Resources
All Trust Center files & documents
Download the Ex Libris GDPR addendum regarding compliance with the General Data Protection Regulation
Advisories - Security
Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion Vulnerability
Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion vulnerability – Updated December 21, 2020
Policy - Data Center
Ex Libris Security Patches and Vulnerability Assesments Policy
Ex Libris continually seeks to ensure that its solutions do not contain vulnerabilities that may compromise the security of its products
GDPR
Addressing Data Subject Rights in Urlich's XML Data Service
This paper describes tools and capabilities of the Ulrich’s XML Data Service to assist your organization in addressing data subject rights under the GDPR.
Addressing Data Subject Rights in RefWorks
This paper describes the tools and capabilities built into RefWorks that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in RefWorks.
Addressing Data Subject Rights in Pivot
This paper describes the tools and capabilities built into Pivot that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Pivot.
Addressing Data Subject Rights in Alephino
This paper describes the tools and capabilities built into Alephino that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Alephino.
Certification - Security
ISO 27017
Ex Libris certification: ISO 27017:2015
Ex Libris IT Security Policy
The purpose of this document is to define clear rules for the use of the information systems and other information assets in Ex Libris.
Ex Libris Data Classification Policy
This policy ensures that Ex Libris information assets are classified so that they receive the appropriate level of protection.
Ex Libris Information Security Policy
The purpose of this policy is to provide a security framework based on ISO 27002 that will ensure the protection of Ex Libris information from unauthorized access, loss or damage.
Deprecation of TLS 1.0 and TLS 1.1 Versions for Higher Education Platform API
Deprecation of TLS 1.0 and TLS 1.1 Versions for Higher Education Platform API - Updated July 22, 2021
Ex Libris Data Retention Policy
The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Ex Libris or are of no value are discarded at the proper time.
Policy- Data Center
Ex Libris Establishes New Second Data Centers in Three Regions
Establishment of a second data center in each of the following regions: the United States, Europe, and Asia Pacific, in addition to the existing regional data centers.
Ex Libris Access Control Policy
This document defines the Ex Libris policy regarding Access Control. It is Ex Libris’ goal to ensure that personnel are positively authenticated and authorized prior to being granted access to information resources.
Customer Appropriate Usage Statement
This policy defines the required customer cooperation and appropriate use for Ex Libris customers with access rights to Ex Libris Cloud infrastructures.
Accesibility
Ex Libris, a ProQuest Company, is committed to providing an experience that is fully accessible to everyone.
Availability - Data Centers
System down procedure and contact information
Relevant procedures and hub contact information.
Welcome to the Ex Libris Cloud
This document provides the benefits of using the Ex Libris Cloud services together with general instructions for new customers joining the Ex Libris Cloud.
Ex Libris and the General Data Protection Regulation
This paper is aimed at informing Ex Libris customers about the various GDPR compliance activities of Ex Libris (company, products and services.)
Security
Technical Requirements for Alma and Discovery Implementation
This document describes Alma cloud fundamentals, the technology driving the Alma cloud, the IT side of the Alma cloud infrastructure, and the Alma cloud's interaction with on premises institutional/campus systems.
Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions
Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019
Local Customers
Local Customers – Update June 1, 2017
“POODLE” – The SSL v3 Security vulnerability
“POODLE” – The SSL v3 Security vulnerability update
“Shellshock” - Security vulnerability
“Shellshock” - Security vulnerability – update September 29, 2014
“Ghost” - Security Vulnerability
“Ghost” - Security Vulnerability – Updated January 28, 2015 Overview
OpenSSL and FREAK - Security Vulnerabilities
OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015
VENOM vulnerability (CVE-2015-3456)
VENOM vulnerability (CVE-2015-3456) – Updated May 14, 2015
DROWN vulnerability (CVE-2016-0800)
DROWN vulnerability (CVE-2016-0800) – Updated March 6, 2016
Misuse of SEND TO email function
Misuse of SEND TO email function – Update May 18, 2017 and Update June 7, 2017
Chrome Security Alert for Non-TLS sites
Chrome Security Alert for Non-TLS sites – Updated Sept 24, 2017
Ex Libris Offices' IP Addresses
This is a list of the IP addresses for outgoing network traffic from each of the Ex Libris offices.
SAML vulnerability (CVE-2018-0489)
SAML vulnerability (CVE-2018-0489) – Updated February 28, 2018
Google Chrome Browser Version 80 Updates and Ex Libris Products and Services
Google Chrome Browser Version 80 Updates and Ex Libris Products and Services - February 13, 2020
Alma “Forgot My Password” Vulnerability Identified and Corrected
Alma “Forgot My Password” Vulnerability Identified and Corrected – March 29, 2021
Ex Libris Primo VE Log-in Security Vulnerability
Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021
Apache HTTP Server 2.4 Security Vulnerability
Apache HTTP Server 2.4 Security Vulnerability October 17, 2021
Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
Polkit Privilege Escalation Vulnerability (CVE-2021-4034) - February 02, 2022
Spring4Shell Security vulnerabilities (CVE-2022-22965 and CVE-2022-22963)
Spring4Shell Security vulnerabilities (CVE-2022-22965 and CVE-2022-22963) – April 06, 2022
Security Advisory– Log4Shell Security vulnerability (CVE-2021-44228)
Log4Shell Security vulnerability (CVE-2021-44228) - December 12, 2021
Meltdown and Spectre Vulnerabilities
Updated January 7, 2018 - Ex Libris is aware of the recently reported security vulnerabilities known as 'Meltdown' and 'Spectre' that affect computer processors (CPUs.)
Ex Libris Patron Directory Services (PDS) Security vulnerability
Security Update - Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019
Security Advisory - Ex Libris campusM Cloud Log Security Vulnerability
Ex Libris campusM Cloud Log Security Vulnerability Updated – July 29, 2020
Addressing Data Subject Rights in MetaLib
This paper describes the tools and capabilities built into MetaLib that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in MetaLib.
Addressing Data Subject Rights in Voyager
This paper describes the tools and capabilities built into Voyager that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Voyager.
Addressing Data Subject Rights in USTAT
This paper describes the tools and capabilities built into USTAT that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in USTAT.
Addressing Data Subject Rights in Ulrichsweb
This paper describes the tools and capabilities built into Ulrichsweb that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Ulrichsweb.
Addressing Data Subject Rights in Summon
This paper describes the tools and capabilities built into Summon that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Summon.
Addressing Data Subject Rights in SFX
This paper describes the tools and capabilities built into SFX that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in SFX.
Addressing Data Subject Rights in Rosetta
This paper describes the tools and capabilities built into Rosetta that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Rosetta.
Addressing Data Subject Rights in Primo
This paper describes the tools and capabilities built into Primo that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Primo.
Addressing Data Subject Rights in Leganto
This paper describes the tools and capabilities built into Leganto that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Leganto.
ISO 27001
Ex Libris certification: ISO 27001:2013
Addressing Data Subject Rights in RapidILL
This paper describes the tools & capabilities in RapidILL that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in RapidILL.
Addressing Data Subject Rights in Esploro
This paper describes the tools & capabilities in Esploro that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in Esploro.
Addressing Data Subject Rights in Intota & 360 Services
This paper describes the tools & capabilities in Intota & 360 that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in Intota & 360.
Addressing Data Subject Rights in campusM
This paper describes the tools and capabilities built into campusM that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in campusM.
Addressing Data Subject Rights in bX
This paper describes the tools and capabilities built into bX that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in bX.
Addressing Data Subject Rights in Alma
This paper describes the tools and capabilities built into Alma that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Alma.
Addressing Data Subject Rights in Aleph
This paper describes the tools and capabilities built into Aleph that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Aleph.
Data Processing Addendum
The EU General Data Protection Regulation (GDPR) became applicable on 25 May 2018.
Certification - Privacy
ISO 27018
Ex Libris certification: ISO 27018:2014
Certification - Business Continuity
ISO 22301
Ex Libris certification: ISO 22301
Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019
Policy - Security
Ex Libris Security Disciplinary Policy
This policy addresses what disciplinary action may be taken when employee behavior has been determined to be unacceptable and which results in a security breach due to negligence or intentional violation of Ex Libris policies, practices, and/or procedures.
Ex Libris RefWorks Integration with Shibboleth Security Vulnerability
Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated: February 11, 2020
Google Chrome Browser version 80 Updates and Ex Libris products and services
Ex Libris Cloud Services BCP
The BCP is a plan of actions to be taken in the event of a disaster in order to resume critical operations in a pre-defined time frame.
Ex Libris Service Disruption Communication Policy
This policy defines a consistent way to handle, avoid and communicate any service disruption.
Ex Libris Password Management Policy
This policy establishes a standard for the protection, appropriate use and creation of strong passwords, to protect customer information, and to maintain data privacy by defining the frequency with which passwords should be changed.
Ex Libris Asset Management Policy
The purpose of this policy is to describe the activities related to managing devices and software assets.
Ex Libris Risk Management Policy
The purpose of the risk management policy is to provide guidance regarding the management of risks and to ensure that all risks are controlled or mitigated.
Ex Libris Change Management Policy
The purpose of change management is to ensure that the system components used to deliver services are identified, recorded, and monitored so that only authorized changes are applied.
Ex Libris Security And Privacy Incident Response Policy
The aim of this policy is to ensure that Ex Libris reacts appropriately to any actual or suspected security incidents relating to Ex Libris cloud systems and data.
Apache Tomcat Vulnerability (CVE-2020-1938)
Apache Tomcat vulnerability (CVE-2020-1938) Updated - March 17, 2020
Ex Libris campusM integration with Ex Libris Alma-Primo
Ex Libris campusM integration with Ex Libris Alma-Primo Security Vulnerability Updated – March 9, 2020
Cloud Security and Privacy Statement
This policy describes the Ex Libris security procedures and the privacy practices of Ex Libris Ltd. and Ex Libris (USA) Inc. and their respective subsidiary companies.
Statement of Applicability
This document describes the relevant and applicable controls adopted by Ex Libris.
Ex Libris Software Development Life Cycle (SDLC) Policy
This policy defines the development and implementation requirements for Ex Libris products.
Policy
Ex Libris Statement Regarding Coronavirus (COVID-19)
We continue to monitor the spread of the novel coronavirus (COVID-19) and its global impact. Ex Libris is committed to providing awareness and transparency to our customers, employees, and partners regarding our status and the actions that we are taking. Our business continues to be fully operational, with no disruption to our services and systems.
Ex Libris Responsible Disclosure Policy
The purpose of this policy is to define the method by which Ex Libris can work with the user community to improve security and mitigate vulnerabilities for Ex Libris services. This policy applies to all systems, personnel, and data at Ex Libris.
ISO 27032
Ex Libris Certification: ISO 27032:2012
Policy - Security and Privacy
Security and Privacy Statement
Ex Libris is committed to providing its customers with a highly secure and reliable environment, and have developed a multi-tiered security model that covers all aspects of hosted and cloud-based Ex Libris systems.