Civica UK Limited

Civica Spydus Library Management Solution

Spydus Library Management Solution integrates library resources, digital assets, archives and cultural collections in one powerful, easy-to-use system and discovery platform. Spydus is scalable, easily configured and customisable for single libraries and consortia. Streamlines operations, provides workflow automation for staff and a mobile first interface for library users.


  • 100% web based and mobile ready, fully integrated LMS
  • Responsive clients, full access to functionality from any device
  • SIP2/NCIP/RFID/LCF compliant
  • Mobile first; standards compliant customer centric discovery portal
  • API Suite for real-time integration
  • A single repository for digital assets including multimedia
  • Complete archive and heritage management integrated- ISAD (G)2
  • Real-time reporting
  • Cataloguing module is MARC21, RDA, AACR2, FRBR and Unicode compliant
  • Customer APP for IOS and Android


  • Reduce risk and overheads with cloud deployment
  • Reduced systems costs, savings up to 50%
  • Self-service …. Channel shift
  • Staff web application streamlines administration making tasks simpler to complete
  • Customer-centric features enabling delivery of better customer service _Choice
  • Make diverse collections accessible and searchable
  • Easy to use, consistent look and feel throughout all modules
  • Efficient consortium solution for up to 50% transportation cost reduction
  • Save up to 80% on inter-library loans with Consortium lending
  • UK Wide Support and Account management Expertise


£6000.00 per unit

  • Education pricing available

Service documents

G-Cloud 11


Civica UK Limited

Civica UK Limited

020 7760 2800

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The Spydus system will be available 24x365 to all users with a minimum 95% availability. The solution will be 99% available between 6am to 12am daily excluding pre-agreed maintenance windows
System requirements
  • Display-1024 X 768 or higher resolution
  • Windows 7, Windows 8, and Windows 10
  • MS Internet Explorer 11 (recommended), Edge ,Chrome and Firefox
  • Offline Circulation requires Processor Pentium IV PC 800 MHz+ Equivalents
  • Offline Circulation requires RAM Minimum 1GB of RAM
  • Offline Circulation requires Hard disk Minimum 1GB free space
  • Internet connection 10/100 Mb Ethernet card and TCP/IP network connection
  • Offline Circulation requires .NET runtime 4.5.2 or above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All questions raised between 9 to 5 (UK time), Monday to Friday are responded to on the day the question was raised. All questions raised at the weekend are responded too on the following working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels "Standard support
Civica provides a Central Service Desk which provides both telephone and portal support. The Service Desk is staffed 24/7 and are able to provide general support between the hours on 09:00-17:00 Monday to Friday. The Service Desk manages both incidents and requests.

Spydus standarad support includes the following:
• Software bug fixes, patches, service packs and associated services
• Management of all scheduled tasks
• Management and maintenance of the database

Critical support
24/7/365 critical cover is provided for all customers

An account manager would be allocated, they will meet with you on a regular basis (usually quarterly) to discuss with you any problems, plans or changes that you may wish to make. The support of our Help Desk is provided remotely."
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started "Civica has a proven track record delivering successful LMS projects on time and budget. Our UK project team work collaboratively through every phase of the project. Full implementation services based Prince methodology and include the following:
• Project management
• Software installation and setup
• Data conversion consultancy and services
• Training services (on-site and online)
• User Documentation"
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Onboarding documentation is supplied via an online portal that enables the customer to access and update their project documentation plus issue and data logs. Offboarding documentation is supplied via a helpdesk call.

As a SQL data base a number of tools can be applied to make the copying process uncomplicated – including direct access by excel and the database would be destroyed after all data has been removed / copied as necessary.
End-of-contract process Data is provided in a comma delimited file at the end of the contract at no additional cost. Should different formats or requirements exist then meeting this requirements will require additional charges based on the SFIA rate card.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We currently support the use of the Spydus Web Apps (WBA) in landscape orientation for tablets. Printing is not supported on either Android, iOS or Windows RT.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Spydus supports standard Assistive Technology available in Microsoft Windows systems. Spydus has been successfully tested with the JAWS screen reading software, with the Microsoft Windows Magnifier and with ZoomText.
What users can and can't do using the API The Spydus solution includes the Library Communication Framework (LCF) API which is a UK Library Industry set of well-formed RESTful XML web services that allows for seamless integration with other systems. These web services allow for any data to be created/updated/deleted in the LMS solution. The customer is able to add authentication details for their 3rd party providers directly through Spydus Maintenance module without any need to involve Civica.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation "The following areas of the system can be customised by users via the maintenance menu in the staff web app, following training:
• Library system policies and parameters
• Messages including system messages, Notices and Email text
• Levels of access for groups of staff and individual staff
• Home screen for Staff can be customised based on user group. Out of the box, Spydus has 20 system widgets that bring daily tasks directly to the home screen. System managers can push announcements to all users, or to a subset based on location or user group.
• Public Catalogue including colour schemes, brandings, text, searches, display of resources

In addition reports can be customised via the reports module"


Independence of resources "
Underlying hardware is dynamically allocated and balanced using VMware Dynamic Resource Scheduler (DRS). DRS ensures virtual servers are allocated the appropriate physical hardware resources at all times. DRS also enables virtual servers to be migrated to different physical hardware so system availability is maintained during planned or unplanned maintenance. Storage is allocated via a flash storage array capable of maintaining high IOPS throughput.


Service usage metrics Yes
Metrics types Spydus includes an Enquiry interface which can report on system metrics. Every field is indexed and the system will report on each record type added to the system, by user and date. Every Enquiry search will provide a count. Statistics can be provided for across the service on via user actioned reports or via the system dashboard.
Google analytics is integrated with the Public catalogue to provide usage metrics.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Spydus supports the export of bibliographic, authority and holdings data in MARC and non-MARC formats, including, Dublin Core, CSV and XML via the Cataloguing module. Spydus Enquiry allows data to be exported CSV (for use in MS applications, XML and formatted data such MARC text or a file. Standard reports can be exported to PDF, HTML, CSV, TXT.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • MARC
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks https over TLS1.2 and we use IPSEC VPNs to secure insecure SIP2 traffic between our network and the buyers
Data protection within supplier network Other
Other protection within supplier network Backup is via site to site replication across an encrypted Civica dedicated MPLS link. Hosted data application services are provided over secure channels e.g. HTTPS, dedicated communication lines or VPN

Availability and resilience

Availability and resilience
Guaranteed availability Civica’s standard core hours are 8am-8pm, Monday to Friday (excluding UK Bank holidays). Access to the service (remote access to data centre, domain names, network connections, IP addresses, hosted software and equipment) during core hours will have an uptime availability of 99.99%
Approach to resilience Available on request.
Outage reporting Infrastructure related scheduled maintenance will not occur between 8:00 and 20:00 Monday to Friday excluding English Bank Holidays. Maintenance will be arranged with a minimum of 3 working days’ notice, and will include a detailed description of the planned works, planned outcomes, and a detailed back-out plan, unless otherwise stated.
Unplanned outages will be notified via the Civica Service Desk.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication Restricted by pre-approved IP address
Access restrictions in management interfaces and support channels Access is only available to authorised staff and via the internal network, 2 factor authentication and Username and password.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISOQAR
ISO/IEC 27001 accreditation date 06/12/2017
What the ISO/IEC 27001 doesn’t cover NA
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Trustwave
PCI DSS accreditation date 23/07/2018
What the PCI DSS doesn’t cover N/A
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • ISO 22301

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes In order to provide a wide range of services to public and private sector organisations, Civica maintains an active information security programme. This programme requires regular internal and external audit inspection of both physical and logical data protection structures. The policies and procedures are aligned to ISO 27001 and Cyber Essentials Plus certifications.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All hosted assets metadata is stored in a Configuration Management Data Base. This data base is access controlled to authorised staff only. The CMDB provides information essential to the secure hosting of client critical services.

Civica's Change Management process ensures that all changes are considered and planned, and appropriate, and that there is a clear audit trail of all changes.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Civica has vulnerability management processes in place for ISO27001 and PCI-DSS. These processes are externally audited on an annual basis to ensure continued compliance.
For external vulnerability scanning, Civica employs the services of an external ‘CHECK’ approved provider to perform an annual penetration test against the external management IP interface. Supporting this, Civica is also certified to the CESG approved Cyber Essentials scheme.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Civica take a proactive approach to information security through a process of continual monitoring and review. As part of a documented risk assessment methodology to identify and manage information security risks a dedicated security team update the risk register monthly.
Civica has a network monitoring solution in place ‘OpsView’ as well as a full antivirus and anti-malware solution. These technologies check the hosted services for errors, infections and unexpected network traffic and are support by Cisco IPS/IDS at the perimeter layer. This monitoring service provides defence in depth, against compromise, by detecting infections and suspicious networking activity within the environment.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Civica have developed an Incident Management process (PRM07) under ISO 20000 standards which details both the Incident and Service Request Management processes.
The Civica Service Desk manages end user Service Requests, Incidents and Requests for Change (RFCs) which can be logged by e-mail, telephone and web portal.
Monthly customer reports will detail incident information.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Joint Academic Network (JANET)


Price £6000.00 per unit
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑