Sirsi Ltd (trading as SirsiDynix)

SirsiDynix BLUEcloud Library Services Platform

SirsiDynix Symphony is an open, versatile, scalable library management solution (LMS) for managing all technical and public services within libraries and consortia. We provide enterprise class hosting facilities for both Symphony and Horizon LMS. In addition to the LMS SirsiDynix have developed a number of integrated discovery products.


  • Feature rich library management system
  • Library services platform
  • Full suite of APIs and Web Services
  • MARC21 and DUBLIN Core compliant
  • SIP2/NCIP/RFID compliant
  • Integrated Discovery Layer
  • Digital Asset Management
  • Enterprise class hosting facilities
  • Full unicode support


  • Lower total cost of ownership
  • 99.9% uptime
  • 24/7 support portal
  • Dedicated SaaS team
  • Dedicated Library Relations Managers
  • Dedicated Software Development team
  • Established and active user groups


£5000 per instance per year

Service documents

G-Cloud 10


Sirsi Ltd (trading as SirsiDynix)

Margaret McEvaddy

01923 202923

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints SirsiDynix is responsible for the installation of all SirsiDynix software updates or upgrades at the server level. The library system administrator will be notified via official SirsiDynix communications of upcoming SirsiDynix software updates or upgrades. Upgrades to the system typically require only an hour or two every few months for maintenance releases and about one day each year for annual upgrades.
Supported browsers for all web-based products include the 2 most recent version of the following browsers:
• Chrome
• Firefox
• Safari
• IE
The most recent Client/Server Requirements document is available on request.
System requirements Internet capable PCs/laptops/mobile devices

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Below is an overview of the priority levels and associated response time.
Priority level 1:
Target Incident Acknowledgement Response Time: 1 hour
Target Time to Begin Resolution: Within 1 hour.
Priority level 2:
Target Incident Acknowledgement Response Time: 4 business hours.
Target Time to Begin Resolution: 1 business day.
Priority level 3:
Target Incident Acknowledgement Response Time: 4 business hours.
Target Time to Begin Resolution: 2 business days.
In the event of an emergency, the library uses emergency support phone number, where a live support specialist may be reached 24x7x365. Critical care is offered for Priority 1 Incidents only.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The SirsiDynix Technology Center is staffed 24/5 for standard telephone support. Hours of coverage may be modified on some holidays as noted in the Holiday Schedule. Generally, the hours of telephone support are from 8am Monday through 5pm on Friday.

STANDARD SUPPORT - SirsiDynix Customer Support staff are available during your local weekday business hours (generally Mon-Fri, 8AM-5PM). In addition to telephone and e-mail support many customers prefer the self-service and 24/7 availability offered by the SirsiDynix Support Center.

URGENT CARE - Sometimes you may have an urgent need for assistance with an issue outside of your weekday business hours, or perhaps even on a holiday. On most weekdays SirsiDynix Customer Support is available 24/5 to take your telephone call and will work to provide the assistance you need.

CRITICAL CARE (down system) - Every SirsiDynix customer has 24/7 access to Critical Care support for down systems. You can access Critical Care Support using any of the available telephone support numbers.

Our SaaS Customers have 24/7 access to the cloud support team.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started SirsiDynix has several decades of proven track record in project delivery of LMS projects. Our UK based project team will work with the client through every phase of the project, through to completion. SirsiDynix provides a full implementation services to all new users which will include the following:
• Project management
• Policy configuration consultancy services
• Software installation and setup
• Data conversion consultancy and services
• Training services (can include on-site and online)
• User Documentation

No matter which system we migrate the data from the data migration project follows the same tried and tested processes.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction At the termination of a Cloud contract SirsiDynix will provide extractable customer data at no additional charge in a supported MARC and/or ASCII delimited format.
End-of-contract process On termination all data will be deleted as required. It is standard practice that all traces of data and operability components of the service are deleted on request of the customer at the end of the contract once successful migration is complete or any time convenient to the customer.

At the termination of a Cloud contract SirsiDynix will provide extractable customer data at no additional charge in a supported MARC and/or ASCII delimited format.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service SirsiDynix has developed BookMyne, our free mobile phone app for the end user and also BLUEcloud MobileCirc, our staff application for use of mobile devices. Our BLUEcloud staff applications are browser based and can be used on mobile devices.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Symphony WorkFlows supports standard Assistive Technology available in Microsoft Windows systems. Symphony has been successfully tested with the JAWS screen reading software, with the Microsoft Windows Magnifier and with ZoomText.

SirsiDynix Enterprise conforms to the W3C’s WCAG 2.0 levels A and AA. SirsiDynix Enterprise was tested using the standards outlined in the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines (WCAG) 2.0. Conformance for each section was verified by performing manual testing in major web browsers (Internet Explorer, Safari, Google Chrome, and Mozilla Firefox). Screen reader functionality was tested using the NVDA screen reader in Mozilla Firefox.
What users can and can't do using the API SirsiDynix over 600 APIs and Web Services that serves as the base of our BLUEcloud library services platform, this service-oriented foundation allows the BLUEcloud library services platform interface to interact with every portion of the Symphony database.
SirsiDynix offers tight integration between our systems and whatever systems your library chooses to use, and allows you to modify, extend, and customise the SirsiDynix system to meet your individual needs through APIs and Web Services that expose data using a Resource Oriented Architecture. These APIs and Web Services expose any and all data loaded into your system and allow you to access that data (with read and write privileges) in whatever systems and interfaces you choose.
Additionally API provides tools that allow:
 global selection, editing, removal, and formatting of records
 creation of custom reports
 tools that allow users to mimic transactions, e.g., charging, discharging, etc.
 tools for data loading and data manipulation. e.g., import /export bibliographic, authority, user records

There is an additional cost associated with the API Subscription service.
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The following areas of the system can be customised by users who have received the appropriate training:
• Library system policies and parameters e.g. loan policies, user policies, cataloguing policies etc.
• Reports
• The Enterprise Discovery Layer e.g. colour schemes, brandings, searches


Independence of resources SirsiDynix SaaS does not allow resources to exceed a pre-determined threshold. In the event resources are approaching defined thresholds, we automatically assign additional server side resources. Our scaling is more vertical (add resources to existing Symphony servers to handle additional load) and not horizontal (add more physical servers to the cluster of servers to handle additional load).
We do not limit any customers usage of CPU, RAM, I/O, storage, bandwidth, etc. We scale our hardware to be no more than 80% of total capacity.


Service usage metrics Yes
Metrics types SirsiDynix can report on the number of active user accounts and on the number of digital assets being stored within the Portfolio digital asset management tool.

The system records every successful transaction made allowing the library staff to report on the following:
• Number of records added to the system (bibliographic, user, serials, acquisitions)
• Circulation statistics (issues, renewals, reservations)

The Enterprise discovery layer can integrate with Google analytics to provide public usage metrics.


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach FIPS assured encryption is available for an additional cost.
We also make use of secure containers, racks or cages.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reports to select and export records can run at any time, whether or not the system is also in use for other purposes. Staff can extract data from SirsiDynix Symphony in basic flat ASCII text, making it available for loading into any external desired application. A number of the reports also provide the option of XML output.

Bibliographic records can be exported in MARC format by making use of the standard delivered MARC Export utility and reports.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • MARC
  • Flat ascii
  • XML
  • Dublin Core

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network Other
Other protection within supplier network SirsiDynix protects data within our network by our ability to optionally configure internal communications for Software as a Service (SaaS) systems to use TLS v1.2 or a similar technology.

Availability and resilience

Availability and resilience
Guaranteed availability At Customer’s request, SirsiDynix will calculate Customer’s Service Availability during a given calendar month. If SirsiDynix has failed to meet the Service Availability in a given calendar month and acts culpably, i.e., at least negligently, SirsiDynix will, at their obligation, credit Customer's account for non-availability of the Covered Services according to the following schedule(s). Such credits may only be used to secure any and all future services from SirsiDynix relating to this SLA ("Service Credit").
Interruptions will only be counted if SirsiDynix confirms that the non-availability is due to an occurrence under SirsiDynix’s control.
Service Availability Interruption Service Credit (*)
Less than 1% of hours in a calendar month - No Credit
1% to 4% of hours in a calendar month - 5%
4% to 6% of hours in a calendar month - 10%
6% to 12% of hours in a calendar month - 25%
12% of hours or more hours in a calendar month - 50%

* (Percentage of the total Customer monthly fees due to SirsiDynix for that calendar month. The total credit from all Services Level Agreements is not to exceed 50% of such fees due to SirsiDynix for that calendar month.)
Approach to resilience SirsiDynix cloud based products are hosted through a colocation facility provided by iomart Hosting. Within the environment, equipment is purchased and installed by SirsiDynix. We utilise Cisco servers and
networking equipment, Sonicwall firewalls and SAN storage from Pure Storage and Hitachi. The Symphony application and Oracle database run within a virtual machine on VMware ESXi. Wherever possible we implement redundancy in the solution, for example HA firewall configuration, redundant switches and additional server capacity in case of server failure.
The equipment is hosted on our behalf by iomart, who provide us internet connectivity, power and rack space. They have diesel generators to provide additional protection in case of power failure, multiple redundant core switches and routers, and a temperature controlled environment, with redundant HVAC (heating, ventilation and air conditioning) and ventilation.
Outage reporting Combination of email alerts and a customer-accessible dashboard.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Web application administrative access can be restricted to VPN only with a username and password, while SirsiDynix support access is only (a) via a password obfuscation tool such as Remote Desktop Manager (RDM) or (b) via two-factor authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 A-LIGN
ISO/IEC 27001 accreditation date December 18, 2017
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • U.S. NIST SP 800-53
  • TrustArc TRUSTed Cloud Seal

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards U.S. NIST SP 800-53
TrustArc TRUSTed Cloud Seal
Our GDPR application is in process
Information security policies and processes International Organization for Standardization (ISO) 27001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach SirsiDynix manages configurations and changes according to industry best practices, requiring reviews and security lead authorizations for changes throughout software or system lifetimes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach SirsiDynix uses sources such as the US-CERT ratings and industry threat reports to assess potential threats, deploying patches as needed based on the severity of the ratings. Policy related to patch deployment is 15 days for high-risk flaws, 30 days for moderate-risk flaws, and 60 days for low-risk flaws, unless an exception has been requested and has been approved by the DSO (Change Management Plan item SA-10).
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified using detection of unauthorised and out-of-policy configuration changes, network behaviour, and other activities; SirsiDynix also uses logic built into security tools to perform identification. Response to potential compromise includes isolation, investigation, remediation, and reconstitution (from the Incident Response Plan section 6). Goals for speed of response (from IRP section 6.1) are listed below.
Critical - within 24 hours
High - within 36 hours
Moderate - within 2 business weeks
Incident management type Supplier-defined controls
Incident management approach End users of SirsiDynix products typically report potential incidents to SirsiDynix customer employees who open tickets with SirsiDynix support. Internal users similarly report potential incidents to the Information Technology (IT) helpdesk via tickets. Incident reporting includes notification as soon as possible after identification of an incident, regular updates, and a final report upon incident conclusion.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5000 per instance per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑