Elsevier

Digital Commons Data

Digital Commons Data is a cloud-based solution that provides specialized tools for creating, curating, showcasing and collaborating on research datasets.

Features

• Robust data model that supports dataset and collection content types
• Interoperable solution designed to integrate with other systems
• Modular, customizable design
• Workflows support multiple use cases, including moderation and collaboration
• Role-based access control to manage user permissions
• Audit log and reporting for all dataset activity
• Single sign-on integration
• Integration with Pure to make datasets available
• Long-term preservation with third-party provider
• Fully hosted and supported

Benefits

• Create and publish datasets with unique identifiers and multiple versions
• Compare any two versions from the dataset public page
• Control access with embargo or restricted files functionalities
• Invite collaborators from within or outside the institution
• Showcase content in collections
• Search through all your datasets with advanced queries
• Manage moderation workflow to ensure quality of datasets
• Unlimited support from designated Consultant
• Preserve and access content anytime in Amazon S3
• View dataset impact with metrics displayed on each public dataset

£11,380 to £26,502 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at v.mahi@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

530569231418752

Contact

Vinod Mahi
+44 7881 002595
v.mahi@elsevier.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Digital Commons Data requires an internet connected device capable of running a supported browser.; Maintenance is done during low usage times.; Dataset size is limited to 100GB per dataset.; 10TB or 20TB of storage included with each contract (depending on number of academic staff that the pricing is calculated on)
• System requirements:
  • Internet connectivity
  • Up to date supported browser: Microsoft Edge, Firefox, Chrome, Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Turnaround time for customer inquiries is 24-48 business hours. In some cases, this can be longer when you take into account different geographies’ time zones and work weeks. Depending on the issue, the actual resolution to your request can take longer. Your dedicated Consultant will keep you up to date on the status of your request.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We provide unlimited support for all customers. Each customer has an assigned consultant that works with them. Our support team is based in the US but has extended hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upon agreement execution, a designated consulting services representative is assigned who will guide you through every step of the implementation and launch process. The training session focuses on the administrative side of Digital Commons and provides a “sand box” for staff to experiment with the system, the submission process, reviewing submissions and publishing content.; ; After implementation, your Consulting Services representative is available to schedule trainings with any number of users, administrators, and groups, as often as needed.; ; Since training via web and email is unlimited, your Consultant will work with your team to establish what is needed for you, and the length and amount of training that makes sure that your team is confident with using Digital Commons.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon termination of the agreement, data is made accessible for 30 days and can be exported to a S3 bucket to support bulk download.
• End-of-contract process: Upon termination of the agreement, data is made accessible for 30 days and can be exported to a S3 bucket to support bulk download.; The S3 transfer includes metadata, data and full-text content. There is no additional cost. The service expires with the agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We designed Digital Commons Data to be responsive to different device types. The main difference between using Digital Commons Data on a desktop compared to a mobile phone or table is screen layout; functionality remains the same.; ; As an intrinsic part of our development and testing process, we build public pages for finding, accessing and viewing content mobile-first and test them to ensure responsiveness on various screen sizes (mobile, tablet, desktop). Based on user feedback, these pages of Digital Commons Data are most likely be used on a mobile device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Customers access Digital Commons Data in a web browser using Elsevier's identity platform and SSO.; Institutions can control what content is featured at the top of their showcase page.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We carry out an annual Voluntary Product Accessibility Template (VPAT) assessment, which is conducted by the Elsevier Accessibility team. During this VPAT assessment, we test the Digital Commons Data interface to ensure it is screen reader friendly and compatible with screen readers such as JAWS, NVDA and Apple's VoiceOver. Most controls and features are operable using the keyboard and do not require a mouse.
• API: Yes
• What users can and can't do using the API: Web services are used to access Digital Commons Data programmatically both in read and write mode. All Digital Commons Data capabilities are available via the APIs, as well as the user interface. Digital Commons Data contains two open interfaces: REST (read/write) and OAI-PMH (read). The REST API uses JSON, while OAI-PMH uses XML. Access is controlled using access tokens; the role of the user that the application impersonates when using the Digital Commons Data API determines the permissions to use the various endpoints. To set up the APIs, users create an application entry, which consists of an ID and a secret. Using this information, a client application can authenticate and obtain an access token on behalf of a user. The OAI-PMH API is publicly available and is used to harvest dataset metadata.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can create collections of datasets (any user) and pin then to the top of their showcase page (admins only).; Top banner and logo can be customised by the Elsevier team.; Custom metadata templates can be added and edited by the customer's consultant

Scaling

• Independence of resources: Digital Commons Data is hosted on Amazon Web Services and is configured to scale as the demand on the product services increase.

Analytics

• Service usage metrics: Yes
• Metrics types: The system captures data around usage of Digital Commons content, including downloads, pageviews and citations. These are visible on each public dataset page, and can also be accessed via API calls.
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Database data including performance insights information, Object Storage and persistent disksare encrypted at rest using vendor-provided (AWS) functionality for the respective services. All encryption at rest uses Elsevier owned cryptography keys (e.g. AWS KMS) using Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data in JSON and XML formats using the Digital Commons Data Web Service API. Uploaded file are downloaded in their original format. Multiple files and complex folder structures can be exported as a ZIP archive, thus granting the integrity of the files and the folder structure. Some data (e.g. usage reports) can be exported in Excel. Metadata can also be exported by OAI-PMH.
• Data export formats: Other
• Other data export formats:
  • XML
  • JSON
  • Uploaded files are exported in their original format
• Data import formats: Other
• Other data import formats:
  • Any file format
  • .docx
  • .pdf
  • .xlsx
  • .mp4
  • .mp3
  • .gif
  • .jpeg

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All interactions and data transferred between the user the applications is encrypted with HTTPS, using RSA 2048 bits (SHA256withRSA).; ; The configuration enforces strong ciphers and does not support “old” TLS protocols, such as 1.1 or 1.0.

Availability and resilience

• Guaranteed availability: 99.9% system availability. In the event unscheduled downtime occurs, Digital Commons Data will undertake commercially reasonable efforts to remedy within a commercially reasonable timeframe.
• Approach to resilience: The service is built on top of AWS and utilises technology such as auto-scaling and geographically distributed services.
• Outage reporting: Email alerts and on site messaging for major outages

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Digital Commons Data supports two-factor authentication where it is configured to use institutional login (such as via Shibboleth or SAML2.0 provider such as Active Directory Federation Services) and the institutional login supports two-factor authentication. If a user logs in from outside the university network, the authentication provider can request an additional verification step, for example making a call to the user’s mobile telephone and asking the user to dial a PIN.; Digital Commons Data also integrates with Elsevier’s ID+ system to provide authentication, authorization and Single-Sign On capabilities across all Elsevier products.
• Access restrictions in management interfaces and support channels: Only authorised Elsevier employees can access the server infrastructure. All access control is reviewed regularly, and system access is audited. No employee has permanent access to application level data; temporary access is allocated on an individual’s “need to know,” as determined by job functions and requirements. Authorised Elsevier employees access customer environments via two-factor authentication. We maintain a full audit trail of Elsevier staff logins to customer environments and review this log regularly.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Only authorised Elsevier employees can access the server infrastructure. All access control is reviewed regularly, and system access is audited. No employee has permanent access to application level data; temporary access is allocated on an individual’s “need to know,” as determined by job functions and requirements. Authorised Elsevier employees access customer environments via two-factor authentication. We maintain a full audit trail of Elsevier staff logins to customer environments and review this log regularly.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS United Kingdom Ltd certified the 27001: 2013
• ISO/IEC 27001 accreditation date: 9/8/2023
• What the ISO/IEC 27001 doesn’t cover: We hold 27001:2013 Certification. The Information Security Management System (ISMS) provides the management of information security arrangements and activities that support the delivery of information services for Institutional Products and Clinical Solutions globally.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Elsevier has implemented policies, standards, and guidelines based on the concepts and principles found in the ISO 27001, that govern data access, protection, transport, restriction, retention, deletion, and classification. Policies, standards, and guidelines are reviewed and updated regularly. We maintain a dedicated Information Security and Data Protection organisation, headed by our Chief Security Information Officer, who is responsible for these policies, standards and guidelines and ensuring all employees adhere to them. The policy is aligned with NIST and other security industry standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management process follows best industry practices.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Services, processes, and technology are implemented to execute internal and external vulnerability scans to identify new application and system vulnerabilities. Identified risks are assessed for their potential impact along with determining appropriate response and remediation actions. We use a combination of network security testing, application security testing, application code review, and penetration testing to assess our information security program, and enhance it appropriately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Elsevier’s Information Security and Data Protection (ISDP) team continuously monitor and respond 24/7 to security events. The ISDP team will assess any identified risks for their potential impact and determine the appropriate response and remediation actions. To ensure monitoring is as thorough as possible, Elsevier uses a combination of automated and manual solutions to inspect applications and identify any vulnerabilities that require remediation.
• Incident management type: Supplier-defined controls
• Incident management approach: Elsevier manages incidents using a well-established Security Incident Response process. This process covers all security incidents, including hacker, denial of service, lost asset and virus/worm incidents. When an incident occurs, it is promptly handled by our dedicated Information Security & Data Protection team. They will restore service as soon as possible, determine the cause of the incident, and take appropriate steps to prevent future incidents. Elsevier’s incident response and notification policy sets out how users are notified in the event of information being compromised. We conduct security incident disclosures in compliance with all appropriate regulatory policies and applicable statutory guidelines.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Implementation of Digital Commons Data, as an AWS-hosted product, can influence environmental protection and improvement. We use Amazon Web Services (AWS) for web hosting. For details on their commitment to sustainability in the cloud, see https://sustainability.aboutamazon.com/environment/the-cloud?energyType=true.; With different initiatives – such as renewable energy projects, energy efficiency in scale, and water stewardship – AWS enables effective stewardship of the environment in a variety of ways. Using an AWS-hosted, cloud-based product can be an energy-efficient and more environmentally friendly choice than a standard self-hosted product.; We also are mindful of emissions during implementation from travel. When possible, we connect remotely rather than traveling to your location for meetings and training during implementation. In our own operations (including business travel), our emissions were net zero in 2021 through a combination of reduced emissions and the purchase of renewable energy and renewable energy certificates, with the balance offset through Verified Carbon Standard (VCS) credits in a REDD+ carbon sequestration project. Our parent company, RELX, supports global efforts to mitigate climate change through the rapid reduction of greenhouse gas emissions, aiming to achieve net zero emissions by 2040. Also see https://sdgresources.relx.com.

  Equal opportunity

  RELX is committed to providing an inclusive, fair and equitable workplace; where all employees are respected and valued, and have equal opportunities. ; ; Inclusion is important to our future. We need the contributions of people from a wide range of backgrounds, experiences and ideas to achieve real innovation for our customers. ; This means: ; • Creating a positive and supportive working environment for all employees ; • Recognising and valuing individual differences and supporting the participation of all team members ; • Promoting the diversity of our workforce ; • Responding to changing work patterns, by providing flexible working where appropriate ; ; We are an equal opportunity employer, committed to treating all employees and applicants for employment with respect and dignity, and we prohibit discrimination. We recruit, train, develop, promote, and provide conditions of employment without regard to race, colour, creed, religion, national origin, gender, gender identity or expression, sexual orientation, marital status, age, disability, or any other characteristic protected by law. We regularly review our policies and practices in the areas of recruitment, development, promotion and reward to ensure we provide fair and equitable opportunities. ; ; We will meet our inclusion goals through: ; • Selecting candidates for employment, promotion, training, or any other benefit based on ability ; • Monitoring inclusion and diversity data (including diversity and pay data) ; • Training (e.g. inclusive leadership development programme for managers; unconscious bias training) ; • Sponsorship and mentoring (e.g. Women in Tech mentoring programme) ; • Encouraging inclusion networks (e.g. Employee Resource Groups focused on gender, ethnicity, etc.) ; • Regularly reviewing our employment practices and procedures ; • Maintaining good governance for, and communication on, inclusion ; ; The inclusion and diversity practices of our suppliers are important to us. Our Supplier Code of Conduct includes a non-discrimination clause. Our Supplier Inclusion and Diversity Program is designed to encourage the development of Diverse Suppliers.

  Wellbeing

  Staff health and well-being is important to us. We offer opportunities for our employees to create an inclusive, engaged and agile global workforce focused on innovation. Together, we create possibilities.; Networking and engagement; Within Elsevier, we have a variety of groups and opportunities for employees to connect and form strong relationships.; • Employee resource groups: ERGs offer a platform for employees to share their experiences, connect with colleagues who share similar backgrounds or interests, strengthen allyship and provide opportunities for professional development and growth.; • Finding purposeful work: All Elsevier employees contribute to the fulfilling mission of helping researchers and healthcare professionals make breakthrough discoveries that change the world.; • Career growth: We encourage employees to choose their own path and shape their own unique career. We encourage a coaching environment and provide best in class training programs.; • Strong working relationships: Elsevier employees work in an inclusive hybrid environment, and we embrace diverse teams. With a mission of advancing science and improving lives, our employees are an integral part of something that truly matters.; Benefits; Elsevier offers flexible working conditions and compensation that reflect your excellence and our high standards. We value our employees’ time and encourage our colleagues to pursue a full and interesting life outside of work.

Pricing

• Price: £11,380 to £26,502 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at v.mahi@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.