Private Facts and Dimensions Azure SQL Databases
Do you have lots of structured/unstructured CSV, Excel, PDFs, Word docs etc with data you need in a SQL Database? Eg monthly board reports, internal datasets, etc.
We process them and put the data into your own Azure Database.
- Data from your internally produced files
- Directly query the data via OLEDB, ADO.NET, ODBC, etc.
- Fully secure access
- Access original source data and see audit trail.
- Your own customisable cloud database to access the data
- Any structured/unstructured data can be done, PDFs, Excel files, etc
- Enjoy highest possible confidence in the quality of the data
- Same version of the truth as other users
- Up and running in <5minutes
- Data loaded within 1 business day, longer if really unusual
- We can quickly create a database for any sector
- No data too messy and changeable
£30000 per licence per year
- Free trial available
4 3 1 6 3 7 0 5 0 3 2 5 8 5 6
Facts and Dimensions Ltd
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Service is supplied via Azure SQL Database. However we can supply an Azure MySQL or an Azure PostgreSQL version if required.|
|System requirements||Software to access a database (eg Excel, MSSQL, Access, etc)|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
99% within 4 hours between 8am and 6pm business days.
Mostly within minutes.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
Unlimited email, telephone, onsite, screen-share, forum support
Customers will always deal with one of the company experts. Commonly called "Tier 3".
|Support available to third parties||Yes|
Onboarding and offboarding
1: Onsite or screen-share training, 2hrs.
2: Onsite or screen-share setting up access to the Azure SQL Database.
3: User manual.
4: Forum with additional info.
|End-of-contract data extraction||Data is all held in an Azure database that only us and the customer can access. They can extract all the data using SQL. If the user wants to host the Azure SQL database instead of us they can.|
|End-of-contract process||The user can take a copy of their database before we delete it.|
Using the service
|Web browser interface||No|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of customisation||
Users get their own Azure SQL Database. In it they can:
1: Link to tables in the Facts and Dimensions Azure databases.
2: Create views.
Users from there will create their own tools/reports/dashboards linked to the Azure database
|Independence of resources||Azure Elastic Database manages the demand across all user databases in the pool. As more users come online Azure allows instant scaling.|
|Service usage metrics||Yes|
|Metrics types||Azure provide detailed logs of all queries run on the databases. The user can ask to see them.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||
Data is stored in Azure. It is backed up nightly. It is also geo-replicated.
In case of Private Facts and Dimensions service, user sends files encrypted with a password to our IP restricted SFTP service. We extract the data for loading into their SQL database, encrypted using ENCRYPTBYPASSPHRASE.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Data can be exported using any common database connection method, e.g. ODBC (Excel, Access), SQL SSIS, SQL Linked Server, etc.|
|Data export formats||
|Other data export formats||Any|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||
Users connect directly to their own SQL Azure Database which is also limited to their own IP address. They have no access to the underlying SQL Server.
In case of Private Facts and Dimensions service, the user submits their password protected files via secure SFTP. We extract them and process the data and apply encryption using ENCRYPTBYPASSPHRASE so data sits in our database encrypted. User uses DECRYPTBYPASSPHRASE when querying their data
|Data protection within supplier network||Other|
|Other protection within supplier network||Using Azure's SQL Database security. Users connect directly to their Azure SQL Database using their own unique SQL Auth username and password. Plus connections is restricted by IP address.|
Availability and resilience
|Guaranteed availability||Azure website quote: "We guarantee at least 99.9% of the time customers will have connectivity between their Web or Business Microsoft Azure SQL Database and our Internet gateway.". We also use geo-replication for further availability resilience.|
|Approach to resilience||
The data is processed inhouse and uploaded to our Azure database. The inhouse copy is backed up offsite.
The Azure copy is backed up nightly, it is also mirrored on the Azure UK South site and geo-replicated to the Azure UK West site.
|Outage reporting||Forum update and email alert.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Restricted by customer's IP address|
|Access restrictions in management interfaces and support channels||As per DSPT, SIRO manages all logins. Each user has access to the areas that they require for their work. Access is reviewed monthly. Limitations include access via company recognised IP addresses and username and password.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Description of management access authentication||IP Restriction|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Data Security & Protection Toolkit (DSPT)|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||
Data Security & Protection Toolkit (DSPT) – All National Data Guardian’s (NDG) data security standards have been met (https://www.dsptoolkit.nhs.uk)
Note: DSPT is the successor to IGT.
|Information security policies and processes||Our policies and processes are as per DSPT|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Each user database comes with a view to show changes to table definitions.
If a change to a table could affect users' queries (i.e. changes other than additional columns), then a change proposal is made on the forum for users to comment on with a time set for when the change will be made. If necessary customers can access a beta copy to assess impact.
History of table definitions are recorded.
Changes are assessed for potential security impact, if applicable.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Using Azure Advanced Threat Detection.
Any fixes/patches are deployed within 24hrs. None necessary to date.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
On Azure, we use Advanced Threat Protection.
On forum and email we check the logs at least once per month.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We manage incidents as per DSPT.
We have a monthly Business Operational Planning meeting where incidents, not already raised, are discussed. Incidents are recorded in our incident log.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£30000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||You can access our Public Facts And Dimensions service to get an idea of what it is like to access data via Azure.|