Arkivum LTD


Arkivum is the trusted software and service partner for long-term data lifecycle management and digital preservation.

Arkivum provides an end-to-end, managed service to deal with the complexity of preserving your data securely for the long-term, while guaranteeing 100% data integrity and immediate access to bring your archived data to life.


  • Conforms to OAIS digital preservation model
  • Integrates to collection management and public access systems
  • UK data centres and public or private cloud
  • Scalable from small to multi-petabytes deployments
  • Fully managed service
  • Based on open source software tools


  • No local infrastructure needed
  • Rapid deployment
  • Minimal support
  • Start small and scale with your needs
  • No lock-in, open standards
  • Low, predictable costs


£12500 per instance per year

Service documents

G-Cloud 10


Arkivum LTD


0124 9405060

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Flexible APIs to allow open integration and extension of customer software.
Cloud deployment model Hybrid cloud
Service constraints No constraints
System requirements None - we provide a fully managed service

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For a level 1 severity support condition within 1 business day, for a level 2 severity support condition within 2 business days and for a level 3 severity support condition within 10 business days. Weekends are not business days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is provided 9.00am to 5.00pm Monday to Friday. 24x7 support is available as an option.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Arkivum Perpetua has a comprehensive on-boarding package with web training for users and administrators. Ongoing support is provided and additional training can be arranged.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customers always have access to retrieve their data from the 3rd party escrow provider (at any time during or after their contract period as per contractual agreement), upon end if any contract we will ensure data is returned in it's original state to customers on request
End-of-contract process Data, metadata and system configuration information is available on the escrow tape copies held with our 3rd party escrow provider. Escrow tapes are directly accessible by the end user for only the cost of shipping.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility No features available.
Accessibility testing Limited testing of browser based UI has been completed.
What users can and can't do using the API Arkivum provides documented APIs, which allow authenticated systems to be able to connect and perform most system activities within the application - allowing seamless integration with customer systems.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation There are several levels of integration allowed by different levels of user roles.
e.g. all users with access to the UI can tailor their display as to what columns they can view, etc.
an administrator can configure things such as user role access, and various preservation actions for individual file types are entirely configurable including: tools used for file verification, normalisation policies, dissemination package compilation and metadata schemas.
At a system level the labels and definitions can be defined to be customer specific. And the system is also configured to allow for both industry standard metadata and customer specific metadata to index and retrieve the content from the archives.

User can customise the service through integration with content management systems and through personalisation of the preservation planning process and format policy registry (FPR). Preservation actions for individual file types are entirely configurable including: tools used for file verification, normalisation policies, dissemination package compilation and metadata schemas.


Independence of resources In Arkivum we spread processing over a pool of servers with failover between servers, at times of unusually high load volume more servers can be brought up. Customers are allocated to "tenants" on the back-end system and are allocated resources and routed based on their anticipated load.


Service usage metrics Yes
Metrics types The system usage is displayed via the landing page on dashboard to administrators with indicators of the status of all data in process or completed, and disk utilisation
Reporting types
  • API access
  • Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data can be downloaded via the application, either through the UI or from an onsite or virtual gateway appliance
Data export formats
  • CSV
  • Other
Other data export formats
  • Data is stored as Archival Information Packages (AIPs)
  • BagIT format
  • Secure export zip packages are also available for export
Data import formats Other
Other data import formats
  • Perpetua accepts any file format.
  • Data can be uploaded as BagIt or zipped files
  • Content Management type packages (metadata and file content)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.95% with service credits.
Approach to resilience Our service is deployed using UKCloud hosted infrastructure to the Essential service level as standard. Higher service levels are available. The service can be deployed across a number of sites, regions and zones. Each zone designed to eliminate single points of failure (such as power, network and hardware). Customers are encouraged to ensure that
their chosen service level meets their requirements.
Outage reporting SNMP reporting

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels Two factor authentication to access network control centre and two factor authentication for the sub-set of parties who access equipment.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS (via accredited certification body Centre for Assessment)
ISO/IEC 27001 accreditation date 04/06/2015
What the ISO/IEC 27001 doesn’t cover The ISMS that applies to Arkivum's business of providing data archiving software and services to its customer base and covers all information assets and staff (employees and sub-contractors)wherever they are located. This includes staff and assets located at Arkivum offices, while travelling on company business, working remotely, co-located Data Centres and Escrow providers.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Arkivum's ISMS contains controls that map on to all of the controls within ISO 27001. These cover all aspects of Arkivum's business. The Arkivum Compliance Manager reports directly to the VP Product Management

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All configuration and changes to the Arkivum Service infrastructure are raised as a change request by a member of the operations team. This is reviewed by another operations team member and approved at director level
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security Patches are applied when made available.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All external access is logged as either allowed or disallowed. Logs are kept for a minimum of 12 months.
Incident management type Supplier-defined controls
Incident management approach All incidents are logged and reviewed by the ISMS Forum (a group of senior management and the information security officer) for corrective action including expected completion date. All staff are encouraged to report anything they think might be a information security incident.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)


Price £12500 per instance per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑