TPXIMPACT LIMITED

PublishMyData

PublishMyData is an end-to-end solution for publishing and connecting data on the web, helping public sector organisations work more efficiently and deliver improved services. PublishMyData incorporates a polished end-user website, powerful management interface, performance-tuned linked data store and APIs - delivered together with hosting, maintenance, technical support and consultancy.

Features

• Publish linked open data
• Machine readable and human readable '5-star' data
• Searchable data catalogue
• Make complex custom data selections for download
• API and SPARQL endpoint access to data
• Data downloads
• 'Grafter' Extract-Transform-Load framework for data import
• Data visualisations
• Support for 'data cube' statistical data
• Sophisticated data administration user interface and API

Benefits

• Publish open data on the web to maximise data re-use
• Reduce costs and increase quality of the data publishing process
• Make data easily accessible to analysts
• Enable developers to build applications using your data
• Present data clearly to non-specialists
• Support data-driven decision making and policy design
• Meet government guidance for 5-star data

£2,500 an instance a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@tpximpact.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

499075820361395

Contact

Bid Team
07528419817
bids@tpximpact.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No service constraints
• System requirements:
  • Modern web browser (Edge, Chrome, Firefox, Safari)
  • Web access from customer site, both http and https

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 hours during office hours, 9.00 - 17.30, Monday to Friday excluding public holidays.; ; Outside of these times, we respond to questions on a reasonable efforts basis, unless a more specific SLA is established.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: See Service Definition document for full details.; ; All options include: availability and support response SLA, bug fixing, security updates, backups, new software versions at no extra cost.; ; Resource bundles come with varying amounts of premium support time, for miscellaneous help and advice, answering end user questions, data updates, progress reviews, data strategy advice, data modelling and processing, training etc
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The services comes with documentation, including guidance on getting started.; ; On-site training courses, can be commissioned as part of a premium support service.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All published data hosted by the system is available for download in a range of formats. In addition, TPXimpact can provide on request a single full dump of a customer's data.
• End-of-contract process: At the end of the contract, the customer's site is turned off.; ; All customer data will be deleted 30 days after end of contract, unless the customer requests us to retain a copy of it (which we are happy to do at no extra charge).; ; The customer can download data themselves or TPXimpact will provide a full export of the customer's databases at no extra charge.; ; Any custom requirements for data export can be supplied at extra cost as part of the premium support service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All functions are available on mobile devices, with the exception of some interactive map-based visualisations that are impractical on small touch-screen based devices, and some technical details of API access are only available on larger screens.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Customers of the service are provided with a service interface that supports management of the collection of data and metadata held in the system and management of authorised users and their permissions.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: All published data in the system is available via API. Each page in the user interface has options to retrieve data in various machine-readable formats, as well as the HTML view; and there is an openly available fully flexible query endpoint (using the SPARQL query language) for a fully flexible approach.; ; In addition, authorised administrators can update the data in the site through an API, which supports all the same functions as the administration user interface (with the exception of user management) - including adding, deleting and updating dataset contents, dataset metadata and supporting vocabularies and reference data.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The basic level of customisation is to adapt the colour scheme, customer logo, choice of fonts and introductory home page text.; ; Further customisations typically consist of additional external applications focused on delivering subsets of data for particular audiences or purposes. These can be developed by buyers themselves, using the APIs provided, or can be commissioned from TPXimpact as part of premium support services.

Scaling

• Independence of resources: Each customer has their own assigned virtual server with associated computing resources.

Analytics

• Service usage metrics: Yes
• Metrics types: Total data storage; Web site use (powered by Google Analytics); Total network traffic (powered by the provider of cloud virtual servers)
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data using the download features built in to the user interface of PublishMyData, or can use the API or query endpoint for more complex or specific export requirements.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON-LD
  • Turtle
  • N-triples
  • Plain text
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON-LD
  • Turtle
  • N-triples

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: See Service Definition document for details of SLA, which provides for 99.5% availability and a scale of increasing refunds if the SLA is not met.
• Approach to resilience: We use major public cloud datacentres (Google Cloud and Amazon Web Services) who provide world-leading standards of resilience.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to the management interface of a service is restricted by username and password. Each registered user is assigned a role, with associated rights, so the degree of access of each user can be assigned appropriately.; ; A customer can nominate which users are able to use the support service and named individuals are granted access.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 26/04/2023
• What the ISO/IEC 27001 doesn’t cover: Provision of services outside the UK.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow internally documented security policies, available on request. A company director has responsibility for ensuring processes are followed. New staff are trained in the procedures.
• Information security policies and processes: We follow internally documented security policies, available on request. A company director has responsibility for ensuring processes are followed. New staff are trained in the procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All software components are tracked in a version control system. An automated continuous integration system is used to test and manage controlled builds of the overall system. New builds are only deployed after passing all tests, which include security related tests. Third party libraries used are reviewed for any known security vulnerabilities and for alignment with the overall security architecture.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities in third party software, such as operating systems, databases, web servers, web development frameworks, are monitored via the subscriptions to relevant mailing lists.; ; Most reports of security vulnerabilities require installation of a software patch or new version.; ; Based on potential impacts, the urgency of installing the fix is assessed. Sometimes, immediate action will be required. Sometimes, upgrading can be part of the next software release.; ; Because of the use of cloud servers and the automated approach to deployment, updates to the OS are implemented by setting up a new virtual server, then applying all relevant OS patches and upgrades.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All errors arising in the system are reported to a tracking service, which sends email alerts to support staff. A range of potential unusual server behaviour is also monitored and leads to email alerts when certain conditions are met. Any such alert is investigated to understand the cause.; ; The response to a compromise depends on the severity, but in serious cases it would involve taking a server offline, then rebuilding a clean new server and loading backup data. Serious incidents are addressed immediately we become aware of them.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents by email, phone or web form to our support system (currently using the Freshdesk software), where a ticket is issued.; ; Reports on incident resolution, or progress towards resolution are added to the ticket in Freshdesk, which the user can view at any time.; ; The system provides reports on numbers and types of incidents and resolution time.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  TPXimpact is committed to achieving the Science Based Targets Initiative definition of near-term emissions reductions aligned to the 1.5 degree pathway by 2030, and long-term reductions by 2050 to adhere to the SBTi Net-Zero Standard. We reduce GHG emissions wherever possible, and actively offset emissions we cannot avoid.; ; The digital industry is responsible for more emissions than the aviation industry, so we'll ensure to adhere to low carbon software principles through social value benefits such as:; - Practise carbon-aware development - doing more intensive tasks when the electricity grid is full of renewable energy.; - Optimise and minimise our codebase to reduce the storage needed and also data transfer when the system is being used. ; - Use a digital-first approach to content - building low-carbon pages (which are also more accessible), rather than downloadable files, wherever possible.; - Design the system so that people can efficiently find what they’re looking for, to reduce data transfer.; - Eradicate unnecessary bot traffic; about 25% of internet traffic is valueless bots.; - Rid the system of any ROTN content (Redundant, Out-of-date, Trivial or No-longer-used).; - Measure the carbon footprint of the system in the development cycle.; ; Our Carbon Reduction Plan is available to view on our website: https://www.tpximpact.com/about/planet/

  Covid-19 recovery

  We recognise the need to help people in local communities get back into work after a long period of illness or where their circumstances have changed as a result of the pandemic (e.g. being made redundant during the pandemic). We’re doing this in the following ways:; ; - Active community consultation and engagement to understand needs in the local areas where we are currently working and delivering services.; - Involving local stakeholders and users in design work (e.g. design of services, systems, products or buildings), or community-led initiatives. Current project examples include: improving transport links; reducing crime; reducing homelessness, poverty and hunger; reducing loneliness; helping with English language proficiency; and helping meaningful social mixing among people with different backgrounds.; - Finding the right methods for better engagement with people and different parts of the community (including the education system) and letting the community voice inform decisions, the strategy and projects.

  Tackling economic inequality

  TPXimpact prides itself on providing decent, accessible careers and training opportunities. We strive to be an employer of choice and provide a working environment that values flexibility, inclusion and personal and professional growth. This focus on flexibility and inclusion allows us to offer decent jobs to people who have traditionally been locked out of opportunities due to location, caring responsibilities or additional needs. We have a comprehensive, multi-pronged approach to tackling employment and training opportunities:; ; These include:; - Investing in long-term talent pipelines - We are committed to kick-starting 5,000 digital careers. We intend to help change the composition of the technology sector by continuing to raise the standards of our DEI initiatives, raising awareness of issues and investing in a pipeline of diverse talent. ; - Nurturing homegrown talent - Last year, in recognition of the serious skills gap, we launched the TPXimpact Design Academy. Our scheme is open to everyone – whether or not they have a degree – and with flexibility to accommodate people living anywhere in the UK.; - Upskilling minority-owned tech businesses - Our flagship community investment programme is Future Leaders. Now in its sixth year, it is a six-month accelerator programme for underrepresented digital entrepreneurs, which offers financial support, mentoring, professional development and networking opportunities.; - Recruiting in under-served areas - TPXimpact is a flexible, remote-first employer. We operate a hub model, which means that we are able to access local talent from right across the UK.

  Equal opportunity

  TPXimpact aims for equality and diversity of opportunity in all that we do. It’s our responsibility to reflect the richly diverse communities we serve, and to create access and opportunities for people from all backgrounds. Not only do we believe that this is the right thing to do, we believe that diverse, inclusive teams are higher performing and better for business. This is why we have put in place rigorous review processes to report on our progress and performance, as a company and within our projects.; ; Social value benefits include:; - Being an inclusive employer - Once we attract diverse talent, we look after them through inclusive and flexible working packages. We have actively removed many of the barriers that prevent some talent from pursuing careers in tech. ; - Amplifying underrepresented voices - We have four Employee Resource Groups (ERGs) for women, ethnic minorities, LGBTQI and neurodiverse employees. They act as a safe space for employees with shared lived experiences and their allies to discuss issues that are material to them. ; - Recruiting diverse talent - We’re doing this through our diverse inclusive recruitment network (ADA’s List, Working mums, Talk2Dan) and implementing inclusive practices in order to attract and employ a diverse range of people.; - Inspiring more diverse talent - We’re helping to attract and inspire more diverse talent to the tech industry through our 1% community action pledge. Employees are encouraged to dedicate at least 16 hours a year to sharing their skills with young people from under-represented backgrounds in order to create more training and employment opportunities in under-served communities.

  Wellbeing

  TPXimpact is powered by its people and we know that the health and wellbeing of our employees is essential to our success. Our people spend a significant amount of their time at work and we recognise that we have a duty of care to ensure that we’re supporting their long-term health and wellbeing. We have implemented numerous measures to improve the health and wellbeing of our workforce, structuring our support around the six Mental Health at Work commitments and the additional three enhanced Thriving at Work standards.; ; Our internal focus on mental and physical health has led us to consider how we can support our customer project teams (all stakeholders including suppliers), particularly given the stress they’ve faced in public service delivery. Our senior sponsors offer individual support, regular team check-ins, and act as escalation points to customers and employees alike.; ; With the aim of improving the health and wellbeing of our team, social value benefits include:; - A structured wellness activity programme; - An employee forum to engage our workforce on important issues; - A free Employee Assistance Programme with Health Assured and Champions Health; - Mental health line manager training (10% of the workforce Mental Health First Aider trained).; - Actively support wellbeing charities and initiates through volunteering time to health/wellbeing community projects

Pricing

• Price: £2,500 an instance a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@tpximpact.com. Tell them what format you need. It will help if you say what assistive technology you use.