Capita Business Services Limited

Chorus Library Management System

Chorus is Capita’s fully hosted next generation Library Services Platform, delivering tangible efficiencies and cost savings to modern libraries. Capita manages and maintains the core system, while providing a future-proofed, flexible configuration with excellent information exchange integration. Libraries can achieve their customer service aims and ambitions enabled by Capita Chorus.


  • Web based staff interface including: Circulation, Cataloguing and Acquisitions.
  • Web based staff interface including: Integrated Bibliographic Database.
  • Web based staff interface including: Interloans and Serials Management.
  • Web based staff interface including: BI Reporting.
  • Catalogue: Easily customisable for required branding, mobile interface and marketing.
  • Catalogue: Search and discovery system for all holdings, e-resources integrated.
  • Catalogue: Provides ‘My Account’ online library services and ‘My Lists’.
  • Catalogue: Browser agnostic, dynamic adjustment to fit any screen size.
  • Library Search: Discovery content across all resource formats, meaningfully categorised.
  • Accessibility compliant with WCAG2.0 double-A, W3C and WAI; continually improved.


  • The system delivered as SaaS: features and workflows update regularly.
  • Customers can discover more content with wider choice of resources.
  • Catalogue customisation is simple to keep it topical and engaging.
  • Invites community contribution using star ratings, reviews, reading lists, tags.
  • The integral bibliographic database automates input for enhanced catalogue quality.
  • Web services enables library data exchange with other systems seamlessly.
  • Uses self-service technologies, old and new, including barcode, RFID, NFC.
  • Integrated Electronic Data Interchange is standard, saving time and money.
  • Mobilised employees can take the library service anywhere, anytime.
  • Eliminates related IT infrastructure and resource investment, reduces maintenance overheads.


£77608 per instance per year

Service documents

G-Cloud 10


Capita Business Services Limited

Capita Business Services Ltd


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None.
System requirements Users require a browser and web access.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Cases for service requests submitted online or via email will receive a response within 1-hour from time of receipt during help desk hours, which are: 08:30-20:00 weekdays, 09:00-16:00 weekends, excluding English public holidays. Service requests submitted out-of-hours, including English public holidays, will be responded to within the SLA which will start to track when help desk hours recommence. The help desk portal provides customer access to announcements on a 24/7 basis. It enables case creation, checking progress, searching the knowledgebase, accessing downloads and documents, finding contact details for the Service Desk and Customer Account Manager, reviewing and updating their profile.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support services are governed by SLA and are provided remotely, as the solution is fully hosted and managed by Capita. The support is provided at a consistent cost across all the Capita Libraries customer base and is undertaken on the severity of the issue that is raised. The priority levels for an issue are set by the Customer and the response times are detailed in the SLA.

As standard, we provide each customer with an Account Manager. Account Managers work very closely with the Development Team. In our agile ‘Scrum’ process the Head of Sales and Support take on the role of the Customer and represent the customer base in our fortnightly iteration planning so that all requests from the customer base are considered and prioritised for development accordingly. A cloud support engineer will assist with the onboarding process and will also be assigned in the event of any service issues.

Assistance that may require on-site attendance would be raised with the Capita Account Manager and the service provided would be mutually agreed and SFIA consultancy fees attached to the G-Cloud Contract would apply, subject to scope.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Capita has a wide range of training courses available online, on-site and in the classroom, split into modules that cover the usability aspects of the library system.
During the project initiation stage, we will provide the Authority with a booklet outlining the Capita training courses available. A detailed training plan will be drawn up to include all the courses that the Authority wishes to utilise along with their delivery method. Typically, a combination of train-the-trainer (TtT) and specific training for employees responsible for acquisitions, budgetary control, serials inter-library loans, etc, is delivered. For example, circulation training is provided through TtT for employees to cascade their knowledge to their colleagues. Capita will continue to support the group of ‘trainers’ by providing advice and guidance throughout the cascade training phase and following implementation.
There are comprehensive user guides available to all employees. Training notes and cards used by the Capita training specialists are provided to those who attend our training sessions. Two days of Post Go Live Training is included as standard and covers acquisitions and circulation, giving employees the opportunity to focus on specific issues they have encountered and acquire more information/ clarity in complex areas.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Online HTML
End-of-contract data extraction All critical data for the operation of our Hosted and SaaS solutions resides within the RDBMS within the LSP. The data within the library system remains the property of the Customer. A copy of that data can be made available upon formal request and provided as an end-of contract data extraction. This service is provided by Capita.
End-of-contract process Capita will work closely with the Authority in the project initiation phase to capture all requirements and dependencies and feed these into an agreed service transfer plan. It is also important that during this phase we identify and mitigate the issues and risks associated with this exit. At Capita, we are keen to work in partnership with all customers to ensure delivery of a successful solution. Once the data extract scope has been agreed, Capita is happy to liaise directly with the successor LSP provider. If the leaving customer requires assistance in defining the scope, Capita will provide this support and would reserve the right to charge for this if the data is to be transferred in a format other that CSV.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Capita Libraries solution has been designed with the web as the primary method of access, displaying the user interface in web browsers. Supported devices include PC, smartphones and tablets, including iOS and Android. Adaptive design means that, no matter the screen size or orientation, content and layout on the screen scales and displays appropriately without the need for scrolling horizontally, making it intuitive and easy to navigate on any device.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Capita’s web applications provide customisation for accessibility needs at an operating systems or browser level (which include changes to the font size, font and background colour). Accessibility includes font size alteration by standard configuration or browser controls (CTRL and +/-), robustness to use with assistive technologies, such as screen reader, screen magnifier and colour inverting systems that would be essential to anybody needing these methods of access.

We test our web apps with tools such as Voiceover for Mac, JAWS or NVDA (depending on operating system and availability) to ensure they can be used when the HTML is linearised for reading. We also ensure that correct form labels and heading hierarchies are available for quick navigation around the page when using assistive technologies. This ensures that all relationships between elements can be programmatically determined and inferred by the accessibility tree maintained by browsers.

There is no flashing or scrolling text anywhere within any of Capita’s solutions. We always ensure that we comply with the graded browser standards to ensure that our solutions are compatible with all browsers and devices.
What users can and can't do using the API The Capita LSP makes use of RESTful APIs for integration connectors with third party systems to provide data exchange. These connectors are set up by Capita during deployment and change control procedures are applied if required thereafter.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The public interface (catalogue) is customisable to each organisation’s requirement. This is achieved by using new web standards, as we did with HTML5 and CSS3, to ensure that our solutions continue to evolve and provide the best solutions for the end user. This includes browser adoption and the use of technologies, where appropriate, that assist the user to complete their tasks more efficiently. Therefore, the institution and the end user can customise the application by using the standard skill set that most websites use. Personalisation features (for example, contact options, etc) can be set by the end user. This ensures that the correct level of customisation can be achieved, no matter the technical skill set.

Capita’s integration platform utilises the correct integration technology for the requirements. For example, the SIP2 protocol, traditionally used for self-service machines and stock sorters, can also be used to integrate PC booking systems. Other integration interfaces we use include: EDI, OAI-PMH, LCF, NCIP, import and export metadata in MARC21 and XML format, as well as extensive use of real-time RESTful APIs.


Independence of resources Service availability is assured by contractual commitment on a customer by customer basis. Capita will use all reasonable efforts to make the LSP available with an annual uptime percentage of at least 99.5% during the service year of 365 days. Availability is checked by both Capita and an independent third party monitoring service. These systems carry out identical checks against dedicated monitoring targets to report both availability and response times from numerous locations around the world. In this way customers are guaranteed that availability is not adversely affected by the demand other users are placing on the service.


Service usage metrics Yes
Metrics types Customers are provided with a Service Statement monthly. The statement lists:
- Open Cases Backlog as at report date
- Cases Raised in the Last Month
- Cases Closed in the Last Month
- Server Availability (uptime) in the Last Month
- Server Availability (uptime) in the Last Twelve Months
- Average Server Availability in the Last Twelve Months
- Summary of Licences and Products (Active and Expired)
- Useful Links to find additional information
- Forthcoming Events.

For the OPAC, Capita provides Google Analytics which can be used for real-time dashboarding.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Our co-location services have security accreditations, including Government OFFICIAL, such as PCI DSS and ISO 27001. Physical security is second to none with biometrics, CCTV, card access and 24/7 personnel on-site. Our engineers offer remote-hands and smart-hands as well as full managed services for the workloads the Authority co-locates with us.
RDBMS data required for the application is written to raw devices and is not human readable. Backed up data is encrypted using one of AES128/192/256 encryption. We are happy to work with the Authority to ensure that its data protection and encryption requirements are fully met.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers must raise a formal request for export of their data and Capita will provide the data in machine readable format.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • XML.
  • Other formats as may be agreed with the Customer.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks The end user SaaS solution ensures data in transit is protected through the use of HTTP over SSL encryption. This ensures that the data presented to the end user about their account is secured through to the point of display. Connections between Capita datacentres and access to the LSP servers themselves, if needed, is provided over an AES128/192/256 encrypted VPN. Capita Libraries’s datacentres are located within the UK. Capita can therefore guarantee that all data for our customers will be located within the EEA and will not be transmitted outside of the EEA.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Chorus is available 24 hours a day, 356 days a year, outside of regular and planned maintenance windows as defined in the section Maintenance Plans – Continuity.
Capita will use all reasonable efforts to make Chorus available with an annual uptime percentage of at least 99.5% during the service year.
Availability is checked by both Capita and an independent third party monitoring service. These systems carry out identical checks against dedicated monitoring targets to report both availability and response times from numerous locations around the world. The SLA agrees to a 99.5% uptime and Capita would be pleased to discuss the requirements for service credits should an organisation wish for these.
Approach to resilience Chorus has been designed to be as resilient as possible to avoid the need to invoke a disaster recovery process. There would need to be a very significant incident to trigger the disaster recovery process. Capita tests our disaster recovery procedures at least once a year.

During the implementation stage, customers may request a DR test for their environment, which can be incorporated as part of the Go Live sign-off. Physically, the assets are protected by all equipment being securely locked into designated racks with secure code locks fitted.
There is a strict ’booking in’ process in place, followed by a thorough security validation process, before authorised personnel are allowed to enter the centre. Full details of our approach to resilience is available on request.
Outage reporting Where an incident results in a major outage, all customers affected by the outage will be notified by email and the website as soon as the problem becomes known. In cases where the delivery of emails between the service desk and customers may take longer than 60 minutes, every effort will be made to contact customers by telephone.

The service desk will take responsibility for restoring full service as soon as possible and will provide updates on the resolution of the problem and estimated time of restoration of full service, both by email and via the website, during scheduled service hours. If the outage is predicted to last more than 1 working day, this will be escalated to the Support and Education Manager.

In the event of a critical system failure, the service desk will liaise with all necessary parties to resolve the problem and keep all customers informed of the situation.

We also have a public-facing statistics service via Pingdom.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication The staff user interface uses two-factor authentication with username and password and IP range restriction. SysAdmin users must authenticate using a Public Key TLS Certificate with internal network access only. OPAC Identity federation includes Shibboleth/ Open Athens/ CAS with username and password.
Access restrictions in management interfaces and support channels Admin Console requires username and password with two-factor authentication. SetConfig – username and password and limited network access only. LSP sysAdmin – public key authentication TLS certificate (like above) internal network only.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The LSP is designed to comply with all the legislative requirements, such as the ones mentioned above. Wherever possible, the LSP will meet and exceed the UK legislative requirements. Capita conforms to the data protection requirements for our hosted LSP and is registered with the Information Commissioner’s Office. Our hosting supplier is certified to ISO 27001:2013. The certification scope is as follows: The management of information security in relation to the supply of datacentre hosting, co-location, support and managed services. This is in accordance with the current version of the Statement of Applicability.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All incidents and changes to the service desk are assigned a priority dependent upon an assessment by the service desk of the severity of the problem and the impact it has on the user base and the Customer.

The service desk will contact the originator of the call within 1 hour of receipt. All changes made to the LSP system, whether hardware or software related, will be made using the standard Capita’s Assist Managed Services change control process; this has been written in accordance with ITIL.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Capita employs a third party to perform daily penetration checks, scanning the whole of our external IP range(s) for vulnerabilities.

A full TCP and UDP port scan is completed each night to determine which services are available to the internet. Each service is checked for information leaks, configuration errors and security vulnerabilities. The resulting report indicates risks and highlights areas for improvement. Should any risk be identified, it is not only resolved in isolation, but is also fed into our security framework, ensuring that all infrastructure and future projects benefit from the resolution identified within the report.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Capita’s SaaS applications are tiered, in order to provide defence in depth. This enables self-autonomy within the layers, enabling monitoring of traffic between the layers and providing resilience should a layer become compromised.

Within these separate layers, network traffic is monitored and is throttled or blocked should unusual traffic/ load be detected. IDS and IPS also operates within these layers.

For all severe vulnerabilities, Capita will respond within 1 hour to all system administrators by email, confirming any action or information required.
Incident management type Supplier-defined controls
Incident management approach Capita has defined processes in place to ensure that effective communication between ourselves and our customers takes place at all times and recognises that this is especially important should there be an incident affecting our customers.

The Customer will log incidents with the Capita service desk via the Support Portal, by email or via the direct support telephone number.

Monthly summary of all cases is provided to the Customer. In the event of a major incident a specific report is issued.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Joint Academic Network (JANET)


Price £77608 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A public facing demonstration system is available for trial use at no charge. This uses standard anonymised and test data and is not customer-specific. It includes all features available through our web applications. There is no time limit to the availability of the system.
Link to free trial Staff user interface:


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑