SirsiDynix Symphony is an open, versatile, scalable library management solution (LMS) for managing all technical and public services within libraries and consortia. We provide enterprise class hosting facilities for both Symphony and Horizon LMS. In addition to the LMS SirsiDynix have developed a number of integrated discovery products.
- Feature rich library management system
- Library services platform
- Full suite of APIs and Web Services
- MARC21 and DUBLIN Core compliant
- SIP2/NCIP/RFID compliant
- Integrated Discovery Layer
- Digital Asset Management
- Enterprise class hosting facilities
- Full unicode support
- Lower total cost of ownership
- 99.9% uptime
- 24/7 support portal
- Dedicated SaaS team
- Dedicated Library Relations Managers
- Dedicated Software Development team
- Established and active user groups
£5000 per instance per year
Sirsi Ltd (trading as SirsiDynix)
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
SirsiDynix is responsible for the installation of all SirsiDynix software updates or upgrades at the server level. The library system administrator will be notified via official SirsiDynix communications of upcoming SirsiDynix software updates or upgrades. Upgrades to the system typically require only an hour or two every few months for maintenance releases and about one day each year for annual upgrades.
Supported browsers for all web-based products include the 2 most recent version of the following browsers:
The most recent Client/Server Requirements document is available on request.
|System requirements||Internet capable PCs/laptops/mobile devices|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Below is an overview of the priority levels and associated response time.
Priority level 1:
Target Incident Acknowledgement Response Time: 1 hour
Target Time to Begin Resolution: Within 1 hour.
Priority level 2:
Target Incident Acknowledgement Response Time: 4 business hours.
Target Time to Begin Resolution: 1 business day.
Priority level 3:
Target Incident Acknowledgement Response Time: 4 business hours.
Target Time to Begin Resolution: 2 business days.
In the event of an emergency, the library uses emergency support phone number, where a live support specialist may be reached 24x7x365. Critical care is offered for Priority 1 Incidents only.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The SirsiDynix Technology Center is staffed 24/5 for standard telephone support. Hours of coverage may be modified on some holidays as noted in the Holiday Schedule. Generally, the hours of telephone support are from 8am Monday through 5pm on Friday.
STANDARD SUPPORT - SirsiDynix Customer Support staff are available during your local weekday business hours (generally Mon-Fri, 8AM-5PM). In addition to telephone and e-mail support many customers prefer the self-service and 24/7 availability offered by the SirsiDynix Support Center.
URGENT CARE - Sometimes you may have an urgent need for assistance with an issue outside of your weekday business hours, or perhaps even on a holiday. On most weekdays SirsiDynix Customer Support is available 24/5 to take your telephone call and will work to provide the assistance you need.
CRITICAL CARE (down system) - Every SirsiDynix customer has 24/7 access to Critical Care support for down systems. You can access Critical Care Support using any of the available telephone support numbers.
Our SaaS Customers have 24/7 access to the cloud support team.
|Support available to third parties||No|
Onboarding and offboarding
SirsiDynix has several decades of proven track record in project delivery of LMS projects. Our UK based project team will work with the client through every phase of the project, through to completion. SirsiDynix provides a full implementation services to all new users which will include the following:
• Project management
• Policy configuration consultancy services
• Software installation and setup
• Data conversion consultancy and services
• Training services (can include on-site and online)
• User Documentation
No matter which system we migrate the data from the data migration project follows the same tried and tested processes.
|End-of-contract data extraction||At the termination of a Cloud contract SirsiDynix will provide extractable customer data at no additional charge in a supported MARC and/or ASCII delimited format.|
On termination all data will be deleted as required. It is standard practice that all traces of data and operability components of the service are deleted on request of the customer at the end of the contract once successful migration is complete or any time convenient to the customer.
At the termination of a Cloud contract SirsiDynix will provide extractable customer data at no additional charge in a supported MARC and/or ASCII delimited format.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||SirsiDynix has developed BookMyne, our free mobile phone app for the end user and also BLUEcloud MobileCirc, our staff application for use of mobile devices. Our BLUEcloud staff applications are browser based and can be used on mobile devices.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
Symphony WorkFlows supports standard Assistive Technology available in Microsoft Windows systems. Symphony has been successfully tested with the JAWS screen reading software, with the Microsoft Windows Magnifier and with ZoomText.
SirsiDynix Enterprise conforms to the W3C’s WCAG 2.0 levels A and AA. SirsiDynix Enterprise was tested using the standards outlined in the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines (WCAG) 2.0. Conformance for each section was verified by performing manual testing in major web browsers (Internet Explorer, Safari, Google Chrome, and Mozilla Firefox). Screen reader functionality was tested using the NVDA screen reader in Mozilla Firefox.
|What users can and can't do using the API||
SirsiDynix over 600 APIs and Web Services that serves as the base of our BLUEcloud library services platform, this service-oriented foundation allows the BLUEcloud library services platform interface to interact with every portion of the Symphony database.
SirsiDynix offers tight integration between our systems and whatever systems your library chooses to use, and allows you to modify, extend, and customise the SirsiDynix system to meet your individual needs through APIs and Web Services that expose data using a Resource Oriented Architecture. These APIs and Web Services expose any and all data loaded into your system and allow you to access that data (with read and write privileges) in whatever systems and interfaces you choose.
Additionally API provides tools that allow:
global selection, editing, removal, and formatting of records
creation of custom reports
tools that allow users to mimic transactions, e.g., charging, discharging, etc.
tools for data loading and data manipulation. e.g., import /export bibliographic, authority, user records
There is an additional cost associated with the API Subscription service.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
The following areas of the system can be customised by users who have received the appropriate training:
• Library system policies and parameters e.g. loan policies, user policies, cataloguing policies etc.
• The Enterprise Discovery Layer e.g. colour schemes, brandings, searches
|Independence of resources||
SirsiDynix SaaS does not allow resources to exceed a pre-determined threshold. In the event resources are approaching defined thresholds, we automatically assign additional server side resources. Our scaling is more vertical (add resources to existing Symphony servers to handle additional load) and not horizontal (add more physical servers to the cluster of servers to handle additional load).
We do not limit any customers usage of CPU, RAM, I/O, storage, bandwidth, etc. We scale our hardware to be no more than 80% of total capacity.
|Service usage metrics||Yes|
SirsiDynix can report on the number of active user accounts and on the number of digital assets being stored within the Portfolio digital asset management tool.
The system records every successful transaction made allowing the library staff to report on the following:
• Number of records added to the system (bibliographic, user, serials, acquisitions)
• Circulation statistics (issues, renewals, reservations)
The Enterprise discovery layer can integrate with Google analytics to provide public usage metrics.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||
FIPS assured encryption is available for an additional cost.
We also make use of secure containers, racks or cages.
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Reports to select and export records can run at any time, whether or not the system is also in use for other purposes. Staff can extract data from SirsiDynix Symphony in basic flat ASCII text, making it available for loading into any external desired application. A number of the reports also provide the option of XML output.
Bibliographic records can be exported in MARC format by making use of the standard delivered MARC Export utility and reports.
|Data export formats||CSV|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||Other|
|Other protection within supplier network||SirsiDynix protects data within our network by our ability to optionally configure internal communications for Software as a Service (SaaS) systems to use TLS v1.2 or a similar technology.|
Availability and resilience
At Customer’s request, SirsiDynix will calculate Customer’s Service Availability during a given calendar month. If SirsiDynix has failed to meet the Service Availability in a given calendar month and acts culpably, i.e., at least negligently, SirsiDynix will, at their obligation, credit Customer's account for non-availability of the Covered Services according to the following schedule(s). Such credits may only be used to secure any and all future services from SirsiDynix relating to this SLA ("Service Credit").
Interruptions will only be counted if SirsiDynix confirms that the non-availability is due to an occurrence under SirsiDynix’s control.
Service Availability Interruption Service Credit (*)
Less than 1% of hours in a calendar month - No Credit
1% to 4% of hours in a calendar month - 5%
4% to 6% of hours in a calendar month - 10%
6% to 12% of hours in a calendar month - 25%
12% of hours or more hours in a calendar month - 50%
* (Percentage of the total Customer monthly fees due to SirsiDynix for that calendar month. The total credit from all Services Level Agreements is not to exceed 50% of such fees due to SirsiDynix for that calendar month.)
|Approach to resilience||
SirsiDynix cloud based products are hosted through a colocation facility provided by iomart Hosting. Within the environment, equipment is purchased and installed by SirsiDynix. We utilise Cisco servers and
networking equipment, Sonicwall firewalls and SAN storage from Pure Storage and Hitachi. The Symphony application and Oracle database run within a virtual machine on VMware ESXi. Wherever possible we implement redundancy in the solution, for example HA firewall configuration, redundant switches and additional server capacity in case of server failure.
The equipment is hosted on our behalf by iomart, who provide us internet connectivity, power and rack space. They have diesel generators to provide additional protection in case of power failure, multiple redundant core switches and routers, and a temperature controlled environment, with redundant HVAC (heating, ventilation and air conditioning) and ventilation.
|Outage reporting||Combination of email alerts and a customer-accessible dashboard.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Web application administrative access can be restricted to VPN only with a username and password, while SirsiDynix support access is only (a) via a password obfuscation tool such as Remote Desktop Manager (RDM) or (b) via two-factor authentication.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||A-LIGN|
|ISO/IEC 27001 accreditation date||December 18, 2017|
|What the ISO/IEC 27001 doesn’t cover||N/a|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
U.S. NIST SP 800-53
TrustArc TRUSTed Cloud Seal
Our GDPR application is in process
|Information security policies and processes||International Organization for Standardization (ISO) 27001.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||SirsiDynix manages configurations and changes according to industry best practices, requiring reviews and security lead authorizations for changes throughout software or system lifetimes.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||SirsiDynix uses sources such as the US-CERT ratings and industry threat reports to assess potential threats, deploying patches as needed based on the severity of the ratings. Policy related to patch deployment is 15 days for high-risk flaws, 30 days for moderate-risk flaws, and 60 days for low-risk flaws, unless an exception has been requested and has been approved by the DSO (Change Management Plan item SA-10).|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Potential compromises are identified using detection of unauthorised and out-of-policy configuration changes, network behaviour, and other activities; SirsiDynix also uses logic built into security tools to perform identification. Response to potential compromise includes isolation, investigation, remediation, and reconstitution (from the Incident Response Plan section 6). Goals for speed of response (from IRP section 6.1) are listed below.
Critical - within 24 hours
High - within 36 hours
Moderate - within 2 business weeks
|Incident management type||Supplier-defined controls|
|Incident management approach||End users of SirsiDynix products typically report potential incidents to SirsiDynix customer employees who open tickets with SirsiDynix support. Internal users similarly report potential incidents to the Information Technology (IT) helpdesk via tickets. Incident reporting includes notification as soon as possible after identification of an incident, regular updates, and a final report upon incident conclusion.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£5000 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|