Soutron Limited

Soutron

Soutron is a fully web-based library, archive management system (LMS) designed to manage information in a structured manner using advanced database techniques. Designed to improve productivity/effectiveness within information-dependent departments. Soutron includes cataloguing, authority control, search and discovery (OPAC), acquisitions, serials, circulation, interlibrary loans, enquiry management, staff-skills register and reporting.

Features

  • Library Management System (LMS/ILS)
  • Archive Management
  • Discovery Service
  • e-book distribution and Digital Rights Management
  • Secure Document Distribution
  • Inter Library Loans
  • Digital Media Archiving
  • Cloud Hosting
  • Data Migration

Benefits

  • Cataloguing, thesaurus, search, discovery, acquisitions, serials, circulation, interlibrary loans
  • Searching of library and online databases, e-journals
  • Control access to e-books and distribute to reader devices securely
  • ISAD(G) structures and hierarchy to manage archive collections
  • Mobile friendly Search Portals easy to customise using HTML5/CSS
  • Highly flexible database applied to manage know how
  • Built -in Expertise Register with added Search capabilities
  • Unlimited user licence
  • Controlled vocabularies simplify search (acronyms as preferred terms)
  • Integration via RESTful API makes data more accessible

Pricing

£1795 to £30000 per instance per year

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

8 6 6 8 5 4 3 9 6 0 5 6 5 7 3

Contact

Soutron Limited

Graham Beastall

01332 844 030

graham.beastall@soutron.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
  • Web Browser - IE 11 and later
  • Web Browser - Edge (latest only)
  • Web Browser - Firefox (latest only)
  • Web Browser - Google Chrome (latest only)
  • Web Browser - Safari (latest only)

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat may be accessed via our Support Portal.

All functionality of the content is operable through a keyboard interface without requiring specific timings for individual keystrokes, except where the underlying function requires input that depends on the path of the user's movement and not just the endpoints.
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Cloud support engineer provides standard support. Support is escalated to R&D for 3rd level.
There are no additional costs for different support levels. Support costs are included in annual licence fee.
Our engineers provide technical and cloud support.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Yes, we provide onsite training, online training and user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We provide users with a free export of their data upon termination of the contract.
End-of-contract process
An output of data is provided on the day of termination and the application removed from servers and backup devices. This is performed free of charge.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Resizing of interface to fit respective screen size
Service interface
Yes
Description of service interface
A menu driven interface with fields for data input
Accessibility standards
None or don’t know
Description of accessibility
Users can access all features depending on system settings. Users have ability to login to gain additional access where required.
Accessibility testing
None
API
Yes
What users can and can't do using the API
We provide a Read-only RESTfull API, this allows users to search and retrieve results to be displayed in their own interface.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
System administrators have access to over 300 configuration settings.
The end user interface can be customised as required, this includes settings, branding and layout.

Scaling

Independence of resources
We monitor servers on a daily basis and move applications or introduce new servers where required.

Analytics

Service usage metrics
Yes
Metrics types
Real-time management information available
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The system provides functions to export in a variety of formats, additional services can be provided to export data to specific formats if required.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • MarcXML
  • PDF
  • Word
  • Excel
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our Hosted service provides 99.5% uptime which is based on 365 x 7 x 24 availability. Exclusive of scheduled maintenance.
Compensation for failed SLA is agreed on a case by case basis.
Approach to resilience
Available on request.
Outage reporting
Email alerts. Clients are advised individually via email and given regular progress reports until the problem is resolved.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
All access to application management functions are protected by username and password. End user interfaces can be protected in the same way if required.
We also provide a number of other authentication options such as ADFS, SAML and active directory.
Our support portal requires a login to access tickets and knowledgebase articles.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
Via Manual Log-in Or Single Sign On (SSO)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We have policies for the following areas
Firewall Configuration
Hardware & Systems Configuration
Standard Configuration
Access Control Policy
Access Control Rules & Rights
User Access Management
Username Administration
Individual User Agreement
Special Access Privileges
Policy Against Malicious Code
Controls Against Malicious Code
Antivirus Work Instructions
Software Updates and Patching Policy
Data Protection Policy
Information Security Plan
Business Continuity & Information Security

Policies are managed by Head of technical services and agreed at board level.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change requests are logged and approved by head of technical services. Once a change is approved for testing it will be tested in a sandbox environment and documented. This is then reviewed again by head of technical who then seeks approval to implement from the board.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All application updates are tested against OWASP top 10. Additional checks are done by test engineers.
Infrastructure is checked and updated on a regular basis to prevent against threats and patches applied on a weekly maintenance cycle, or sooner if the threat is severe. Information provided from anti-virus reporting /notifications and proactive monitoring.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have monitoring in place to trigger alerts for potential problems, log files are checked weekly for compromises. Any potential threat identified is acted upon immediately and remedied. Services are taken offline if there is a threat to data security.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents via phone, email or the support portal.
Incident reports are provided via the support portal.
We have a number of processes for certain events which may occur. In all instances where a incident occurs an email will be sent to the named contacts, with regular updates thereafter.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1795 to £30000 per instance per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Access is given to a basic unbranded version of the system. Full administrative control is not given nor is full helpdesk support, although assistance will be given, if required, via telephone or email. Trial periods usually last for 1 calendar month

Service documents

Return to top ↑