Skip to main content

Help us improve the Digital Marketplace - send your feedback

Flax & Teal Limited

Open Source Cultural Heritage Management Platform

We provide hosted instances of the Arches® platform, an open-source data management tool for the heritage sector. The enterprise-level software was designed by the Getty Foundation and the World Monuments Fund based for improved data management to support effective heritage conservation and management (F&T is unaffiliated to either body).

Features

  • ready-made and logically structured resource models
  • monitoring and risk mapping
  • input, edit, and search data for preservation
  • tile server to manage geospatial imagery
  • security controls according to individual implementation requirements
  • compatible with desktop GIS applications
  • CIDOC CRM default
  • mobile data collection companion app
  • configurable to specific geographic, cultural, and administrative contexts
  • Arches Designer facilitates the creation of new resource models

Benefits

  • automatically upload data from Collector app to platform
  • limit access to data based on individual or group permissions
  • customise resource models to the data-field requirements of your organization
  • share resources for enhancements and maintenance
  • monitoring and risk mapping on-site and offline
  • migration to other systems
  • establish numerous and complex relationships between resources
  • multi-layered access to resource information

Pricing

£1,000.00 to £5,000.00 an instance a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@flaxandteal.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 5 1 1 2 9 5 5 5 1 7 9 5 5 9

Contact

Flax & Teal Limited Phil Weir
Telephone: +4475262214774
Email: admin@flaxandteal.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
Internet connectivity (except for offline use)

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Within 2 working days (as basic support)
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Basic email support is available.
Additional levels are currently offered, from £400-£1700/m (see pricing document), although levels including specific on-going agreements providing shorter turnaround times, on-site support and engineer support may be established on demand.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Additional costed onsite training, remote training and support is available, supplementing the extensive free resources and documentation provided by the Arches community.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Most data may be extracted via API, although a full data export of the tenant's database can be provided to ensure comprehensive access to all content.
End-of-contract process
Log-in access to the service is suspended. A complete archive of user-owned data at the time of termination will be provided on request, as a free service, for up to 60 working days after termination. All user content will subsequently be deleted, except as required for regulatory purposes.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Desktop service is optimal for management and administrative usage.
Mobile service includes app, with certain offline functionality.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service interface provides views and interactive tools for map-based and time-based search and inventory, semantic data management and exploration. Multi-level access control is available to provide real-only and partials views for guest users (if desired), researchers and third-parties as well as internal and administrative users.
Accessibility standards
None or don’t know
Description of accessibility
Certain ARIA techniques are used, providing some support for assistive technology and searching, although usability of certain user-uploaded media types and map-based usage may be affected.
Accessibility testing
None currently.
API
Yes
What users can and can't do using the API
Users can add their own API token to the service and make alterations to resources, as well as retrieving geospatial data.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
As an open source product, any features may be customised in line with the AGPL open source license. These customisations can be actioned by us as a supplier to you as a tenant customer, by you as a customer, or by third-parties chosen by you, within or external to the Arches community.

Customisations may include incorporation of open source plugins already existing (such as virtual tours or 3D models), as well as migrations and integrations with existing software, standards (such as MIDAS) or schemas (such as LIDO).

Scaling

Independence of resources
Our standard set-up is full multi-tenancy, which ensures that infrastructure can be separately managed and scalably resourced within our clusters as standard, or as a costed service, in a separate cloud environment.

Analytics

Service usage metrics
Yes
Metrics types
Google Analytics integration is available alongside basic usage information.

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Arches open source community

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Export of data to CSV and Shapefiles can be performed through the interface. Comprehensive database exports can be provided on request.
Data export formats
  • CSV
  • Other
Other data export formats
  • Shapefiles
  • SKOS
Data import formats
  • CSV
  • Other
Other data import formats
  • Shapefiles
  • Custom formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SLAs incorporating availability are available, with billing discounts for uptime below 99% and 99.9%. Individually negotiated agreements may incorporate higher percentage uptime and analysis-completion times.
Approach to resilience
In addition to the standard provisions of the Azure, AWS and GKE infrastructure used, the service has been designed to be rapidly deployable onto new infrastructure, with infrastructure definitions and code held on a separate service to the production deployment.
Outage reporting
As part of a negotiated SLA, high priority (or automatic) email notification may be agreed - otherwise by email and website updates.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
For accessing any restricted material or administrative interfaces, authentication is required, and administrators can disable any guest usage. Support software implements authentication via browser.
Access restriction testing frequency
Less than once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Assigned person within the organization registered with ICO and responsible for adherence to DPA legislation and other security best practices. Required sensitive information is kept extremely limited, to minimize liability.
Information security policies and processes
The director, acting as CISO, is directly responsible for acting on reported security issues and initiating remedial work. Others involved in performing work on the system do not require, and will not be provided with, access to live sensitive data, except in exceptional circumstances, with appropriate policy precautions

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components of the service are tracked using industry standard distributed version control. Build versions of compiled components are tracked through container image hashes. Infrastructure is defined in code and tracked using industry standard version control. Changes are assessed for security impact through peer-reviewed merge requests by experienced practitioners.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are primarily assessed through exploration by experienced members of the team who file security issues. Services will be patched as soon as appropriate: where risk and impact of a vulnerability allows, additional investigation time will be provided to ensure new security measures do not lead to regressions or overall security degradation. Threat information is primarily gathered through industry links
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Compromises are identified primarily through unusual traffic or access attempts. Improvements to automation of compromise analysis is part of this process. All affected users will be notified of the scale and impact of any compromise as initial analysis is complete.
Incident management type
Undisclosed
Incident management approach
Serious incidents are escalated to the director immediately, who is directly responsible for setting strategy and overseeing response. For certain standard events, such as denial of service attacks, use may be restricted to subscribed users or, in extreme cases, further based on SLA conditions; high availability ingresses will be scaled up and, if necessary, new infrastructure deployed. In general, all affected users will be notified of the incident and outcome and, where appropriate, information will be made public via the website.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Tackling economic inequality
  • Equal opportunity

Tackling economic inequality

A key principle of open source is universal access to the underlying technology of any product or service. This is not only important for transparency, but is a key enabler of entry into the industry - open source, being both free and widely relevant, allows underrepresented global communities access to the same software tools, languages and skill development that technology leaders have. By hiring for these skillsets, rather than degrees, skills or certifications in proprietary software that can be exploitatively expensive to obtain, companies using and producing open source create a fairer and more open industry, and by extension improve the inclusivity of the global economy. Open source forms the basis of many social inclusion initiatives, particularly in technology, teaching Python or Javascript (fundamental technologies in our work) to children from underprivileged backgrounds and UN Least Developed Countries. By embedding open source in the way we work, we help ensure there are always pathways into the international technology job market.

Equal opportunity

Furthermore, following open source and open standards helps to link with communities defining global cultural heritage standards, and vastly simplifies the implementation of connections between components. Without open source, the choice is between a single-vendor solution, where full interoperability is a market strategy risk (beyond integrating with highly-established highly-standardised tools), and a bespoke solution, where interoperability is secondary to building core functionality;

Pricing

Price
£1,000.00 to £5,000.00 an instance a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Access to a shared demonstration instance for up to one month on infrastructure for up to 2 users (no uptime, data ringfencing or guarantees included). For a nominal charge, a temporary demonstration instance will be provided on shared infrastructure, for private testing.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@flaxandteal.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.