Bramble Hub Limited

Bramble Hub Northdoor - Data Masking/Pseudonymisation

A solution for masking/anonymising confidential personal data that needs to be shared between departments, businesses or with your IT partners, especially with System Integrators based overseas. Full data integrity and table mapping retained.

Features

• Real time data anonymisation
• Full audit trail
• Automated process
• Data retains full table integrity

Benefits

• Anonymise personal data
• Share personal data securely

£23,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

928933629098645

Contact

Neil Simpson
+44 (0) 2077350030
contact@bramblehub.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Solution requires initial configuration and implementation
• System requirements: Cross technology platform - MS, Oracle, IBM, SAP etc

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Various SLAs and hours of support from prime shift 7AM til 7PM through to 24x7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels vary from telephone support through to fully managed solutions. A service delivery manager would be provided where necessary.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full on-site training and documentation can be provided
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Client data remains on site if the hybrid option requires data residency.
• End-of-contract process: Once installed the software runs in the client environment til contract termination. Dependent upon exact requirements, there may be charges for installation, support and training.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: No
• API: Yes
• What users can and can't do using the API: Once trained, the application allows users to make changes, create reports and create solutions.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Once installed reports and solutions can be customised to create bespoke outcomes as required.

Scaling

• Independence of resources: Northdoor has sufficient resource to ensure services are not compromised.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly analysis of data usage and help desk utilisation
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Infomatica

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users do not need to export data unless they wish to do so.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are agreed as required by the client
• Approach to resilience: Our software solution resides on the client cloud environment
• Outage reporting: Email and phone notification is standard

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: All access to our solution is managed by the client management processes
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow the principles of ISO27001
• Information security policies and processes: Full security policy details are available as requested.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change management requests are subject to client and supplier agreement and impact assessment before commencement
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The solution is assessed in the client environment as part of the client procedures
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All monitoring is completed by the client as the solution is part of their environment
• Incident management type: Supplier-defined controls
• Incident management approach: All incident management issues are logged and reported via our help desk

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £23,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: POCs are available with no cost access to the solution. There may be charges for implementation

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF