Collibra UK Ltd

Data Governance and Data Catalogue Solution

Collibra provides a solution covering data governance, stewardship, metadata processing and Catalogue. This enables business users to find their data easily, understand where it has come from and be able to trust the quality of the data. Collibra only processes metadata: the data about the data.


  • Data Governance and stewardship solution
  • Metadata Management and processing
  • Self-service data catalogue
  • Regulatory compliance including support for GDPR
  • Workflow management system to streamline tasks
  • High quality, descriptive Report Catalogue
  • Efficient communication and collaboration across the organisation
  • Data Stewardship to provide users with high-quality data
  • Identify and Resolve Duplication of Data
  • Data Lineage Insight and Analytics


  • Helps Users to Find, Understand, and Trust their data
  • Certify Reports are correct, meaningful and trustworthy
  • Single source of truth for data
  • Easy ability for business users to understand their data
  • Enables collaboration between departments over data definitions
  • Saves a lot of time in finding the correct data
  • GDPR and regulatory compliance can be implemented quickly
  • Helps users identify the source of their data
  • Show the quality of the data
  • Personalised and customisable dashboards for every user


£118000 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 6 7 1 7 1 8 8 8 5 5 5 2 7 5


Collibra UK Ltd

Rosalind Elmes


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints In the fully managed service, maintenance downtime is kept to a minimum and users are notified in advance. Collibra aims to keep downtime for the cloud service to 0.5% with access provided 24 hours a day, 7 days per week. Support hours for the standard support are 9am to 6pm excluding public holidays.
System requirements There are no specific system requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Basic support is for the resolution of product defects/incidents and reporting feature enhancement requests. This is commonly referred as traditional ‘break-fix’ support.

Collibra commits to maximum response and resolution times based on the criticality of the incident.


Initial response time: 2 business hour

Initial response time: 4 business hours


Initial response time: 1 business day

What are support hours?

Standard support hours for North America and Europe are Monday through Friday, 9am – 6pm.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is provided within the cost of the annual subscription. There is also a "Follow The Sun" option at an additional cost of £90,000 pa. This service also includes a dedicated support consultant

In addition, further sources are available:

There are number of choices depending on your needs.

The Collibra Community knowledge base and product Q&A forums are a great resource where you can get self-service help from peers and experts and is free of charge
Collibra University provides an excellent range of courses covering data governance from start to advanced.
If there are a number of requirements, deliverables and firm deadlines, Collibra Professional Services or a partner can help for specific project work.
Customer Advisory Manager who will work with the customer to determine the best route forward. There is no charge for this service.
Collibra offers Coaching Services for customers who need occasional guidance and assistance. There is a cost associated with this service dependent upon the number of hours purchased.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Collibra University is a free, self-paced training platform that is available at It includes modules that cover all aspects of Collibra product functionality including application configuration and customization. In addition, students can use the course catalog and suggested learning paths to plan and self-direct their learning based on their role and phase of Collibra implementation.

The on-line community includes a wealth of resources including a knowledge base, solution template marketplace, product documentation and a very active product question & answer forum.  

Virtual Train-the-Trainer
For this option, a Collibra instructor remotely leads and monitors a maximum of 10 students who are taking courses using Collibra University. The objective is to train a group who can lead and guide others.

The virtual led option is appropriate for teams that are geographically dispersed and can not come together.  

On-site Train-the-Trainer
This is an on-site Collibra instructor led option for a maximum of 10 students who are using Collibra University courses as the core material. The objective is to train a group who can lead and guide others.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The metadata stored in Collibra can be exported in tabular format in XLS or CSV.

Lineage visualisations (which include business traceability as well as technical lineage) can be exported in PDF or PNG formats.

The entire content in a Collibra Instance can be exported as a Collibra Backup file, which can be encrypted or not, and then re-imported in another Collibra Instance.

Metadata can be extracted from Collibra through its APIs as well.
End-of-contract process At the end of the contract, customers can choose to renew or move away. Renewing will incur a further annual subscription charge. There is no cost with moving away at the end of the contract period

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Collibra DGC Web Interface: the standard way to interact with Collibra DGC. Each user has their own dashboard to configure and manage day to day activities.
Collibra On-the-Go for Windows or mac OS: desktop application to effectively search in Collibra DGC. You can select any piece of text on your desktop, press a keyboard shortcut and Windows/Mac On-The-Go plugin will provide a list of all the matching assets.
Collibra On-the-Go for iOS: to search and browse Collibra DGC content on a mobile phone or tablet and manage tasks. 
Collibra On-the-Go for Excel:  for Microsoft Excel
Service interface Yes
Description of service interface Collibra is browser based. Each information asset (metadata eg. Columns, Tables, Reports, Policies, Business Rules etc) has its own page, which will display the characteristics of that asset as well as the links to other assets, roles and responsibilities relevant to that asset, and where in the hierarchy it is located. Assets can be grouped into Data Domains, which can be grouped into Communities. Roles, responsibilities and visibility/access can be assigned at a Community/Domain level and inherited all the way down to asset level.
Accessibility standards WCAG 2.1 A
Accessibility testing Collibra is committed to complying with WCAG 2.0 A & AA guidelines. For each minor version, we make a WCAG 2.0 accessibility assessment available, to document our progress towards this compliance. We have a certified 'Trusted Tester' within the Product Management and User Experience team that regularly test our conformance to the Section 508 standards, and works closely with all teams to ensure for each new feature accessibility is taken into account.
What users can and can't do using the API Collibra exposes extensive and well documented REST and Java APIs. Collibra's approach is "API first", which means all the functionality available through the browser interface is also available through APIs. Some minor limitations currently apply, such as triggering native JDBC ingestion, which will be also made available through APIs in future versions. Any such current API limitations can be overcome by using Collibra Connect. Full API documentation can be accessed on your instance at the following URL: https://<your-Collibra-instance-name-here>/docs/index.html
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Operating Model
Collibra has an extremely flexible operating model based on a semantic model that will allow you to configure any type of entity (business term, data type, business rule, quality rule, process,...), any reference data and any type of relationship.  
Collibra supports adapting the data model in terms of domain definitions, data family etc right from the term / definition itself. Also users can change and modify their business terms / definitions / domains etc right from their view of dashboard without even having to go inside of the data asset. The Operating Model can be customised (configured) by users with administrator access rights.

Each user can configure their own dashboard/landing page via dragging and dropping widgets.

Adapting workflows will require more technical users to be involved, knowledge of BPMN and scripting in Groovy are required.

Email templates
The email templates for sending out notifications, lists of actions etc as part of workflows can be configured by editing the corresponding files in a system backup file, then re-importing the backup. Admin access required.

Look and Feel
The browser interface look and feel can be customised via CSS scripting. Admin access required.


Independence of resources Collibra supports vertical as well as horizontal scalability due to its modular architecture.
Our internal performance reports demonstrates that version 5.x of the Collibra Data Governance Center can scale to 150 concurrent editors or 75 concurrent editors and 250 concurrent readers on a hardware platform that can be considered standard for an enterprise application. That said, Collibra has enterprise customers with upwards of 1,000 editors and with millions of assets (metadata) without a performance issue.

Internal performance reports can be provided upon request.


Service usage metrics Yes
Metrics types Collibra is a data governance tool and supports connections with BI tools such as Qlik, Tableau, etc.

Collibra provides metrics within the system for reporting purposes.

Finally, custom views can be created on which dashboards and reports can be generated

There are many metrics available to be measured such as regulatory compliance, tasks, glossary terms etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Collibra supports the extraction of data into CSV and XLS. Via the integration hub (Collibra Connect) a range of other formats such as JSON, XML are possible as well.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • JSON
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XML
  • JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network All communication can be split in two sections. The customer data flows and the management flow of the operation of the cloud environment. All backend communication is done over SSH and protected using the SSH protocol. All customer data is HTTP data and all connections are HTTPS only.

Availability and resilience

Availability and resilience
Guaranteed availability Collibra supports fail-over by allowing the application server being separate from the repository server. The load balancer can redirect requests to a different node for application server that is connected to the same or different repository server. The servlet container may be restarted in the fail-over process. If the service is not available for more than 1% in any month Collibra will provide a service level credit equivalent to one day of cloud service

Collibra Console schedules regular backups and sent to DR. If server goes down, the latest backup is restored in the passive environment and the load balancer will forward the requests to it.

Collibra supports repository cluster using the master/slave principle. One service is the master, which is the active repository service in a Collibra environment: all data is stored in and retrieved from this service. The master is mandatory in a cluster. Other repository services are slaves which are regularly synchronized with the master to become exact copies. If the master is no longer available, you can replace it with one of the slaves. The slaves follow the principle of warm stand-by or log shipping.
Approach to resilience The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting As a SaaS solution, Collibra has never had any major unplanned outages for customers on our managed cloud platform. For on-premise installations, the customer is responsible for infrastructure monitoring and maintenance. In the unlikely event of an outage, email alerts can be configured. In addition, Collibra can integrate with any monitoring tool of choice.

Planned downtime is typically very infrequent, but is required for upgrading the application. When deployed on Collibra managed cloud (saas), the window will be communicated by our support services.

Downtime will have to be managed by the customer when Collibra is deployed on premise.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Collibra uses a role based access model in which a role contains the authorization permission required to perform a given operation. New roles can easily be created and permission can be assigned to these roles.
A series of best practice security controls are in place regarding passwords such as the length of time between when a password is set and when the password expires, passwords are stored in one-way encrypted format, user accounts are locked after 5 or more invalid login attempts, etc.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date Last audit was in August 2018
What the ISO/IEC 27001 doesn’t cover The scope of the certification is the hosting of the cloud environment and the development of the application and there are no exclusions in the statement of applicability.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Information security policies are created by the information security team and approved by the security board. In the security board are members from the executive committee. The policies are reviewed at least annually and adapted depending on risk and changes within the organization.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Each item is tracked in multiple ways. The first is through our asset management and configuration management, the second from a security point of view is agent based tracking. Each change is validated and tested in our test environment prior to pushing it to production. Security validations are done every 4 hours to ensure changes occur controlled and don't increase the overall risk exposure.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Each instance (each customer is given a dedicated instance) in our cloud is given an agent. This agents does a full inventory, security and compliance check every 4 hours. This data is send to our central tool and matched against external threats. If a new finding is discovered, a ticket is created with the security team to inform them that patching is required. Critical and high findings are to be fixed in 30 days.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Each instance is given a host based intrusion prevention system. When an issue is discovered of a certain level, a ticket is raised in the ticketing system and emails are being send to notify the correct parties. These are investigated within 24 hours.
Incident management type Supplier-defined controls
Incident management approach A standard incident management process has been developed which includes reporting to stakeholders and affected customers, as well as authorities when required. At the end of the incident handling, a small report is created with an overview of items which occurred and lessons learned. This report is shared with the stakeholders. Customers can report issues to Collibra via the Community portal.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £118000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Collibra offers a managed workshop that provides a hands-on experience for users and includes users own data. Typically this lasts 2 days

Service documents

Return to top ↑