Data Governance and Data Catalogue Solution
Collibra provides a solution covering data governance, stewardship, metadata processing and Catalogue. This enables business users to find their data easily, understand where it has come from and be able to trust the quality of the data. Collibra only processes metadata: the data about the data.
- Data Governance and stewardship solution
- Metadata Management and processing
- Self-service data catalogue
- Regulatory compliance including support for GDPR
- Workflow management system to streamline tasks
- High quality, descriptive Report Catalogue
- Efficient communication and collaboration across the organisation
- Data Stewardship to provide users with high-quality data
- Identify and Resolve Duplication of Data
- Data Lineage Insight and Analytics
- Helps Users to Find, Understand, and Trust their data
- Certify Reports are correct, meaningful and trustworthy
- Single source of truth for data
- Easy ability for business users to understand their data
- Enables collaboration between departments over data definitions
- Saves a lot of time in finding the correct data
- GDPR and regulatory compliance can be implemented quickly
- Helps users identify the source of their data
- Show the quality of the data
- Personalised and customisable dashboards for every user
£118000 per licence per year
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Collibra UK Ltd
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||In the fully managed service, maintenance downtime is kept to a minimum and users are notified in advance. Collibra aims to keep downtime for the cloud service to 0.5% with access provided 24 hours a day, 7 days per week. Support hours for the standard support are 9am to 6pm excluding public holidays.|
|System requirements||There are no specific system requirements|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Basic support is for the resolution of product defects/incidents and reporting feature enhancement requests. This is commonly referred as traditional ‘break-fix’ support.
Collibra commits to maximum response and resolution times based on the criticality of the incident.
Initial response time: 2 business hour
Initial response time: 4 business hours
Initial response time: 1 business day
What are support hours?
Standard support hours for North America and Europe are Monday through Friday, 9am – 6pm.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AAA|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard support is provided within the cost of the annual subscription. There is also a "Follow The Sun" option at an additional cost of £90,000 pa. This service also includes a dedicated support consultant
In addition, further sources are available:
There are number of choices depending on your needs.
The Collibra Community knowledge base and product Q&A forums are a great resource where you can get self-service help from peers and experts and is free of charge
Collibra University provides an excellent range of courses covering data governance from start to advanced.
If there are a number of requirements, deliverables and firm deadlines, Collibra Professional Services or a partner can help for specific project work.
Customer Advisory Manager who will work with the customer to determine the best route forward. There is no charge for this service.
Collibra offers Coaching Services for customers who need occasional guidance and assistance. There is a cost associated with this service dependent upon the number of hours purchased.
|Support available to third parties||Yes|
Onboarding and offboarding
Collibra University is a free, self-paced training platform that is available at university.collibra.com. It includes modules that cover all aspects of Collibra product functionality including application configuration and customization. In addition, students can use the course catalog and suggested learning paths to plan and self-direct their learning based on their role and phase of Collibra implementation.
The on-line community includes a wealth of resources including a knowledge base, solution template marketplace, product documentation and a very active product question & answer forum.
For this option, a Collibra instructor remotely leads and monitors a maximum of 10 students who are taking courses using Collibra University. The objective is to train a group who can lead and guide others.
The virtual led option is appropriate for teams that are geographically dispersed and can not come together.
This is an on-site Collibra instructor led option for a maximum of 10 students who are using Collibra University courses as the core material. The objective is to train a group who can lead and guide others.
|End-of-contract data extraction||
The metadata stored in Collibra can be exported in tabular format in XLS or CSV.
Lineage visualisations (which include business traceability as well as technical lineage) can be exported in PDF or PNG formats.
The entire content in a Collibra Instance can be exported as a Collibra Backup file, which can be encrypted or not, and then re-imported in another Collibra Instance.
Metadata can be extracted from Collibra through its APIs as well.
|End-of-contract process||At the end of the contract, customers can choose to renew or move away. Renewing will incur a further annual subscription charge. There is no cost with moving away at the end of the contract period|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Collibra DGC Web Interface: the standard way to interact with Collibra DGC. Each user has their own dashboard to configure and manage day to day activities.
Collibra On-the-Go for Windows or mac OS: desktop application to effectively search in Collibra DGC. You can select any piece of text on your desktop, press a keyboard shortcut and Windows/Mac On-The-Go plugin will provide a list of all the matching assets.
Collibra On-the-Go for iOS: to search and browse Collibra DGC content on a mobile phone or tablet and manage tasks.
Collibra On-the-Go for Excel: for Microsoft Excel
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||Collibra is committed to complying with WCAG 2.0 A & AA guidelines. For each minor version, we make a WCAG 2.0 accessibility assessment available, to document our progress towards this compliance. We have a certified 'Trusted Tester' within the Product Management and User Experience team that regularly test our conformance to the Section 508 standards, and works closely with all teams to ensure for each new feature accessibility is taken into account.|
|What users can and can't do using the API||Collibra exposes extensive and well documented REST and Java APIs. Collibra's approach is "API first", which means all the functionality available through the browser interface is also available through APIs. Some minor limitations currently apply, such as triggering native JDBC ingestion, which will be also made available through APIs in future versions. Any such current API limitations can be overcome by using Collibra Connect. Full API documentation can be accessed on your instance at the following URL: https://<your-Collibra-instance-name-here>/docs/index.html|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Collibra has an extremely flexible operating model based on a semantic model that will allow you to configure any type of entity (business term, data type, business rule, quality rule, process,...), any reference data and any type of relationship.
Collibra supports adapting the data model in terms of domain definitions, data family etc right from the term / definition itself. Also users can change and modify their business terms / definitions / domains etc right from their view of dashboard without even having to go inside of the data asset. The Operating Model can be customised (configured) by users with administrator access rights.
Each user can configure their own dashboard/landing page via dragging and dropping widgets.
Adapting workflows will require more technical users to be involved, knowledge of BPMN and scripting in Groovy are required.
The email templates for sending out notifications, lists of actions etc as part of workflows can be configured by editing the corresponding files in a system backup file, then re-importing the backup. Admin access required.
Look and Feel
The browser interface look and feel can be customised via CSS scripting. Admin access required.
|Independence of resources||
Collibra supports vertical as well as horizontal scalability due to its modular architecture.
Our internal performance reports demonstrates that version 5.x of the Collibra Data Governance Center can scale to 150 concurrent editors or 75 concurrent editors and 250 concurrent readers on a hardware platform that can be considered standard for an enterprise application. That said, Collibra has enterprise customers with upwards of 1,000 editors and with millions of assets (metadata) without a performance issue.
Internal performance reports can be provided upon request.
|Service usage metrics||Yes|
Collibra is a data governance tool and supports connections with BI tools such as Qlik, Tableau, etc.
Collibra provides metrics within the system for reporting purposes.
Finally, custom views can be created on which dashboards and reports can be generated
There are many metrics available to be measured such as regulatory compliance, tasks, glossary terms etc.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Collibra supports the extraction of data into CSV and XLS. Via the integration hub (Collibra Connect) a range of other formats such as JSON, XML are possible as well.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
|Other protection within supplier network||All communication can be split in two sections. The customer data flows and the management flow of the operation of the cloud environment. All backend communication is done over SSH and protected using the SSH protocol. All customer data is HTTP data and all connections are HTTPS only.|
Availability and resilience
Collibra supports fail-over by allowing the application server being separate from the repository server. The load balancer can redirect requests to a different node for application server that is connected to the same or different repository server. The servlet container may be restarted in the fail-over process. If the service is not available for more than 1% in any month Collibra will provide a service level credit equivalent to one day of cloud service
Collibra Console schedules regular backups and sent to DR. If server goes down, the latest backup is restored in the passive environment and the load balancer will forward the requests to it.
Collibra supports repository cluster using the master/slave principle. One service is the master, which is the active repository service in a Collibra environment: all data is stored in and retrieved from this service. The master is mandatory in a cluster. Other repository services are slaves which are regularly synchronized with the master to become exact copies. If the master is no longer available, you can replace it with one of the slaves. The slaves follow the principle of warm stand-by or log shipping.
|Approach to resilience||
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.
AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
As a SaaS solution, Collibra has never had any major unplanned outages for customers on our managed cloud platform. For on-premise installations, the customer is responsible for infrastructure monitoring and maintenance. In the unlikely event of an outage, email alerts can be configured. In addition, Collibra can integrate with any monitoring tool of choice.
Planned downtime is typically very infrequent, but is required for upgrading the application. When deployed on Collibra managed cloud (saas), the window will be communicated by our support services.
Downtime will have to be managed by the customer when Collibra is deployed on premise.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Collibra uses a role based access model in which a role contains the authorization permission required to perform a given operation. New roles can easily be created and permission can be assigned to these roles.
A series of best practice security controls are in place regarding passwords such as the length of time between when a password is set and when the password expires, passwords are stored in one-way encrypted format, user accounts are locked after 5 or more invalid login attempts, etc.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Public key authentication (including by TLS client certificate)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||Last audit was in August 2018|
|What the ISO/IEC 27001 doesn’t cover||The scope of the certification is the hosting of the cloud environment and the development of the application and there are no exclusions in the statement of applicability.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Information security policies are created by the information security team and approved by the security board. In the security board are members from the executive committee. The policies are reviewed at least annually and adapted depending on risk and changes within the organization.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Each item is tracked in multiple ways. The first is through our asset management and configuration management, the second from a security point of view is agent based tracking. Each change is validated and tested in our test environment prior to pushing it to production. Security validations are done every 4 hours to ensure changes occur controlled and don't increase the overall risk exposure.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Each instance (each customer is given a dedicated instance) in our cloud is given an agent. This agents does a full inventory, security and compliance check every 4 hours. This data is send to our central tool and matched against external threats. If a new finding is discovered, a ticket is created with the security team to inform them that patching is required. Critical and high findings are to be fixed in 30 days.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Each instance is given a host based intrusion prevention system. When an issue is discovered of a certain level, a ticket is raised in the ticketing system and emails are being send to notify the correct parties. These are investigated within 24 hours.|
|Incident management type||Supplier-defined controls|
|Incident management approach||A standard incident management process has been developed which includes reporting to stakeholders and affected customers, as well as authorities when required. At the end of the incident handling, a small report is created with an overview of items which occurred and lessons learned. This report is shared with the stakeholders. Customers can report issues to Collibra via the Community portal.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£118000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Collibra offers a managed workshop that provides a hands-on experience for users and includes users own data. Typically this lasts 2 days|