Sirsi Ltd (trading as SirsiDynix)

EOS.Web Cloud Library Management Software

EOS.Web Cloud library management software cost-effectively serves the stringent knowledge and content management needs of government, corporate, scientific, and other special libraries. Fully web-based and hosted on our secure servers, EOS.Web offers librarians and knowledge services an easy-to-use interface while increasing operational efficiency, enhancing services to end-users, and reducing costs.


  • Web-based Library Management System (LMS/ILS)
  • Cataloguing, Circulation, Serials, Acquisitions, Reference Tracking, Z39.50
  • Design and manage your own OPAC (online public catalogue)
  • Powerful reporting and exporting capabilities
  • Responsive, high quality customer service
  • Easy to learn and use


  • Quickly/easily make your catalogue data available on the web
  • Simplified maintenance (we handle upgrades, security patches, etc.)
  • Get around-the-clock access to customer support
  • Easily edit record data (MARC or non-MARC/labels)
  • Catalogue traditional library materials (books, serials, etc.)
  • Catalogue non-traditional materials (objects, images, files, etc.)


£3,800 an instance

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 8 5 4 7 5 2 0 5 2 6 7 5 1 4


Sirsi Ltd (trading as SirsiDynix) Margaret McEvaddy
Telephone: 01923 202923

Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
EOS.Web software updates are loaded once a month late on a Sunday evening (or very early Monday morning), outside of UK business hours.
System requirements
  • Modern versions of Internet browsers (IE11, Edge, Chrome, Firefox, etc.)
  • A PDF reader utility

User support

Email or online ticketing support
Email or online ticketing
Support response times
Critical support queries can expect a response within one hour; other support queries can expect a response within 4 hours (though often a response will be received in less than an hour).
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Help Desk personnel may be contacted via web chat.
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Full support is included in the system costs (it doesn't cost extra).
Support available to third parties

Onboarding and offboarding

Getting started
We provide an online consultation to help setup the system initially. Typically onsite training would occur near the time the system was expected to go Live. The EOS.Web Help system includes not only information about the various features and workflows within the application but also quite a variety of recorded trainings and presentations on aspects of the software.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Authority and bibliographic data may be exported in MARC21 or MARC XML formats. Borrower/patron data may be exported in CSV or XML formats. Additional data can be exported using system reports in PDF, XML, CSV, Word, or Excel formats.
End-of-contract process
Clients are expected to export their data themselves (MARC records, etc.) before the contract expires. When the contract expires the system becomes inaccessible, with the system's data being retained only as long as stated in our security policies.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The OPAC offers an interface for searching the catalogue that is sized appropriately for mobile device users (i.e., a much smaller screen). Tablets and larger mobile devices can access the full software package (OPAC and library staff modules) using a browser.
Service interface
What users can and can't do using the API
The catalogue may be searched using Z39.50; Web Services are available to get, delete, add, and update the following types of records: authority records, bibliographic records, category records, patron records. In addition Web Services are available for obtaining item status information searching the bibliographic catalogue, and adding/getting reference tracking records.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Library users with administrative rights can access EOS.Web's General Setup and User Setup areas, allowing them to customise the look and behaviour of the OPAC and library staff modules.


Independence of resources
Multi-source monitoring and alerting. Examples include Nagios, Solarwinds, PRTG, vCenter tools.


Service usage metrics
Metrics types
Information about library staff logins, OPAC user logins; counts of new records, edited records; total linked media storage in use; counts of circulation activities. An admin can see how many library staff are currently accessing the system.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
Secure containers, racks or cages; Physical access control
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Authority and bibliographic records may be exported in MARC21 or MARC XML formats. Patron records may be exported in CSV or XML format. A wide variety of reports are available to obtain data from the system in PDF, XML, CSV, Word, or Excel formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • MARC21
Data import formats
  • CSV
  • Other
Other data import formats
  • MARC21

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other protection within supplier network
We can optionally configure internal communications for Software as a Service (SaaS) systems to use TLS v1.2 or a similar technology

Availability and resilience

Guaranteed availability
Covered Services will be available 24/7 with the exception of Scheduled Maintenance periods or any events or occurrences due to the products, services, and/or actions of 3rd parties beyond EOS’ reasonable control, including but not limited to any Force Majeure events, which result in Reduced Functionality or an Unscheduled Outage. Scheduled Maintenance will only be performed after 24 hours notice.

In the event the Covered Services are not available the Customer is entitled to credit(s) as outlined below if the Customer: (1) provides written notice to EOS of the circumstances giving rise to this credit request, (2) provides such written notice no later than the last business day of the next calendar month, and (3) identifies the relevant Client Care incident(s) relating to the event(s) during which the Service Availability was not met and for which the Customer seeks credit(s).

Service Availability Interruption Service Credit (*)
Less than 1% of hours in a calendar month No Credit;
1% to 4% of hours in a calendar month 5%;
4% to 6% of hours in a calendar month 10%;
6% to 12% of hours in a calendar month 25%;
12% of hours or more hours in a calendar month 50%.
Approach to resilience
Available upon request.
Outage reporting
Combination of email alerts and a customer-accessible dashboard (scope of coverage soon to include all customers).

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
SAML and IP Authentication are available.
Access restrictions in management interfaces and support channels
Individual library staff members will access the library staff side of the application using their own library staff user account. Individual user accounts can be configured to limit access, capabilities, and defaults within the different modules of the software. Library staff access may be limited by IP. EOS/SirsiDynix support access is only (a) via a password obfuscation tool such as Remote Desktop Manager (RDM) or (b) via two-factor authentication.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
18 December 2017
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
U.S. NIST SP 800-53; TrustArc TRUSTed Cloud Seal
Information security policies and processes
International Organization for Standardization (ISO) 27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
EOS/SirsiDynix manages configurations and changes according to industry best practices, requiring reviews and security lead authorisations for changes throughout software or system lifetimes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
EOS/SirsiDynix uses sources such as the US-CERT ratings and industry threat reports to assess potential threats, deploying patches as needed based on the severity of the ratings. Policy related to patch deployment is 15 days for high-risk flaws, 30 days for moderate-risk flaws, and 60 days for low-risk flaws, unless an exception has been requested and has been approved by the DSO (Change Management Plan item SA-10).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified using detection of unauthorised and out-of-policy configuration changes, network behaviour, and other activities; EOS/SirsiDynix also uses logic built into security tools to perform identification. Response to potential compromise includes isolation, investigation, remediation, and reconstitution (from the Incident Response Plan section 6). Goals for speed of response (from IRP section 6.1) are listed below.
Critical - within 24 hours
High - within 36 hours
Moderate - within 2 business weeks
Incident management type
Supplier-defined controls
Incident management approach
End users of EOS/SirsiDynix products typically report potential incidents to EOS/SirsiDynix customer employees who open tickets with EOS/SirsiDynix support. Internal users similarly report potential incidents to the Information Technology (IT) helpdesk via tickets. Incident reporting includes notification as soon as possible after identification of an incident, regular updates, and a final report upon incident conclusion.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£3,800 an instance
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.