Flax & Teal Limited

Open Source Cultural Heritage Management Platform

We provide hosted instances of the Arches® platform, an open-source data management tool for the heritage sector. The enterprise-level software was designed by the Getty Foundation and the World Monuments Fund based for improved data management to support effective heritage conservation and management (F&T is unaffiliated to either body).

Features

• ready-made and logically structured resource models
• monitoring and risk mapping
• input, edit, and search data for preservation
• tile server to manage geospatial imagery
• security controls according to individual implementation requirements
• compatible with desktop GIS applications
• CIDOC CRM default
• mobile data collection companion app
• configurable to specific geographic, cultural, and administrative contexts
• Arches Designer facilitates the creation of new resource models

Benefits

• automatically upload data from Collector app to platform
• limit access to data based on individual or group permissions
• customise resource models to the data-field requirements of your organization
• share resources for enhancements and maintenance
• monitoring and risk mapping on-site and offline
• migration to other systems
• establish numerous and complex relationships between resources
• multi-layered access to resource information

£1,000.00 to £5,000.00 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@flaxandteal.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

351129555179559

Contact

Phil Weir
+4475262214774
admin@flaxandteal.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Internet connectivity (except for offline use)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Within 2 working days (as basic support)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Basic email support is available.; Additional levels are currently offered, from £400-£1700/m (see pricing document), although levels including specific on-going agreements providing shorter turnaround times, on-site support and engineer support may be established on demand.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Additional costed onsite training, remote training and support is available, supplementing the extensive free resources and documentation provided by the Arches community.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Most data may be extracted via API, although a full data export of the tenant's database can be provided to ensure comprehensive access to all content.
• End-of-contract process: Log-in access to the service is suspended. A complete archive of user-owned data at the time of termination will be provided on request, as a free service, for up to 60 working days after termination. All user content will subsequently be deleted, except as required for regulatory purposes.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop service is optimal for management and administrative usage.; Mobile service includes app, with certain offline functionality.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface provides views and interactive tools for map-based and time-based search and inventory, semantic data management and exploration. Multi-level access control is available to provide real-only and partials views for guest users (if desired), researchers and third-parties as well as internal and administrative users.
• Accessibility standards: None or don’t know
• Description of accessibility: Certain ARIA techniques are used, providing some support for assistive technology and searching, although usability of certain user-uploaded media types and map-based usage may be affected.
• Accessibility testing: None currently.
• API: Yes
• What users can and can't do using the API: Users can add their own API token to the service and make alterations to resources, as well as retrieving geospatial data.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: As an open source product, any features may be customised in line with the AGPL open source license. These customisations can be actioned by us as a supplier to you as a tenant customer, by you as a customer, or by third-parties chosen by you, within or external to the Arches community.; ; Customisations may include incorporation of open source plugins already existing (such as virtual tours or 3D models), as well as migrations and integrations with existing software, standards (such as MIDAS) or schemas (such as LIDO).

Scaling

• Independence of resources: Our standard set-up is full multi-tenancy, which ensures that infrastructure can be separately managed and scalably resourced within our clusters as standard, or as a costed service, in a separate cloud environment.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics integration is available alongside basic usage information.

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Arches open source community

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Export of data to CSV and Shapefiles can be performed through the interface. Comprehensive database exports can be provided on request.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Shapefiles
  • SKOS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Shapefiles
  • Custom formats

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLAs incorporating availability are available, with billing discounts for uptime below 99% and 99.9%. Individually negotiated agreements may incorporate higher percentage uptime and analysis-completion times.
• Approach to resilience: In addition to the standard provisions of the Azure, AWS and GKE infrastructure used, the service has been designed to be rapidly deployable onto new infrastructure, with infrastructure definitions and code held on a separate service to the production deployment.
• Outage reporting: As part of a negotiated SLA, high priority (or automatic) email notification may be agreed - otherwise by email and website updates.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: For accessing any restricted material or administrative interfaces, authentication is required, and administrators can disable any guest usage. Support software implements authentication via browser.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Assigned person within the organization registered with ICO and responsible for adherence to DPA legislation and other security best practices. Required sensitive information is kept extremely limited, to minimize liability.
• Information security policies and processes: The director, acting as CISO, is directly responsible for acting on reported security issues and initiating remedial work. Others involved in performing work on the system do not require, and will not be provided with, access to live sensitive data, except in exceptional circumstances, with appropriate policy precautions

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of the service are tracked using industry standard distributed version control. Build versions of compiled components are tracked through container image hashes. Infrastructure is defined in code and tracked using industry standard version control. Changes are assessed for security impact through peer-reviewed merge requests by experienced practitioners.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are primarily assessed through exploration by experienced members of the team who file security issues. Services will be patched as soon as appropriate: where risk and impact of a vulnerability allows, additional investigation time will be provided to ensure new security measures do not lead to regressions or overall security degradation. Threat information is primarily gathered through industry links
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromises are identified primarily through unusual traffic or access attempts. Improvements to automation of compromise analysis is part of this process. All affected users will be notified of the scale and impact of any compromise as initial analysis is complete.
• Incident management type: Undisclosed
• Incident management approach: Serious incidents are escalated to the director immediately, who is directly responsible for setting strategy and overseeing response. For certain standard events, such as denial of service attacks, use may be restricted to subscribed users or, in extreme cases, further based on SLA conditions; high availability ingresses will be scaled up and, if necessary, new infrastructure deployed. In general, all affected users will be notified of the incident and outcome and, where appropriate, information will be made public via the website.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  A key principle of open source is universal access to the underlying technology of any product or service. This is not only important for transparency, but is a key enabler of entry into the industry - open source, being both free and widely relevant, allows underrepresented global communities access to the same software tools, languages and skill development that technology leaders have. By hiring for these skillsets, rather than degrees, skills or certifications in proprietary software that can be exploitatively expensive to obtain, companies using and producing open source create a fairer and more open industry, and by extension improve the inclusivity of the global economy. Open source forms the basis of many social inclusion initiatives, particularly in technology, teaching Python or Javascript (fundamental technologies in our work) to children from underprivileged backgrounds and UN Least Developed Countries. By embedding open source in the way we work, we help ensure there are always pathways into the international technology job market.

  Equal opportunity

  Furthermore, following open source and open standards helps to link with communities defining global cultural heritage standards, and vastly simplifies the implementation of connections between components. Without open source, the choice is between a single-vendor solution, where full interoperability is a market strategy risk (beyond integrating with highly-established highly-standardised tools), and a bespoke solution, where interoperability is secondary to building core functionality;

Pricing

• Price: £1,000.00 to £5,000.00 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to a shared demonstration instance for up to one month on infrastructure for up to 2 users (no uptime, data ringfencing or guarantees included). For a nominal charge, a temporary demonstration instance will be provided on shared infrastructure, for private testing.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@flaxandteal.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.