Bramble Hub Limited

Bramble Hub PTFS Europe - Koha Library Management System

The Koha library management system is a completely web-based application for both staff and public users. The system comprises core modules: acquisitions with EDI, circulation, cataloguing, serials, ILL and a public catalogue. PTFS Europe provide services including training, data conversion, project management, server hosting and high quality on-going annual support.

Features

  • Comprehensively featured Library Management System
  • Fully browser based for staff and public interfaces
  • HTML5 compliant public interface
  • Fully hosted
  • Supports libraries of all sizes
  • Multi-lingual
  • Highly configurable interface
  • Open source software
  • API

Benefits

  • Light, low maintenance product
  • Responsive interface for use on smartphones and tablets etc
  • Intuitive interface
  • Web based throughout
  • Integration with 3rd party systems streamlines workflows
  • No software licence fees

Pricing

£3275.00 per instance per year

  • Free trial available

Service documents

G-Cloud 10

711852395488241

Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

contact@bramblehub.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Web browser access from user site

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severe: Within 2 working hours and best endeavours to fix within 6 working hours or recommend acceptable workaround.
Moderate: Within 4 working hours and best endeavours to fix within 12 working hours or recommend acceptable workaround.
Minor: Within 5 working days and reasonable endeavours to recommend appropriate solutions.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The same high support level of support is provided to all of our customers (described in 'Support response times' above). Support costs are based on the scale and complexity of the customer's system. Each customer is provided with a Customer Relationship Manager, who reports to the Director of Operations.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Having identified the project teams from the customer and supplier organisations, the project managers arrange a project kickoff meeting to work out realistic target dates for the various tasks and milestones involved in the project. The most important dates are those that affect a large number of people such as the training and go-live dates. We then have an implementation workshop where configuration and customisation options are discussed and agreed. Following on from that we then install and configure the system to your meet your requirements and carry out data migration and loading. We then train your staff and then move to live running and ongoing hosting and support.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction On request we can provide relevant data by secure ftp
End-of-contract process Data in MARC or delimited format can be provided for catalogue & authority records, users, loans, holds and fines records. The work involved would be charged at the then prevailing professional rate for services. In addition, on request, the entire system can be delivered by secure FTP to a destination of your choice at no additional cost (an advantage of open source software).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Koha has a JavaScript dialect compliant with ECMAScript 262 edition 5.1. It is compliant with W3C AA, compliant with PECR 2011 and the ICO’s requirement in regard to cookies. It uses CSS 1/2 Style Sheets in preference to HTML formatting. We would check and advise on accessibility compliance in response to customisation requests.
API Yes
What users can and can't do using the API The Koha API is fully read/write – We have many customers who use the Koha ILSDI (https://demo.koha-ptfs.eu/cgi-bin/koha/ilsdi.pl) in different contexts to retrieve data in XML format in order to integrate 3rd party applications. There is no cost to use the Koha API and the documentation is in the public domain (https://perldoc.koha-community.org/).
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation There are a wide range of parameters and configuration options that can be set by buyers. In addition the look and feel of the public interfaces can be customised to meet branding and other requirements

Scaling

Scaling
Independence of resources We can configure the amount of resources made available to each of our installations. Depending on the size of the system we can install the service on a dedicated server with no other users.

Analytics

Analytics
Service usage metrics Yes
Metrics types We can provide comprehensive metrics on uptime using the Nagios monitoring service. In addition statistics relating to help desk performance can be derived from our CRM system used for call management.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach A range of tools to export data are contained within the application.
Data export formats
  • CSV
  • Other
Other data export formats MARC21
Data import formats
  • CSV
  • Other
Other data import formats MARC21

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The annual availability of the Software Programs will be better than 99.9%. Service credits for failure to meet availability targets can be agreed as part of individual contract negotiations.
Approach to resilience Available on request
Outage reporting In the rare case of outages, users are alerted by email and by posts to the user forum.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access to support channels is via an authorised login and password to the support portal. Each user can see all the support tickets of all other users within their organisation. Access to management interfaces within the application is controlled by user access level which is linked to the user login. This defines the permissions and roles each user or group of users is able to carry out
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 8th May 2016 - 7th May 2019. Certification number 193891
What the ISO/IEC 27001 doesn’t cover Certification is limited to the provision of hosting, implementation and support services for a range of products in the library sector.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials accreditation - Certification number QGCE 1623

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes Our information security policies and procedures are built around principles defined in ISO27001:2013. We have been implementing, hosting and supporting library system for over 10 years and have a wealth of experience in the security and assurance processes needed to deliver these services efficiently and effectively. Documentation on our security management plan is available upon request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a well documented and proven process for change management. As part of our project management discipline changes are documented and audited. Configuration changes are documented within the system and recorded in action logs. Implementation of the product by PTFS Europe is controlled by weekly project implementation meetings and weekly upgrade meetings. Also, at an initial installation meeting a detailed configuration spreadsheet is used to maintain change control.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of our ISO27001:2013 procedures a full risk identification and management process is regularly taken and the resulting policies audited upon a regular basis. As part of the risk analysis, vulnerabilities are identified and appropriate measures taken to obviate or mitigate. Depending upon the severity of the threat, patches can be deployed in under two hours. Information about potential threats is derived from a range of sources including security list services and other relevant sources. Where appropriate our servers are configured to automatically upload and deploy security patches from approved sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Nagios and Intrusion detection software is used to monitor key processes and alert to suspicious behaviour. File validation checks are carried out on a regular basis. Network intrusion detection software is also employed by our hosting provider. When a potential compromise is found we follow our ISO27001 procedure for managing compromise events. We would aim to have an immediate response to any compromises.
Incident management type Supplier-defined controls
Incident management approach Our Incident Management processes are carried out according to ISO27001:2013 principles and audited accordingly. Support calls are placed on and managed via the support portal. There are clear escalation paths for the management of incidents. In the case of a severe breach users would be notified immediately

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3275.00 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Access to a sandbox environment with admin privileges can be negotiated on request.

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑