CDL GROUP HOLDINGS LIMITED

Kingfisher

Kingfisher BI/MI data solution using latest technologies to deliver data insight. Provides performance, scalability and flexibility, without the expense of investing in monolithic enterprise infrastructure. Gives the ability to replicate and consume data at speed, providing customer-reportable insight as changes take place.

Features

  • Powerful Data analytics
  • Real-time data availability
  • Reporting and Visualisation
  • Automated/scheduled Data delivery to external parties
  • SFTP/ETL Data Transform and data delivery
  • Scalable performance on demand
  • Resilient service 99.9 uptime in the past 2 years
  • Market agnostic usage cases e.g. Insurance/finance/retail/marketing/government
  • Ease of integration
  • AWS cloud availability - Always on

Benefits

  • Maximise and understand the value of all of your Data
  • Real-time data and speed of results
  • Configurable Data retention
  • Fail-Fast, test new data sets to determine value
  • Scalable, cost effective and improved ROI
  • Performance on demand, upgrade/downgrade in minutes
  • Resilient service 99.9 uptime in the past 2 years
  • Market agnostic usage cases e.g. Insurance/finance/retail/marketing/government
  • Ease of integration
  • AWS cloud availability - Always on

Pricing

£20,000.00 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at newbusiness@cdl.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 0 5 9 6 0 8 7 8 2 1 5 8 8 2

Contact

CDL GROUP HOLDINGS LIMITED Paul Donohue
Telephone: 0161 480 4420
Email: newbusiness@cdl.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Providing customer with 24/7 365days access to data from any location via secure connectivity, to derive insight and support improved decision making. As an example we work with financial services to provide insight to business income generation, customer detailing and product/services sales and satisfaction
Cloud deployment model
Public cloud
Service constraints
It is imperative that organisations have the permitted permissions and use cases for data that is to be stored and accessed in Kingfisher, inline with any legal, licensing or governance limitations or agreements.
System requirements
API connection to endpoints is all that is required.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please reference the supporting 'Service definition - Kingfisher' document for further details for support categories, response times and service levels. CDL use ServiceNow for its customer support portal and logging system, which complies with (WCAG) 2.0 Level A accessibility guidelines. https://docs.servicenow.com/bundle/london-release-notes/page/administer/accessibility-508-compliance/reference/r_VPAT.html
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Please reference the supporting 'Service definition - Kingfisher' document for further details for support categories, response times and service levels. Kingfisher customers can purchase additional CDL consultancy services, helping customers facilitate and maximise there usage case, implementation, integration and ongoing running of the Kingfisher solution
Support available to third parties
No

Onboarding and offboarding

Getting started
CDL follow an onboarding process that is designed to facilitate a true understanding of the customer use case, from this a program of works and training is agreed within a clearly defined delivery approach. Please reference the supporting 'Service definition - Kingfisher' document for further details
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Please reference the supporting 'Service definition - Kingfisher' document for further details
End-of-contract process
Please reference the supporting 'Service definition - Kingfisher' document for further details

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
This is not applicable to Kingfisher, the products/services connecting/integrated with Kingfisher need to be considered there mobile connectivity standards.
Service interface
Yes
Description of service interface
REST based API
Accessibility standards
None or don’t know
Description of accessibility
This is not applicable to Kingfisher, the products/services connecting/integrated with Kingfisher need to be considered for there accessibility standards.
Accessibility testing
This is not applicable to Kingfisher, the products/services connecting/integrated with Kingfisher need to be considered for there accessibility standards.
API
Yes
What users can and can't do using the API
API interface to data and analytics services
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customers of Kingfisher can define the use case, define the data to be ingested and how the data is to be consumed and used by the business

Scaling

Independence of resources
We subscribe to the AWS Well Architected Framework. https://aws.amazon.com/architecture/well-architected/

Analytics

Service usage metrics
Yes
Metrics types
Depending on the customer requirements and service of Kingfisher purchased, analytics capabilities are available to derive insight relating to usage of data
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Multi data storage, import and export options are available, customer sample data sets are analysed in conjunction with the customer usage and access requirements to ascertain the most appropriate options available to meet the customer requirements.
Data export formats
  • CSV
  • Other
Other data export formats
JSON
Data import formats
  • CSV
  • Other
Other data import formats
JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
We subscribe to the AWS Well Architected Framework. https://aws.amazon.com/architecture/well-architected/
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please reference the supporting 'Service definition - Kingfisher' document for further details
Approach to resilience
We subscribe to the AWS Well Architected Framework. https://aws.amazon.com/architecture/well-architected/
Outage reporting
Automated alerting direct to service team.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We apply the concept of least privilege and RBAC for access control. Supplemented by yearly access control audits
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
15/05/2018
What the ISO/IEC 27001 doesn’t cover
Nothing - all sites and operations are in scope
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
NCC group
PCI DSS accreditation date
22/04/2020
What the PCI DSS doesn’t cover
Databases, corporate network and part of our cloud environment that doesn't deal with payment
Other security certifications
Yes
Any other security certifications
  • Cyber security Essentials Plus
  • ISO22301
  • ISO27001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
PCI-DSS (level 1), Cyber Security Essentials Plus, ISO22301. Please reference the supporting 'Service definition - Kingfisher' document for further details
Information security policies and processes
CISO writes and signs-off Information Security policies. these are then validated by the exec committee prior to deployment across the organisation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have an ITIL based change process. Please reference the supporting 'Service definition - Kingfisher' document for further details
Vulnerability management type
Undisclosed
Vulnerability management approach
https://aws.amazon.com/compliance/shared-responsibility-model/

For components under CDL responsibility patching every 30 days for critical vulnerabilities, 90 days for other vulnerabilities
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
IPS, SIEM, NIDS, WAF, DLP - all covered by 24/7 on-call security team with daily log reviews. Please reference the supporting 'Service definition - Kingfisher' document for further details
Incident management type
Undisclosed
Incident management approach
We have an ITIL based incident process. Please reference the supporting 'Service definition - Kingfisher' document for further details

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£20,000.00 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at newbusiness@cdl.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.