EOS International Ltd

EOS.Web Cloud Library Management Software

EOS.Web Cloud library management software cost-effectively serves the stringent knowledge and content management needs of government, corporate, scientific, and other special libraries. Fully web-based and hosted on our secure servers, EOS.Web offers librarians and knowledge services an easy-to-use interface while increasing operational efficiency, enhancing services to end-users, and reducing costs.


  • Web-based Library Management System (LMS/ILS)
  • Cataloguing, Circulation, Serials, Acquisitions, Reference Tracking, Z39.50
  • Design and manage your own OPAC (online public catalogue)
  • Powerful reporting and exporting capabilities
  • Responsive, high quality customer service
  • Easy to learn and use


  • Quickly/easily make your catalogue data available on the web
  • Simplified maintenance (we handle upgrades, security patches, etc.)
  • Get around-the-clock access to customer support
  • Easily edit record data (MARC or non-MARC/labels)
  • Catalogue traditional library materials (books, serials, etc.)
  • Catalogue non-traditional materials (objects, images, files, etc.)


£3500 per instance

Service documents

G-Cloud 10


EOS International Ltd

Mike Matheson

01923 202 901


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints EOS.Web software updates are loaded once a month late on a Sunday evening (or very early Monday morning), outside of UK business hours.
System requirements
  • Modern versions of Internet browsers (IE11, Edge, Chrome, Firefox, etc.)
  • A PDF reader utility

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical support queries can expect a response within one hour; other support queries can expect a response within 4 hours (though often a response will be received in less than an hour).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Help Desk personnel may be contacted via web chat.
Web chat accessibility testing Untested.
Onsite support Yes, at extra cost
Support levels Full support is included in the system costs (it doesn't cost extra).
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide an online consultation to help setup the system initially. Typically onsite training would occur near the time the system was expected to go Live. The EOS.Web Help system includes not only information about the various features and workflows within the application but also quite a variety of recorded trainings and presentations on aspects of the software.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Authority and bibliographic data may be exported in MARC21 or MARC XML formats. Borrower/patron data may be exported in CSV or XML formats. Additional data can be exported using system reports in PDF, XML, CSV, Word, or Excel formats.
End-of-contract process Clients are expected to export their data themselves (MARC records, etc.) before the contract expires. When the contract expires the system becomes inaccessible, with the system's data being retained only as long as stated in our security policies.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The OPAC offers an interface for searching the catalogue that is sized appropriately for mobile device users (i.e., a much smaller screen). Tablets and larger mobile devices can access the full software package (OPAC and library staff modules) using a browser.
Accessibility standards None or don’t know
Description of accessibility The EOS.Web OPAC is Section 508 compliant. The library staff modules have not been tested.
Accessibility testing No recent testing.
What users can and can't do using the API The catalogue may be searched using Z39.50; Web Services are available to get, delete, add, and update the following types of records: authority records, bibliographic records, category records, patron records. In addition Web Services are available for obtaining item status information searching the bibliographic catalogue, and adding/getting reference tracking records.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Library users with administrative rights can access EOS.Web's General Setup and User Setup areas, allowing them to customise the look and behaviour of the OPAC and library staff modules.


Independence of resources Multi-source monitoring and alerting. Examples include Nagios, Solarwinds, PRTG, vCenter tools.


Service usage metrics Yes
Metrics types Information about library staff logins, OPAC user logins; counts of new records, edited records; total linked media storage in use; counts of circulation activities. An admin can see how many library staff are currently accessing the system.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Secure containers, racks or cages; Physical access control
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Authority and bibliographic records may be exported in MARC21 or MARC XML formats. Patron records may be exported in CSV or XML format. A wide variety of reports are available to obtain data from the system in PDF, XML, CSV, Word, or Excel formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • MARC21
Data import formats
  • CSV
  • Other
Other data import formats
  • MARC21

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network We can optionally configure internal communications for Software as a Service (SaaS) systems to use TLS v1.2 or a similar technology

Availability and resilience

Availability and resilience
Guaranteed availability Covered Services will be available 24/7 with the exception of Scheduled Maintenance periods or any events or occurrences due to the products, services, and/or actions of 3rd parties beyond EOS’ reasonable control, including but not limited to any Force Majeure events, which result in Reduced Functionality or an Unscheduled Outage. Scheduled Maintenance will only be performed after 24 hours notice.

In the event the Covered Services are not available the Customer is entitled to credit(s) as outlined below if the Customer: (1) provides written notice to EOS of the circumstances giving rise to this credit request, (2) provides such written notice no later than the last business day of the next calendar month, and (3) identifies the relevant Client Care incident(s) relating to the event(s) during which the Service Availability was not met and for which the Customer seeks credit(s).

Service Availability Interruption Service Credit (*)
Less than 1% of hours in a calendar month No Credit
1% to 4% of hours in a calendar month 5%
4% to 6% of hours in a calendar month 10%
6% to 12% of hours in a calendar month 25%
12% of hours or more hours in a calendar month 50%
Approach to resilience Available upon request.
Outage reporting Combination of email alerts and a customer-accessible dashboard (scope of coverage soon to include all customers).

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication SAML and IP Authentication are available.
Access restrictions in management interfaces and support channels Individual library staff members will access the library staff side of the application using their own library staff user account. Individual user accounts can be configured to limit access, capabilities, and defaults within the different modules of the software. Library staff access may be limited by IP. EOS/SirsiDynix support access is only (a) via a password obfuscation tool such as Remote Desktop Manager (RDM) or (b) via two-factor authentication.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 A-LIGN
ISO/IEC 27001 accreditation date 18 December 2017
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 27001
  • U.S. NIST SP 800-53
  • TrustArc TRUSTed Cloud Seal

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards U.S. NIST SP 800-53; TrustArc TRUSTed Cloud Seal
Information security policies and processes International Organization for Standardization (ISO) 27001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach EOS/SirsiDynix manages configurations and changes according to industry best practices, requiring reviews and security lead authorisations for changes throughout software or system lifetimes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach EOS/SirsiDynix uses sources such as the US-CERT ratings and industry threat reports to assess potential threats, deploying patches as needed based on the severity of the ratings. Policy related to patch deployment is 15 days for high-risk flaws, 30 days for moderate-risk flaws, and 60 days for low-risk flaws, unless an exception has been requested and has been approved by the DSO (Change Management Plan item SA-10).
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified using detection of unauthorised and out-of-policy configuration changes, network behaviour, and other activities; EOS/SirsiDynix also uses logic built into security tools to perform identification. Response to potential compromise includes isolation, investigation, remediation, and reconstitution (from the Incident Response Plan section 6). Goals for speed of response (from IRP section 6.1) are listed below.
Critical - within 24 hours
High - within 36 hours
Moderate - within 2 business weeks
Incident management type Supplier-defined controls
Incident management approach End users of EOS/SirsiDynix products typically report potential incidents to EOS/SirsiDynix customer employees who open tickets with EOS/SirsiDynix support. Internal users similarly report potential incidents to the Information Technology (IT) helpdesk via tickets. Incident reporting includes notification as soon as possible after identification of an incident, regular updates, and a final report upon incident conclusion.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3500 per instance
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑