Metadata Consulting Ltd

Data Validation

This service validates instance data from database tables, Excel spreadsheets, XML files and JSON files/streams against preset rules and expressions.


  • Real time data validation
  • Validation against a data model and set of rules
  • Validation Reporting and Dashboard
  • Dataset management in real time
  • Storage and Logging of Validation activities


  • Data can be validated to a known standard
  • Data Validation reduces errors in operations
  • Clear reporting enables business process improvement
  • Conformance to standards reduces risk of GDPR infringements
  • High Quality data is essential for high quality analytics


£5 to £100 per person per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

7 9 5 5 0 9 9 4 6 5 3 8 0 1 0


Metadata Consulting Ltd

Adam Milward


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Metadata Exchange - a metadata registry which can hold data models and rules, which in turn can be used for data validation
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Maintenance is normally carried out at times when users are not online, if no such time is found then we can notify users in advance of any planned maintenance. However maintenance is normally fairly transparent to the user, there have not been any occurrences of prolonged downtime to date.
Constraints include the need to specify a set of criteria against which to validate data
System requirements
  • Buyers need to have access to an up-to-date browser
  • The cloud validation service works with uploading excel files

User support

Email or online ticketing support
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
Tier 0 - included in standard pricing
Tier 1 - included in standard pricing
Tier 2 - as part of a support contract starting at £500 per month - varying on number of users.
Support available to third parties

Onboarding and offboarding

Getting started
We provide a wiki with a number of you-tube tutorials, and videos to help get users up and running
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
They download the data via a set of word, excel, pdf or xml reports
End-of-contract process
At the end of the contract the user can download any particular reports, models and data that they need, or renew the contract online.
Use of cloud data validation service, with access to documentation, wiki and tutorials is included in the price of a contract.
Specific consultancy relating to a particular users instance data is not included, but can be purchased as an extra.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile works, since we take care to use a bootstrap/jquery library on the frontend, however it is very awkward and we recommend a large screen for optimal effect and useability
Service interface
What users can and can't do using the API
Users can set up the data curation service using a REST interface, and carry out most of the functions of the web interface.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available
Description of customisation
Buyers can commission plugins which can be added to their cloud instance.


Independence of resources
The cloud service for each user is handled by a separate virtual machine, as are the storage mechanisms which are configured using AWS or Azure virtual servers configured for maximum security, flexibility and scale-ability.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
PDF files, Excel spreadsheets, XML and word documents.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our service will be available 99.9 percent of the time, excluding scheduled maintenance time - 1 hour per month.
If the service is down for more than 30minutes in a week then we refund 30% of the costs
Approach to resilience
It's available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
We use a role based access control system for all services, users have the ability to manage users within there own organisation using the same role based system
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We adhere to the gov uk security policy framework. We have a dedicated SIRO, DSO and IAOs who actively manage our security processes. We review our security policies on a quarterly basis to ensure we are compliant and up-to-date.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We are committed to automating as much of our build and test process as possible. We use github (and bitbucket) for source control and have recently moved to “gitflow lite” for release management. Git integrates with JIRA for change management and Zephyr for test management. All JIRA tasks / bugs are linked to epics and stories within the tool to provide traceability. We’ve used a variety of continuous integration servers including Jenkins, Bamboo and Travis. We run codenarc to assess code for consistency and basic security, as well as manual code review for every commit.
Vulnerability management type
Vulnerability management approach
We employ an agency to review vulnerabilities and conduct pen testing. We also subscribe to amazon inspector, security focus to remain up-to-date with the latest threats. We aim to patch major security vulnerabilities within 24hrs.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We employ a security agency to monitor our services and conduct regular reviews to monitor potential compromises. We attempt to counter the compromise, whether through enhanced configuration or creating a patch. We aim to respond within a few hours of identification of a potential compromise.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Security incidents are managed by an accredited agency. Their incident management tools integrate with our JIRA bug and task management system. Users report security incidents via our helpdesk this is tracked by us and forwarded to our security agency, who prioritise the incidents, and provide us with incident reports.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£5 to £100 per person per month
Discount for educational organisations
Free trial available
Description of free trial
28 days free usage for one user in an organization.
All features from the 'mini' version are available to test and use.

Service documents

Return to top ↑