Our solutions, services, and data centers comply
with international standards and meet the
rigorous security and privacy demands of our
customers worldwide.


EU General Data Protection Regulation (GDPR)

Ex Libris is committed to GDPR compliance. We have closely analyzed the requirements of the GDPR, and our engineering, product, security, and legal teams have been working to align our procedures, documentation, contracts, and services to support compliance with the GDPR. We also support our customers with their GDPR compliance journey with our strong foundation of certified security and privacy controls by design.

More about Ex Libris and GDPR >


ISO/IEC 27001 – Information Security Management

Ex Libris continues to seek out best practices and follow established industry standards. As new security standards and certifications become available, we review them and adopt those that are relevant to our customers and our environment.

Ex Libris is ISO 27001:2013 certified and undergoes a rigorous annual audit process to verify that Ex Libris complies with Information Security Management System (ISMS) security measures. The audit process is conducted by an independent third party audit firm and includes annual penetration testing.

See the certification >



ISO/IEC 27018 – Protecting Personal Data in the Cloud

ISO 27018:2014 defines the controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in the public cloud computing environment.

Ex Libris has been ISO 27018:2014 certified since February 2016.

See the certification >


ISO/IEC 27017 – Security Controls for Cloud Services

ISO 27017:2015 defines the code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Ex Libris has been ISO 27017:2015 certified since July 2018.

See the certification >



ISO/IEC 22301 – Business Continuity Management System

ISO 22301:2012 is an international  standard that specifies requirements to plan, monitor, maintain and continually improve a documented business continuity management system.

Ex Libris is the first in the library software industry to achieve ISO 22301:2012 certification, demonstrating the Ex Libris commitment to high availability and business continuity.

See the certification>


FedRAMP (The Federal Risk and Authorization Management Program) – U.S. Government Data Standards

The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, in 2011. FedRAMP authorization ensures that cloud offerings meet the federal government’s stringent requirements, as verified by a third party.

Ex Libris has received FedRAMP Tailored Authorization. To learn more, read the press release.

More about FedRAMP >
Ex Libris FedRAMP status >



Cloud Security Alliance – Security, Trust, and Assurance Registry (CSA STAR)

CSA STAR is a powerful program for security assurance in the cloud. The CSA STAR Self-Assessment documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering using. This information is publicly available, promoting industry transparency and providing customer visibility into specific provider security practices.

Ex Libris CSA STAR assessment >


Service Organization Control (SOC 2) Reports

SOC 2 Reports focus on business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as defined by the American Institute of Certified Public Accountants (AICPA).

Data centers used by Ex Libris have been reviewed for SOC 2 controls. The audit is performed on an annual basis and the resulting report can be provided upon request.

Open a support case to request the latest SOC 2 report >



Data Center Compliance

The Ex Libris private cloud strategy utilizes a colocation model whereby Ex Libris owns and manages all servers, storage, and network equipment while contracting with leading data center vendors to provide the actual data center facilities, including space, power, and cooling.

Below is a full list of certifications and standards achieved for each Ex Libris data center:

  • United States (Equinix) data center: ISO 27001, SOC 2 Type 2, SOC 1 Type 2
  • United States (Cyxtera) data center: ISO 27001, SOC 1 Type 2, SOC 2 Type 2
  • China (21vianet) data center: ISO 27001, ISO 22301
  • Canada (Cyxtera) data center: ISO 27001, SOC 1 Type 2, SOC 2 Type 2
  • Europe (Equinix) data center: ISO 27001, ISO 9001, SOC 1 Type 2, SOC 2 Type 2
  • Europe (Digital Realty) data center: ISO 27001, ISO 9001, SOC 1 Type 2, SOC 2 Type 2, SOC 3
  • Singapore (Equinix) data center: ISO 27001, SOC 2 Type 2 and SOC 1 Type 2

Additional information for United Stated (Equinix) data center (choose Chicago CH3)>

Additional information for the United states (Cyxtera) data center>

Additional information for the Canada (Cyxtera) data center >

Additional information for the Europe (Equinix) data center (choose Netherlands AM1)>

Additional information for the Europe (Digital Realty) data center>

Additional information for the Singapore data center (choose Singapore SG2) >

Additional information for the China data center >

Open a support case to request the latest data center certification >



Ex Libris is committed to making our services accessible. Ex Libris cloud service accessibility is based on the Web Content Accessibility Guidelines (WCAG) 2.0, which define how to make web content more accessible for people with disabilities. To this end, Ex Libris completes and updates Voluntary Product Accessibility Templates (VPATs) for relevant Ex Libris services to document conformance with these accessibility standards.

See the VPAT for each Ex Libris solution >