Latra Limited

Benchmarking Tool/Application

Anonymous multi-dimensional performance data for the mining/energy industry (but not limited to). Enabling mining/energy companies to perform custom benchmarking and data analysis to improve their operational efficiency and competitive advantage.


  • Capture Data
  • Anonymised Information
  • Benchmarking Platform
  • 2FA 2-Factor-Authentication
  • KPI Data Input


  • Compare Data with peers
  • Capture KPIs for benchmarking
  • Online Reporting


£5000 to £20000 per licence per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

6 3 1 0 0 5 2 6 0 6 3 9 5 7 8


Latra Limited



Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints N/A
System requirements Browsers must meet the minimum specification.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours per request. Weekend support is agreed with the client on an individual basis.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We use Zendesk which is WCAG 2.1 AA or EN 301 549 compliant.
Onsite support Yes, at extra cost
Support levels Support is provided via a multi-tiered system. Initial enquiries are logged by our tier 1 support team in the helpdesk platform, and can be escalated immediately if required to tier 2 or tier 3 staff.

Tier 1: User application support & assistance
Tier 2: Technical assistance with a platform specialist
Tier 3: Developer support for complex issues
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Latra can provide full documentation as well as online webinar based training and on-site training as required.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Data can be extracted via the API or supplied in database dumps or CSV files.
End-of-contract process The price of the contract includes Latra exporting the data across in a suitable format for end client use - it will be delivered in the appropriate media. All client data will be erased from our systems and if required by the client a backup can be kept by Latra on request.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Some graphing is cut down on the mobile services, dependant on client requirements.
Service interface No
What users can and can't do using the API Subject to requirements and contract, customers can push data into the reporting platform via the RESTful API from third party systems, provision and manage users (for single-sign on) and request the results of pre-defined reports.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Branding and themes can be customised to the clients requirements, as well as standard report outputs that are available to system users. Customisation is performed by the development team.


Independence of resources Each customers implementation is run in it's own isolated environment.


Service usage metrics Yes
Metrics types Usage metrics of the platform can be customised to customer requirements.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported to CSV/text based files, via the API in JSON format, in PDF reports or, by arrangement, in SQL dumps.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Other formats can be integrated on request

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability SLAs are defined on a customer-by-customer basis. Standard SLA uptime is 99.9%, with pro-rata refunds on downtime outside the agreed SLA.
Approach to resilience Available on request.
Outage reporting Email and SMS alerts are available.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Support access is via registered email addresses in our helpdesk platform, as well as by token/pin identification for phone-based support.

Management interfaces are only accessible to users with the correct permissions and can be locked to specific IP addresses or access via VPN.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Information available on request.
PCI DSS accreditation date Information available on request.
What the PCI DSS doesn’t cover Information available on request.
Other security certifications Yes
Any other security certifications Information available on request.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Information available on request.
Information security policies and processes Information available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Components of the service(s) are tracked through JIRA. We also run parallel security impact checks for potential vulnerabilities.
Vulnerability management type Supplier-defined controls
Vulnerability management approach There are several steps required to perform regular vulnerability assessments tests in the environment, particularly in an enterprise where other variables such as centralised management, efficient bandwidth utilisation, and non-intrusives, must be considered. By consistently executing a sound vulnerability management process, we hope to ensure our environment is secure from potential threats.

We follow these 6 steps:
Discover: Discover and categorise IT asset, Audit: Scan for vulnerabilities, Delegate: Priorotise remediation effort based on risk, Remediate: Apply the patch, upgrade or workaround, Confirm: Re-scan and confirm the fix action, Report: Report risk assessment.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The Latra Protective Monitoring Service ensures that your organisation has Protective Monitoring aligned with the Technical Standard published by Cabinet Office for Protective Monitoring, Security Incident Management and Situation Awareness.
UK sovereign Log Management and SIEM technology
Evidentially sound log collection and storage
Simple on-boarding process
Comprehensive but specific alerts and reports
Easy on-boarding means reduced costs and resources required
Stored log data of UK evidential quality
PM Alerts and reports easy to understand and respond to
Independent of departments service provider
Incident management type Supplier-defined controls
Incident management approach Information available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5000 to £20000 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial All services included for a limit of 2 quarters

Service documents

Return to top ↑