Resources
All Trust Center files & documents
Download the Ex Libris GDPR addendum regarding compliance with the General Data Protection Regulation
Advisories - Security
Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion Vulnerability
Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion vulnerability – Updated December 21, 2020
Policy - Security
Ex Libris Service Disruption Communication Policy
This policy defines a consistent way to handle, avoid and communicate any service disruption.
Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions
Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019
Ex Libris Patron Directory Services (PDS) Security vulnerability
Security Update - Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019
Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019
Ex Libris RefWorks Integration with Shibboleth Security Vulnerability
Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated: February 11, 2020
Google Chrome Browser Version 80 Updates and Ex Libris Products and Services
Google Chrome Browser version 80 Updates and Ex Libris products and services
Ex Libris Cloud Services BCP
The BCP is a plan of actions to be taken in the event of a disaster in order to resume critical operations in a pre-defined time frame.
Ex Libris Password Management Policy
This policy establishes a standard for the protection, appropriate use and creation of strong passwords, to protect customer information, and to maintain data privacy by defining the frequency with which passwords should be changed.
Policy - Data Center
Welcome to the Ex Libris Cloud
This document provides the benefits of using the Ex Libris Cloud services together with general instructions for new customers joining the Ex Libris Cloud.
Ex Libris Asset Management Policy
The purpose of this policy is to describe the activities related to managing devices and software assets.
Ex Libris Risk Management Policy
The purpose of the risk management policy is to provide guidance regarding the management of risks and to ensure that all risks are controlled or mitigated.
Ex Libris Change Management Policy
The purpose of change management is to ensure that the system components used to deliver services are identified, recorded, and monitored so that only authorized changes are applied.
Ex Libris Security And Privacy Incident Response Policy
The aim of this policy is to ensure that Ex Libris reacts appropriately to any actual or suspected security incidents relating to Ex Libris cloud systems and data.
Apache Tomcat Vulnerability (CVE-2020-1938)
Apache Tomcat vulnerability (CVE-2020-1938) Updated - March 17, 2020
Ex Libris campusM integration with Ex Libris Alma-Primo
Ex Libris campusM integration with Ex Libris Alma-Primo Security Vulnerability Updated – March 9, 2020
Cloud Security and Privacy Statement
This policy describes the Ex Libris security procedures and the privacy practices of Ex Libris Ltd. and Ex Libris (USA) Inc. and their respective subsidiary companies.
Meltdown and Spectre Vulnerabilities
Updated January 7, 2018 - Ex Libris is aware of the recently reported security vulnerabilities known as 'Meltdown' and 'Spectre' that affect computer processors (CPUs.)
Availability - Data Centers
System down procedure and contact information
Relevant procedures and hub contact information.
Ex Libris Software Development Life Cycle (SDLC) Policy
This policy defines the development and implementation requirements for Ex Libris products.
Certification - Security
ISO 27017
Ex Libris certification: ISO 27017:2015
GDPR
Addressing Data Subject Rights in Urlich's XML Data Service
This paper describes tools and capabilities of the Ulrich’s XML Data Service to assist your organization in addressing data subject rights under the GDPR.
Addressing Data Subject Rights in RefWorks
This paper describes the tools and capabilities built into RefWorks that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in RefWorks.
Addressing Data Subject Rights in Pivot
This paper describes the tools and capabilities built into Pivot that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Pivot.
Addressing Data Subject Rights in Alephino
This paper describes the tools and capabilities built into Alephino that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Alephino.
Primo Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Primo system, the privacy impact of this, and the measures ExLibris is taking in order to manage the risks involved.
360 Services Privacy Impact Assessment
This Privacy Impact Assesment includes a brief description of the data processed in 360 Services, the privacy impact, and the measures Ex Libris is taking in order to manage the risks identified.
Ex Libris IT Security Policy
The purpose of this document is to define clear rules for the use of the information systems and other information assets in Ex Libris.
Accesibility
Ex Libris, a ProQuest Company, is committed to providing an experience that is fully accessible to everyone.
Ex Libris Data Classification Policy
This policy ensures that Ex Libris information assets are classified so that they receive the appropriate level of protection.
Ex Libris Security Patches and Vulnerability Assesments Policy
Ex Libris continually seeks to ensure that its solutions do not contain vulnerabilities that may compromise the security of its products
Ex Libris Information Security Policy
The purpose of this policy is to provide a security framework based on ISO 27002 that will ensure the protection of Ex Libris information from unauthorized access, loss or damage.
Ex Libris Data Retention Policy
The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Ex Libris or are of no value are discarded at the proper time.
Policy- Data Center
Ex Libris Establishes New Second Data Centers in Three Regions
Establishment of a second data center in each of the following regions: the United States, Europe, and Asia Pacific, in addition to the existing regional data centers.
Ex Libris Access Control Policy
This document defines the Ex Libris policy regarding Access Control. It is Ex Libris’ goal to ensure that personnel are positively authenticated and authorized prior to being granted access to information resources.
Customer Appropriate Usage Statement
This policy defines the required customer cooperation and appropriate use for Ex Libris customers with access rights to Ex Libris Cloud infrastructures.
Statement of Applicability
This document describes the relevant and applicable controls adopted by Ex Libris.
Policy
Ex Libris Statement Regarding Coronavirus (COVID-19)
We continue to monitor the spread of the novel coronavirus (COVID-19) and its global impact. Ex Libris is committed to providing awareness and transparency to our customers, employees, and partners regarding our status and the actions that we are taking. Our business continues to be fully operational, with no disruption to our services and systems.
Security Advisory - Ex Libris campusM Cloud Log Security Vulnerability
Ex Libris campusM Cloud Log Security Vulnerability Updated – July 29, 2020
Aleph Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Aleph, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Addressing Data Subject Rights in Aleph
This paper describes the tools and capabilities built into Aleph that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Aleph.
Summon Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Summon, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
SFX Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in SFX, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
SFX (Hosted) Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in hosted SFX, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Rosetta Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Rosetta, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Leganto Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Leganto, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
campusM Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in campusM, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Alma Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Alma, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Addressing Data Subject Rights in bX
This paper describes the tools and capabilities built into bX that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in bX.
Esploro Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Esploro, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Pivot Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Pivot, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Research Professional Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in Research Professional, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
RefWorks Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in RefWorks, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
RapidILL Privacy Impact Assessment
This Privacy Impact Assessment includes a brief description of the data processed in RapidILL, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.
Ex Libris Statement Regarding Invalidation of Privacy Shield Framework
European Court of Justice decision on 16 July 2020 invalidates the EU-U.S. Privacy Shield Framework
Data Processing Addendum
The EU General Data Protection Regulation (GDPR) became applicable on 25 May 2018.
Addressing Data Subject Rights in Alma
This paper describes the tools and capabilities built into Alma that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Alma.
Addressing Data Subject Rights in campusM
This paper describes the tools and capabilities built into campusM that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in campusM.
Ex Libris Responsible Disclosure Policy
The purpose of this policy is to define the method by which Ex Libris can work with the user community to improve security and mitigate vulnerabilities for Ex Libris services. This policy applies to all systems, personnel, and data at Ex Libris.
Addressing Data Subject Rights in Summon
This paper describes the tools and capabilities built into Summon that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Summon.
Ex Libris Security Disciplinary Policy
This policy addresses what disciplinary action may be taken when employee behavior has been determined to be unacceptable and which results in a security breach due to negligence or intentional violation of Ex Libris policies, practices, and/or procedures.
Certification - Business Continuity
ISO 22301
Ex Libris certification: ISO 22301
ISO 27001
Ex Libris certification: ISO 27001:2013
Certification - Privacy
ISO 27018
Ex Libris certification: ISO 27018:2014
Addressing Data Subject Rights in Voyager
This paper describes the tools and capabilities built into Voyager that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Voyager.
Addressing Data Subject Rights in USTAT
This paper describes the tools and capabilities built into USTAT that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in USTAT.
Addressing Data Subject Rights in Ulrichsweb
This paper describes the tools and capabilities built into Ulrichsweb that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Ulrichsweb.
Ex Libris and the General Data Protection Regulation
This paper is aimed at informing Ex Libris customers about the various GDPR compliance activities of Ex Libris (company, products and services.)
Addressing Data Subject Rights in Intota & 360 Services
This paper describes the tools & capabilities in Intota & 360 that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in Intota & 360.
Addressing Data Subject Rights in SFX
This paper describes the tools and capabilities built into SFX that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in SFX.
Addressing Data Subject Rights in Rosetta
This paper describes the tools and capabilities built into Rosetta that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Rosetta.
Addressing Data Subject Rights in Primo
This paper describes the tools and capabilities built into Primo that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Primo.
Addressing Data Subject Rights in MetaLib
This paper describes the tools and capabilities built into MetaLib that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in MetaLib.
Addressing Data Subject Rights in Leganto
This paper describes the tools and capabilities built into Leganto that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Leganto.
Addressing Data Subject Rights in RapidILL
This paper describes the tools & capabilities in RapidILL that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in RapidILL.
Addressing Data Subject Rights in Esploro
This paper describes the tools & capabilities in Esploro that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in Esploro.
Policy - Security and Privacy
Security and Privacy Statement
Ex Libris is committed to providing its customers with a highly secure and reliable environment, and have developed a multi-tiered security model that covers all aspects of hosted and cloud-based Ex Libris systems.