Preservica Ltd.

Preservica Digital Preservation and Archiving Service

Preservica Cloud Edition Essentials (CEE) provides a secure, cost-effective way for government organisations to meet any mandate to protect and ensure long-term access to digital records. Based on the same active digital preservation used by UK National Archives, CEE also provides public access, and connectors for CALM, SharePoint, and Outlook.


  • OAIS archive standards-based (ISO 14721) active digital preservation software
  • Secure, durable, cloud storage on AWS S3 and Glacier
  • Fully integrated customisable public access portal
  • Catalogue synchronisation with Axiell's CALM and Adlib or ArchivesSpace
  • Ingest package adapters for SharePoint, Outlook, Gmail and Lotus Notes
  • Easy drag-and-drop re-arrangement within a trusted living archive
  • Designed for regulated operations including the GDPR
  • Includes support, training, maintenance and new product updates
  • Private cloud hosting options with dedicated resources (also on Azure)
  • Optional cloud escrow with 100% data integrity guarantee


  • Meet any mandate to safeguard long-term digital records
  • Mitigate file obsolescence at any time with active file migration
  • Minimise IT time and costs with Preservica hosting & operations
  • Minimise compliance risk and meet regulatory requirements
  • Guaranteed data sovereignty
  • Simple ingest of long-term digital records from existing systems
  • Synchronise metadata with current catalogue systems
  • Increase transparency by providing secure public access
  • Proven data integrity from self-healing, replicated storage
  • Easy no-cost customer exit


£130 to £9350 per terabyte per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

8 2 4 3 6 5 9 8 7 5 7 0 2 3 2


Preservica Ltd.

Paul Allman

01235 428 904

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Supported Browsers: Chrome v40+, Firefox v40+, IE11+
  • Other Browsers expected to function but not tested
  • Ingest Tools: MS Windows 7 or 10 (32 or 64bit)
  • Ingest Tools: Linux Desktop (32 or 64bit)
  • Ingest tools require local installation, web-ingest available without download

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical and urgent issues will be responded to within 2 business hours.
Routine issues will be responded to within 2 business days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Preservica offers 1 level of support for all Cloud Edition Essentials (CEE) customers.
Support is included in Preservica CEE annual pricing.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Online training is provided in a series of pre-requisite and elective modules for users and administrators. These sessions take users through practical examples and are lead by a Preservica trainer offering the chance for live Q&A. Training takes place in small, size-limited groups.

On demand user documentation is available through the Preservica user portal.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction We recognise how important it is for users to be able to extract a complete copy of all content at any time. In Preservica CEE we support the following approaches:

1) Set up a “Copy Home” storage adapter to write all content and metadata to a remote Secure FTP server. This can be “live” so a separate copy of the content is kept up to date at all times, or can be done at the point of exit.

2) Use the built-in workflow to export content and metadata as dissemination ZIP files, to a user's own Amazon S3 bucket, in a chosen AWS storage region. Users can subsequently download all content, when required, using Amazon’s own tools outside of Preservica.

In both cases the metadata is held in the Preservica XIP format. This contains the descriptive metadata, technical metadata, structure, audit logs and security tags. We will provide documentation describing the XIP schema and advice on the structure of the content and how to use it.
End-of-contract process At the end of the contract the client can extend the contract for a further period or can extract the data (as described) free of charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Preservica Explorer for archivists and collection management is designed for desktops only.

Preservica Universal Access provides secure public or internal access to customer content with a fully responsive design. Universal Access is designed to work with any screen size and adapts viewable content and options accordingly.
Service interface No
What users can and can't do using the API CMIS API - provides (authenticated) read-only access to metadata and content using the Content Management Interoperability Standard.

OAI-PMH - provides (authenticated) metadata synchronisation using the Open Archives Initiative Protocol for Metadata Harvesting.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Data collections and structures can be modified to suit requirements.

Dashboard reports can be defined based on preference.

Metadata and schemas are user definable.

The web-based Universal Access portal for secure public access to selected customer content can be configured for
- Organisational brand, logos and appearance preferences
- Colours
- Page structure and introductory text
- Content
- Search indexes
- Content to be viewed by different users and permissions.

Changes are enabled for different user roles.

Changes are made through the file explorer or administration page.


Independence of resources All users must agree to an acceptable use policy.

Preservica will monitor the performance and use of services and at times may increase the available resources. In extreme circumstances, Preservica may suspend or remove access from users who cannot adhere to acceptable use when requested.


Service usage metrics Yes
Metrics types Preservica includes a range of reports in text and graphical format.

Content includes:
Storage reporting
File formats
Content uploaded
...Many more
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Low-latency physical media storage encryption is available on request or applied as standard for customers with personal data as identified by the GDPR.

All other storage is encrypted by default.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported authorised users, using standard export workflows.

It is also possible to view and download files on demand or request depending on the user's permissions and chosen storage latency.
Data export formats Other
Other data export formats
  • Dissemination Package returned in a DIP as ZIP or TAR
  • Single files can be downloaded in their native form
  • Metadata export to XIP, CMIS, DublinCore, METS, Export DC
Data import formats Other
Other data import formats
  • A file/folder structure on a local or network drive
  • Container files in various formats such as ZIP or PST
  • Disk image files such as ISO and hfs
  • A website

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network AWS's Virtual Private Cloud services - including network boundary firewalls - are used to prevent unwanted external communications.

Availability and resilience

Availability and resilience
Guaranteed availability As described in Preservica's SLA, Preservica shall use its reasonable endeavours to provide an uptime services availability of at least 99.5% in each Payment Period except in respect of any downtime with details described in the document.
Approach to resilience Available on request.
Outage reporting Alerts are announced on the User Group Forum page.
Users can register for email alerts for announcements.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels System and User access rights and permissions within Preservica are mapped to user roles.

When a user logs in to the system, Preservica will authenticate the user against the user credentials stored, and obtain the user’s details as well as the roles that have been assigned to that user.

Security is also applicable to content based on roles.

Preservica support is only available to authenticated Preservica users.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 12/12/2018
What the ISO/IEC 27001 doesn’t cover ISO 27001 applies to our standard products and the hosting of such products, but does not apply to bespoke products that Preservica may develop for customers.

Preservica develops software to a minimum security baseline and any additional customer security requirements are documented in individual project management plans or relevant project documents.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Information Security Management System (ISMS) complies to ISO 27001:2013 and includes policies on mobile device & teleworking; email and internet; access control; cryptography; clear desk & screen; malicious or malware software; backup and restore; passwords; system monitoring; IPR compliance, data privacy and personally identifiable information; and secure development.

Processes and procedures relating to the policies are in place as well as organisation of information; asset management; risk management/treatment; physical and environmental security; communications; system acquisition; system development; supplier relationships; incident management; and compliance.

The CEO is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may be carried out as required. All employees are expected to comply with policies and procedures relevant to their roles.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The Preservica process manages changes applicable for all production, development and test environments.

A defined set of internal roles are responsible for utilising tracking tools to record proposed changes for review and implementation with consideration of security, risk assessment and contingency planning.

The Change Advisory Board approves or denies any change requests.

Change records are stored indefinitely.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Tool vulnerability alerts are constantly monitored for required updates.

Upgrades are made regularly including fixes with critical changes made as required, after testing.

Annual penetration and vulnerability testing is examined by a third party independent body.

The AWS Web Applications Firewall and Preservica design provides protection against OWASPs top 10 vulnerabilities in addition to further AWS monitoring against potential vulnerabilities.

Further details on AWS vulnerability and security are available from the AWS whitepapers webpage:
Protective monitoring type Supplier-defined controls
Protective monitoring approach Application authentication checks are made at multiple levels with logs retained for examination.

The Preservica application access interface and AWS network employs additional firewall protection and boundary devices to monitor and control performance and communications at and within the boundaries of the deployed network. Automated alarms support Preservica Operations team staff for service monitoring.

Any incidents are logged as an ISMS security incident and investigated, reviewed, actioned and future prevention proposed.
Incident management type Supplier-defined controls
Incident management approach Preservica's incident management process is defined within the ISO 27001 Information Security Management System. Incidents are recorded on the relevant Information Security Incident Record Register and Information Security Incident Report by the ISMS Manager.

Incidents are created, reviewed, tracked and resolved with any user communications included and alerted directly or via the User Group Forum page.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £130 to £9350 per terabyte per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Preservica Test-Drive provides a guided and simplified digital preservation experience.

With easy-to-follow training modules, individuals gain an understanding of how Preservica enables ingest, metadata editing, file format migration for long-term preservation and making collections easily accessible.

Preservica Test-Drive runs for 1-2 weeks.

Service documents

Return to top ↑