Palantir Technologies UK, Ltd.

Palantir Foundry

Palantir Foundry is an enterprise data management platform offering comprehensive tooling for working with big data. It enables government organisations to integrate data sets of any size or format from any number of sources, interrogate and visualise the data, and equip technical and non-technical users to make data-driven operational decisions.

Features

  • Tools to integrate data of any scale, format, or structure
  • Open, modular architecture with multiple RESTful APIs
  • Granular, flexible access controls for individual datasets
  • Ability to visualise changes to data and metadata over time
  • Ability to branch and version control data and code
  • Custom, editable data model that represents data as business objects
  • Powerful search and filtering capabilities across massive datasets
  • Sophisticated data science applications for users of all technical abilities
  • Custom dashboard and report building tools with propagated security permissions
  • Native applications for developing machine learning and artificial intelligence

Benefits

  • Integrate data at massive scale from one or more organisations
  • Connect to existing IT infrastructure and new technologies
  • Write big data transformations with standard languages in user-friendly interfaces
  • Track and visualise all data transformations, connections, and metadata
  • Get everyone working with data, from engineers to non-technical SMEs
  • Enable secure collaboration between teams, departments, and organisations
  • Unlock live reporting and sophisticated analytical capability across an organisation
  • Safeguard and audit data in accordance with applicable law
  • Regular updates deliver fixes and new functionality
  • Accelerated development and deployment of machine learning and artificial intelligence

Pricing

£66000 per unit

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 0 1 0 0 0 1 9 9 8 5 1 0 1 3

Contact

Palantir Technologies UK, Ltd.

Palantir Technologies UK, Ltd.

+44 203 856 8404

gcloud@palantir.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
Dedicated Linux server infrastructure, running CentOS 7

User support

Email or online ticketing support
Email or online ticketing
Support response times
Varies upon the severity of the issue, but generally a 24/7/365 response is available.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Standard support is included in our Solution-Based Licence Costs. Our standard form Service Level Agreements (SLAs) can be provided on request.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As commercial software, Palantir Foundry are intuitive platforms that can be used by technical and non-technical users alike. To help users learn to use the platforms, Palantir can design training plans and training materials based on our proven training curriculum. Curriculums include options for e-learning, instructional videos, and in-application help and support. At a high level, we can provide:

*In-person, instructor-led training: Palantir can hold specific training sessions at the customer locations tailored according to the user profile, specific contract requirements, and the project stage.
*Internet webinars:Webinars are available on a variety of topics, based on ongoing assessments of end user needs. Webinars allow flexibility scheduling, varying user adoption rates and location.
*Self-guided learning: Palantir also provides for self-paced training through our web-based video training application that includes features such as videos and documentation. We have successfully used our web-based video training method at many engagements with diverse user bases.

Additional information available on request.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Should an agency wish to extract their data when a contract ends, Palantir can export all existing data in Palantir Foundry into raw formats. Palantir Foundry have been purposefully designed to prevent vendor lock-in. As such, they have an open, pluggable architecture with publicly documented APIs at every tier of the software. All data in both platforms can be securely exported in non-proprietary formats for use in other databases or systems. We work with customers to determine the best export format(s) for customer datasets and their destination systems.
End-of-contract process
If a customer decides not to continue with an engagement or at the end of a term licence, Palantir will return or destroy any customers confidential information per Palantir policy, regulatory, and contractual requirements. Data in the Palantir managed cloud is sanitised through destruction of the master encryption key and destruction of the virtual machines. Destruction of the key is irrevocable and would only occur in the event of deployment termination. This service is included in the price of the contract.

Using the service

Web browser interface
Yes
Supported browsers
Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Service is accessible on Android and iOS mobile devices, although full functionality will not be available, as not all features will be supported. Further information available on request.
Service interface
Yes
Description of service interface
The Palantir user interface provides users with a single entry point to search, visualise and analyse information from disparate sources. The Palantir user interface connects to an underlying data foundation. The tools and applications provided as part of the Palantir user interface therefore act as different windows using the same data.
Accessibility standards
None or don’t know
Description of accessibility
N/A
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
Palantir provides open, extensible Java APIs that can be configured to connect to any third-party system, tool, or database. We can configure plugins for data imports (e.g., to allow data from a third-party system to load directly into Palantir) and for data exports (e.g., to allow data and analysis from Palantir to load directly into a third-party system). These plugins are generic and non-proprietary. It is also possible to provide JSON-encoded RESTful APIs to Palantir's back-end, for integration with custom or third-party applications.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Palantir offers a modular system where additional functionality can be provided by the use of optional services. Additional services can be installed depending on user need - these can be configured by an administrator. Additionally, if the customer wishes, they can develop their own applications and services to be installed on the platform.

Scaling

Independence of resources
Palantir uses DNS routing, gateways and elastic load balancing to ensure availability. Dedicated accounts and virtual resources are used on a per customer basis.

Analytics

Service usage metrics
Yes
Metrics types
Hundreds of metrics can be provided, some common examples are: average session length; drop-off rate; number of logins per user; number of accounts; and search speed.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All data stored in Palantir Foundry is stored in open format, giving an agency complete control over its data and enabling interoperability with other systems. Palantir’s open, publicly documented APIs can be configured to import or export to any system that exposes open APIs. There are no limitations on the data that can be exported from Palantir (subject to access controls), and administrators can export data from Palantir in a variety of formats, including but not limited to HTML, Microsoft Office (PPT, DOC, XLS) and ArcGIS (SHP). Data exports can also include the metadata regarding the data's source material references.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Level of availability varies depending on the specific project. Our standard form Service Level Agreements (SLAs) can be provided on request.
Approach to resilience
Information is available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Role-based access control means that only users with appropriate authority can access these features.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Palantir’s Security Team is headed by Palantir's Chief Information Security Officer (CISO), who is responsible for implementing a robust and effective information security program and assessing Palantir’s risk and control environment. For some specific UK Government requirements, Palantir adheres to the Cabinet Office Security Policy Framework and its derivatives.
Information security policies and processes
Palantir is a ListX company. As a List X Company, for some specific UK Government requirements, Palantir adheres to the Cabinet Office Security Policy Framework and its derivatives. Additional information available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Palantir’s Change Management Policy sets standards for upgrading capabilities, responding to threats, adhering to laws/regulations, and complying with contract obligations; while limiting impact and ensuring adequate messaging. All changes to systems must be submitted as a “Change Request”. The relevant teams review the Request, prioritise, and develop a plan for implementation. Authorised Palantir Officials approve changes in accordance with Palantir policies and procedures, and notify customers of any major changes. Once the work is completed, the "Change Request" ticket is updated/closed. Development, Test, and Production environments are all separated to help ensure a separation of duties for systems and personnel.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Palantir’s InfoSec Team operates an industry-standard vulnerability management process. This includes vulnerability scanning, deployment reporting, third-party penetration testing, and monitoring of external sources for vulnerabilities. Palantir maintains full-time Application Security and Computer Incident Response Teams. The AppSec Team monitors software for security weaknesses. The CIR team is responsible for threat modelling and conducting threat intelligence. Palantir contracts third-parties to perform vulnerability and penetration testing at least annually. Findings are prioritised based on criticality, severity, and impact and tracked through tickets. Patches and configuration changes are pushed to Palantir Deployment Teams who push these updates to customer solutions using agreed procedures.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Palantir implements a broad spectrum of technical and operational controls that provide protection and detection of cyber-attacks, malicious intrusions, and malware. Endpoints are deployed with host-based intrusion detection systems and all network traffic is processed through network-based intrusion detection systems. Anomaly detection occurs through detection, alerting, and enrichment strategies implemented by threat intelligence engineers. Alerts are escalated to our Computer Incident Response Team, which provide 24/7 response capabilities across all Palantir assets. The Palantir Information Security Team provides incident detection and response capabilities across the entirety of Palantir's network.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Palantir has an incident management process for events that may affect the security, availability, or confidentiality of Palantir systems. This process specifies courses of action, procedures for notification, escalation, mitigation and documentation. The policy is available to all employees. To help ensure timely resolution of incidents, the incident response team is available 24/7 to employees and customers. When an infosec incident occurs, staff respond by logging and prioritising the incident according to severity. Events that directly impact customers receive the highest priority. An individual/team is dedicated to remediating the problem, enlisting the help of product/subject experts as appropriate.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
MoDNet

Pricing

Price
£66000 per unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Based on customer requirements. Further information available on request.

Service documents

Return to top ↑