Collibra UK Ltd

Data Governance and Data Catalogue Solution

Collibra provides a solution covering data governance, stewardship, metadata processing and Catalogue. This enables business users to find their data easily, understand where it has come from and be able to trust the quality of the data. Collibra only processes metadata: the data about the data.


  • Data Governance and stewardship solution
  • Metadata Management and processing
  • Self-service data catalogue
  • Regulatory compliance including support for GDPR
  • Workflow management system to streamline tasks
  • High quality, descriptive Report Catalogue
  • Efficient communication and collaboration across the organisation
  • Data Stewardship to provide users with high-quality data
  • Identify and Resolve Duplication of Data
  • Data Lineage Insight and Analytics


  • Helps Users to Find, Understand, and Trust their data
  • Certify Reports are correct, meaningful and trustworthy
  • Single source of truth for data
  • Easy ability for business users to understand their data
  • Enables collaboration between departments over data definitions
  • Saves a lot of time in finding the correct data
  • GDPR and regulatory compliance can be implemented quickly
  • Helps users identify the source of their data
  • Show the quality of the data
  • Personalised and customisable dashboards for every user


£118000 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 6 7 1 7 1 8 8 8 5 5 5 2 7 5


Collibra UK Ltd

Rosalind Elmes


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
In the fully managed service, maintenance downtime is kept to a minimum and users are notified in advance. Collibra aims to keep downtime for the cloud service to 0.5% with access provided 24 hours a day, 7 days per week. Support hours for the standard support are 9am to 6pm excluding public holidays.
System requirements
There are no specific system requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Basic support is for the resolution of product defects/incidents and reporting feature enhancement requests. This is commonly referred as traditional ‘break-fix’ support.

Collibra commits to maximum response and resolution times based on the criticality of the incident.


Initial response time: 2 business hour

Initial response time: 4 business hours


Initial response time: 1 business day

What are support hours?

Standard support hours for North America and Europe are Monday through Friday, 9am – 6pm.
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard support is provided within the cost of the annual subscription. There is also a "Follow The Sun" option at an additional cost of £90,000 pa. This service also includes a dedicated support consultant

In addition, further sources are available:

There are number of choices depending on your needs.

The Collibra Community knowledge base and product Q&A forums are a great resource where you can get self-service help from peers and experts and is free of charge
Collibra University provides an excellent range of courses covering data governance from start to advanced.
If there are a number of requirements, deliverables and firm deadlines, Collibra Professional Services or a partner can help for specific project work.
Customer Advisory Manager who will work with the customer to determine the best route forward. There is no charge for this service.
Collibra offers Coaching Services for customers who need occasional guidance and assistance. There is a cost associated with this service dependent upon the number of hours purchased.
Support available to third parties

Onboarding and offboarding

Getting started
Collibra University is a free, self-paced training platform that is available at It includes modules that cover all aspects of Collibra product functionality including application configuration and customization. In addition, students can use the course catalog and suggested learning paths to plan and self-direct their learning based on their role and phase of Collibra implementation.

The on-line community includes a wealth of resources including a knowledge base, solution template marketplace, product documentation and a very active product question & answer forum.  

Virtual Train-the-Trainer
For this option, a Collibra instructor remotely leads and monitors a maximum of 10 students who are taking courses using Collibra University. The objective is to train a group who can lead and guide others.

The virtual led option is appropriate for teams that are geographically dispersed and can not come together.  

On-site Train-the-Trainer
This is an on-site Collibra instructor led option for a maximum of 10 students who are using Collibra University courses as the core material. The objective is to train a group who can lead and guide others.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The metadata stored in Collibra can be exported in tabular format in XLS or CSV.

Lineage visualisations (which include business traceability as well as technical lineage) can be exported in PDF or PNG formats.

The entire content in a Collibra Instance can be exported as a Collibra Backup file, which can be encrypted or not, and then re-imported in another Collibra Instance.

Metadata can be extracted from Collibra through its APIs as well.
End-of-contract process
At the end of the contract, customers can choose to renew or move away. Renewing will incur a further annual subscription charge. There is no cost with moving away at the end of the contract period

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Compatible operating systems
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Collibra DGC Web Interface: the standard way to interact with Collibra DGC. Each user has their own dashboard to configure and manage day to day activities.
Collibra On-the-Go for Windows or mac OS: desktop application to effectively search in Collibra DGC. You can select any piece of text on your desktop, press a keyboard shortcut and Windows/Mac On-The-Go plugin will provide a list of all the matching assets.
Collibra On-the-Go for iOS: to search and browse Collibra DGC content on a mobile phone or tablet and manage tasks. 
Collibra On-the-Go for Excel:  for Microsoft Excel
Service interface
Description of service interface
Collibra is browser based. Each information asset (metadata eg. Columns, Tables, Reports, Policies, Business Rules etc) has its own page, which will display the characteristics of that asset as well as the links to other assets, roles and responsibilities relevant to that asset, and where in the hierarchy it is located. Assets can be grouped into Data Domains, which can be grouped into Communities. Roles, responsibilities and visibility/access can be assigned at a Community/Domain level and inherited all the way down to asset level.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Collibra is committed to complying with WCAG 2.0 A & AA guidelines. For each minor version, we make a WCAG 2.0 accessibility assessment available, to document our progress towards this compliance. We have a certified 'Trusted Tester' within the Product Management and User Experience team that regularly test our conformance to the Section 508 standards, and works closely with all teams to ensure for each new feature accessibility is taken into account.
What users can and can't do using the API
Collibra exposes extensive and well documented REST and Java APIs. Collibra's approach is "API first", which means all the functionality available through the browser interface is also available through APIs. Some minor limitations currently apply, such as triggering native JDBC ingestion, which will be also made available through APIs in future versions. Any such current API limitations can be overcome by using Collibra Connect. Full API documentation can be accessed on your instance at the following URL: https://<your-Collibra-instance-name-here>/docs/index.html
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available
Description of customisation
Operating Model
Collibra has an extremely flexible operating model based on a semantic model that will allow you to configure any type of entity (business term, data type, business rule, quality rule, process,...), any reference data and any type of relationship.  
Collibra supports adapting the data model in terms of domain definitions, data family etc right from the term / definition itself. Also users can change and modify their business terms / definitions / domains etc right from their view of dashboard without even having to go inside of the data asset. The Operating Model can be customised (configured) by users with administrator access rights.

Each user can configure their own dashboard/landing page via dragging and dropping widgets.

Adapting workflows will require more technical users to be involved, knowledge of BPMN and scripting in Groovy are required.

Email templates
The email templates for sending out notifications, lists of actions etc as part of workflows can be configured by editing the corresponding files in a system backup file, then re-importing the backup. Admin access required.

Look and Feel
The browser interface look and feel can be customised via CSS scripting. Admin access required.


Independence of resources
Collibra supports vertical as well as horizontal scalability due to its modular architecture.
Our internal performance reports demonstrates that version 5.x of the Collibra Data Governance Center can scale to 150 concurrent editors or 75 concurrent editors and 250 concurrent readers on a hardware platform that can be considered standard for an enterprise application. That said, Collibra has enterprise customers with upwards of 1,000 editors and with millions of assets (metadata) without a performance issue.

Internal performance reports can be provided upon request.


Service usage metrics
Metrics types
Collibra is a data governance tool and supports connections with BI tools such as Qlik, Tableau, etc.

Collibra provides metrics within the system for reporting purposes.

Finally, custom views can be created on which dashboards and reports can be generated

There are many metrics available to be measured such as regulatory compliance, tasks, glossary terms etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Collibra supports the extraction of data into CSV and XLS. Via the integration hub (Collibra Connect) a range of other formats such as JSON, XML are possible as well.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • JSON
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XML
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
All communication can be split in two sections. The customer data flows and the management flow of the operation of the cloud environment. All backend communication is done over SSH and protected using the SSH protocol. All customer data is HTTP data and all connections are HTTPS only.

Availability and resilience

Guaranteed availability
Collibra supports fail-over by allowing the application server being separate from the repository server. The load balancer can redirect requests to a different node for application server that is connected to the same or different repository server. The servlet container may be restarted in the fail-over process. If the service is not available for more than 1% in any month Collibra will provide a service level credit equivalent to one day of cloud service

Collibra Console schedules regular backups and sent to DR. If server goes down, the latest backup is restored in the passive environment and the load balancer will forward the requests to it.

Collibra supports repository cluster using the master/slave principle. One service is the master, which is the active repository service in a Collibra environment: all data is stored in and retrieved from this service. The master is mandatory in a cluster. Other repository services are slaves which are regularly synchronized with the master to become exact copies. If the master is no longer available, you can replace it with one of the slaves. The slaves follow the principle of warm stand-by or log shipping.
Approach to resilience
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting
As a SaaS solution, Collibra has never had any major unplanned outages for customers on our managed cloud platform. For on-premise installations, the customer is responsible for infrastructure monitoring and maintenance. In the unlikely event of an outage, email alerts can be configured. In addition, Collibra can integrate with any monitoring tool of choice.

Planned downtime is typically very infrequent, but is required for upgrading the application. When deployed on Collibra managed cloud (saas), the window will be communicated by our support services.

Downtime will have to be managed by the customer when Collibra is deployed on premise.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Collibra uses a role based access model in which a role contains the authorization permission required to perform a given operation. New roles can easily be created and permission can be assigned to these roles.
A series of best practice security controls are in place regarding passwords such as the length of time between when a password is set and when the password expires, passwords are stored in one-way encrypted format, user accounts are locked after 5 or more invalid login attempts, etc.
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
Last audit was in August 2018
What the ISO/IEC 27001 doesn’t cover
The scope of the certification is the hosting of the cloud environment and the development of the application and there are no exclusions in the statement of applicability.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information security policies are created by the information security team and approved by the security board. In the security board are members from the executive committee. The policies are reviewed at least annually and adapted depending on risk and changes within the organization.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Each item is tracked in multiple ways. The first is through our asset management and configuration management, the second from a security point of view is agent based tracking. Each change is validated and tested in our test environment prior to pushing it to production. Security validations are done every 4 hours to ensure changes occur controlled and don't increase the overall risk exposure.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Each instance (each customer is given a dedicated instance) in our cloud is given an agent. This agents does a full inventory, security and compliance check every 4 hours. This data is send to our central tool and matched against external threats. If a new finding is discovered, a ticket is created with the security team to inform them that patching is required. Critical and high findings are to be fixed in 30 days.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Each instance is given a host based intrusion prevention system. When an issue is discovered of a certain level, a ticket is raised in the ticketing system and emails are being send to notify the correct parties. These are investigated within 24 hours.
Incident management type
Supplier-defined controls
Incident management approach
A standard incident management process has been developed which includes reporting to stakeholders and affected customers, as well as authorities when required. At the end of the incident handling, a small report is created with an overview of items which occurred and lessons learned. This report is shared with the stakeholders. Customers can report issues to Collibra via the Community portal.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£118000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Collibra offers a managed workshop that provides a hands-on experience for users and includes users own data. Typically this lasts 2 days

Service documents

Return to top ↑