Semmtech B.V.

Laces Linked Data Platform (LDP)

Linked Data Platform (W3C LDP 1.0 based) for publishing, managing, distributing interrelated semantic datasets in the cloud and managing access by your own applications or those of others.

Features

• SPARQL 1.1 semantic querying
• Read-write Linked Data
• Inference based code generation
• Version management
• Authentication-based access management
• Interlinking datasets cross-source datasets
• Browser and API access
• Group and repository organisation
• Open web standards
• Swagger API definitions

Benefits

• Publish data from multiple source applications
• Reuse data in multiple destination applications
• Software independent information storage
• Quick distribution of reference data across stakeholders
• Easy management of versioned datasets
• Clear access management for applications and users
• Storage of datasets and documents

£60 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hermanhoekman@semmtech.nl. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

685203203474233

Contact

Herman Hoekman
+31613566474
hermanhoekman@semmtech.nl

Service scope

• Service constraints: Semmtech is responsible for Hosting and has the right to contract third parties for Hosting.; Semmtech will put in as much effort as can reasonably be expected to secure information for loss, theft and unauthorized access.
• System requirements:
  • Be able to send HTTP request for API interaction
  • Web browser to access user interface
  • Latest or second latest stable version of web browsers
  • JavaScript should be enabled
  • Minimum resolution of 1024x768
  • Traffic via normal HTTP and HTTPS ports 80 and 443
  • No intermediate restrictions should interfere with requests

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We offer no service during weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can communicate in writing with Semmtech staff.
• Web chat accessibility testing: We have not yet tested web chat with assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: SLA + Service desk availability: 1000 GBP / month; Onsite support: 100-125 GBP / hour; Remote support: 100-125 GBP / hour
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: - Online documentation; - Onsite training; - Online training; - Technical support
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: - Users may download their data in a non-proprietary format (Turtle) through a button in the UI; - Users may make extractions of datasets through the API (i.e., CSV, JSON-LD, Turtle, XML); - Users may contact Semmtech for support
• End-of-contract process: - Revoking access to the repository; - Cleaning up the repository OR removing access restrictions from datasets (choice lies with client)

Using the service

• Web browser interface: Yes
• Using the web interface: - Users can register an account by enterin an email address, user name and choosing a password.; - Users can login by entering their email or username and password.; - Users can set up groups, repositories, user access and application access by clicking buttons and filling fields in a Material UI web interface.; - Users can add approved applications for API access by generating authorization keys through the UI.; - Users can enter UI and API documentation via a 'help' button in the main menu.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: - UI has a fully descriptive semantic structure for use without vision.; - UI can be magnified using default web browser functionalities.; - Information is available through an API for non-visual access.; - Significant features of the application are colour-coded.; - Usage does not rely on hearing in any way.; - Usage by means of keyboard, mouse, or comparable personal computer interaction devices.; - UI has no photosensitive seisure triggers (flashes).; - UI presents tasks in steps that are easy to follow.; - Accessibility features do not lower privacy.
• Web interface accessibility testing: We have not done explicit assistive technology testing.
• API: Yes
• What users can and can't do using the API: - Fully W3C LDP 1.0 compliant SPARQL end point.; - API can read, manage, update, remove datasets or parts of RDF datasets; - API can read, manage, remove non-RDF files; - API can return messages in Turtle (text/turtle), N-Triples (application/n-triples), RDF/XML (application/rdf+xml), JSON-LD (application/ld+json)
• API automation tools:
  • Ansible
  • OpenStack
  • Other
• Other API automation tools: Any software supporting vendor independent open web standards
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • Other
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: - HM Government can run their own instance(s) of Laces Hub; - 2022 road map includes dedicated query engines architecture (per entity/organisation basis)
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Datasets
  • Files
  • Database
• Backup controls: - Semmtech provide automated daily backups; - Users may keep previous versions of a dataset publication on the platform; - Users may extract and back up information by calling on the API
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Using cloud provider's VPC (Virtual Private Cloud)

Availability and resilience

• Guaranteed availability: Semmtech will put in commercially reasonable effort to offer the License Holder 24 hours a day, seven days a week the latest version of the Software, except for planned unavailability for maintenance. Maintenance will be executed within announced time frames and not within office hours as much as possible.
• Approach to resilience: Semmtech prefers to not make our resilience information public and will make this infromation available on request.
• Outage reporting: Outages are reported via email alerts.

Identity and authentication

• User authentication:
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
• Other user authentication: Public/private key pair (HMAC / Hash-based Message Authentication Codes) for API.
• Access restrictions in management interfaces and support channels: Role based user access to a recursive group/repository structure.; Application based sub-access, restricted by user generated Basic Auth or HMAC key pair.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Kiwa NV
• ISO/IEC 27001 accreditation date: 31/12/2022
• What the ISO/IEC 27001 doesn’t cover: The complete product and its surrounding processes are covered by this certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 compliant ISMS (Information Security Management System)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change may be proposed by management team; change must be authorized by IT manager, who must assess its justification for business and potential negative security impacts; change must be implemented by IT manager; IT manager is responsible for checking that the change has been implemented in accordance with the requirements; IT manager is responsible for testing and verifying the system's stability – the system must not be put into production before thorough testing has been conducted; implementation of changes must be reported to the members of management team; ; Change records are kept within the RFC Register.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: At this time no explicit procedure are in place which actively track and manage vulnerabilities in operational systems.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: At this time no explicit procedure are in place which actively perform protective monitoring.
• Incident management type: Supplier-defined controls
• Incident management approach: ISO 27001 compliant ISMS lists the process. In summary:; - Each employee, supplier or third party in contact with information or systems of Semmtech must report any incident; - All information security incidents must be reported to the Information security officer through our service desk; - The Information Security Officer treats the incident; - Those involved reflect on and learn from the incident; - The Information Security Officer takes disciplinary actions; - Evidence is collected

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Citrix XenServer
• How shared infrastructure is kept separate: This is handled by AWS.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: By use of AWS, AWS’s infrastructure is 3.6 times more energy efficient than the median of U.S. enterprise data centers surveyed.

Social Value

• Fighting climate change:

  Fighting climate change

  - Laces LDP is used to be able to generate Bills of Material; - Laces LDP reduces the need for repeated and resource-heavy data transformations; - Laces LDP helps organisations migrate from (physical) document based working, to model based working
• Tackling economic inequality:

  Tackling economic inequality

  - Laces LDP improves digital supply chain resilience by enabling organisations to use and share their knowledge and data in a vendor independent way; - Laces LDP fights vendor lock-ins by allowing unrestricted information distribution
• Equal opportunity:

  Equal opportunity

  - Laces LDP gives equal opportunities to humans and computers alike, to publish, manage, and query information; - Laces LDP is based on open web standards, allowing anyone with the right authorisation to interact with information on the platform

Pricing

• Price: £60 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free version:; - public datasets only; - fair use policy (storage, memory, transfer, processing power); ; Enterprise trial:; - 4 weeks max; - public & private publishing; - fair use policy; - entity extraction; - artificial intelligence; - single sign-on; - code generation
• Link to free trial: https://hub.laces.tech/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hermanhoekman@semmtech.nl. Tell them what format you need. It will help if you say what assistive technology you use.