Preservica Ltd.

Preservica Digital Preservation and Archiving Service

Preservica Cloud Edition Essentials (CEE) provides a secure, cost-effective way for government organisations to meet any mandate to protect and ensure long-term access to digital records. Based on the same active digital preservation used by UK National Archives, CEE also provides public access, and connectors for CALM, SharePoint, and Outlook.


  • OAIS archive standards-based (ISO 14721) active digital preservation software
  • Secure, durable, cloud storage on AWS S3 and Glacier
  • Fully integrated customisable public access portal
  • Catalogue synchronisation with Axiell's CALM and Adlib or ArchivesSpace
  • Ingest package adapters for SharePoint, Outlook, Gmail and Lotus Notes
  • Easy drag-and-drop re-arrangement within a trusted living archive
  • Designed for regulated operations including the GDPR
  • Includes support, training, maintenance and new product updates
  • Private cloud hosting options with dedicated resources (also on Azure)
  • Optional cloud escrow with 100% data integrity guarantee


  • Meet any mandate to safeguard long-term digital records
  • Mitigate file obsolescence at any time with active file migration
  • Minimise IT time and costs with Preservica hosting & operations
  • Minimise compliance risk and meet regulatory requirements
  • Guaranteed data sovereignty
  • Simple ingest of long-term digital records from existing systems
  • Synchronise metadata with current catalogue systems
  • Increase transparency by providing secure public access
  • Proven data integrity from self-healing, replicated storage
  • Easy no-cost customer exit


£130 to £9,350 a terabyte a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 6 6 2 8 4 9 0 1 5 0 1 1 5 6


Preservica Ltd. Paul Allman
Telephone: 01235 428 904

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Supported Browsers: Chrome v77+, Firefox v69+, IE 11+
  • Other Browsers expected to function but not tested
  • Ingest Tools: MS Windows 7 or 10 (32 or 64bit)
  • Ingest Tools: Linux Desktop (32 or 64bit)
  • Ingest tools require local installation, web-ingest available without download

User support

Email or online ticketing support
Email or online ticketing
Support response times
Critical and urgent issues will be responded to within 2 business hours.
Routine issues will be responded to within 2 business days
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
Preservica offers 1 level of support for all Cloud Edition Essentials (CEE) customers.
Support is included in Preservica CEE annual pricing.
Support available to third parties

Onboarding and offboarding

Getting started
Online training is provided in a series of pre-requisite and elective modules for users and administrators. These sessions take users through practical examples and are lead by a Preservica trainer offering the chance for live Q&A. Training takes place in small, size-limited groups.

On demand user documentation and video tutorials are available through the Preservica user portal.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We recognise how important it is for users to be able to extract a complete copy of all content at any time. In Preservica CEE we support the following approaches:

1) Set up a “Copy Home” storage adapter to write all content and metadata to a remote Secure FTP server. This can be “live” so a separate copy of the content is kept up to date at all times, or can be done at the point of exit.

2) Use the built-in workflow to export content and metadata as dissemination ZIP files, to a user's own Amazon S3 bucket, in a chosen AWS storage region. Users can subsequently download all content, when required, using Amazon’s own tools outside of Preservica.

In both cases the metadata is held in the Preservica XIP format. This contains the descriptive metadata, technical metadata, structure, audit logs and security tags. We will provide documentation describing the XIP schema and advice on the structure of the content and how to use it.
End-of-contract process
At the end of the contract the client can extend the contract for a further period or can extract the data (as described) free of charge.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The Preservica Explorer for archivists and collection management is designed for desktops only.

Preservica Universal Access provides secure public or internal access to customer content with a fully responsive design. Universal Access is designed to work with any screen size and adapts viewable content and options accordingly.
Service interface
What users can and can't do using the API
CMIS API - provides (authenticated) read-only access to metadata and content using the Content Management Interoperability Standard.

OAI-PMH - provides (authenticated) metadata synchronisation using the Open Archives Initiative Protocol for Metadata Harvesting.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Data collections and structures can be modified to suit requirements.

Dashboard reports can be defined based on preference.

Metadata and schemas are user definable.

The web-based Universal Access portal for secure public access to selected customer content can be configured for
- Organisational brand, logos and appearance preferences
- Colours
- Page structure and introductory text
- Content
- Search indexes
- Content to be viewed by different users and permissions.

Changes are enabled for different user roles.

Changes are made through the file explorer or administration page.


Independence of resources
All users must agree to an acceptable use policy.

Preservica will monitor the performance and use of services and at times may increase the available resources. In extreme circumstances, Preservica may suspend or remove access from users who cannot adhere to acceptable use when requested.


Service usage metrics
Metrics types
Preservica includes a range of reports in text and graphical format.

Content includes:
Storage reporting
File formats
Content uploaded
...and many more
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
Low-latency physical media storage encryption is available on request or applied as standard for customers with personal data as identified by the GDPR.

All other storage is encrypted by default.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported by authorised users, using standard export workflows.

It is also possible to view and download files on demand or request depending on the user's permissions and chosen storage latency.
Data export formats
Other data export formats
  • Dissemination Package returned in a DIP as ZIP or TAR
  • Single files can be downloaded in their native form
  • Metadata export to XIP, CMIS, DublinCore, METS, Export DC
Data import formats
Other data import formats
  • A file/folder structure on a local or network drive
  • Container files in various formats such as ZIP or PST
  • Disk image files such as ISO and hfs
  • A website

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
AWS's Virtual Private Cloud services - including network boundary firewalls - are used to prevent unwanted external communications.

Availability and resilience

Guaranteed availability
As described in Preservica's SLA, Preservica shall use its reasonable endeavours to provide an uptime services availability of at least 99.5% in each Payment Period except in respect of any downtime with details described in the document.
Approach to resilience
Available on request.
Outage reporting
Alerts are announced on the User Group Forum page.
Users can register for email alerts for announcements.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
System and User access rights and permissions within Preservica are mapped to user roles.

When a user logs in to the system, Preservica will authenticate the user against the user credentials stored, and obtain the user’s details as well as the roles that have been assigned to that user.

Security is also applicable to content based on roles.

Preservica support is only available to authenticated Preservica users.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 27001 applies to our standard products and the hosting of such products, but does not apply to bespoke products that Preservica may develop for customers.

Preservica develops software to a minimum security baseline and any additional customer security requirements are documented in individual project management plans or relevant project documents.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Information Security Management System (ISMS) complies to ISO 27001:2013 and includes policies on mobile device & teleworking; email and internet; access control; cryptography; clear desk & screen; malicious or malware software; backup and restore; passwords; system monitoring; IPR compliance, data privacy and personally identifiable information; and secure development.

Processes and procedures relating to the policies are in place as well as organisation of information; asset management; risk management/treatment; physical and environmental security; communications; system acquisition; system development; supplier relationships; incident management; and compliance.

The CEO is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may be carried out as required. All employees are expected to comply with policies and procedures relevant to their roles.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Preservica process manages changes applicable for all production, development and test environments.

A defined set of internal roles are responsible for utilising tracking tools to record proposed changes for review and implementation with consideration of security, risk assessment and contingency planning.

The Change Advisory Board approves or denies any change requests.

Change records are stored indefinitely.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Tool vulnerability alerts are constantly monitored for required updates.

Upgrades are made regularly including fixes with critical changes made as required, after testing.

Annual penetration and vulnerability testing is examined by a third party independent body.

The AWS Web Applications Firewall and Preservica design provides protection against OWASPs top 10 vulnerabilities in addition to further AWS monitoring against potential vulnerabilities.

Further details on AWS vulnerability and security are available from the AWS whitepapers webpage:
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Application authentication checks are made at multiple levels with logs retained for examination.

The Preservica application access interface and AWS network employs additional firewall protection and boundary devices to monitor and control performance and communications at and within the boundaries of the deployed network. Automated alarms support Preservica Operations team staff for service monitoring.

Any incidents are logged as an ISMS security incident and investigated, reviewed, actioned and future prevention proposed.
Incident management type
Supplier-defined controls
Incident management approach
Preservica's incident management process is defined within the ISO 27001 Information Security Management System. Incidents are recorded on the relevant Information Security Incident Record Register and Information Security Incident Report by the ISMS Manager.

Incidents are created, reviewed, tracked and resolved with any user communications included and alerted directly or via the User Group Forum page.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£130 to £9,350 a terabyte a year
Discount for educational organisations
Free trial available
Description of free trial
Available on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.