OLIB is a highly configurable integrated library system that allows you to customise all areas of library management and end-user discovery to reflect your local requirements, thereby enabling more efficient workflows and saving in staff time. With this proven, functionally rich system, you get added value at an attainable cost.


  • Comprehensive and flexible management system with all the expected modules
  • Providing real-time access to library resources
  • A new generation OPAC (Folio) offering more social features
  • Integrates with other related systems within your organisation
  • Customisable data entry screen for all resources
  • Access to enhanced data including e-links and faceted searching


  • A web-based staff interface facilitates ease of use
  • Offers more than just traditional catalogue searching
  • Cost-effective way to manage cataloguing, circulation, acquisitions, accounts and reporting
  • Provides flexible access to a wider range of resources
  • Retrieves results based on natural language searching
  • Optional integration with OCLC's WorldCat® database
  • Suited to the needs of corporate, special and education libraries


£5000 to £35000 per unit

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10



Andrew Evans



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints OCLC will notify Institution promptly of any factor, occurrence, or event coming to its attention likely to affect OCLC's ability to meet the Uptime Commitment, or that is likely to cause any material interruption or disruption in the Hosted Services. Maintenance may occur any Sunday during a 4 hour window and may occasionally be extended. Notice of scheduled maintenance will generally occur 3 days prior to scheduled downtime. In the event emergency maintenance is required, OCLC will make commercially reasonable efforts to notify Institution in advance.
System requirements Not applicable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to questions within four hours, within UK office hours (09:00 – 17:30 Monday-Friday, excluding English Bank Holidays)
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support work to the following SLAs:
* Level 1 Definition: An outage or an almost total loss of functionality,
SLA Response time 2hrs SLA for time to fix / provide workaround 24 hours/
* Level 2 Definition: A significant proportion of the system loses functionality,
SLA Response time 4hrs SLA for time to fix / provide workaround 7 days/
* Level 3 Definition: The system does not operate in accordance with the product description, but the Library is still able to use significant elements of the system,
SLA Response time 4hrs SLA for time to fix / provide workaround 20 days.

All customers receive the same level of support and support costs are included in the fee for providing and maintaining software.

OCLC provides a Technical Services/Cloud support contact person
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training is provided upon request. Trainer expenses will apply.
Online training material and user documentation for OLIB is provided via the OLIB users' site. User documentation includes OLIB Release Notes, User Guides, Technical Documentation, Upgrade Manuals and Online Help
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can only be extracted using standard export options in OLIB. Several export formats are available for the export of bibliographic, user and acquisitions data. Two are “standard” export formats – the MARC21 format and the MARC-XML format, both to be used for exporting bibliographic data. The other formats that are available as “standard” (e.g. the OLSTF (ASCII Flat File) format in Titles and the Users OLSTF format in Users) are fully configurable, i.e. the data that is exported and the format in which that data is exported can be modified by the system manager by changing the Format Text field in the relevant Output Format record. This configurable export facility is described fully in the Data In/Data Out training guide. If the system manager requires any assistance with modifying existing export formats or defining new export formats, this will be a chargeable training/consultancy service.
End-of-contract process In accordance with the terms and conditions, either party may terminate the Agreement without cause effective at the end of the Initial Term (three years) or any Renewal Term, upon at least twelve months prior written notice to the other party. In the event of termination, the Customer may no longer use the Application Hosting Service and will destroy all copies of any Distributed Software. Within 14 days following termination/expiry of the Agreement, parties will discuss the supply of the Customer Data by OCLC to Customer as to be further specified and in a format to be agreed. Three months after contract termination, OCLC shall destroy or delete all Customer Data on the OCLC Systems.
The price of the contract covers access to the services relating to the ongoing management, maintenance and support of Software specified in the Contract Summary and in accordance with Exhibit A of the OLIB terms and conditions. Pricing includes access to the Support Desk and OLIB users' site. The annual fee excludes the fee for Service Packs which are released on a twelve-monthly basis. The Service Pack charge covers installation plus a WebEx training session. On-site training is available and trainer expenses would be billable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Differences are determined by the browsers' different methods of rendering HTML
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing A comprehensive test of OLIB was conducted by the Digital Accessibility Centre (http://www.digitalaccessibilitycentre.org/) using a number of different assistive technologies. This test confirmed OLIB's AA compliance
Customisation available Yes
Description of customisation The system administrator can configure the following: badging ; data entry screens (fields included, field labels, field position, field operation) ; functionality available to different groups of admin and end users ; default search options ; language of the interface ; parameters that control workflows ; data import, output and export formats


Independence of resources Our hosted services are scalable and can support any number of simultaneous users without negatively affecting system performance. Performance is monitored to ensure that response times meet the set quality standards. OLIB achieves scale and robustness by allocating a certain percentage of the underlying Oracle database’s resources to each institution based on their expected usage patterns. As more institutions come online and load increases, we increase the overall database resources, which are allocated accordingly to each institution. Alternatively, we deploy separate databases instances across additional hardware to serve additional institutions. Thus, each server, database instance and institution is scaled independently.


Service usage metrics Yes
Metrics types The OLIB Reports module includes 100 standard reports. A sophisticated report generator is also included for library staff to create their own reports
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Identity management data is not encrypted at rest. However, only authorized OCLC staff can access it using the authorized Oracle database access client.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Records to be export are selected and the relevant export format chosen. The data is then exported to a file. Batch export facilities are also available to export data en bloc overnight
Data export formats
  • CSV
  • Other
Other data export formats
  • Tagged
  • MARC
  • Local formats
Data import formats
  • CSV
  • Other
Other data import formats
  • Tagged
  • MARC
  • Local structured data formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network While we do not encrypt traffic within a data center, all traffic between data centers is encrypted using Legacy SSL and TLS (1.2). Robust perimeter controls ensure that no unencrypted private traffic flows across the internet. We employ state of the art Intrusion Detection Systems and user enterprise-grade anti virus protection on our Windows servers. Since our public APIs are exposed to the internet, client traffic to and from those APIs is encrypted.

Availability and resilience

Availability and resilience
Guaranteed availability The Software will be available to the Internet for 99% of Office hours but excluding downtime for scheduled maintenance and excluding telecommunications problems beyond OCLC (UK)’s control. The service is supported during the hours defined above although it will remain running on an almost 24x7 day basis (allowing for overnight processes). If an issue with the service should develop then it will be investigated during Office hours.

A Level 1 fault will be treated as a matter of priority and, if it occurs during Office hours, will be investigated immediately. If it occurs outside the Office hours it will be investigated at the start of the next supported period.

Service availability will be measured on a quarterly basis as a percentage of Office hours. Note that deviation of system availability that is outside OCLC (UK)'s control will be taken into account.

Maintenance and Support Services shall be provided during Office hours (Monday to Friday 09:00 -17:30)

User refunds - Not applicable
Approach to resilience Information on how our service is designed to be resilient is available on request
Outage reporting OCLC will notify libraries promptly of any factor, occurrence, or event coming to its attention that may affect OCLC’s ability to meet the Up-time Commitment or that is likely to cause any material interruption in the Services.

System alerts are distributed at our password-access online User Support Centre (http://oclc.org/support/systemalerts.en.html) and RSS feeds (http://www.oclc.org/rss/) and broadcast to libraries via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Username and password
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Registar
ISO/IEC 27001 accreditation date 29/06/2016
What the ISO/IEC 27001 doesn’t cover We did not implement ISO 27001 control A.18.1.5 because because OCLC does not create, manage, or export cryptographic controlled items.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Head of Global Security is responsible for implementing the Information Security Policy, and this position reports to the Chief Information Officer (CIO). The CIO reports to the Chief Executive Officer (CEO). Our policies follow the ISO 27001:2013 standard, and we will be happy to review them with you on request. Yearly ISO 27001 audits ensure that we comply with your policies, and internal security staff routinely engages with other staff to ensure policies are considered and addressed during development and deployment.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Non-trivial changes are reviewed for potential security impact. Otherwise, the change management process implements the controls recommended in ISO 27001. Specifically, we implement strict segregation of duties by allowing only select staff to deploy changes, and only after the changes are reviewed by the Change Review Board. The CRB is made up of a diverse team tasks with ensuring changes are appropriate and correctly implemented. Software changes are versioned and can be rapidly rolled back. All changes are tracked through a central change management system subject to management oversight.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We conduct vulnerability scans monthly to identify potential threats. A team consisting of security and support staff review each vulnerability for its severity and potential impact the business. We deploy patches as needed based on our analysis, and we have a process for handling emergency/critical patches. We use vulnerability scans, vendor security bulletins, and trusted news sources to keep informed of potential threats. We also rely on the Common Vulnerability Enumeration and follow the principles of the Common Vulnerability Scoring System.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use an industry-leading IDS to monitor incoming and outgoing traffic. We closely monitor system performance for early indication of security issues. We preserve audit logs for at least six months and use those logs for diagnostic and forensic purposes. OCLC maintains a robust Incident Response process, and we conduct annual training on that process.
Incident management type Supplier-defined controls
Incident management approach Users can report events through the website or by calling the OCLC service desk. Operations has a full runbook detailing how to respond to common events. OCLC also maintains a full escalation matrix that defines critical staff to involve for each product and service. Should an incident require it, OCLC has a time-tested Computer Incident Response Procedure that is reviewed annually by the Director of Global Security . This procedures defines the team and the individual roles to handle an incident.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5000 to £35000 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free version of OLIB is not available


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑