Technical specifications

Navigating.art offers an all-in-one platform designed for the evolving needs of art professionals working in archives, on catalogue raisonnés, and with museum collections.

The platform’s comprehensive functionality for creating, managing, and publishing online reduces the time and financial investment required by custom and hybrid solutions. Teams across the globe manage more than 15 million resources and 50 thousand artworks with the Navigating.art platform.

Features

  • Web application
  • Relational database with bilateral linking 
  • Display API and online web publishing capabilities 
  • Data migration kit and services
  • Digital asset management
  • Data protection
  • Hosting
  • Optical character recognition (OCR) and full-text search 
  • Large-team collaboration capabilities
  • Integrated universal style guide, Getty vocabularies, and citation formatting 

Benefits

  • Handle every aspect of archive and collection management on one web-based platform
  • Seamlessly share media, artworks, and information with the public via online publishing features
  • Quickly find assets and information with complex search and autogenerated fields
  • Secure information with user roles and permissions controlled by administration
  • Efficiently complete daily tasks by working in a single platform at the same time as team members
  • Bring visitors deeper into an institution’s holdings by sharing archival documents, publications, art information, and art works in the same system  
  • Options for email and video call customer success support 

Pricing

Starting at 1499€ / month

Free trial available

Service documents

Contact

HPF Innovations GmbH
Seestr. 35-37
14467 Potsdam

Email: community@navigating.art

Service scope

Cloud deployment model

Public cloud

Service constraints

System requirements

  • Modern browser
  • Internet connection

Software add-on or extension

No

User support

Email or online ticketing support

Email or online ticketing

Support response times

Navigating.art clients have multiple options for contacting support: our team is reachable by email or by submitting a request from within the solution. Standard support is available on weekdays from 9am to 6pm (CET). 


Support outside of regular business hours is available by request, or for peak times including weekends. We respond to inquiries within one business day. 


After submitting a support request, the client is kept updated by email ​or via the support site. 

User can manage status and priority of support tickets

Yes

Video call support

Yes, at extra cost

Onsite support

Yes, at extra cost

Support levels

All subscriptions include access to technical and end-user information and support services by email and the ticket portal. Through the ticket portal, clients can submit support requests, feature requests, and access the knowledge base. Any additional levels of support can be agreed to and defined within an optional Service Level Agreement.


On-site support is available at our standard day rates.


The services of Technical Account Managers and Cloud Support Engineers are also available.

Support available to third parties

Yes

Onboarding and offboarding

Getting started

Navigating.art offers tailored onboard training sessions, delivered remotely. We also provide user documentation.

Service documentation

Yes

Documentation formats

HTML & PDF

End-of-contract data extraction

Navigating.art staff can export data into standard data exchange formats on request.

End-of-contract process

There are no defined off-boarding costs at the end of the contract, except if the client requires a non-standard data format for data extract or other special services. Unless otherwise agreed, all data is deleted 30 days after the contract's end date. Once the contract has ended, access to the client's browser-based system is revoked.

Using the service

Web browser interface

Yes

Supported browsers

Chrome

Application to install

No

Designed for use on mobile devices

Yes, partly

Differences between the mobile and desktop service

Public website is optimized for mobile devices, data entry platform is optimized for desktop use.

Service interface

Yes

Description of service interface

Navigating.art is built upon standards-based, open source software languages, libraries, and toolkits. Communication between the browser and server is accomplished using RESTful web services over the secure HTTPS protocol.

API

Yes

What users can and can't do using the API

The API is an additional functionality that can facilitate opportunities for data sharing and collaboration. The default API includes: Keyword Search and All Public Records. The API provides data in JSON for all types of published content, including individual objects; package objects and packages created in Collections; keywords; advanced and/or filtered results, exhibitions and constituents records in Collections. Individual objects and object-related media are also available.

API documentation

Yes

API documentation formats

HTML

API sandbox or test environment

No

Customisation available

No

Scaling

Independence of resources

The Navigating.art architecture is designed to support large numbers of concurrent users and includes load-balanced servers, which can scale horizontally. Ongoing monitoring is used to help ensure that CPU usage across the various servers is maintained below 80%. Alarms are used to automatically scale the infrastructure should the CPU on any server remain above 80% for longer than 5 minutes. 

Analytics

Service usage metrics

Yes

Metrics types

Availability, response times, and application logs include usage.

Reporting types

  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type

Not a reseller

Asset protection

Knowledge of data storage and processing locations

Yes

Data storage and processing locations

  • United States
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations

User control over data storage and processing locations

No

Datacenter security standards

Managed by a third party

Penetration testing approach

Third-party service

Protecting data at rest

  • Physical access control, complying with another standard
  • Encryption of all physical media

Data sanitisation process

Yes

Data sanitisation type

  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed

Equipment disposal approach

Complying with a recognised standard, for example DoD 5220.22-M (E) and ISO 27001

Data importing and exporting

Data export approach

Most of the data held is fully accessible to the client in a range of User Interface export functions. These functions provide the means to export data in CSV, Word or PDF. Administrators can also manage SQL backups on a desired, needs-based schedule.

Data export formats

Other

Other data export formats

  • CSV
  • Word
  • PDF

Data import formats

CSV

Data-in-transit protection

Data protection between buyer and supplier networks

  • Public network 
  • TLS (version 1.2 or above)

Data protection within supplier network

  • TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability

Navigating.art offers 99.9% guaranteed uptime.

Approach to resilience

Self-healing infrastructures, continuous monitoring and automatic scaling.

Outage reporting

A public dashboard.

Identity and authentication

User authentication needed

Yes

User authentication

  • 2-factor authentication
  • Username or password

Access restrictions in management interfaces and support channels

The system holds its own passwords, which are fully encrypted and stored only as encrypted values. The password policy is enforced which includes complexity requirements. Administrators also have the ability to reset passwords.

Management access authentication

  • 2-factor authentication
  • Dedicated link (VPN)
  • Username or password

Audit information for users

Access to user activity audit information

Users have access to audit information on request

How long user audit data is stored for

At least 1 week

Access to supplier activity audit information

Users contact the support team to get audit information

How long supplier audit data is stored for

At least 12 months

How long system logs are stored for

Between 1 week and 6 months

Security governance

Named board-level person responsible for service security

Yes

Security governance certified

No

Security governance approach

Based on ISO 27001

Information security policies and processes

Navigating.art has a comprehensive Information Security Management System (ISMS) in place. Our ISMS Policy document provides an overview of the company, the activities it carries out, and the operational quality standards to which it conforms. It also carries information about where procedural information is located and detailed information on documentation requirements for essential procedures. Navigating.art is a SME and, therefore, has a straightforward reporting structure. The Chief Operating Officer (COO) is the company's Information Security Manager (ISM), supported by the Senior Management Team (SMT).

Operational security

Configuration and change management standard

Supplier-defined controls

Configuration and change management approach

All changes within the application are tracked through a strict workflow using JIRA software project management. Issues are prioritized based on various factors, including impact, performance, and risk. All application changes are reviewed by a secondary developer and checked by Quality Assurance prior to being included in a release. In the source code repository, separate issue branches are used for each individual issue. 


All changes within the application infrastructure are also rolled out in the same way, providing a gapless audit trail of changes and the possibility to restore the infrastructure and application version to any point in time.

Vulnerability management type

Supplier-defined controls

Vulnerability management approach

Information about potential threats are collated from internal and external sources, as well as gathered through the use of industry standard pen testing tools. All identified threats and/or vulnerabilities are assessed for risk and impact, and then categorized by priority. Any required service patches are fast-tracked through the development cycle and deployed as soon as possible once verified by the Quality Assurance team.

Protective monitoring type

Supplier-defined controls

Protective monitoring approach

Key metrics are monitored 24/7/365, including CPU, RAM, Network Traffic Throughput, Latency, and File Space Usage. All application instances are also monitored 24/7/365. Application access request logs are monitored and analysed. Any incidents are logged and analysed as a priority, with any required action initiated at the earliest opportunity.

Incident management type

Supplier-defined controls

Incident management approach

All occurring incidents within the TMS Suite are logged and tracked through a strict workflow using industry standard issue management software. Users can report incidents directly to our Customer Services team. Communication with users regarding incidents is managed through an industry standard help desk system.

Secure development

Approach to secure software development best practice

Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

No

Pricing

Price

Starting at 1499€ / month

Discount for educational organizations

Yes

Free trial available

Yes

Description of free trial

30-day free trial with no obligations attached.