Astun Technology Ltd

iShare Metadata with GeoNetwork

iShare Metadata with GeoNetwork is an INSPIRE compliant service for Metadata Discovery, View and Download Services. It enables iShare users to meet their INSPIRE Phase 1 publishing and delivery obligations and their need for Enterprise Metadata within their organisations without having to implement any additional technology locally.


  • INSPIRE compliant service
  • Dedicated customer portal in our hosted GeoNetwork environment
  • Virtual CSW end points for Metadata Publishing and Enterprise Metadata
  • Compliant service for Metadata Discovery (searching), View and Download Services
  • Automated initial Metadata Creation directly into GeoNetwork
  • Automated addition of metadata for new database tables
  • Automated update of metadata for existing database tables
  • Enterprise wide use with support for Non-Spatial Datasets
  • No need to implement any technology locally
  • Enterprise Grade Support


  • Cloud based metadata service
  • Uses GeoNetwork like most of the world's spatial data infrastructures
  • Full support for UK Gemini metadata standards
  • Metadata Publishing provides full UK Location Programme compatibility
  • Serve metadata to or other standards compliant portals
  • Allows the power of metadata to be harnessed by iShare
  • Ensures that data is managed and discoverable across your organisation
  • Provides real business value and business efficiency
  • Automated Metadata Creation and Update, saving time and resources


£1,250 a unit a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

9 5 1 0 3 3 2 1 5 9 0 5 5 2 2


Astun Technology Ltd Astun Technology Sales Team
Telephone: 01372 744009

Service scope

Software add-on or extension
What software services is the service an extension to
IShare in the Cloud and existing on-premise implementations of iShare
Cloud deployment model
Community cloud
Service constraints
Most planned maintenance will be undertaken without interrupting service availability however in the event that this is not possible downtime will be scheduled and agreed with the customer in advance.
System requirements
IShare 5.6+ for Enterprise Metadata Option

User support

Email or online ticketing support
Email or online ticketing
Support response times
Astun provide the support service during normal working hours, which are between 0900 and 1700 GMT, Monday to Friday, excluding Bank Holidays.

The response times for calls logged by the customer are set out in the accompanying Astun Platform Terms & Conditions document.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
First line support is provided via a permanently staffed Service Desk with second and third line support by consultancy and development teams for fault diagnosis and resolution. Customer access to web based Service Desk provides real time ticket management and correspondence on all customer tickets.
Support available to third parties

Onboarding and offboarding

Getting started
On receipt of a purchase order Astun Technology will provide access to a customer specific upload location in the Cloud hosted environment and details of how to upload initial datasets to the iShare Metadata with GeoNetwork service.

Astun provide onsite training for administrators and user documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In the event that the customer terminates the service they can download their metadata from the service in a XML file format that should be compatible with alternative GEMINI2 metadata catalogues. Customers should extract a copy of their data before their contract expires.
End-of-contract process
On receipt of a written request to terminate the iShare in the Cloud service and subject to there being no unpaid charges outstanding, Astun will delete all datasets stored within iShare Metadata with GeoNetwork and remove all metadata entries.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Users of the service comprise of (i) data custodians who use the service for maintaining metadata; (ii) data users who view metadata through third party services such as Operations in the scope of (i) are done on the desktop; those in (ii) may be mobile compatible according to service used.
Service interface
User support accessibility
None or don’t know
Description of service interface
IShare Metadata with GeoNetwork are based on GeoNetwork, the leading open source standards-compliant metadata catalogue, which is used by the majority of the world’s spatial data infrastructures.
Accessibility standards
None or don’t know
Description of accessibility
For more information on GeoNetwork interface, please see Appendix A of the Service Definition.
Accessibility testing
What users can and can't do using the API
IShare Metadata with GeoNetwork provides an OGC compliant web services using CSW protocols.
API documentation
API documentation formats
  • HTML
  • Other
API sandbox or test environment
Customisation available


Independence of resources
Resource monitoring of the service.


Service usage metrics
Metrics types
Customers can obtain metrics from Support.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Customer can download their metadata from the service.
Data export formats
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
Via direct entry into Metadata catalogue

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
IShare Metadata with GeoNetwork is hosted on a high availability cloud infrastructure with a failover backup hosted in a different geographic region for maximum resilience.

Internal availability testing indicates availability in excess of 99.6%

Response times for map rendering are typically less than 1 second at the server.

The services are continually monitored with automated messages sent to several staff in the event of a deterioration or failure.
Approach to resilience
IShare Metadata with GeoNetwork is hosted within the Amazon Web Services environment (AWS).

The entire cloud environment is backed up to a second geographic availability zone to provide additional resilience in the unlikely event that the primary availability zone becomes unavailable.
Outage reporting
Astun set up a series of alarms to monitor the customer's cloud service. These alarms are triggered if any pre-set limits to system resources are reached (e.g. disk space). This enables Astun to address the majority of issues before any potential outage.

We also use our GeoHealth check system to monitor servers and ensure they are up and working.

The customer is informed of any potential problems by email or phone.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces are restricted to login in via remote desktop over a dedicated VPN between customer network estate and the virtual private cloud environment dedicated to the customer. Access by Astun is also over VPN.
Access restriction testing frequency
At least every 6 months
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We are currently working towards ISO 27001.
Information security policies and processes
Astun has a formal Information Security Policy that provides a framework for the management of information security within our business processes. We are also Cyber Essentials Plus accredited.

iShare Metadata with GeoNetwork is hosted on Amazon Web Services (which is ISO 27001 accredited).

Operational customer data is stored or processed within MEF (Metadata Exchange Format) Version 2.0.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to all Astun components are managed and tracked through their lifetime via a centralised bug-tracking, issue-tracking and project-management software application (JIRA) and associated private code repository (BitBucket) managed under source control. The software is built through a repeatable build process and after passing formally defined test cases is tagged to a specific version number at the point of release. Only released software is deployed to the customer virtual private cloud environments. Potential security impacts are assessed via a process of peer review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Information on potential threats is continuously assessed through review of key online resources (release notes, security articles etc) for all third party components (operating systems, databases, frameworks etc). Penetration testing of the full system (including Astun components) is undertaken by independent third parties on all significant software releases. Whilst patch releases are routinely issued on a monthly basis, key security vulnerabilities are patched and released as soon as Astun become aware of them, irrespective of the stage in the release cycle.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All cloud servers are set up with alarms that monitor key system resources on the server itself allowing the detection of compromises such as denial of service attacks. In addition external monitoring services are set up to make routine periodic requests to the servers (typically every 15 mins), to check that they remain responsive, and send out alerts if any servers are unavailable. Incidents are responded to as soon as we become aware of them. Logging is enabled on the servers to provide an audit trail of potential compromises for subsequent investigation.
Incident management type
Supplier-defined controls
Incident management approach
Security related incidents are categorised as a Priority 1 within our Service Desk system, and allocated to third line support personnel (developer) for immediate investigation and resolution. Users are able to report such incidents via the Service Desk (phone, email and web form), which is routinely monitored throughout the working day by first line support staff. Contemporaneous notes are taken during the incident and recorded against the service desk ticket, which provides a detailed report of the incident itself. Key performance indicators are also published from the Service Desk System and routinely reviewed by management on a weekly basis.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Our Environmental and Sustainability Policy (E&SP) helps us minimise our environmental impact.

We monitor our carbon footprint, have made the SME Climate Change Commitment and are members of Race to Zero. We’ll cut our greenhouse gas emissions by half before 2030. Staff are required to turn off equipment when not in use.

We operate fully remotely, reducing travel and heating emissions. If an employee prefers to work from a shared space, we fund their use of a local co-working space.

We have a ‘virtual meetings first’ policy. If travel is essential for business or wellbeing we encourage the use of carsharing or public transport.

We prefer to deliver training courses remotely.

IT equipment is securely recycled or refurbished/ rehomed where possible. Disposal is a last resort.

We encourage a ‘paperless’ office mindset. We share electronic collateral where possible.

We take environmental criteria into account in the procurement of goods and services, e.g. recycled pencils for giveaways or phones from Fairphone.
Our cloud services are hosted on AWS, an energy and water-efficient platform that’ll be 100% renewable energy powered by 2025.

In 2022, we’ll undergo EcoVadis assessment to drive further improvements.

We are evaluating how we can drive more environmental awareness across our supply chain. Sub-contractors are already asked to comply with our E&SP.

To influence environmental protection and improvement, we respond to clients’ requests for products/services which help improve the environment, such as a mobile GIS that will enable councils to monitor the health of trees. iShare, our popular web mapping solution, is used by councils to promote the use of green spaces and recycling centres.

We publicise environmentally-friendly initiatives. For example, we publicise how we helped The Ramblers gather the information needed to protect paths for future generations. We also post about our own commitments.
Covid-19 recovery

Covid-19 recovery

We follow specialist recruitment and employment guidance. We create permanent jobs in preference to contracting. We’ve employed and mentored graduates through their early careers. Many activities, such as structured 1:2:1s, align with the Good Work Plan. We’ll give particular consideration to requests for work/student placements or internships made by those affected by COVID-19. We’ve committed to the EcoVadis assessment.

We allow employees to request changes to employment contracts and flex their hours. Everyone is eligible for bonuses, pension and pay above our Living Wage commitment plus training and progression opportunities based on skills matrices and structured 1:2:1s. We encourage mentoring and internal recruitment. Employee salaries are paid by Astun Technology, not a subsidiary.

We improve workplace conditions by following best practice and encouraging employees’ ideas, e.g. via surveys.

Our activities reduce the demand for health and public services. Examples included in other themes include: measures to reduce employee loneliness, mentoring, reviews, transparency, encouraging volunteering and ensuring employees recognise the part they play in our success.

We support the GIS community, e.g. through sponsorship.

We’ve introduced GP/counselling support services, plus life assurance. We’re evaluating a Mental Health First Aider training scheme.

Many activities are embedded in policies, such as Equal Opportunities and Recruitment/Promotion.

We involve local stakeholders and users in the design of services. We ensure services are intuitive for a diverse user range and can be used remotely. We’re willing to adapt service delivery to meet user needs following community consultant and engagement.

We help clients communicate their activities and GIS-enabled service improvements to stakeholders, e.g. via case studies and presentations.

We provide training videos and comprehensive user guides for clients’ employees and their user communities.
Tackling economic inequality

Tackling economic inequality

Despite our limited supply chain, we’re open to using new businesses and SMEs as suppliers (subject to risk evaluation). Staff and clients can make recommendations. We pay suppliers fairly and promptly.

We pay above our Living Wage Commitment. The differential between our lowest and highest-paid employee is 1-5x. All employees are eligible for bonuses, pension and cost of living rises. We benchmark salaries.

We share performance information at monthly meetings. Employee feedback is gathered during an annual survey and 1:2:1s.

We base training and development opportunities upon skills matrices, progression plans, 1:2:1s and requests. We encourage in-house mentoring and volunteering for GIS-related charities or groups, including MapAction for whom we have provided free training.

Employees have the autonomy to manage their own workload and work flexibly.

We improve delivery, productivity and quality by researching, evaluating and adopting new technologies. We expect our suppliers to do the same.

We take a solution-led approach, co-designing services with users, suppliers and other stakeholders. Client input is gathered at regular meetings. Feedback from internal QA processes, user acceptance testing and customer surveying drives service design and innovation.

We review projects and share lessons learned.

We share our learnings with the wider GIS and client community, e.g. by giving talks. We seek learning opportunities from our business and GIS communities, e.g. from the ODI and the AGI.

We share innovative functionality to benefit others.

We have an Information Security (IS) policy and Cyber Essentials/Plus certification. We have signed up for the Cyber Security Information Sharing Partnership and the South East Cyber Resilience Centre. Backups are held in disparate locations. We advise clients about cyber issues and close off vulnerabilities. We’re evaluating cyber training and ways to audit our supply chain. We promote our IS measures.
Equal opportunity

Equal opportunity

As an SME, we use external HR consultants to ensure compliance. We are members of the Equality Register and have made the Mental Health at Work Commitment. We have Equal Opportunities, Diversity and Recruitment/Promotion policies. We will be EcoVadis assessed this year.

Our recruitment practices are inclusive and accessible, including initial redacted CV scoring. We are open to making further changes to allow the disabled a more level playing field. We encourage employees to apply for internal vacancies.

We are open to using Occupational Health and Access to Work to support employees.

Flexible working and learning/development opportunities encourage all employees to grow. Sub-contractors can work flexibly, if appropriate.

We pay competitive salaries that exceed our Living Wage Commitment plus bonuses.

One of our team chairs the AGI task force on Diversity & Inclusion during work time.

We encourage progression by holding regular, structured reviews based on a collaborative document. We use skills audits and matrices used to identify skill gaps.

Staff use a task management platform to allocate SMART tasks and monitor their own performance.

We have a company-wide budget for training and development. Training needs are identified during the review process. Staff can request training and books on demand. There is a shared library.

We encourage mentoring at all levels. Junior staff enjoy mentoring for a significant proportion of their work.

Employees are encouraged to take part in out of work learning events. For example, we pay international travel costs so employees can attend FOSS4G events.

Employee achievements are recognised internally and externally, e.g. via newsletter.

We have a zero-tolerance approach to modern slavery. We have a Modern Slavery policy. It includes a whistleblowing procedure and a commitment to fair pay. New employees are subject to reference and identity checks.


We have a Social Value policy.

We reduce loneliness/disconnect via virtual chats, coffee meetings, ‘pub’ and company-wide meetings plus regular in-person meetings/socials.

We fund ‘co-working’ spaces for staff who prefer to work outside the home. Employees can work from anywhere with no change to pay.

We offer flexible working which allows employees to exercise and attend classes/appointments during the day. They can use technology to silence work messages outside working hours. We believe in ‘family first’ in case of family ill-health and emergencies.

We have an ‘open door’ policy for confidential 1:2:1s about health and wellbeing as well as regular structured reviews.

Employees can access an employee support programme that provides 24/7 GP consultations, fitness advice, health checks and counselling.

To help drive further improvement, we conduct an annual staff engagement, wellbeing and working conditions survey. This evaluates the success of current activities and encourages staff to help identify further support measures. We have recently made the Mental Health at Work commitment and will improve our reporting measures as a result. EcoVadis assessment will also help drive further initiatives.

In terms of influencing support for health and wellbeing, we talk openly on digital platforms, including newsletters, websites and social media, about our commitment to improving the health and wellbeing of our workforce. This helps to encourage employees, suppliers, customers and the wider GIS community to take similar measures.

We recognise that we have limited ability to influence support for health and wellbeing within our largest suppliers. For example, AWS already offer an employee support programme and a Working Well initiative. However, we plan to evaluate how we can further encourage and measure health and wellbeing measures amongst suppliers as part of our EcoVadis commitment.


£1,250 a unit a year
Discount for educational organisations
Free trial available
Description of free trial
The scope of the trial will be by agreement.

The customer may be required to pay for the services required to set up the trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.