Porism Limited

Local and Linked Data Infrastructure Services

Deployment, operation and management of cloud infrastructure to store and deliver metrics broken down by type and geography.

The service manages data and metadata which can be expressed as linked open data with persistent resolvable identifiers. It permits custodians to publish data according to established good practice.


  • Metrics storage and reporting
  • Standards management
  • Linked data repositories
  • Persistent resolvable identifiers
  • Geographical Information Systems
  • Data harvesting and aggregation
  • Report templating
  • Taxonomy management including SKOS
  • Application Programming Interface


  • Established model for consistent management of metrics
  • Reliable and performs well under load
  • Brings consistency to diverse datasets
  • Reworks statistics for different geographies
  • Supported by an experienced team


£20000 to £320000 per instance per year

Service documents


G-Cloud 11

Service ID

4 7 8 0 9 1 3 5 2 5 8 1 3 8 8


Porism Limited

Mike Thacker

020 7737 0263


Service scope

Service constraints
Most outputs are designed for desktop browsers and the latest version of each web browser is preferred.

Hosting infrastructure can require pre-warming for sudden spikes of traffic.
System requirements
  • Internet connection of > 2Mbps
  • Javascript enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
Two hours during working days Monday to Friday 9:00 to 17:30
User can manage status and priority of support tickets
Phone support
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We use the Intercom plugin that is tested for accessibility. It includes:
- Screen reader support: the Messenger is accessible via screen readers.
- Keyboard navigation: Every component of the Messenger can be accessed using a keyboard without requiring a mouse or trackpad.
- Colour contrast: all text is clearly visible when using colours with enough contrast, which our designer verifies on configuration.
Onsite support
Yes, at extra cost
Support levels
A technical account manager is assigned to each client organisation. This manager is available for contact at short notice by phone, chat and email throughout the contracted period.

End users are supported by email managed through a ticketing system with support logs subject to review by the client organisation.
Support available to third parties

Onboarding and offboarding

Getting started
Cloud support services are provided to plan, configure and roll-out a service.

Users are helped getting started with the services via: standard reports which they can go on to customise; a help system; online training sessions with associated PDF materials; email support service; and optional onsite training.
Service documentation
End-of-contract data extraction
Via the API or interactive reporting tools.

Optionally a full database dump can also be provided at cost.
End-of-contract process
The price quoted covers a complete database of metrics and all related metadata; scaleable infrastructure for running the API; a suite of reporting, report writing and other tools that use the API; vocabulary presentation and download tools.

The elastic load-balanced services that grow according to demand are charged according to usage.

Using the service

Web browser interface
Using the web interface
Administration users can define new metric types and upload associated data.

End users can: run reports; write reports; query and download data; look up URIs; and run SPARQL queries

Update of some metadata can only be performed by company staff. Standard vocabulary changes are expected to be reviewed by a taxonomist.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Automated accessibility testing for AA compliance.
What users can and can't do using the API
A read-only API permits query of all data and most metadata. Metric values can be retrieved as raw values, summaries and values derived via multiple statistical methods.

The API requires a public private key or OAuth key. Metrics available are subject to permissions associated with each key.

Online tools document the API and help programmers construct API calls.

Hosting cannot be configured via the API.
API automation tools
API documentation
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface


Scaling available
Scaling type
Independence of resources
We use load balancing and auto-scaling for our web servers. Databases are scaled to deal with maximum expected loads. We monitor for and block robots that impose an unnecessary load.

We pre-warm servers if expected sudden peaks are expected, eg to coincide with news releases.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Exception reports with detailed metrics on request
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Source code and versioning
  • Databases
  • Logs
  • Machine images
Backup controls
Backups are administered by the company under agreement with the client. They are not configurable directly by users.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
An SLA entitles the client organisation to a refunds as shown below for non-planned lack of availability:
<98% availability, 5% refund.
<95% availability, 10% refund.
< 92% availability, 15% refund.
<90% availability, 20% refund.

In practice availability is normally well above 99%.
Approach to resilience
We use Amazon Web Services which sets industry-standard levels of high availability, dependability, confidentiality, integrity and data security.
Outage reporting
Monitoring services on both servers and end user tools report anomalies to company technical staff. Customers are alerted by email if an issue impacts on them.

Identity and authentication

User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Most access to done via user name and password with access rights associated with each user and the user's organisation.

Public private keys and OAuth are used for read-only access to non-personal data.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We're an ISO 27001:2013 (information security management) certified company and regularly review information security, perform risk assessments and log any security incidents. ISMS training is provided to all staff.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
New installations are subject to penetration testing.

Software upgrades and configuration changes are subject to automated functional, performance and, where appropriate, penetration testing.

Software changes and subject to version control with logged release histories.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Firewalls and anti-virus software provide virtual access protection and server hardening techniques are used to ensure only trusted entities are given access, reducing the number of security holes without affecting performance. In-house penetration and load testing ensures potential threats are kept at bay, and other vulnerabilities are assessed according to our information management security policies. Consistent monitoring and immediate reporting provides information on potential threats which are reviewed as issues occur. Patches can be released within 6 hours during normal service hours.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Amazon handles security of the hardware and infrastructure, and provides heavily customisable firewalls which Porism uses and monitors.
System administrators are alerted automatically 24/7 of abnormal events.

Anti-virus software is installed on our servers by default, and server hardening techniques are used to ensure that only services absolutely required by the systems are enabled by default.
Incident management type
Supplier-defined controls
Incident management approach
We regularly perform risk assessments and update information security management processes for new products and changes in infrastructure.

Incidents are reported by system administrators to the Head of IT Infrastructure and clients are made aware via routine exception reporting.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres


£20000 to £320000 per instance per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑