Facts and Dimensions Ltd

Facts and Dimensions

Databases of public statistics and reference data, held in the cloud, using Azure SQL Database.

Example of tools to access data: SSMS, MS Access, MS Excel, Qlikview, Tableau, Business Objects, etc

Data is supplied by sector/country/facts or dimensions; one database each. All databases can be cross-queried.


  • Public statistics and reference data loaded and ready to use
  • New datasets added every month on request, no addl cost
  • 1.7 billion records across 2,778 tables and growing
  • We process any data: data dictionary, unstructured data, arcane data
  • Join your own on-premises data to the data
  • Download data in any format into your own system
  • Directly query the data via OLEDB, ADO.NET, ODBC, etc.
  • Fully secure access
  • Access original source data and see audit trail.
  • Your own customisable cloud database to access the data


  • In use since 2012
  • 100% customer retention since 2012
  • Save time from finding, understanding and loading data yourself
  • Enjoy highest possible confidence in the quality of the data
  • Same version of the truth as other users
  • Data: NHS, ODS, ONS, Waiting List, Activity, Lookup Codes
  • Up and running in <5minutes
  • Data loaded within 1 business day, longer if really unusual
  • Databases so far: UK Health Dimensions and UK Health Facts
  • We can quickly create a database for any sector


£8320 to £120000 per licence per year

  • Free trial available

Service documents

G-Cloud 10


Facts and Dimensions Ltd

Filipe McManus



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Service is supplied via Azure SQL Database. However we can supply an Azure MySQL or an Azure PostgreSQL version if required.
System requirements Software to access a database (eg Excel, MSSQL, Access, etc)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within one business day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Unlimited email, telephone, onsite, screen-share support

Customers will always deal with one of the company experts. Commonly called "Tier 3".

Online forum.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started 1: Onsite or screen-share training, 2hrs.
2: Onsite or screen-share setting up access to the Azure SQL Database.
3: User manual.
4: Forum with additional info.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Not applicable. There is no customer data.

The data in the Azure database is ready populated by us from public data.

Users will create reports, analysis etc from the Azure data, and they are free to keep all work created after the contract ends.
End-of-contract process On expiry or termination of the licence the Licensee shall forthwith discontinue all use of the Database and shall not create any new works using the Data or the Database. For the avoidance of doubt, the termination or expiration of the licence shall not remove the Licensee’s right to continue its use of any works developed by Licensee using the Data or Database during the term of the licence.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Not applicable. This is a SQL Database for developers to use in their development.
Accessibility testing Not applicable. This is a SQL Database for developers to use in their development.
Customisation available Yes
Description of customisation Users get their own Azure SQL Database. In it they can:

1: Link to tables in the Facts and Dimensions Azure databases.
2: Create views.

Users from there will create their own tools/reports/dashboards linked to the Azure database


Independence of resources Azure Elastic Database manages the demand across all user databases in the pool. As more users come online Azure allows instant scaling.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Data is stored in Azure. It is backed up nightly. It is also geo-replicated.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported using any common database connection method, e.g. ODBC (Excel, Access), SQL SSIS, SQL Linked Server, etc.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats Any
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Any

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Users connect directly to their own SQL Azure Database which is also limited to their own IP address. They have no access to the underlying SQL Server.
Data protection within supplier network Other
Other protection within supplier network All data is publicly available data. Customer's data is not used in this service.

Using Azure's SQL Database security. Users connect directly to their Azure SQL Database using their own unique SQL Auth username and password. Plus connections is restricted by IP address.

Availability and resilience

Availability and resilience
Guaranteed availability Azure website quote: "We guarantee at least 99.9% of the time customers will have connectivity between their Web or Business Microsoft Azure SQL Database and our Internet gateway.". We also use geo-replication for further availability resilience.
Approach to resilience The data is processed inhouse and uploaded to our Azure database. The inhouse copy is backed up offsite.
The Azure copy is backed up nightly, it is also mirrored on the Azure UK South site and geo-replicated to the Azure UK West site.
Outage reporting Forum update and email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels As per IGT, SIRO manages all logins. Each user has access to the areas that they require for their work. Access is reviewed monthly. Limitations include access via company recognised IP addresses and username and password.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications IGT level 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IGT (8HV29)
Information security policies and processes Our policies and processes are as per IGT level 2.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Each user database comes with a view to show changes to table definitions.

If a change to a table could affect users' queries (i.e. changes other than additional columns), then a change proposal is made on the forum for users to comment on with a time set for when the change will be made. If necessary customers can access a beta copy to assess impact.

History of table definitions are recorded.

Changes are assessed for potential security impact, if applicable.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Using Azure Advanced Threat Detection.

Any fixes/patches are deployed within 24hrs. None necessary to date.
Protective monitoring type Supplier-defined controls
Protective monitoring approach On Azure, we use Advanced Threat Protection.

On forum and email we check the logs at least once per month.
Incident management type Supplier-defined controls
Incident management approach We manage incidents as per IGT.

We have a monthly Business Operational Planning meeting where incidents, not already raised, are discussed. Incidents are recorded in our incident log.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8320 to £120000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Full service for up to 4 weeks.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑