GOV.UK
Egress Group Ltd
eXVL - Extract Validator copy
eXVL™, Egress’ extract validation tool, is a Data Migration necessity. It enables organisations to validate the quality and format of extracts against the requirements of downstream processing in real time, saving time and significant cost. It can be deployed as part of an integrated Egress solution or licensed for use.
Features
- Data extract validation
- Validate quality and format of extracts
- Real time reporting and validation
- Data Migration service and support
- Integrated Egress solution or licence for use
- Best practice, industry standard techniques
- Repeatable solutions for any and every data migration project
- Configurable to run in different modes depending on project phase
- Automated validation and checking capabilities
Benefits
- Efficient and effective data management
- Reduce costs
- Flexible approaches and solution
- Reduce standard risks of data migration
- Drive up quality of data
- Reduce manual intervention
- Reduce timescales and overall project risk
- Improve progress reporting
- Improve identification of data issues and root causes
Pricing
£2400 to £6600 per licence per month
Service documents
Framework
G-Cloud 10
Service ID
161765972531346
Contact
Service scope
| Software add-on or extension | No |
| Cloud deployment model | Hybrid cloud |
| Service constraints | No |
| System requirements | No specific requirements |
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times | 4 hour response, Mon to Fri (excl UK public holidays), between 8:30am and 4:30pm. |
| User can manage status and priority of support tickets | Yes |
| Online ticketing support accessibility | None or don’t know |
| Phone support | Yes |
| Phone support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support | No |
| Onsite support | Yes, at extra cost |
| Support levels |
Single level of support provided. Support provided via email, telephone and online facilities. "Support tickets" will be allocated to a team of technical support engineers, with escalation to the Support Manager. Cost of support is included in cost of software use. |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started |
Online user guides and tutorials are provided. On-site training can be arranged, if required. |
| Service documentation | Yes |
| Documentation formats | |
| End-of-contract data extraction | We provide a standard set of extract files. |
| End-of-contract process |
Data extract files are provided to customer. Service is terminated and all user access disabled. All data is destroyed. |
Using the service
| Web browser interface | No |
| Application to install | No |
| Designed for use on mobile devices | No |
| Accessibility standards | None or don’t know |
| Description of accessibility |
Increase/decrease font sizes, from 100% to 200%. Colour is not used as a visual means of conveying information. Audio is not used as a means for conveying information or prompting the user to take any action. Clear labels are provided when content requires user input. Any items in in error are identified and the error is clearly explained. No controls flash. |
| Accessibility testing | None |
| API | No |
| Customisation available | No |
Scaling
| Independence of resources | Automatic monitoring, load balancing and infrastructure scaling. |
Analytics
| Service usage metrics | No |
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Other security clearance |
| Government security clearance | Up to Security Clearance (SC) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | No |
| Datacentre security standards | Managed by a third party |
| Penetration testing frequency | At least once a year |
| Penetration testing approach | In-house |
| Protecting data at rest | Physical access control, complying with SSAE-16 / ISAE 3402 |
| Data sanitisation process | Yes |
| Data sanitisation type | Deleted data can’t be directly accessed |
| Equipment disposal approach | In-house destruction process |
Data importing and exporting
| Data export approach | The software contains export routines. |
| Data export formats | CSV |
| Data import formats | CSV |
Data-in-transit protection
| Data protection between buyer and supplier networks |
|
| Data protection within supplier network | TLS (version 1.2 or above) |
Availability and resilience
| Guaranteed availability |
Detailed SLAs are agreed with the customer at point of contract negotiation. As a standard, service availability is guaranteed at 99%, during core business hours (08:30-16:30). |
| Approach to resilience | Available on request. |
| Outage reporting | Public dashboard |
Identity and authentication
| User authentication needed | Yes |
| User authentication |
|
| Access restrictions in management interfaces and support channels | Role Based Access Control is employed. |
| Access restriction testing frequency | At least once a year |
| Management access authentication |
|
Audit information for users
| Access to user activity audit information | No audit information available |
| Access to supplier activity audit information | No audit information available |
| How long system logs are stored for | User-defined |
Standards and certifications
| ISO/IEC 27001 certification | No |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | No |
Security governance
| Named board-level person responsible for service security | No |
| Security governance certified | No |
| Security governance approach | Internal security policies, procedures and training. |
| Information security policies and processes |
Internal policy and procedures are followed. These are available on request. The policy dictates Account and Password management requirements; Data handling procedures and Responsibilities; and Employee responsibility and issue escalation. The Egress security policies are disseminated to staff via internal training and any Information Security concerns are raised via the internal service desk software and escalated to the Operations Director for immediate review. Egress management reserve the right to conduct an internal audit on projects to ensure that best practice is being followed and policy is being adhered to. |
Operational security
| Configuration and change management standard | Supplier-defined controls |
| Configuration and change management approach |
Software versioning tools are employed. A document management system is used to archive all version of system documentation. There is an internal Change Control policy (available on request). |
| Vulnerability management type | Supplier-defined controls |
| Vulnerability management approach |
As part of pre-implementation testing, a risk assessment is conducted and reviewed, with any vulnerabilities addressed. Non urgent software patches are released as scheduled upgrade. Any urgent software updates are applied as soon as regression testing is completed and in conjunction with the customer. Potential threats are either identified via a risk assessment process or via the service support helpdesk. |
| Protective monitoring type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Protective monitoring approach |
Compliance with the ISO-27001 information security standard. In addition to our ISO-27001 compliance, and our use of independent 3rd party penetration tests, we operate an assumed breach model and use active red-team penetration testing and vulnerability management as part of our Operational Security Assurance (OSA). Any potential compromise follows internal policy. |
| Incident management type | Supplier-defined controls |
| Incident management approach |
Incidents are reported by email, phone or via our online support desk system. The status and updates on progress of incidents (or linked groups of incidents) can be accessed online with updates provided as per the SLA. Issue resolution is supported by internal documentation and Knowledge Base for resolution of common problems. This documentation is reviewed by the service desk management. |
Secure development
| Approach to secure software development best practice | Conforms to a recognised standard, but self-assessed |
Public sector networks
| Connection to public sector networks | Yes |
| Connected networks | New NHS Network (N3) |
Pricing
| Price | £2400 to £6600 per licence per month |
| Discount for educational organisations | No |
| Free trial available | No |
Documents
| Pricing document | View uploaded document |
| Skills Framework for the Information Age rate card | View uploaded document |
| Service definition document | View uploaded document |
| Terms and conditions document | View uploaded document |