Switchstance

Library Digital Archiving Software

Fully digitised online archiving system.

This system specifically holds over 25,000 pages of a newspaper spanning 1884 to 1920. The online tool includes intelligent search functionality to retrieve content by date and/or keywords.

Features

  • Remote access
  • Search functionality
  • Member comments

Benefits

  • Easily accessible

Pricing

£5000 per unit

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 7 3 3 2 4 3 7 7 6 4 5 5 3 7

Contact

Switchstance

Angela Stead

0114 3456 700

hello@switchstance.agency

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
N/A
System requirements
  • Internet access
  • Software licenses

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hour response time - Monday to Friday, 9am to 5pm.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support levels are subject to specific SLAs, determined at the point of contract.

Specific costs are dependent on numbers of users.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We can provide onsite training, online training, and/or user documentation as required.
Service documentation
No
End-of-contract data extraction
The specifics of the data extraction policy are determined at project commencement, however we provide the option for full CSV data extraction as a minimum.
End-of-contract process
The possibilities are broad and varied, dependent on the contract. Customer's requirements are discussed individually.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
In some instances functionality may be reduced on smaller devices where practically necessary.
Service interface
No
API
Yes
What users can and can't do using the API
Simple API allowing data access to third-parties.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
It's a modular system with many customisable elements.

Some elements may be customised by the end user, far more flexibility is available when customising as part of the initial system setup.

Scaling

Independence of resources
The system will be scalable which means resources will be adjusted in order to prevent performance issues caused by quantity of information held within the system. We periodically verify system performance to assure system performance is not affected.

Analytics

Service usage metrics
Yes
Metrics types
Available upon request.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
On request, we will provide full export of the database as SQL files (from MySQL database), CSV and XLS(X) files.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Whitelisting or blacklisting IP addresses or ranges as additional security measures.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Specific SLAs would be determined at the point of contract.

Our general are:

Backup of data and off site storage plan:
All databases are backed up daily and back-ups are then kept for 14 days (this can be changed upon request).
All data is stored in manned Data Centres, which are backed up every day.
Additional cross-server backups performed intermittently.

Recovery:
Recovery of data is performed following the identification of which backup point is required by the client. Latest backup point (as outlined above) is always used where any data restore is required.
Restore of previous backup points due to user error must be discussed individually to ascertain an approach acceptable by representatives for each party and may incur additional costs based on required solution.
Recovery of system files is performed using the latest live version of the system.
Any emergency recovery activity is performed to the shortest feasible timeframe, that is, resource will be applied to any issue as soon as it arises.

Support:
Support requests received will receive a response within 24 hours. The clock is stopped over the weekend.
Approach to resilience
Available on request.
Outage reporting
We would report any service outages through email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We manage our infrastructure through AWS Console using AWS Identity and Access Management providing enhanced security. Communication between our computers and AWS Console is performed through secure connection (HTTPS). Every authorised employee has own IAM account protected with 2 Factor Authentication. Connections to our servers through port 22 (SSH) and 3306 (MySQL) are allowed only for whitelisted IPs, connections from other IPs are rejected by firewall.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
ISO 27001, self accessed.
Information security policies and processes
We have various documents detailing our Information Security Policy that are available upon request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Components are managed via locked packaged files, these inform the system what version of components are being used. We receive notifications from services about potential issues and we assess whether to upgrade. Most use Semver (semantic versioning) - the system only upgrades necessary system upgrades and we assess others.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All systems (including infrastructure hosting those systems) are scanned for vulnerabilities on regular basis. Any issues reported during a scan are fixed immediately. We're monitoring CVE (Common Vulnerabilities and Exploits) database maintained by NIST for any new vulnerabilities and verify if they affect our systems. Patches to software affected by new vulnerabilities are applied within 24 hours.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
For our systems we have audit trail logging every action. When user logs in from unknown IP notification is sent to our team. If we suspect this might be a potential compromise we block traffic from that IP on firewall and start investigating the source of compromise. Actions are performed immediately after receiving the notification. We also monitor changes to core files of our systems and notify the team when it happens, so we can action immediately in case of malicious actions.

The rest of our process is available upon request, including monitoring AWS Console access and monitoring servers.
Incident management type
Supplier-defined controls
Incident management approach
Users have the ability to report incidents, which we will then create a ticket in the system for, categorise and set a priority level for. The tickets will then be dealt with accordingly.

Once issue has been resolved, we will contact the client via telephone or email explaining the issue and how we resolved this.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5000 per unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
It is a test version of the system in order to get a better feel for the software.

Service documents

Return to top ↑