Bramble Hub Limited

Bramble Hub Amlib UK - for School Libraries Services Library Management System is a complete web library asset and online resource management system. allows you to implement dynamic content websites, discovery OPACs, enquiry management, social media management, acquisitions management, mobile library and public library management systems. All applications are backed by full training, migration, implementation and support services.


  • Delivers an easy to use fully integrated library management system
  • Provides colourful tailored OPAC websites which engage your clients
  • Manages any type of resource including books journals and documents
  • Easy circulation and flexible borrower management
  • Complies with International Standards – MARC 21 and Z39.50
  • Provides offline circulation and stock rotation capabilities
  • Based on easy to manage Microsoft technology
  • Skilled trainers and applications consultants
  • Skilled in migrations from legacy solutions to cloud technologies
  • Delivery on many devices including kiosks tablets and mobile phones


  • Produces applications which are innovative and cost saving
  • Allows you to offer new products and services
  • Raises profile of organisation through eye-catching web designs
  • Use technology to introduce new more efficient working practices
  • Allows you to take advantage of fast low-cost cloud services
  • Reduces operational costs associated with maintaining applications on workstations
  • Allows staff to access information on-the-move using mobile devices
  • Facilitates better decision taking by offering responsive access to information
  • Supports flexible working and sustainability through remote working
  • Reduces dependency on expensive IT resources


£800.00 per user per year

Service documents


G-Cloud 11

Service ID

6 4 3 9 8 0 2 5 8 7 1 4 4 1 9


Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints is a web browser solution, which may be hosted anywhere. A web services API is supported, which means that you can embed in your inhouse Windows applications to provide additional services integration with other systems; HTML5, JavaScript, JSON and SOAP interfaces are supported if you wish to embed in your own applications.
System requirements
  • A web browser on your device
  • Javascript enabled on your web browsers
  • Microsoft IIS web server should be enabled on Windows server
  • Microsoft SQL Server Express Edition and above
  • Full-text search features of Microsoft SQL Server are utilised
  • Adobe adapters for SharePoint for full-content PDF searching
  • Cookies should be enabled
  • supports Apple 'apps' on Apple devices
  • supports Android 'apps' on Android devices

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to questions and issues raised online within 1 hours of us receiving them (depends on the severity of the issue). Our response time with out of hours questions would be on the next working day. Our working hours are 9:00-17:30 Monday - Friday, excluding bank holidays.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web chat support is provided via skype, webex, zoom, team viewer and emails which for library services is a better option. This offers the benefits of visual help for those with visual acuity.
Web chat accessibility testing None specifically
Onsite support Onsite support
Support levels Our support levels are based on both the hours of service your require e.g. with or without weekends and the hours supported as agreed with our clients. Where a client requires support outside normal hours, the details of nominated support staff, who are expert in your configuration, will be provided. Onsite application support for a fixed number of man days per annum may also be provided to provide additional training and configuration tuning to introduce new services. Full consultancy services are available to provide guidance on feasibility, gap analysis, software consultancy and onsite implementation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A full range of training courses are available, which can be tailored to match those services, which you wish to use. For example there are courses for acquisitions staff, periodicals managers, advanced report as well as the core introductory courses. ANS will sit down with you and lan what courses are appropriate. These course may be given onsite or using tools such as webex or Skype.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats Word formats
End-of-contract data extraction Data is provided in CSV format, SQL format or XML formats. MARC 21 is also supported for interoperability with other library management systems.
End-of-contract process At the end of the contract you can request your information is delivered to you in MARC, CSV, flat files, Excel or XML. Within you can extract all the information you need yourself using the standard reporting tools, so you avoid consultancy services and unexpected additional costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service is a web browser application, though 'apps' are available for users to view the catalogue, manage their profile and undertake library tasks e.g. renew items, reserve items and book items. These 'apps' can run on tablets or mobile phones. The mobile phone 'apps' allow login details to be stored on the mobile phone; if you want users to always login to authenticate, we suggest that you use a web browser application designed for the mobile phone.
Service interface Yes
Description of service interface The application offers a complete, unique web browser managed configuration setup. This means that all of the parameters required to expose the functionality, manage security, and all lookups can be controlled by library staff with a straight forward web browser. Furthermore, this reduces the time required to configure an application and reduces the implementation costs substantially.
Accessibility standards WCAG 2.1 AAA
Accessibility testing Testing includes the use of W3C consortium tools and accessibility tools such as JAWS.
What users can and can't do using the API The API is a set of web services, which support JSON and SOAP. This means that you can embed in your own applications as well as third party applications such as Moodle. The web services can be called from any development language e.g. java, Visual Studio, Objective C etc.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation has been designed to every part of the system to be customised by library staff through the web browser application, which we call the 'supervisor' module. The library supervisor can control who can access each service and assign roles to all users so that users are only able to undertake tasks, which are appropriate to their training. Customisable features includes what languages the web pages should support, the services to be catalogued e.g. books, documents, locations, assets, tutors, events, accommodation, web page content, websites, online knowledge tests... what reports and email templates are available as standard and whether users can create their own reports and email templates.


Independence of resources is designed to allow a large number of libraries to share a cloud and share resources. A cloud may consist several hundred libraries with several million users. is scaleable.


Service usage metrics Yes
Metrics types allows library staff to set up 'statistics' which trap certain events e.g. a booking, an issue, a renewal, a return, an accession etc. These statistics are stored in Microsoft SQL Server to allow analysis by any analytical tool. Every term used in every query may be stored to allow analytics to be used against query terms, so that library staff can set up their thesaurus and taxonomy of terms including broasder terms, narrower terms, related terms and equivalent terms
Reporting types
  • API access
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Microsoft SQL Server supports encryption of data.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users export their data using the standard features of the reporting module, which allows you to extract any type of data. A scheduler is built-in to automate the export of information to other systems without the need for manual intervention.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • MARC 21
  • Excel format with headings for columns
  • RTF for use by MS-Word
Data import formats
  • CSV
  • Other
Other data import formats
  • Images may be loaded in jpeg or gif formats
  • Documents may be loaded in PDF format
  • Web pages may be loaded in HTML format
  • Catalogues may be loaded in MARC 21 format
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Library systems can communicate with each other using Z39.50 which encrypts data in MARC 21 formats. For some users ANS has added .Net encryption to further enhance security. ANS can provide the SQLBase Treasury edition as used by intelligence services so long as you pass the scrutiny of the American government who have the write to veto access to this database.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99 per cent uptime
Approach to resilience We have an ISO27001 expert who comes in once a year to check all of our data is being stored correctly. Throughout the year we check that we are following the standards of ISO27001. Our servers are kept in a very secure room which is also monitored by CCTV. Only a small number of people know the code and have the key to the server room. So, there is no chance that anybody can get into our data. All of our servers are virtual machines and we back up our VMs along with the data onto a tap. We back up all of our data daily.
Outage reporting Outages are very rare. If an outage would cause a critical disruption to a site, ANS can provide an offline module, which allows continuous working until communication can be restored. ANS support protocols agreed with clients to cater for any special action required in the event of an outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication supports authentication using third parties such as Microsoft Azure
Access restrictions in management interfaces and support channels Within our software, the supervisor controls what role an operator has. The 'role' controls access to functions within the system. Using roles you can prevent unauthorised access to management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS
ISO/IEC 27001 accreditation date 29/03/2017
What the ISO/IEC 27001 doesn’t cover ANS support the Z39.50 protocol for secure access to libraries.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ANS follows policies laid down in ISO27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All change control requests are logged in our change management tool called RedMine, which provides the ability to track all issues until they are resolved. RedMine is a web browser solution, which means that we have secure change management both onsite and offsite.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerabilities are reviewed regularly by qualified staff. If any action is required to make changes, they are document within our change control system and actioned with appropriate priority. ANS is a reseller of F-Secure, the anti-virus software, and therefore obtains updates regarding potential threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach New threats are constantly appearing. ANS responds to threats by investigating the best approach to such threats and putting in place appropriate protection. However good your protection there will always be a threat which could get through. ANS has a recovery strategy to cover a situation where our protection has been compromised.
Incident management type Supplier-defined controls
Incident management approach Documented procedures are in place to ensure that staff understand what to do in the event of an incident. All incidents are documented on RedMine and reports are made available from the RedMine system, so that you can see a history of how the incident was handled.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £800.00 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial You can try out the software before you buy. You will be able to test out a solution, which has lots of test data. Our support staff will configure a test environment for you. Our test environment is usually mad available for 30 days.
Link to free trial

Service documents

Return to top ↑