datb limited

datb: kinodb enterprise application platform

A secure, cloud-hosted enterprise development and deployment platform providing support for enterprise applications of all types, including case management, asset management and others. Includes Generic Questionnaire Module and Generic Case Management components as building blocks for clients' own developments.

Features

  • Cloud hosted complete development and deployment environment offering unparalleled productivity
  • Application defined entirely within metadata model
  • Technological implementation handled by server, not developer
  • Applications scale from workgroup to enterprise scale and beyond
  • Applications deploy to desktop and mobile browsers without change
  • Full inbuilt reporting capabilities
  • Security model allows disparate user types to use single application
  • Full web service (XML, JSON) capabilities as client and server
  • Fully managed incremental release process
  • Security includes two-factor authentication, SPNEGO and SAML

Benefits

  • Reduction in development and maintenance timescales > 85%
  • Applications can scale from workgroup to enterprise scale and beyond
  • Systems can be moved between database platforms at any time
  • No limit to application size, complexity or data volumes
  • Easy integration with services such as Google maps, graphing component
  • Ideally suited to extremely rapid development methodologies
  • Complete coverage (data, UI, reporting, interfaces etc.) greatly reduces complexity
  • No development required to support multiple devices
  • Updates to the framework remove technological dependencies, increasing systems' longevity
  • Development change impact is easily assessed in the largest systems

Pricing

£17500 to £50000 per server per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

481979311340775

datb limited

Mark Bushman

020 7923 9239

mark.bushman@datb.com

Service scope

Service scope
Service constraints Platform can be implemented within client's choice of cloud infrastructure (AWS, Oracle Cloud Infrastructure etc.) or on-premise if required. Underlying database platform be be Oracle, MariaDB or MySQL, with the ability to change platform without change to developed applications. Changes to technical standards (database version, browser standards, security requirements) are implemented via platform upgrades, again removing the need for application changes to maintain technical currency.
System requirements
  • Oracle licences can be provided cost-effectively in Oracle Cloud Infrastructure
  • MariaDB is open-source and licence-free if required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Full support service offered during UK business hours and by arrangement at other times.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Datb has been supporting clients across a number of industries since 2002.
We pride ourselves on our responsiveness to client needs and our support arrangements define a set of issue criticalities with associated response times.
We can offer full support of the entire environment (database, applications, OS patching etc.) or support for the kinodb platform alone.
Support for the kinodb platform is included in platform cost; other services are charged at rate card rates or by separate arrangement.
We can tailor support to meet clients' individual requirements for training, mentoring and other activities.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We can provide on- or off-site training to clients' staff including systems management, user management, configuration and application development.
We maintain training documentation in on-line and PDF formats.
We can assist with data take-on using a variety of techniques such as direct data loading, XML upload or via CSV / XLS data import.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data is stored in the relational database of the client's choosing. This can be extracted using conventional tools appropriate to the RDMBS used or via web services configured for that purpose.
End-of-contract process All data is stored in the relational database of the client's choosing. This can be extracted using conventional tools appropriate to the RDMBS used or via web services configured for that purpose.

Using the service

Using the service
Web browser interface Yes
Using the web interface All platform capabilities are accessed via the web interface.
These include:
Management activities (starting, stopping, backups, application and platform maintenance)
User management (creation of accounts, analysis of activities, security configuration)
Application development and management.
Web interface accessibility standard WCAG 2.1 AA or EN 301 549
Web interface accessibility testing We use third-party tools (e.g. WAVE http://wave.webaim.org/) to analyse web pages to ensure that all images have appropriate ‘alt’ tags, that there are no contrast errors between foreground and background colours and to ensure pages are clearly legible to partially sighted users and appropriately accessible to screen readers.
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Dependant on selected cloud hosting provider - AWS and Oracle for instance allow the selection of different server configurations to provide differing levels of server compartmentalisation.
Usage notifications Yes
Usage reporting
  • Email
  • SMS
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Number of active instances
  • Other
Other metrics
  • User activity reporting
  • Overall application status
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Backups encompass the entire environment (application and data)
Backup controls A management console allows configuration of a backup regime as required, with backups typically being encrypted and moved to a separate server.
Clients may maintain control over the backup and associated DR processes or datb can provide this as a part of the service as required.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service availability guarantees will depend on clients' choice of hosting service provider.
Approach to resilience Resilience features will depend on clients' choice of hosting service provider.
Outage reporting Depends on clients' choice of hosting service provider. We would generally expect our platform to be co-located with other client systems within (for instance) AWS or OCI infrastructure and for reporting to be similarly integrated.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels The platform's security model supports the implementation of restrictions in addition to the grants of capabilities to individuals. For instance it may be that a user will be required to provide 2nd or additional security factors when attempting to perform a sensitive operation or access specific types of data. It is also possible to deny such operations / data access when the user is connected other than via a network that is known to be secure.
Specific configuration is to clients' requirements and can be used to restrict the devices / access paths used to manage the platform.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Approachable Certification Limited (10964-ISMS-001)
ISO/IEC 27001 accreditation date 23/11/2018
What the ISO/IEC 27001 doesn’t cover Certification covers all of datb's activities.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Clients' selected hosting service providers will have separate certifications

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Board-level director responsible for security policy; quarterly review of conformance of all staff with security policy. All staff can raise security exceptions and are expected to do so in the course of their every day activities. All exceptions are reviewed weekly and appropriate mitigations assigned as required.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are made in response to a request for change (RFC) and are reviewed according to our quality management processes. Each change is identifiable as being associated with the RFC that gave rise to it and the developer responsible for the change. Entities (tables, fields etc.) within a kinodb application are fully auditable in terms of all changes made since their initial creation (who, when, in what environment). Changes are propagated from development to master, test & production environments in a fully managed way, ensuring full traceability.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We subscribe to a threat monitoring & notification service and assess the impact of all threats reported to us. Potential vulnerabilities identified internally are reported using our quality management exception reporting process and reviewed weekly or earlier if critical. Patches are deployed as soon as practicable given the extent and impact of the potential vulnerability.
Hosting services (AWS, OCI etc.) have their own vulnerability management processes in respect of client operational environments.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Hosting services (AWS, OCI etc.) have their own monitoring processes in respect of client operational environments.
The application platform monitors all activity and reports on potential intrusion attempts. Our policies define the actions to be taken in the event of a compromise and are compliant with ISO27001.
Incident management type Supplier-defined controls
Incident management approach Internally, incidents are reported via our exceptions reporting process and are reviewed at director level weekly or immediately if required.
Externally, clients can report incidents to us online, by email or telephone.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Depends on clients' choice of hosting service provider.
How shared infrastructure is kept separate Depends on clients' choice of hosting service provider.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres The client-selected hosting provider will have their own mechanisms for adherence.

Pricing

Pricing
Price £17500 to £50000 per server per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We are happy to work with potential clients to enable their assessment of the service.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑