Resources

All Trust Center files & documents

image GDPR Addendum

Download the Ex Libris GDPR addendum regarding compliance with the General Data Protection Regulation

Download now
Filter by
Topic
Product
RESET

Advisories - Security

Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion Vulnerability

Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion vulnerability – Updated December 21, 2020

Icon

Policy- Data Center

Ex Libris Access Control Policy

This document defines the Ex Libris policy regarding Access Control. It is Ex Libris’ goal to ensure that personnel are positively authenticated and authorized prior to being granted access to information resources.

Icon

GDPR

Primo Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Primo system, the privacy impact of this, and the measures ExLibris is taking in order to manage the risks involved.

Icon

GDPR

360 Services Privacy Impact Assessment

This Privacy Impact Assesment includes a brief description of the data processed in 360 Services, the privacy impact, and the measures Ex Libris is taking in order to manage the risks identified.

Icon

Certification - Security

ISO 27017

Ex Libris certification: ISO 27017:2015

Icon

Policy - Data Center

Ex Libris IT Security Policy

The purpose of this document is to define clear rules for the use of the information systems and other information assets in Ex Libris.

Icon

Policy - Data Center

Ex Libris Data Classification Policy

This policy ensures that Ex Libris information assets are classified so that they receive the appropriate level of protection.

Icon

Policy - Data Center

Ex Libris Security Patches and Vulnerability Assesments Policy

Ex Libris continually seeks to ensure that its solutions do not contain vulnerabilities that may compromise the security of its products

Icon

Policy - Data Center

Ex Libris Information Security Policy

The purpose of this policy is to provide a security framework based on ISO 27002 that will ensure the protection of Ex Libris information from unauthorized access, loss or damage.

Icon

Policy - Data Center

Ex Libris Data Retention Policy

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Ex Libris or are of no value are discarded at the proper time.

Icon

Policy- Data Center

Ex Libris Establishes New Second Data Centers in Three Regions

Establishment of a second data center in each of the following regions: the United States, Europe, and Asia Pacific, in addition to the existing regional data centers.

Icon

Policy - Data Center

Customer Appropriate Usage Statement

This policy defines the required customer cooperation and appropriate use for Ex Libris customers with access rights to Ex Libris Cloud infrastructures.

Icon

GDPR

Addressing Data Subject Rights in Pivot

This paper describes the tools and capabilities built into Pivot that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Pivot.

Icon

Policy - Data Center

Accesibility

Ex Libris, a ProQuest Company, is committed to providing an experience that is fully accessible to everyone.

Icon

Availability - Data Centers

System down procedure and contact information

Relevant procedures and hub contact information.

Icon

Policy - Data Center

Welcome to the Ex Libris Cloud

This document provides the benefits of using the Ex Libris Cloud services together with general instructions for new customers joining the Ex Libris Cloud.

Icon

Advisories - Security

Meltdown and Spectre Vulnerabilities

Updated January 7, 2018 - Ex Libris is aware of the recently reported security vulnerabilities known as 'Meltdown' and 'Spectre' that affect computer processors (CPUs.)

Icon

Advisories - Security

Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions

Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019

Icon

Advisories - Security

Ex Libris Patron Directory Services (PDS) Security vulnerability

Security Update - Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019

Icon

Advisories - Security

Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions

Security Update - Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019

Icon

Advisories - Security

Ex Libris RefWorks Integration with Shibboleth Security Vulnerability

Ex Libris RefWorks integration with Shibboleth Security Vulnerability Updated: February 11, 2020

Icon

Advisories - Security

Google Chrome Browser Version 80 Updates and Ex Libris Products and Services

Google Chrome Browser version 80 Updates and Ex Libris products and services

Icon

GDPR

Addressing Data Subject Rights in Alephino

This paper describes the tools and capabilities built into Alephino that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Alephino.

Icon

GDPR

Addressing Data Subject Rights in RefWorks

This paper describes the tools and capabilities built into RefWorks that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in RefWorks.

Icon

Policy - Security

Ex Libris Service Disruption Communication Policy

This policy defines a consistent way to handle, avoid and communicate any service disruption.

Icon

Advisories - Security

SAML vulnerability (CVE-2018-0489)

SAML vulnerability (CVE-2018-0489) – Updated February 28, 2018

Icon

Advisories - Security

“POODLE” – The SSL v3 Security vulnerability

“POODLE” – The SSL v3 Security vulnerability update

Icon

Advisories - Security

“Shellshock” - Security vulnerability

“Shellshock” - Security vulnerability – update September 29, 2014

Icon

Advisories - Security

“Ghost” - Security Vulnerability

“Ghost” - Security Vulnerability – Updated January 28, 2015 Overview

Icon

Advisories - Security

OpenSSL and FREAK - Security Vulnerabilities

OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015

Icon

Advisories - Security

VENOM vulnerability (CVE-2015-3456)

VENOM vulnerability (CVE-2015-3456) – Updated May 14, 2015

Icon

Advisories - Security

DROWN vulnerability (CVE-2016-0800)

DROWN vulnerability (CVE-2016-0800) – Updated March 6, 2016

Icon

Advisories - Security

Misuse of SEND TO email function

Misuse of SEND TO email function – Update May 18, 2017 and Update June 7, 2017

Icon

Advisories - Security

Local Customers

Local Customers – Update June 1, 2017

Icon

Advisories - Security

Chrome Security Alert for Non-TLS sites

Chrome Security Alert for Non-TLS sites – Updated Sept 24, 2017

Icon

Advisories - Security

Google Chrome Browser Version 80 Updates and Ex Libris Products and Services

Google Chrome Browser Version 80 Updates and Ex Libris Products and Services - February 13, 2020

Icon

GDPR

Addressing Data Subject Rights in Urlich's XML Data Service

This paper describes tools and capabilities of the Ulrich’s XML Data Service to assist your organization in addressing data subject rights under the GDPR.

Icon

Advisories - Security

Alma “Forgot My Password” Vulnerability Identified and Corrected

Alma “Forgot My Password” Vulnerability Identified and Corrected – March 29, 2021

Icon

Advisories - Security

Ex Libris Primo VE Log-in Security Vulnerability

Ex Libris Primo VE Log-in Security Vulnerability - September 05, 2021

Icon

Advisories - Security

Apache HTTP Server 2.4 Security Vulnerability

Apache HTTP Server 2.4 Security Vulnerability October 17, 2021

Icon

Advisories - Security

Polkit Privilege Escalation Vulnerability (CVE-2021-4034)

Polkit Privilege Escalation Vulnerability (CVE-2021-4034) - February 02, 2022

Icon

Advisories - Security

Spring4Shell Security vulnerabilities (CVE-2022-22965 and CVE-2022-22963)

Spring4Shell Security vulnerabilities (CVE-2022-22965 and CVE-2022-22963) – April 06, 2022

Icon

Advisories - Security

Security Advisory– Log4Shell Security vulnerability (CVE-2021-44228)

Log4Shell Security vulnerability (CVE-2021-44228) - December 12, 2021

Icon

Security

Ex Libris Offices' IP Addresses

This is a list of the IP addresses for outgoing network traffic from each of the Ex Libris offices.

Icon

Security

Technical Requirements for Alma and Discovery Implementation

This document describes Alma cloud fundamentals, the technology driving the Alma cloud, the IT side of the Alma cloud infrastructure, and the Alma cloud's interaction with on premises institutional/campus systems.

Icon

Advisories - Security

Deprecation of TLS 1.0 and TLS 1.1 Versions for Higher Education Platform API

Deprecation of TLS 1.0 and TLS 1.1 Versions for Higher Education Platform API - Updated July 22, 2021

Icon

GDPR

Ex Libris and the General Data Protection Regulation

This paper is aimed at informing Ex Libris customers about the various GDPR compliance activities of Ex Libris (company, products and services.)

Icon

Policy - Security

Ex Libris Cloud Services BCP

The BCP is a plan of actions to be taken in the event of a disaster in order to resume critical operations in a pre-defined time frame.

Icon

Policy - Security

Ex Libris Password Management Policy

This policy establishes a standard for the protection, appropriate use and creation of strong passwords, to protect customer information, and to maintain data privacy by defining the frequency with which passwords should be changed.

Icon

Advisories - Security

Security Advisory - Ex Libris campusM Cloud Log Security Vulnerability

Ex Libris campusM Cloud Log Security Vulnerability Updated – July 29, 2020

Icon

GDPR

Rosetta Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Rosetta, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Addressing Data Subject Rights in Esploro

This paper describes the tools & capabilities in Esploro that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in Esploro.

Icon

GDPR

Addressing Data Subject Rights in Intota & 360 Services

This paper describes the tools & capabilities in Intota & 360 that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in Intota & 360.

Icon

GDPR

Addressing Data Subject Rights in campusM

This paper describes the tools and capabilities built into campusM that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in campusM.

Icon

GDPR

Addressing Data Subject Rights in bX

This paper describes the tools and capabilities built into bX that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in bX.

Icon

GDPR

Addressing Data Subject Rights in Alma

This paper describes the tools and capabilities built into Alma that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Alma.

Icon

GDPR

Addressing Data Subject Rights in Aleph

This paper describes the tools and capabilities built into Aleph that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Aleph.

Icon

GDPR

Summon Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Summon, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

SFX Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in SFX, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

SFX (Hosted) Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in hosted SFX, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Leganto Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Leganto, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Addressing Data Subject Rights in Leganto

This paper describes the tools and capabilities built into Leganto that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Leganto.

Icon

GDPR

campusM Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in campusM, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Aleph Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Aleph, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Alma Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Alma, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Esploro Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Esploro, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Pivot Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Pivot, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Research Professional Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in Research Professional, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

RefWorks Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in RefWorks, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

RapidILL Privacy Impact Assessment

This Privacy Impact Assessment includes a brief description of the data processed in RapidILL, the privacy impact, and the measures Ex Libris is taking in order to manage the risks involved.

Icon

GDPR

Ex Libris Statement Regarding Invalidation of Privacy Shield Framework

European Court of Justice decision on 16 July 2020 invalidates the EU-U.S. Privacy Shield Framework

Icon

GDPR

Data Processing Addendum

The EU General Data Protection Regulation (GDPR) became applicable on 25 May 2018.

Icon

GDPR

Addressing Data Subject Rights in RapidILL

This paper describes the tools & capabilities in RapidILL that can assist you in addressing data subject rights & requests under the GDPR as a controller of personal data processed in RapidILL.

Icon

GDPR

Addressing Data Subject Rights in MetaLib

This paper describes the tools and capabilities built into MetaLib that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in MetaLib.

Icon

Certification - Security

ISO 27032

Ex Libris Certification: ISO 27032:2012

Icon

Policy

Ex Libris Statement Regarding Coronavirus (COVID-19)

We continue to monitor the spread of the novel coronavirus (COVID-19) and its global impact. Ex Libris is committed to providing awareness and transparency to our customers, employees, and partners regarding our status and the actions that we are taking. Our business continues to be fully operational, with no disruption to our services and systems.

Icon

Policy - Security

Ex Libris Asset Management Policy

The purpose of this policy is to describe the activities related to managing devices and software assets.

Icon

Policy - Security

Ex Libris Risk Management Policy

The purpose of the risk management policy is to provide guidance regarding the management of risks and to ensure that all risks are controlled or mitigated.

Icon

Policy - Security

Ex Libris Change Management Policy

The purpose of change management is to ensure that the system components used to deliver services are identified, recorded, and monitored so that only authorized changes are applied.

Icon

Policy - Security

Ex Libris Security And Privacy Incident Response Policy

The aim of this policy is to ensure that Ex Libris reacts appropriately to any actual or suspected security incidents relating to Ex Libris cloud systems and data.

Icon

Advisories - Security

Apache Tomcat Vulnerability (CVE-2020-1938)

Apache Tomcat vulnerability (CVE-2020-1938) Updated - March 17, 2020

Icon

Advisories - Security

Ex Libris campusM integration with Ex Libris Alma-Primo

Ex Libris campusM integration with Ex Libris Alma-Primo Security Vulnerability Updated – March 9, 2020

Icon

Policy - Security

Cloud Security and Privacy Statement

This policy describes the Ex Libris security procedures and the privacy practices of Ex Libris Ltd. and Ex Libris (USA) Inc. and their respective subsidiary companies.

Icon

Policy - Security

Statement of Applicability

This document describes the relevant and applicable controls adopted by Ex Libris.

Icon

Policy - Security

Ex Libris Software Development Life Cycle (SDLC) Policy

This policy defines the development and implementation requirements for Ex Libris products.

Icon

Policy - Security

Ex Libris Responsible Disclosure Policy

The purpose of this policy is to define the method by which Ex Libris can work with the user community to improve security and mitigate vulnerabilities for Ex Libris services. This policy applies to all systems, personnel, and data at Ex Libris.

Icon

GDPR

Addressing Data Subject Rights in Primo

This paper describes the tools and capabilities built into Primo that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Primo.

Icon

Policy - Security

Ex Libris Security Disciplinary Policy

This policy addresses what disciplinary action may be taken when employee behavior has been determined to be unacceptable and which results in a security breach due to negligence or intentional violation of Ex Libris policies, practices, and/or procedures.

Icon

Certification - Business Continuity

ISO 22301

Ex Libris certification: ISO 22301

Icon

Certification - Security

ISO 27001

Ex Libris certification: ISO 27001:2013

Icon

Certification - Privacy

ISO 27018

Ex Libris certification: ISO 27018:2014

Icon

GDPR

Addressing Data Subject Rights in Voyager

This paper describes the tools and capabilities built into Voyager that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Voyager.

Icon

GDPR

Addressing Data Subject Rights in USTAT

This paper describes the tools and capabilities built into USTAT that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in USTAT.

Icon

GDPR

Addressing Data Subject Rights in Ulrichsweb

This paper describes the tools and capabilities built into Ulrichsweb that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Ulrichsweb.

Icon

GDPR

Addressing Data Subject Rights in Summon

This paper describes the tools and capabilities built into Summon that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Summon.

Icon

GDPR

Addressing Data Subject Rights in SFX

This paper describes the tools and capabilities built into SFX that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in SFX.

Icon

GDPR

Addressing Data Subject Rights in Rosetta

This paper describes the tools and capabilities built into Rosetta that can assist your organization in addressing data subject rights and requests under the GDPR as a controller of personal data processed in Rosetta.

Icon

Policy - Security and Privacy

Security and Privacy Statement

Ex Libris is committed to providing its customers with a highly secure and reliable environment, and have developed a multi-tiered security model that covers all aspects of hosted and cloud-based Ex Libris systems.

Icon