be unavailable and breach the guaranteed availability then a service credit will be issued.
• Approach to resilience: Our platform is hosted within our 3rd party dedicate cloud platform. All technology layers are logically separated, highly resilient within the same site, there are warm standby services in the second site.; All data held will reside within the UK. As this service will process, store and make available personal financial data further details regarding resilience can be provided upon request.
• Outage reporting: Via a non public dashboard, email alerts and our on 3rd party monitoring tools. We will send email alerts to the customer should there be service interruption.; The platform provided by the 3rd party cloud platform provider provides a service health dashboard. They also provide provide custom alerts, API, and log data to assist with any service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We use 2 factor authentication via the MS Azure authentication App or SMS verification. Each user is given a role, this role will be provided the correct level of access to the system based on the role assigned.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: "An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.; ; The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy).; ; Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.; Also see https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001 and The Microsoft Cloud Security Policy is available via the Service Trust Platform aka.ms/stp"

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: "Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.; ; Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.; Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl; "
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: "When providing the Antimalware solution for our platform, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.; ; Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary."
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: "Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.; ; Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.; "
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: At DGM Agility we have adopted the ITILV4 framework; ; We facilitate a coordinated response to incidents.; • Identification – System and security alerts may be harvested, correlated, and analysed.; • Containment – Our team evaluates scope and impact of an incident.; • Eradication – The team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.; • Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.; • Lessons Learned – Each security incident is analyzed to protect against future reoccurrence."

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  We are committed to sustainability and recognising our responsibility to minimising impact of our operations and services on the environment. We have a fully integrated approach to environmental management, meeting the principles of the Environmental Protection Act 1990, WEEE Directives, Greening Government Commitments and ISO14001.; Our Method Statement comprises two elements confirming our commitment to ensuring that opportunities under contract deliver the Policy Outcome and Model Award Criteria;; (1) Actions our organisation is taking; (2) Activities we’ll undertake to support the contract; ; (1) Examples demonstrating our commitment to Fighting Climate Change;; • Carbon Reduction Plan target to become NetZero by 2030 and have flagged UN SDG targets 9 and 12 as our priorities.; • Our UK offices are powered by renewable energy; • We have a Climate Positive Workforce with our Carbon emissions offset through our partnership with Ecologi at 10.8 tonnes CO2 per employee/year.; • We Promote Sustainable travel: Our people use sustainable commuting methods through Cycle-to-Work, season ticket loan and secure bike-parking schemes.; • Installing state-of-the-art conferencing facilities realising a significant reduction of office-to-office commuting.; • Reducing waste: We have introduced waste management systems in our offices, minimised single-use water bottles and operate paperless offices.; ; (2) Activities we’ll undertake to reconnect people with the environment and increasing awareness to protect and enhance it.; We will track and optimise the carbon footprint of the target estate using industry leading Carbon calculators. We’ll promote embedding sustainability as a digital design principle inline with Greening Government Commitments and support awareness of CO2e reduction and best practice.; We will minimise the carbon footprint of our work using technology to work remotely by default.; To enable awareness, and to influence the supply chain and local communities, we will share best practice with the project team, its supply chain and educate the local community.

  Equal opportunity

  There are 14.1 million disabled people in the UK. 19% of working age adults are disabled (Family Resources Survey, 2019 to 20), however, disabled people are twice as likely to be unemployed as non-disabled people.; We recognise the inequalities that have been amplified during the pandemic, in particular to those with disability. As a Disability Confident Employer, we have incorporated Disability awareness training as part of our mandatory training for our UK workforce from April 2022 onwards. We are committed to becoming a Disability Confident Level 2 employer by June 2022.; We are an equal opportunity employer and publish our Diversity and Inclusion Policy. We continuously focus on any barriers that may prevent underrepresented groups from being appointed to a position, especially management positions. All UK Jobs are advertised through an inclusive and accessible job platform via our partnership with Vercida group, a D&I resourcing specialist.; We recognise our role, is to use our expertise to make sure people with disabilities can connect and contribute to the workplace in the best way possible, to ensure they are thriving at work and within their role for the organisation.; Our Inclusive leadership management training plays a vital role in creating and sustaining an inclusive working environment. This ranges from implementing the people management policies that will impact on how a person with a disability experiences work, to managing absence or a flexible working model to support the individual. Our inclusive and accessible development practices support managers to; attract the most suitable talent; be confident about supporting colleagues with a disabilities / health condition through on-boarding, training, and progression; understand how to identify and reduce, through workplace adjustment, the barriers that would prevent someone from reaching their potential; ensure fair treatment for all colleagues and create and inclusive working environment and culture.

Pricing

• Price: £200 to £1,200 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.muizelaar@dgmagility.com. Tell them what format you need. It will help if you say what assistive technology you use.