Elsevier

Pure

Pure is a research information management system, which helps universities and research institutions to manage data about their research and other related content. Using this high-quality data, institutions can create reports; showcase their research; analyse and track research progress and impact; monitor the grant lifecycle; and prepare their REF2021 submission.

Features

  • Robust data model that supports core content types.
  • Interoperable solution, designed to easily integrate with other systems.
  • Modular design, which covers the full research life cycle.
  • Configurable workflows to help validate data.
  • Role-based access control to manage user permissions and data visibility.
  • Single sign-on integration.
  • Powerful frontend portal search that uses the Elsevier Fingerprint Engine™.
  • Reports and dashboards for all data in Pure.
  • Dedicated assessment module for preparing your REF submission.
  • Integrates with Elsevier's Funding Institutional, supporting the full funding lifecycle.

Benefits

  • System of record which helps institutions make better strategic decisions.
  • Reduced administrative burden as researchers manage their own profiles.
  • Increased visibility of researchers and their work through Pure Portal.
  • Consistent data as Pure easily integrates with external systems.
  • High-quality data through search and filtering, workflows, and duplicate merging.
  • Ability to add extra modules at a later date.
  • Helps streamline and automate the management of research projects.
  • Simplifies reporting across all types of data.
  • Easier and more streamlined process for preparing REF submissions.
  • Workflows for data validation help ensure data accuracy and compliance.

Pricing

£10,000 to £250,000 an instance a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at h.mooij@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 9 6 6 3 7 6 5 7 2 6 9 6 0 5

Contact

Elsevier Helen de Mooij
Telephone: +31 6 1277 4890
Email: h.mooij@elsevier.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Pure has multiple configuration options, some of which can be set up during implementation and onboarding. System administrators can edit and configure options throughout the service period. Instructions for doing so will be covered during training, and ongoing support is available throughout the service period.

Maintenance is managed as much as possible in low usage times, such as night time.
System requirements
  • Internet connectivity
  • Up to date browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Category A (critical defect with no workaround), response within 4 hours (during help desk hours only);
Category B (critical defect with workaround), response within 2 working days;
Category C (non-critical defect with no workaround), response within 4 working days;
Category D (non-critical defect with workaround), response within 8 working days.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Access to the Pure help desk is included as part of a customer’s Pure licence.

The Pure help desk provides ongoing technical support to customers. Their primary aim is to make sure customers use Pure efficiently and have the best possible experience with it.

Our help desk is based in the USA, Denmark and Singapore, allowing us to provide the best possible service and response times. Customers can raise a support request using our online ticketing system, email or telephone.

In addition, we provide customers with a Customer Consultant for additional technical support. The Customer Consultant ensures customers use Pure optimally and assists them with any concerns they have that are not issues for the support desk.
Support available to third parties
No

Onboarding and offboarding

Getting started
To help users get started with using Pure, we make the following available to them from day one:
• a dedicated Pure server;
• documentation allowing you to easily explore Pure configurations;
• access to our global Pure Academy training program.

During implementation, the Pure Implementation Manager holds an (optional) on-site workshop. This workshop is tailored to your needs and provides in-depth training about the implementation and configuration of Pure.
Once implementation is nearing the launch phase, your dedicated Pure Customer Consultant will deliver additional training (a combination of onsite and online). Your Customer Consultant has an in-depth knowledge of Pure and best-practices for rolling it out. They will provide continuous training to help you explore the additional functionality in Pure, and will remain as your go-to person for training-related enquiries after launch.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Once their contract ends, users can extract data from Pure using the Pure Web Service API. This allows them to extract their data in XML and JSON format.
End-of-contract process
The costs of the basic end-of-contract process are included in a customer's Pure licence fee.

Elsevier provides guidance to customers about the tasks they need to complete as part of their migration strategy and the expected timeline they must complete these tasks in. This is a once-off meeting. Effort for consultancy, project work, configurations, or any other form of customised work is excluded from the basic process. The actual extraction and transformation of data is the customer's responsibility. Customers are notified well in advance of their contract end date, so they have sufficient time to extract and transfer data.

Once their contract with Elsevier comes to an end, all data and backups are deleted. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process for their storage hardware.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
Customers access Pure in a web-browser. They require credentials from their institution to log in.

The Pure Portal is also accessed in a web-browser. Institutions can control what content is displayed internally and externally on their Pure Portal.
Accessibility standards
None or don’t know
Description of accessibility
Pure features a simple, flexible, and consistent user interface design. Customers can benefit from full-text search, the ability to browse and filter by content type or speciality, and bookmark-friendly content.

Accessibility is a high priority on our development team’s roadmap. The Pure Portal is optimised for compatibility with screen readers, through the use of (for example) metatags and ARIA-labels to provide descriptions of visual content.
Accessibility testing
We carry out an annual Voluntary Product Accessibility Template (VPAT) assessment, which is conducted by the Elsevier Accessibility team. During this VPAT assessment, we test the Pure interface to ensure it is screen reader friendly and compatible with screen readers such as JAWS, NVDA and Apple's VoiceOver. Pages employ Accessibility for Rich Internet Applications (ARIA) to enhance navigation, orientation and labelling for users of screen readers and other assistive technology.
API
Yes
What users can and can't do using the API
Web services are used to extract data from Pure. Pure contains three open interfaces: SOAP, REST and OAI. Both XML and JSON are supported as output formats.

With each new (major) version, a corresponding new version of the Pure Web Service is also released which includes support for all new additions to the data model introduced in that particular major version of Pure.

The API has endpoints available for most content types in Pure. The access is controlled using API keys; the endpoints available are tied to your API key, which is managed in the Administrator tab of Pure.

NOTE: Not all endpoints will be available — the number of endpoints available depends on your API key and how Pure is configured.

We are currently developing the Pure Write API for populating Pure with content from external sources. This is an evolution of the existing REST web services, to support a backward-compatible read and write REST JSON endpoint for using and managing research information data in Pure.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Pure offers functionality through optional modules, which allows only relevant client features to be available. Within the Core module and the optional modules the following is relevant:

• Data can be synchronised into Pure from other institutional systems, where the mapping of data is determined by the client. This is set up during implementation and is subsequently managed by clients. Training will be provided by Elsevier.

• Multiple workflows are present that are highly configurable to ensure relevance to client processes.

• Classifications present can be edited, and new classifications can be added and added to various content templates.

• Pure can reflect institutional name, field naming preferences, system messages, and editable support text. The Pure Portal is templated in terms of functionality, but branding can match the client (logo, colour, text, and messaging).

Scaling

Independence of resources
Pure customers using our standard hosting infrastructure have their own database instance with unique credentials. Our standard hosting offers customers reliable, scalable, and inexpensive cloud computing services via Amazon Web Services.

Analytics

Service usage metrics
Yes
Metrics types
The system captures data around each institution’s usage of Pure. This information includes which features, types of content and maintenance jobs are used in Pure and at which volume. These metrics help to measure the health of an institution’s Pure instance, diagnose and solve problems, as well as prioritise our development work.
Institutions can also capture metrics about the visitors to their Pure Portal using Google Analytics. They set this up from Pure by entering their Google Analytics tracking code.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data in JSON and XML formats using the Pure Web Service API.

It is also possible for users to create lists of data and export them in various formats such as BibTeX, Reference Manager (RIS), HTML and Excel, depending on the type of data.

Pure can also be harvested via OAI-PMH using a variety of metadata formats.

In addition, users can produce reports and export them to PDF, Word, Excel and HTML formats.
Data export formats
Other
Other data export formats
  • JSON
  • XML
  • XLS
  • HTML
  • PDF
  • Word
  • BibTex
  • Reference Manager (RIS)
Data import formats
Other
Other data import formats
  • XML
  • Reference Manager (RIS)
  • BibTex
  • XLS

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our service level agreement (SLA) guarantees a 99.5% system uptime. If availability drops below 99.5%, customers are entitled to receive a service credit. Availability warranties and service credit calculations are outlined in our SLA.
Approach to resilience
Elsevier implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data;
• Ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
In addition to supporting federated identity solutions, including SAML2, WAYF, Shibboleth, ADFS and CAS, Pure also supports Active Directory authentication using the LDAP protocol.
Access restrictions in management interfaces and support channels
Pure does not have a management interface. Only authorised Elsevier employees can access the server infrastructure. All access control is reviewed regularly, and system access is audited.

No employee has permanent access to application level data; temporary access is allocated on an individual’s “need to know,” as determined by job functions and requirements. Authorised Elsevier employees access customer environments via two-factor authentication. We maintain a full audit trail of Elsevier staff logins to customer environments and review this log regularly.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
EU-U.S. Privacy Shield

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our approach to security governance is aligned to ISO/IEC 27002.
Information security policies and processes
Elsevier has implemented policies, standards, and guidelines aligned with ISO 27002 domains that govern data access, protection, transport, restriction, retention, deletion, and classification. Policies, standards, and guidelines are reviewed and updated regularly.

We maintain a dedicated Information Security and Data Protection organisation, headed by our Chief Security Information Officer, who is responsible for these policies, standards and guidelines and ensuring all employees adhere to them.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our change management process follows best industry practices.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Services, processes, and technology are implemented to execute internal and external vulnerability scans to identify new application and system vulnerabilities. Identified risks are assessed for their potential impact along with determining appropriate response and remediation actions. We use a combination of network security testing, application security testing, application code review, and penetration testing to assess our information security program, and enhance it appropriately.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Elsevier’s Information Security and Data Protection (ISDP) team continuously monitor and respond 24/7 to security events. The ISDP team will assess any identified risks for their potential impact and determine the appropriate response and remediation actions.

To ensure monitoring is as thorough as possible, Elsevier uses a combination of automated and manual solutions to inspect applications and identify any vulnerabilities that require remediation.
Incident management type
Supplier-defined controls
Incident management approach
Elsevier manages incidents using a well-established Security Incident Response process. This process covers all security incidents, including hacker, denial of service, lost asset and virus/worm incidents.

When an incident occurs, it is promptly handled by our dedicated Information Security & Data Protection team. They will restore service as soon as possible, determine the cause of the incident, and take appropriate steps to prevent future incidents.

Elsevier’s incident response and notification policy sets out how users are notified in the event of information being compromised. We conduct security incident disclosures in compliance with all appropriate regulatory policies and applicable statutory guidelines.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10,000 to £250,000 an instance a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Functionality and configuration can be tested in a sandbox environment with test data for a limited time period, to be agreed with the client.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at h.mooij@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.