Civica Spydus Library Management Solution
Spydus Library Management Solution integrates library resources, digital assets, archives and cultural collections in one powerful, easy-to-use system and discovery platform. Spydus is scalable, easily configured and customisable for single libraries and consortia. Streamlines operations, provides workflow automation for staff and a mobile first interface for library users.
- 100% web based and mobile ready, fully integrated LMS
- Responsive clients, full access to functionality from any device
- SIP2/NCIP/RFID/LCF compliant
- Mobile first; standards compliant customer centric discovery portal
- API Suite for real-time integration
- A single repository for digital assets including multimedia
- Complete archive and heritage management integrated- ISAD (G)2
- Real-time reporting
- Cataloguing module is MARC21, RDA, AACR2, FRBR and Unicode compliant
- Customer APP for IOS and Android
- Reduce risk and overheads with cloud deployment
- Reduced systems costs, savings up to 50%
- Self-service …. Channel shift
- Staff web application streamlines administration making tasks simpler to complete
- Customer-centric features enabling delivery of better customer service _Choice
- Make diverse collections accessible and searchable
- Easy to use, consistent look and feel throughout all modules
- Efficient consortium solution for up to 50% transportation cost reduction
- Save up to 80% on inter-library loans with Consortium lending
- UK Wide Support and Account management Expertise
£6000.00 per unit
- Education pricing available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Civica UK Limited
Civica UK Limited
020 7760 2800
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||The Spydus system will be available 24x365 to all users with a minimum 95% availability. The solution will be 99% available between 6am to 12am daily excluding pre-agreed maintenance windows|
|Email or online ticketing support||Email or online ticketing|
|Support response times||All questions raised between 9 to 5 (UK time), Monday to Friday are responded to on the day the question was raised. All questions raised at the weekend are responded too on the following working day.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Civica provides a Central Service Desk which provides both telephone and portal support. The Service Desk is staffed 24/7 and are able to provide general support between the hours on 09:00-17:00 Monday to Friday. The Service Desk manages both incidents and requests.
Spydus standarad support includes the following:
• Software bug fixes, patches, service packs and associated services
• Management of all scheduled tasks
• Management and maintenance of the database
24/7/365 critical cover is provided for all customers
An account manager would be allocated, they will meet with you on a regular basis (usually quarterly) to discuss with you any problems, plans or changes that you may wish to make. The support of our Help Desk is provided remotely."
|Support available to third parties||Yes|
Onboarding and offboarding
"Civica has a proven track record delivering successful LMS projects on time and budget. Our UK project team work collaboratively through every phase of the project. Full implementation services based Prince methodology and include the following:
• Project management
• Software installation and setup
• Data conversion consultancy and services
• Training services (on-site and online)
• User Documentation"
|End-of-contract data extraction||
Onboarding documentation is supplied via an online portal that enables the customer to access and update their project documentation plus issue and data logs. Offboarding documentation is supplied via a helpdesk call.
As a SQL data base a number of tools can be applied to make the copying process uncomplicated – including direct access by excel and the database would be destroyed after all data has been removed / copied as necessary.
|End-of-contract process||Data is provided in a comma delimited file at the end of the contract at no additional cost. Should different formats or requirements exist then meeting this requirements will require additional charges based on the SFIA rate card.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||We currently support the use of the Spydus Web Apps (WBA) in landscape orientation for tablets. Printing is not supported on either Android, iOS or Windows RT.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Spydus supports standard Assistive Technology available in Microsoft Windows systems. Spydus has been successfully tested with the JAWS screen reading software, with the Microsoft Windows Magnifier and with ZoomText.|
|What users can and can't do using the API||The Spydus solution includes the Library Communication Framework (LCF) API which is a UK Library Industry set of well-formed RESTful XML web services that allows for seamless integration with other systems. These web services allow for any data to be created/updated/deleted in the LMS solution. The customer is able to add authentication details for their 3rd party providers directly through Spydus Maintenance module without any need to involve Civica.|
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||No|
|Description of customisation||
"The following areas of the system can be customised by users via the maintenance menu in the staff web app, following training:
• Library system policies and parameters
• Messages including system messages, Notices and Email text
• Levels of access for groups of staff and individual staff
• Home screen for Staff can be customised based on user group. Out of the box, Spydus has 20 system widgets that bring daily tasks directly to the home screen. System managers can push announcements to all users, or to a subset based on location or user group.
• Public Catalogue including colour schemes, brandings, text, searches, display of resources
In addition reports can be customised via the reports module"
|Independence of resources||
Underlying hardware is dynamically allocated and balanced using VMware Dynamic Resource Scheduler (DRS). DRS ensures virtual servers are allocated the appropriate physical hardware resources at all times. DRS also enables virtual servers to be migrated to different physical hardware so system availability is maintained during planned or unplanned maintenance. Storage is allocated via a flash storage array capable of maintaining high IOPS throughput.
|Service usage metrics||Yes|
Spydus includes an Enquiry interface which can report on system metrics. Every field is indexed and the system will report on each record type added to the system, by user and date. Every Enquiry search will provide a count. Statistics can be provided for across the service on via user actioned reports or via the system dashboard.
Google analytics is integrated with the Public catalogue to provide usage metrics.
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Spydus supports the export of bibliographic, authority and holdings data in MARC and non-MARC formats, including, Dublin Core, CSV and XML via the Cataloguing module. Spydus Enquiry allows data to be exported CSV (for use in MS applications, XML and formatted data such MARC text or a file. Standard reports can be exported to PDF, HTML, CSV, TXT.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||https over TLS1.2 and we use IPSEC VPNs to secure insecure SIP2 traffic between our network and the buyers|
|Data protection within supplier network||Other|
|Other protection within supplier network||Backup is via site to site replication across an encrypted Civica dedicated MPLS link. Hosted data application services are provided over secure channels e.g. HTTPS, dedicated communication lines or VPN|
Availability and resilience
|Guaranteed availability||Civica’s standard core hours are 8am-8pm, Monday to Friday (excluding UK Bank holidays). Access to the service (remote access to data centre, domain names, network connections, IP addresses, hosted software and equipment) during core hours will have an uptime availability of 99.99%|
|Approach to resilience||Available on request.|
Infrastructure related scheduled maintenance will not occur between 8:00 and 20:00 Monday to Friday excluding English Bank Holidays. Maintenance will be arranged with a minimum of 3 working days’ notice, and will include a detailed description of the planned works, planned outcomes, and a detailed back-out plan, unless otherwise stated.
Unplanned outages will be notified via the Civica Service Desk.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Restricted by pre-approved IP address|
|Access restrictions in management interfaces and support channels||Access is only available to authorised staff and via the internal network, 2 factor authentication and Username and password.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ISOQAR|
|ISO/IEC 27001 accreditation date||06/12/2017|
|What the ISO/IEC 27001 doesn’t cover||NA|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Trustwave|
|PCI DSS accreditation date||23/07/2018|
|What the PCI DSS doesn’t cover||N/A|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
Cyber Essentials Plus
|Information security policies and processes||In order to provide a wide range of services to public and private sector organisations, Civica maintains an active information security programme. This programme requires regular internal and external audit inspection of both physical and logical data protection structures. The policies and procedures are aligned to ISO 27001 and Cyber Essentials Plus certifications.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
All hosted assets metadata is stored in a Configuration Management Data Base. This data base is access controlled to authorised staff only. The CMDB provides information essential to the secure hosting of client critical services.
Civica's Change Management process ensures that all changes are considered and planned, and appropriate, and that there is a clear audit trail of all changes.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Civica has vulnerability management processes in place for ISO27001 and PCI-DSS. These processes are externally audited on an annual basis to ensure continued compliance.
For external vulnerability scanning, Civica employs the services of an external ‘CHECK’ approved provider to perform an annual penetration test against the external management IP interface. Supporting this, Civica is also certified to the CESG approved Cyber Essentials scheme.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Civica take a proactive approach to information security through a process of continual monitoring and review. As part of a documented risk assessment methodology to identify and manage information security risks a dedicated security team update the risk register monthly.
Civica has a network monitoring solution in place ‘OpsView’ as well as a full antivirus and anti-malware solution. These technologies check the hosted services for errors, infections and unexpected network traffic and are support by Cisco IPS/IDS at the perimeter layer. This monitoring service provides defence in depth, against compromise, by detecting infections and suspicious networking activity within the environment.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Civica have developed an Incident Management process (PRM07) under ISO 20000 standards which details both the Incident and Service Request Management processes.
The Civica Service Desk manages end user Service Requests, Incidents and Requests for Change (RFCs) which can be logged by e-mail, telephone and web portal.
Monthly customer reports will detail incident information.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Joint Academic Network (JANET)|
|Price||£6000.00 per unit|
|Discount for educational organisations||Yes|
|Free trial available||No|