DATAGARDENER SOLUTIONS LIMITED

ESG System

ESG System helps you evaluate your company’s sustainability using ESG (Environmental, Social and Governance) indicators for measurement. We are connected with 23+ data sources and create the first assessment based on the information we get from our sources and then we have self-assessment questions to mitigate the gap.

Features

Connection capabilities on 23+ datasets
Financial reporting
Environmental report (sites, rating, offences, waste and water management)
Governance including diversity, inclusion and CSR
Social and community work reporting
News sentiment analysis of companies

Benefits

ESG Reporting on Suppliers and buyers
Environmental and carbon reporting
Social scoring
Governance reporting
Financial reporting
ESG assessment metrics and progress month over month

£374 to £499 a licence a year

Education pricing available
Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tarun.kumar@datagardener.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

Contact

DATAGARDENER SOLUTIONS LIMITED Tarun Kumar
Telephone: 07912624607
Email: tarun.kumar@datagardener.com

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: NA
System requirements: Browser

4 GB Ram minimum

User support

Email or online ticketing support: Email or online ticketing
Support response times: If high priority - 4 hours. - Mention in email subject

For normal issues, one business day
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Via Browser on website
Web chat accessibility testing: We use Salesforce standard chat process
Onsite support: No
Support levels: We provide a account relationship manager. Based on any issue the relationship manager can raise the ticket and try to resolve it asap.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Yes, we provide demo / training of the product, arrange webinars and Youtube videos to understand the platform.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Excel downloads
End-of-contract process: There are different plans and price based on features, We are a data platform so data is limited to download but unlimited access to company information on the platform,

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: We have less search criteria available on the mobile phone.

You can search on company name and director name, but for the details search you need to use the desktop version.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: We work aligned with the browser functionality
Accessibility standards: None or don’t know
Description of accessibility: We work aligned with the browser functionality
Accessibility testing: Use a keyboard instead of a mouse
change browser settings to make content easier to read
use a screen reader to ‘read’ (speak) content out loud - Browser support
use a screen magnifier to enlarge part or all of a screen - Browser support
API: Yes
What users can and can't do using the API: All our data is available via APIs. Here is the full information available on the APIs

https://datagardener.com/api-docs

Our system is read only API system as APIs are used to access the data from the system.

To setup a API user, we provide the secured authorisation token with limits to number of calls.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Buyer can ask us to create the Bespoke APIs depending on their own need.

Scaling

Independence of resources: We are a AWS based cloud service, implemented the high availability system which itself add/remove service capabilities on usage

Analytics

Service usage metrics: Yes
Metrics types: Platform have subscription section, which provide details around usage
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Scale, obfuscating techniques, or data storage sharding

Other
Other data at rest protection approach: AWS based security and encryption
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Custom build templates
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: We use multi zone AWS system and till now we had 100% availability.

We try to be up 99% time. If the service is not available for any reason, we will give double the time of our downtime free to users.
Approach to resilience: AWS cloud based - load balancer and distributed databases accessed via Elastic cache.
Outage reporting: Email alerts and dashboard

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Via username / password and 2FA
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users receive audit information on a regular basis
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: You control when users can access audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: UKAS - Snr Certification
ISO/IEC 27001 accreditation date: 27/09/2021
What the ISO/IEC 27001 doesn’t cover: NA
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: ISO 9001 Quality management

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: We are ISO 27001 and also ISO Cyber essential certified supplier

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We email the release notes, when make changes to the platform and give ample notice to the users and user guide to the changes
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We use Public / private subnets
use AWS Guard Duty
AWS Detective
Norton antivirus
Two factor MFA to access servers

We use Jenkins for patch management and can be done with a speed.

use AWS Guard Duty
AWS Detective can provide us information on threats
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: AWS cloud watch in place on all the servers

When we find any potential compromise, we immediately stop using it and run the backup plan to instantiate a new service.

SLA is 4 hours to any reported incidents
Incident management type: Supplier-defined controls
Incident management approach: We are ISO 27001 certified and manage the whole process via runback.

Users can report via email or phone

We provide reports via dashboard and emails

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Pricing

Price: £374 to £499 a licence a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: Everything but limited download options.

Limited to 2 weeks trial, but you need to register and create a free account.
Link to free trial: https://esgsystem.com/

Service documents

Request an accessible format

Cookies on Digital Marketplace

ESG System

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents