Destin Solutions Limited

Data Services

The Destin Solutions 'Data Services' platform helps Councils manage debt by providing additional data for empty property reviews, SPDs and NNDR/Council Tax collections. Consolidating a Councils existing data and overlaying it with additional intelligence from numerous different sources, information is presented in a single dashboard for more informed decision making.


  • Secure web portal, merging all datasets into a single view
  • Rolling daily updates of external data supplementing in-house knowledge
  • Fully customisable reporting
  • Predictive analytics using historical data
  • Scorecard metrics identifying accounts worth further investigation
  • Alert system to flag suspect accounts more quickly
  • Digital dashboard display for easy viewing/sharing of headlines stats
  • Secure remote access – facilitates working from anywhere
  • Business intelligence – maps external data across existing customer accounts
  • Automated dynamic reporting – easily exported into CSV files


  • Provides up-to-date contact details for citizens and firms in debt
  • Identifies who is associated with properties for empty homes reviews
  • Identifies financial transactions which occur at properties listed as empty
  • Highlights instances of undisclosed occupants living at a property
  • Validates authenticity of single person discount claims
  • Traces contact details of debtors who leave no forwarding address
  • Provides daily updates on a businesses’ financial activities, improving recovery
  • Reduces costs by running bulk traces on citizens owing debt
  • Highlights variances in credit ratings and financial status of businesses
  • Uses data to segment citizens and firms for better analysis


£1 to £7 per unit per year

Service documents


G-Cloud 11

Service ID

8 4 8 9 2 7 6 2 6 2 3 4 1 5 4


Destin Solutions Limited

Duncan Baxter

01772 842092

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
Browser Compatibility: Internet Explorer 8, 9, 10+, Firefox, Chrome, Safari

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email support is offered and depending on the priority level of the support required response times will vary between 30 minutes and 2 hours. Response times are different at weekends and can range between 4 to 8 hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Support is included in the cost of the system.
Destin Solutions provide telephone support during normal office hours (9:00am to 5:00pm – Monday to Friday). Email support is also provided both during and out of office hours.

The initial point of referring an incident is via telephone to the appointed Account Manager. All calls are logged and immediately directed to an appropriate technical representative. Destin Solutions will respond to the initial contact within 1 hour and will attempt to resolve the issue within 2 hours.

Further information is contained within our Incident Management Process Flow document.
Support available to third parties

Onboarding and offboarding

Getting started
A full service on-boarding process is rolled out, when a new client is signed up. A trainer will be provided and use a 'train the trainer' approach so new users can be on-boarded quickly by the Council, long after the solution has been implemented. The client can set up their own users for the solution and manage their own user accounts, assigning different access levels dependent on role. We recommend the client appoints their own system administrator early on in the on-boarding process.
The solution also includes a web based user guide, which is accessible within the web portal.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Destin Solutions can manually extract and provide that data as it stands at that point in time. Costs associated with end-of-contract data extraction are based on an hourly rate of £100 per hour.
End-of-contract process
At the end of the contract all customer data is immediately removed from Destin Solutions servers. All data stored by authorities is stored on logical drives which at contract termination can be erased using the following algorithms: DOD5220M/ CESG HMG, NIST 800-88.

Costs associated with data deletion are based on an hourly rate of £100 per hour.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our mobile service offers optimised viewing experiences across different mobile platforms however all functionality offered within the desktop service is also available on the mobile service.
Service interface
Description of service interface
SharePoint front end is used to provide presentation and management interfaces for the service via the web.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our solution is based on Microsoft SharePoint technology all of which has been extensively tested by Microsoft to ensure it meets the latest web accessibility needs and standards. As outlined extensively in their support documentation SharePoint provides; the ability to get colour contrasts right, add alternative text and so on – all the items users will typically see on many accessibility checklists. In addition, SharePoint is tested thoroughly to make sure that, people can use the sites without a mouse. Users can move around any SharePoint page and use any button or command by using only the keyboard. SharePoint also facilitates; alternatives to visuals (images, icons, etc.), and descriptive text for all images, such as alternative text (alt text). Creation of larger typefaces that make text easier to read, and black or high-contrast text. A predictable tab order and landmarks on a web page that enable the user to build a mental picture of the page so they can stay oriented and not lose track of where they are. Simple backgrounds without patterns behind text on web pages. Alternatives to colour to convey important information such as ensuring hyperlinks that are highlighted by colour are also underlined and so on.
Customisation available
Description of customisation
Customisations can be carried out by Destin Solutions on behalf of the client, the user's themselves cannot customise the service. Customisations can be made on the type of reports a customer can view. The solution can also be customised to suit a clients branding and logo requirements and guidelines.


Independence of resources
Response times of different users are continuously monitored and if they go above certain parameters during normal use of the system, resources will be increased to reduce this back down to acceptable levels.

The system is also designed to prevent "queries of death" from being run, in any case, memory and CPU use of queries being run are continuously monitored so that if a query is hogging resources it can be shut down.


Service usage metrics
Metrics types
User administrators can monitor the following metrics on usage:
• Total visits
• Total Pages viewed
• Total Bytes Downloaded

These are summarised by Month, Week, Day and by User.
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
All electronic transfers of data must be carried out using an encrypted channel. In normal operation, customers are expected to provide sensitive data electronically using agreed protocols. Destin Solutions provide a FTPS server secured with a GlobalSign SSL certificate for this purpose which meets Advanced Encryption Standards. We are also flexible enough to apply other secure methods which the Council may already be using subject to them meeting our criteria.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The service is available 9:00am to 6:00pm Monday to Friday. Between these core working hours stated, availability of service is 99.99%.

Planned upgrade and support work is always carried out, outside of core working hours to minimise the impact on service availability
Approach to resilience
Available on request.
Outage reporting
Service outages are reported by email alert.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Accounts given to staff should only have access to the minimum information and resources that are necessary for their job role. Members of staff which from time-time need to perform operations with elevated permissions will be provided with one or more elevated accounts to be used only when necessary to perform those tasks.

High privilege accounts must only be used when accounts of lower rights will not perform the tasks required.

Log management software is used to audit access to critical systems and detect inappropriate or suspicious access-related events including use of high privilege accounts.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
CDL Group Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Sales and marketing activity are not covered within the scope of the certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We are currently in the process of working towards our ISO 27001 accreditation.
Information security policies and processes
Ultimate responsibility for information security rests with the Managing Director of Destin Solutions, but on a day-to-day basis the Data Security Manager is responsible for implementing the policy and related procedures.

Line Managers are responsible for ensuring that their permanent/ temporary staff and contractors are aware of:-
- The information security policies applicable in their work areas
- Their personal responsibilities for information security
- How to access advice on information security matters

All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action.

Line managers are individually responsible for the security of their physical environments where information is processed or stored. Each staff member is responsible for the operational security of the information systems they use.

Each system user shall comply with the security requirements that are currently in force, and shall ensure the confidentiality, integrity and availability of the information they use is maintained to the highest standard.

Contracts with external contractors allowing access to the organisation’s information systems are in operation before access is allowed. These contracts ensure that staff or sub-contractors of the external organisation comply with all appropriate security policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We use a continuous integration methodology with respect to development and as such have a fully automated and reproducible build and test cycle. Changes to system components are checked into our configuration management system and developers test their changes on a local build environment which mirrors the production build environment. If the build is successful then the changes are incorporated into the continuous integration build. Part of the automated test scripts also ensure the security of the system by simulating the effects of users with different access levels running queries against the system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Windows Server Update Services (WSUS) is used to manage the patching of all the machines and configured to download the latest patches and updates for all components of the solution. WSUS also enables implementation and automation of a patch release strategy and allows us to monitor the number of machines a patch has been deployed to. We monitor relevant forums and official releases about any potential problems with the patch. If none are noted WSUS is updated to approve the patch to the appropriate servers during the next release cycle.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our networks are protected by Intrusion Protection Systems (IPS) to identify, block and log the following common network attacks:
• Ping of Death
• IP half scan
• Port Scan
• Ping of Death
• Land
• DNS attacks

Our IPS is configured to scan and drop IP packets that contain IP options that are indicative of suspicious and potentially malicious behaviour.

We use Dell Intrust log management software which enables real-time notification of critical events through email alerts and automatic responses to certain events such as disabling a user account. Response times depend on priority level.
Incident management type
Supplier-defined controls
Incident management approach
We use an incident management process flow chart. Users report incidents by phone, email or the portal interface. Incidents are then identified, logged, categorised and prioritised. Following incident diagnosis and resolution incidents are closed subject to users agreeing to the closure. Incidents are fully documented and an incident record is kept . Incident reports are available to customers whom have been impacted by the incident on request, via email, and typically outline the information detailed above.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£1 to £7 per unit per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑