Elsevier

Pure

Pure is a research information management system, helping institutions manage data about research and other related content and activities. Content is grouped into research profiles and repositories. Using quality data, institutions can create reports; showcase research; analyse and track research progress and impact; monitor grant lifecycle; and prepare REF submissions.

Features

• Robust data model that supports core content types.
• Interoperable solution, designed to easily integrate with other systems.
• Modular design, which covers the full research life cycle.
• Configurable workflows to help validate data.
• Role-based access control to manage user permissions and data visibility.
• Single sign-on integration.
• Powerful frontend portal search that uses the Elsevier Fingerprint Engine™.
• Reports and dashboards for all data in Pure.
• Dedicated assessment module for preparing your REF submission.
• Integrates with Elsevier's Funding Institutional, supporting the full funding lifecycle.

Benefits

• System of record which helps institutions make better strategic decisions.
• Reduced administrative burden as researchers manage their own profiles.
• Increased visibility of researchers and their work through Pure Portal.
• Consistent data as Pure easily integrates with external systems.
• High-quality data through search and filtering, workflows, and duplicate merging.
• Ability to add extra modules at a later date.
• Helps streamline and automate the management of research projects.
• Simplifies reporting across all types of data.
• Easier and more streamlined process for preparing REF submissions.
• Workflows for data validation help ensure data accuracy and compliance.

£51,656 to £250,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at v.mahi@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

839883258276840

Contact

Vinod Mahi
+44 7881 002595
v.mahi@elsevier.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Pure has multiple configuration options, some of which can be set up during implementation and onboarding. System administrators can edit and configure options throughout the service period. Instructions for doing so will be covered during training, and ongoing support is available throughout the service period. ; ; Maintenance is managed as much as possible in low usage times, such as night time.
• System requirements:
  • Internet connectivity
  • Up to date browser: Microsoft Edge, Firefox, Chrome, Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Category A (critical defect with no workaround), response within 4 hours (during help desk hours only);; Category B (critical defect with workaround), response within 2 working days;; Category C (non-critical defect with no workaround), response within 4 working days;; Category D (non-critical defect with workaround), response within 8 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Access to the Pure help desk is included as part of a customer’s Pure licence. ; ; The Pure help desk provides ongoing technical support to customers. Their primary aim is to make sure customers use Pure efficiently and have the best possible experience with it.; ; Our help desk is based in the USA, Denmark and Singapore, allowing us to provide the best possible service and response times. Customers can raise a support request using our online ticketing system, email or telephone. ; ; In addition, we provide customers with a Customer Success Manager for additional technical support. The Customer Success Manager ensures customers use Pure optimally and assists them with any concerns they have that are not issues for the support desk.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: To help users get started with using Pure, we make the following available to them from day one: ; • a dedicated Pure server; ; • documentation allowing you to easily explore Pure configurations; ; • access to our global Pure Academy training program including bimonthly webinars around new features and functionality.; ; During implementation, the Pure Implementation Manager holds an (optional) on-site workshop. This workshop is tailored to your needs and provides in-depth training about the implementation and configuration of Pure.; Once implementation is nearing the launch phase, your dedicated Pure Customer Success Manager will deliver additional training (a combination of onsite and online). Your Customer Success Manager has an in-depth knowledge of Pure and best practices for rolling it out. They will provide continuous training to help you explore the additional functionality in Pure, and will remain as your go-to person for training-related enquiries after launch.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Once their contract ends, customers can extract data from Pure using the Pure Web Service API. This allows them to extract their data in machine-readable formats.
• End-of-contract process: The costs of the basic end-of-contract process are included in a customer's Pure licence fee.; ; Elsevier provides guidance to customers about the tasks they need to complete as part of their migration strategy and the expected timeline they must complete these tasks in. This is a once-off meeting. Effort for consultancy, project work, configurations, or any other form of customised work is excluded from the basic process. The actual extraction and transformation of data is the customer's responsibility. Customers are notified well in advance of their contract end date, so they have sufficient time to extract and transfer data. ; ; Once their contract with Elsevier comes to an end, all data and backups are deleted. AWS uses the techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process for their storage hardware.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Customers access Pure in a web-browser. They require credentials from their institution to log in. ; ; The Pure Portal is also accessed in a web-browser. Institutions can control what content is displayed internally and externally on their Pure Portal.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We carry out an annual Voluntary Product Accessibility Template (VPAT) assessment, which is conducted by the Elsevier Accessibility team. During this VPAT assessment, we test the Pure interface to ensure it is screen reader friendly and compatible with screen readers such as JAWS, NVDA and Apple's VoiceOver. Most controls and features are operable using the keyboard and do not require a mouse.
• API: Yes
• What users can and can't do using the API: Web services are used to extract data from Pure. Pure contains three open interfaces: SOAP, REST and OAI. Both XML and JSON are supported as output formats. ; ; The API has endpoints available for most content types in Pure. The access is controlled using API keys; the endpoints available are tied to your API key, which is managed in the Administrator tab of Pure. ; ; We are currently completing the Pure Write API for populating Pure with content from external sources. This is an evolution of the existing REST web services, to support a backward-compatible read and write REST JSON endpoint for using and managing research information data in Pure. At the time of this submission, the API covers the most commonly used content types: Organisations (Internal and External), Persons, Users, Applications, Awards and Project, with more content types added each release. ; For an up-to-date overview of available endpoints see: https://helpcenter.pure.elsevier.com/pure-api/resource-catalog-roadmap.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Pure offers functionality through optional modules, which allows only relevant client features to be available. Within the Core module and the optional modules the following is relevant: ; ; • Data can be synchronised into Pure from other institutional systems, where the mapping of data is determined by the client. This is set up during implementation and is subsequently managed by clients. Training will be provided by Elsevier. ; ; • Multiple workflows are present that are highly configurable to ensure relevance to client processes. ; ; • Classifications present can be edited, and new classifications can be added and added to various content templates. ; ; • Data enrichments can can configured to select specific fields from preferred import sources. ; ; • Pure can reflect institutional name, field naming preferences, system messages, and editable support text. The Pure Portal is templated in terms of functionality, but branding can match the client (logo, colour, text, and messaging).

Scaling

• Independence of resources: Pure customers using our standard hosting infrastructure have their own database instance with unique credentials. Our standard hosting offers customers reliable, scalable, and inexpensive cloud computing services via Amazon Web Services.

Analytics

• Service usage metrics: Yes
• Metrics types: The system captures data around each institution’s usage of Pure. This information includes which features, types of content and maintenance jobs are used in Pure and at which volume. These metrics help to measure the health of an institution’s Pure instance, diagnose and solve problems, as well as prioritise our development work.; Institutions can also capture metrics about the visitors to their Pure Portal using Google Analytics. They set this up from Pure by entering their Google Analytics tracking code.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data in JSON and XML formats using the Pure Web Service API. ; ; It is also possible for users to create lists of data and export them in various formats such as BibTeX, Reference Manager (RIS), HTML and Excel, depending on the type of data.; ; Pure can also be harvested via OAI-PMH using a variety of metadata formats. ; ; In addition, users can produce reports and export them to PDF, Word, Excel and HTML formats.
• Data export formats: Other
• Other data export formats:
  • JSON
  • XML
  • XLS
  • HTML
  • PDF
  • Word
  • BibTex
  • Reference Manager (RIS)
  • OpenAire
• Data import formats: Other
• Other data import formats:
  • XML
  • Reference Manager (RIS)
  • BibTex
  • XLS
  • OpenAire

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Data will be encrypted during transit by HTTPS/TLS encryption.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Elsevier’s Information Security and Data Protection team continuously monitors and responds to security events. The team assesses identified risks for potential impact and determines the appropriate response and remediation.; ; For thorough monitoring, Elsevier uses a combination of solutions to inspect applications and identify vulnerabilities:; ; Dynamic Application Security Testing (DAST): Actively scans and monitors AWS for vulnerabilities in Pure and the Pure Portal.; Static Application Security Testing (SAST): Provides static code analysis to find and flag potential vulnerabilities as part of the development lifecycle.; Manual testing: Elsevier performs internal penetration testing to identify vulnerabilities before an attacker can exploit them externally.

Availability and resilience

• Guaranteed availability: Our service level agreement (SLA) guarantees a 99.5% system uptime. If availability drops below 99.5%, customers are entitled to receive a service credit. Availability warranties and service credit calculations are outlined in our SLA.
• Approach to resilience: Elsevier implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:; ; • Encryption of personal data;; • Ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;; • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; ; • Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Institutions can configure Pure to authenticate users with SAML2-based authentication mechanisms. Users log into Pure by entering their credentials at Pure's login screen, which is then authenticated by the central authentication system.
• Access restrictions in management interfaces and support channels: Pure does not have a management interface. Only authorised Elsevier employees can access the server infrastructure. All access control is reviewed regularly, and system access is audited. ; ; No employee has permanent access to application level data; temporary access is allocated on an individual’s “need to know,” as determined by job functions and requirements. Authorised Elsevier employees access customer environments via two-factor authentication. We maintain a full audit trail of Elsevier staff logins to customer environments and review this log regularly.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Pure does not have a management interface. Only authorised Elsevier employees can access the server infrastructure.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS United Kingdom Ltd
• ISO/IEC 27001 accreditation date: 09/08/2023
• What the ISO/IEC 27001 doesn’t cover: We hold 27001:2013 Certification. The Information Security Management System (ISMS) provides the management of information security arrangements and activities that support the delivery of information services for Institutional Products and Clinical Solutions globally.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: EU-U.S. Privacy Shield

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Elsevier has implemented policies, standards, and guidelines aligned with ISO 27001 domains that govern data access, protection, transport, restriction, retention, deletion, and classification. Policies, standards, and guidelines are reviewed and updated regularly.; ; Elsevier maintains a dedicated Information Security and Data Protection (ISDP) organization, headed by our Chief Information Security Officer (CISO). Elsevier security staff members have multiple years of experience in the industry and possess industry best practice certifications such as the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified Ethical Hacker (CEH) and multiple Global Information Assurance Certifications.; ; Elsevier employees receive regular data privacy and security awareness training. We equip employees with the knowledge to understand, identify and mitigate security risks by providing role-based secure application development training, phishing simulation tests and privacy and security campaigns.; ; A robust and detailed audit program is in operation to review and test policies, standards, guidelines and controls to assess their effectiveness. This audit program is based on the SSAE 16 and includes in-house and third-party audits as well as independent assessments.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management process follows best industry practices.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Services, processes, and technology are implemented to execute internal and external vulnerability scans to identify new application and system vulnerabilities. Identified risks are assessed for their potential impact along with determining appropriate response and remediation actions. We use a combination of network security testing, application security testing, application code review, and penetration testing to assess our information security program, and enhance it appropriately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Elsevier’s Information Security and Data Protection (ISDP) team continuously monitor and respond 24/7 to security events. The ISDP team will assess any identified risks for their potential impact and determine the appropriate response and remediation actions.; ; To ensure monitoring is as thorough as possible, Elsevier uses a combination of automated and manual solutions to inspect applications and identify any vulnerabilities that require remediation.
• Incident management type: Supplier-defined controls
• Incident management approach: Elsevier manages incidents using a well-established Security Incident Response process. This process covers all security incidents, including hacker, denial of service, lost asset and virus/worm incidents.; ; When an incident occurs, it is promptly handled by our dedicated Information Security & Data Protection team. They will restore service as soon as possible, determine the cause of the incident, and take appropriate steps to prevent future incidents.; ; Elsevier’s incident response and notification policy sets out how users are notified in the event of information being compromised. We conduct security incident disclosures in compliance with all appropriate regulatory policies and applicable statutory guidelines.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Implementation of Pure, as an AWS-hosted product, can influence environmental protection and improvement. We use Amazon Web Services (AWS) for web hosting. For details on their commitment to sustainability in the cloud, see https://sustainability.aboutamazon.com/environment/the-cloud?energyType=true.; With different initiatives – such as renewable energy projects, energy efficiency in scale, and water stewardship – AWS enables effective stewardship of the environment in a variety of ways. Using an AWS-hosted, cloud-based product can be an energy-efficient and more environmentally friendly choice than a standard self-hosted product.; We also are mindful of emissions during implementation from travel. When possible, we connect remotely rather than traveling to your location for meetings and training during implementation. In our own operations (including business travel), our emissions were net zero in 2021 through a combination of reduced emissions and the purchase of renewable energy and renewable energy certificates, with the balance offset through Verified Carbon Standard (VCS) credits in a REDD+ carbon sequestration project. Our parent company, RELX, supports global efforts to mitigate climate change through the rapid reduction of greenhouse gas emissions, aiming to achieve net zero emissions by 2040. Also see https://sdgresources.relx.com.

  Covid-19 recovery

  Pure supports COVID-19 recovery in a variety of ways. ; To support people and community recovery:; ; 1. Using Pure, institutions can showcase COVID-19 research and information to promote the disbursement of sound, scientific knowledge within the institution and wider community.; To support health and reduced demand on public services:; 1. As a cloud product, employees using Pure can work from any location, supporting new ways of working. ; 2. With ease of reporting and built-in workflows, employees’ tasks are easier and less time consuming. Reducing routine and mundane tasks contributes to better mental health, and frees up time for more stimulating and engaging work. ; To support workplace conditions:; 1. As a cloud product, employees using Pure can work from any location, making work more flexible and enabling social distancing.; 2. As an online product, Pure enables working from non-office locations for effective social distancing; remote and flexible working; and flexible commute times.

  Equal opportunity

  RELX is committed to providing a workplace that is inclusive, fair and equitable; where employees are respected and valued, and have equal opportunities. ; Inclusion is important to our future. We need the contributions of people from a wide range of backgrounds, experiences and ideas to achieve real innovation for our customers. ; This means: ; • Creating a positive and supportive working environment for all employees ; • Recognising and valuing differences and supporting the participation of all members ; • Promoting the diversity of our workforce ; • Responding to changing work patterns, by providing flexible working where appropriate ; We are an equal opportunity employer, committed to treating all employees and applicants for employment with respect and dignity, and we prohibit discrimination. We recruit, train, promote, and provide conditions of employment without regard to race, colour, creed, religion, national origin, gender, gender identity or expression, sexual orientation, marital status, age, disability, or any other characteristic protected by law. We regularly review our policies and practices in the areas of recruitment, development, promotion and reward to ensure we provide fair and equitable opportunities. ; We will meet our inclusion goals through: ; • Selecting candidates for employment, promotion, training, or any other benefit based on ability ; • Monitoring inclusion and diversity data (including diversity and pay data) ; • Training (e.g. inclusive leadership development programme for managers; unconscious bias training) ; • Sponsorship and mentoring (e.g. Women in Tech mentoring programme) ; • Encouraging inclusion networks (e.g. Employee Resource Groups focused on gender, ethnicity, sexual orientation etc.) ; • Regularly reviewing our employment practices and procedures ; • Maintaining good governance for, and communication on, inclusion ; The inclusion and diversity practices of our suppliers are important to us. Our Supplier Code of Conduct includes a non-discrimination clause. Our Supplier Inclusion and Diversity Program is designed to encourage the development of Diverse Suppliers.

  Wellbeing

  Staff health and well-being is important to us. We offer opportunities for our employees to create an inclusive, engaged and agile global workforce focused on innovation. Together, we create possibilities.; Networking and engagement; Within Elsevier, we have a variety of groups and opportunities for employees to connect and form strong relationships.; • Employee resource groups: ERGs offer a platform for employees to share their experiences, connect with colleagues who share similar backgrounds or interests, strengthen allyship and provide opportunities for professional development and growth.; • Finding purposeful work: All Elsevier employees contribute to the fulfilling mission of helping researchers and healthcare professionals make breakthrough discoveries that change the world.; • Career growth: We encourage employees to choose their own path and shape their own unique career. We encourage a coaching environment and provide best in class training programs.; • Strong working relationships: Elsevier employees work in an inclusive hybrid environment, and we embrace diverse teams. With a mission of advancing science and improving lives, our employees are an integral part of something that truly matters.; Benefits; Elsevier offers flexible working conditions and compensation that reflect your excellence and our high standards. We value our employees’ time and encourage our colleagues to pursue a full and interesting life outside of work.

Pricing

• Price: £51,656 to £250,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Functionality and configuration can be tested in a sandbox environment with test data for a limited time period, to be agreed with the client.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at v.mahi@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.