Axiell ALM Ltd

Axiell Arena Discovery Platform

Axiell Arena is a powerful, multifaceted discovery platform for library and other patrons to interact with library services in branch or on the go. Arena is also an effective engagement tool, helping library staff keep patrons informed of news and events using the built in content management system.

Features

  • Circulation including Self Service Account Management
  • Advanced Catalogue Search capabilities
  • Cash Management - Online Payments
  • Integrations Framework
  • Notifications and Messaging
  • Digital Media Management
  • System Configuration
  • Cloud Based Interface
  • Application Support and Managed Services
  • Online Registration and Event Management

Benefits

  • Complete control over library stock circulation functions,
  • Catalogue management to latest standards, both physical and digital.
  • Complete cash management functionality for all library fees and charges.
  • Comprehensive suite of API's for third party integrations.
  • eHUB module for complete management of third party digital media.
  • Full management of system configuration.
  • Cloud based interface, accessible on any device.
  • Complete managed service and comprehensive service packages.
  • Built on Open Content Management System.

Pricing

£6000 per unit per year

Service documents

Framework

G-Cloud 11

Service ID

4 7 1 6 5 5 6 0 7 3 9 5 6 4 5

Contact

Axiell ALM Ltd

Daniel Moran

0115 900 8000

sales.admin@axiell.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Trend Artemis reporting and analytical platform,
SelfLib - Low cost, cloud based self service solution,
Axiell's Library Management Service platform, Axiell Collections Management System.
Cloud deployment model
Public cloud
Service constraints
Any service constraints are defined and agreed within the service level agreement for the solution.
System requirements
  • An internet connection
  • Browser must support HTML5 and javascript

User support

Email or online ticketing support
Email or online ticketing
Support response times
Detailed response times are agreed as part of the service level agreement
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The support contract is tailored to suit the requirements of the customer. All levels of support are agreed and defined in the Service Level Agreement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All implementations include a detailed Implementation Service with an agreed training programme. This may include hands on training sessions as well as consultation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Docx
End-of-contract data extraction
Axiell provide all data in a defined template as part of an exit plan/strategy. Full details of the extract data sets can be supplied upon request.
End-of-contract process
Axiell supply all data in a pre-defined format in line with the agreed exit plan. Additional costs may be applicable for the data extracts and any additional consultation not defined within the exit plan.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our service, and the functionality offered within it, are standardised across all platforms.
Service interface
Yes
Description of service interface
Axiell provide a complete range of API's for third parties to integrate with our systems. A breakdown of the API's available for each service is available on request.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
As standard, with all Axiell interfaces, we test with a number of different assistive technology, including but not limited to: Jaws, NV Access as well as Microsoft's built in screen magnification tools.
API
Yes
What users can and can't do using the API
All Axiell Library Management System APIs, include detailed documentation that clearly defines the scope of the specific integration.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Axiell Arena is modular in design. Users can decide on the features to be included as well as the specific configuration relating to each feature. Axiell's implementation and consultancy services guide our customers throughout this process in order to ensure the system is optimised for our customer's requirements throughout the lifetime of the contract.

Scaling

Independence of resources
Axiell Arena is designed so that it is load balanced and scalable to suit the customer requirements. If additional resource is required, the system can be scaled appropriately without loss of service to the end user.

Analytics

Service usage metrics
Yes
Metrics types
Axiell provide a range of reports that can be used by our customers to determine service usage. Included in the range of reports are extracts to specifically meet the CIPFA requirements of the service. This is in addition to any routine reports such as borrower transactional data, item circulation data/trends and financial information.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Axiell agree an approach for the export of data from our platform. As a standard deliverable, Axiell will provide access to any/all reports through our management information solution where the level of access is defined by the customer and based on role configuration. For routine data extracts, the process will depend on the available and agreed options but as an example, many of our customer choose to export their financial data for import into third party financial systems. Axiell work with the customer and the third party system supplier to agree requirements and implement accordingly.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • TSV
  • XML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Calculation of Service Availability is based upon events of an unplanned, reported failure on an End Users Live Service and is measured from the time the problem is reported to Axiell's UK Service Desk (also includes reporting by automatic monitoring systems). All services are to be measured separately. Typically we are achieving less than 7 hours downtime in a 12 month period for either system, this equates to 99.5% uptime, which is our target level for the year.
Approach to resilience
Axiell utilise a Tier 3 Datacentre to host the provided services in dedicated, leased rack space from Interxion, London. Interxion are ISO27001 and ISO22301 accredited. The Datacentre campus is monitored 24x7 by CCTV and security patrols. All access is via multiple barriers, mantraps, contactless key cards and biometrics. The final barrier is the actual racks holding the servers supporting the environment and these are protected by keypad locks. Only the Axiell Group CIO or the Axiell UK Technical Operations Manager are authorised to give access to any staff requiring access to the Datacentre or the individual racks.
Axiell are not ISO27001 accredited but do have policies in line with ISO27001 under an overarching ISMS Policy. Axiell have received the Cyber Essentials Certification.
Our policy "Axiell and the Cloud Security Principles" outlines how Axiell meet the requirement of CESG’s 14 Principles of Cloud Computing and is available on request.
Outage reporting
Axiell’s Firewalls support IDS which sends events to our SIEM monitoring server. The SIEM monitoring server also monitors endpoints, routers, switches for unusual activity and potential risks. As well as a visible wallboard for alerts, the solution autologs events into Axiell’s Case Management Tool which are then investigated and mitigated by Axiell’s Technical Services Team.
A service dashboard is a available through the case management tool and Customer notifications are typically provided by email or telephone although APIs are available for third party monitoring of the service if required.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised users are assigned permissions to access management functions associated with their role. Support services all require the individual user to have their own account and as required, these accounts can be approved by a customer manager.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Axiell follow the CESG Cloud Computing Principles and have policies in line with ISO27001 with an overarching ISMS Policy.
Information security policies and processes
Axiell have implemented a detailed ISMS policy. This Information Security Management System and associated operational procedures will, as far as practicable, address the Information Security Management principles defined within ISO27002:2013 ‘Code of Practice for Information Security Controls’. As such, this Policy will enable Axiell’s Staff, Suppliers and Contractors to accurately address the Information Security requirements of Axiell, thus avoiding ambiguity in the specification, delivery and implementation of Information Systems.
Operational procedures will be established to implement the corporate information security requirements outlined in this Security Management System, and appropriate mechanisms will be put in place to monitor and manage these procedures.
This Information Security Management System is supplemented by an “Information Security - User Guidelines” document.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Axiell operate a CMDB integrated into its Case Management System. As such all components of the solution have a Configuration Item. Where a system failure (Incident) or Change is made on a given CI then the CI is associated to the record, creating a full history of all changes and faults on a given component. The CMDB includes all services offered with relationships to the underpinning architecture such that analysis can be done prior to a change to see all the affected components.
All changes need approval by Axiell’s CTO who is responsible for ensuring that all services are secure.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Axiell’s estate is monitored using AlienVault OSSIM which assesses the configuration items against a database of known threats imported into OSSIM. Any detected risk of vulnerability is assessed against test systems to ensure that risks can be mitigated or eliminated with recommended actions. Axiell automatically apply all security fixes to all the underpinning OS and applications deployed unless there is proven detrimental impact to end users and risks are low to medium. Axiell subscribe to a number of sources for threat and vulnerability information.
Axiell follow the guidelines laid out in the CESG guidance on Implementing the Cloud Security Principles.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
AlienVault OSSIM consolidates the total view of Axiell’s infrastructure and receives alerts and logs from a variety of sources. Alerts are presented on a Nagios Wallboard with visual alerts and SMS and email alerts are sent to relevant analysts. As soon as any suspicious activity is detected, Incident Management processes are followed to investigate and manage the threat.
Active monitoring of infrastructure components generates alerts into OSSIM, OSSIM also sends alerts into the Incident Management Tool.
Incident management type
Supplier-defined controls
Incident management approach
Axiell’s Customer Service Tool receives alerts from OSSIM that trigger ITIL Incident Management Processes to track and progress all security incidents. Active threats are treated as Major Incidents. A knowledge base is maintained with processes to follow for events that have been seen and actioned. As the security incidents follow the Major Incident Process, this includes notification for key customer contacts. All Major Incidents are reported as part of the reporting pack from the Service Desk. As Security Incidents are classed as Major Incidents they will be reported as such. Any threat that risks the system directly is reported immediately.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£6000 per unit per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑