Preservica Ltd.

Preservica Digital Preservation and Archiving Service

Preservica Cloud Edition Essentials (CEE) provides a secure, cost-effective way for government organisations to meet any mandate to protect and ensure long-term access to digital records. Based on the same active digital preservation used by UK National Archives, CEE also provides public access, and connectors for CALM, SharePoint, and Outlook.

Features

• OAIS archive standards-based (ISO 14721) active digital preservation software
• Secure, durable, cloud storage on AWS S3 and Glacier
• Fully integrated customisable public access portal
• Catalogue synchronisation with Axiell's CALM and Adlib or ArchivesSpace
• Ingest package adapters for SharePoint, Outlook, Gmail and Lotus Notes
• Easy drag-and-drop re-arrangement within a trusted living archive
• Designed for regulated operations including the GDPR
• Includes support, training, maintenance and new product updates
• Private cloud hosting options with dedicated resources (also on Azure)
• Optional cloud escrow with 100% data integrity guarantee

Benefits

• Meet any mandate to safeguard long-term digital records
• Mitigate file obsolescence at any time with active file migration
• Minimise IT time and costs with Preservica hosting & operations
• Minimise compliance risk and meet regulatory requirements
• Guaranteed data sovereignty
• Simple ingest of long-term digital records from existing systems
• Synchronise metadata with current catalogue systems
• Increase transparency by providing secure public access
• Proven data integrity from self-healing, replicated storage
• Easy no-cost customer exit

£130 to £9,350 a terabyte a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.allman@preservica.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

766284901501156

Contact

Paul Allman
01235 428 904
paul.allman@preservica.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Supported Browsers: Chrome v77+, Firefox v69+, IE 11+
  • Other Browsers expected to function but not tested
  • Ingest Tools: MS Windows 7 or 10 (32 or 64bit)
  • Ingest Tools: Linux Desktop (32 or 64bit)
  • Ingest tools require local installation, web-ingest available without download

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Critical and urgent issues will be responded to within 2 business hours.; Routine issues will be responded to within 2 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Preservica offers 1 level of support for all Cloud Edition Essentials (CEE) customers.; Support is included in Preservica CEE annual pricing.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online training is provided in a series of pre-requisite and elective modules for users and administrators. These sessions take users through practical examples and are lead by a Preservica trainer offering the chance for live Q&A. Training takes place in small, size-limited groups.; ; On demand user documentation and video tutorials are available through the Preservica user portal.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We recognise how important it is for users to be able to extract a complete copy of all content at any time. In Preservica CEE we support the following approaches: ; ; 1) Set up a “Copy Home” storage adapter to write all content and metadata to a remote Secure FTP server. This can be “live” so a separate copy of the content is kept up to date at all times, or can be done at the point of exit.; ; 2) Use the built-in workflow to export content and metadata as dissemination ZIP files, to a user's own Amazon S3 bucket, in a chosen AWS storage region. Users can subsequently download all content, when required, using Amazon’s own tools outside of Preservica. ; ; In both cases the metadata is held in the Preservica XIP format. This contains the descriptive metadata, technical metadata, structure, audit logs and security tags. We will provide documentation describing the XIP schema and advice on the structure of the content and how to use it.
• End-of-contract process: At the end of the contract the client can extend the contract for a further period or can extract the data (as described) free of charge.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Preservica Explorer for archivists and collection management is designed for desktops only.; ; Preservica Universal Access provides secure public or internal access to customer content with a fully responsive design. Universal Access is designed to work with any screen size and adapts viewable content and options accordingly.
• Service interface: No
• API: Yes
• What users can and can't do using the API: CMIS API - provides (authenticated) read-only access to metadata and content using the Content Management Interoperability Standard.; ; OAI-PMH - provides (authenticated) metadata synchronisation using the Open Archives Initiative Protocol for Metadata Harvesting.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Data collections and structures can be modified to suit requirements.; ; Dashboard reports can be defined based on preference.; ; Metadata and schemas are user definable.; ; The web-based Universal Access portal for secure public access to selected customer content can be configured for ; - Organisational brand, logos and appearance preferences; - Colours; - Page structure and introductory text; - Content ; - Search indexes; - Content to be viewed by different users and permissions.; ; Changes are enabled for different user roles.; ; Changes are made through the file explorer or administration page.

Scaling

• Independence of resources: All users must agree to an acceptable use policy. ; ; Preservica will monitor the performance and use of services and at times may increase the available resources. In extreme circumstances, Preservica may suspend or remove access from users who cannot adhere to acceptable use when requested.

Analytics

• Service usage metrics: Yes
• Metrics types: Preservica includes a range of reports in text and graphical format.; ; Content includes: ; Storage reporting; File formats; Content uploaded; Access; Downloads; Logins; ...and many more
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Low-latency physical media storage encryption is available on request or applied as standard for customers with personal data as identified by the GDPR.; ; All other storage is encrypted by default.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported by authorised users, using standard export workflows.; ; It is also possible to view and download files on demand or request depending on the user's permissions and chosen storage latency.
• Data export formats: Other
• Other data export formats:
  • Dissemination Package returned in a DIP as ZIP or TAR
  • Single files can be downloaded in their native form
  • Metadata export to XIP, CMIS, DublinCore, METS, Export DC
• Data import formats: Other
• Other data import formats:
  • A file/folder structure on a local or network drive
  • Container files in various formats such as ZIP or PST
  • Disk image files such as ISO and hfs
  • A website

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: AWS's Virtual Private Cloud services - including network boundary firewalls - are used to prevent unwanted external communications.

Availability and resilience

• Guaranteed availability: As described in Preservica's SLA, Preservica shall use its reasonable endeavours to provide an uptime services availability of at least 99.5% in each Payment Period except in respect of any downtime with details described in the document.
• Approach to resilience: Available on request.
• Outage reporting: Alerts are announced on the User Group Forum page.; Users can register for email alerts for announcements.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: System and User access rights and permissions within Preservica are mapped to user roles.; ; When a user logs in to the system, Preservica will authenticate the user against the user credentials stored, and obtain the user’s details as well as the roles that have been assigned to that user.; ; Security is also applicable to content based on roles.; ; Preservica support is only available to authenticated Preservica users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 05/12/2019
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 applies to our standard products and the hosting of such products, but does not apply to bespoke products that Preservica may develop for customers. ; ; Preservica develops software to a minimum security baseline and any additional customer security requirements are documented in individual project management plans or relevant project documents.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Information Security Management System (ISMS) complies to ISO 27001:2013 and includes policies on mobile device & teleworking; email and internet; access control; cryptography; clear desk & screen; malicious or malware software; backup and restore; passwords; system monitoring; IPR compliance, data privacy and personally identifiable information; and secure development. ; ; Processes and procedures relating to the policies are in place as well as organisation of information; asset management; risk management/treatment; physical and environmental security; communications; system acquisition; system development; supplier relationships; incident management; and compliance.; ; The CEO is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may be carried out as required. All employees are expected to comply with policies and procedures relevant to their roles.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Preservica process manages changes applicable for all production, development and test environments. ; ; A defined set of internal roles are responsible for utilising tracking tools to record proposed changes for review and implementation with consideration of security, risk assessment and contingency planning. ; ; The Change Advisory Board approves or denies any change requests.; ; Change records are stored indefinitely.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Tool vulnerability alerts are constantly monitored for required updates.; ; Upgrades are made regularly including fixes with critical changes made as required, after testing.; ; Annual penetration and vulnerability testing is examined by a third party independent body.; ; The AWS Web Applications Firewall and Preservica design provides protection against OWASPs top 10 vulnerabilities in addition to further AWS monitoring against potential vulnerabilities.; ; Further details on AWS vulnerability and security are available from the AWS whitepapers webpage: https://aws.amazon.com/whitepapers/#security
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Application authentication checks are made at multiple levels with logs retained for examination.; ; The Preservica application access interface and AWS network employs additional firewall protection and boundary devices to monitor and control performance and communications at and within the boundaries of the deployed network. Automated alarms support Preservica Operations team staff for service monitoring.; ; Any incidents are logged as an ISMS security incident and investigated, reviewed, actioned and future prevention proposed.
• Incident management type: Supplier-defined controls
• Incident management approach: Preservica's incident management process is defined within the ISO 27001 Information Security Management System. Incidents are recorded on the relevant Information Security Incident Record Register and Information Security Incident Report by the ISMS Manager. ; ; Incidents are created, reviewed, tracked and resolved with any user communications included and alerted directly or via the User Group Forum page.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £130 to £9,350 a terabyte a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Available on request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.allman@preservica.com. Tell them what format you need. It will help if you say what assistive technology you use.