Porism Limited

Local and Linked Data Infrastructure Services

Deployment, operation and management of cloud infrastructure to store and deliver metrics broken down by type and geography.

The service manages data and metadata which can be expressed as linked open data with persistent resolvable identifiers. It permits custodians to publish data according to established good practice.

Features

  • Metrics storage and reporting
  • Standards management
  • Linked data repositories
  • Persistent resolvable identifiers
  • Geographical Information Systems
  • Data harvesting and aggregation
  • Report templating
  • Taxonomy management including SKOS
  • Application Programming Interface

Benefits

  • Established model for consistent management of metrics
  • Reliable and performs well under load
  • Brings consistency to diverse datasets
  • Reworks statistics for different geographies
  • Supported by an experienced team

Pricing

£20000 to £320000 per instance per year

Service documents

G-Cloud 9

639320689902607

Porism Limited

Mike Thacker

020 7737 0263

mike.thacker@porism.com

Service scope

Service scope
Service constraints Most outputs are designed for desktop browsers and the latest version of each web browser is preferred.

Hosting infrastructure can require pre-warming for sudden spikes of traffic.
System requirements
  • Internet connection of > 2Mbps
  • Javascript enabled

User support

User support
Email or online ticketing support Email or online ticketing
Support response times End user support is within 24 hours, Monday to Friday between 0900 and 1730 (excl. public holidays) and normally by email.

Commissioning client organisations also have support via phone and online chat. They can prioritise support requests.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels A technical account manager is assigned to each client organisation. This manager is available for contact at short notice by phone, chat and email throughout the contracted period.

End users are supported by email managed through a ticketing system with support logs subject to review by the client organisation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Cloud support services are provided to plan, configure and roll-out a service.

Users are helped getting started with the services via: standard reports which they can go on to customise; a help system; online training sessions with associated PDF materials; email support service; and optional onsite training.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Via the API or interactive reporting tools.

Optionally a full database dump can also be provided at cost.
End-of-contract process The price quoted covers a complete database of metrics and all related metadata; scaleable infrastructure for running the API; a suite of reporting, report writing and other tools that use the API; vocabulary presentation and download tools.

the elastic load-balanced services that grow according to demand are charged according to usage.

Using the service

Using the service
Web browser interface Yes
Using the web interface Administration users can define new metric types and upload associated data.

End users can: run reports; write reports; query and download data; look up URIs; and run SPARQL queries

Update of some metadata can only be performed by company staff. Standard vocabulary changes are expected to be reviewed by a taxonomist.
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing Automated accessibility testing for AA compliance.
API Yes
What users can and can't do using the API A read-only API permits query of all data and most metadata. Metric values can be retrieved as raw values, summaries and values derived via multiple statistical methods.

The API requires a public private key or OAuth key. Metrics available are subject to permissions associated with each key.

Online tools document the API and help programmers construct API calls.

Hosting cannot be configured via the API.
API automation tools Other
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources We use load balancing and auto-scaling for our web servers. Databases are scaled to deal with maximum expected loads. We monitor for and block robots that impose an unnecessary load.

We pre-warm servers if expected sudden peaks are expected, eg to coincide with news releases.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics Exception reports with detailed metrics on request
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Source code and versioning
  • Databases
  • Logs
  • Machine images
Backup controls Backups are administered by the company under agreement with the client. They are not configurable directly by users.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability An SLA entitles the client organisation to a refunds as shown below for non-planned lack of availability:
<98% availability, 5% refund.
<95% availability, 10% refund.
< 92% availability, 15% refund.
<90% availability, 20% refund.

In practice availability is normally well above 99%.
Approach to resilience We use Amazon Web Services which sets industry-standard levels of high availability, dependability, confidentiality, integrity and data security.
Outage reporting Monitoring services on both servers and end user tools report anomalies to company technical staff. Customers are alerted by email if an issue impacts on them.

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Most access to done via user name and password with access rights associated with each user and the user's organisation.

Public private keys and OAuth are used for read-only access to non-personal data.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 20/07/2015
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We're an ISO 27001:2013 (information security management) certified company and regularly review information security, perform risk assessments and log any security incidents. ISMS training is provided to all staff.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach New installations are subject to penetration testing.

Software upgrades and configuration changes are subject to automated functional, performance and, where appropriate, penetration testing.

Software changes and subject to version control with logged release histories.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Firewalls and anti-virus software provide virtual access protection and server hardening techniques are used to ensure only trusted entities are given access, reducing the number of security holes without affecting performance. In-house penetration and load testing ensures potential threats are kept at bay, and other vulnerabilities are assessed according to our information management security policies. Consistent monitoring and immediate reporting provides information on potential threats which are reviewed as issues occur. Patches can be released within 6 hours during normal service hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Amazon handles security of the hardware and infrastructure, and provides heavily customisable firewalls which Porism uses and monitors.
System administrators are alerted automatically 24/7 of abnormal events.

Anti-virus software is installed on our servers by default, and server hardening techniques are used to ensure that only services absolutely required by the systems are enabled by default.
Incident management type Supplier-defined controls
Incident management approach We regularly perform risk assessments and update information security management processes for new products and changes in infrastructure.

Incidents are reported by system administrators to the Head of IT Infrastructure and clients are made aware via routine exception reporting.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £20000 to £320000 per instance per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑