Security Standards and Information Security Programs

In our previous blog article on the Top 10 Library Management System Security Issues, we reviewed the complexity of cybersecurity and outlined the security issues and points that need to be considered in our industry. To understand why those security issues are important at a typical Soutron installation, one needs an understanding of the Soutron SaaS solution and the security programs and standards our solution supports.

Cybersecurity Programs

The Soutron security policy, supporting security standards, and privacy policy are reviewed and updated annually. All employees are initially informed about our security policies and given relevant training based on their role in the company to ensure their security awareness is up to Soutron standards. Periodic reminders are sent to all employees with security updates, such as a new phishing attack variant, as reminders to remain vigilant.

Our password policy includes processes for granting and removing access rights of employees, contractors and third-party users upon hiring, job role change, and termination. Our application provides support for secure authentication using technologies such as:

  • Azure AD
  • SAML 2.0
  • Okta
  • OneLogin
  • Google Auth

Datacenter Physical Security

Soutron data centers are in North America, the United Kingdom, and Europe and are owned and operated by third parties. The physical security of the data centers restricts access to the data center itself and to your information assets by data center support personnel. Back-up processes and power generators ensure that the systems have power security to help provide for business continuity and disaster recovery.

Application, System, Database, and Infrastructure Security Programs

Our secure software development standards support how source code is managed. Controls are in place to separate the development, testing, and production environments. Access to source code is restricted, except during peer code review sessions.

To minimize risk, new applications are installed and tested in a test/development environment before being deployed to production servers. Internal IT staff agree and sign-off on implementation to production, including patch management and execution of Zero Day patching processes.

The same processes are in place for infrastructure and network changes. To further minimize risk, we work with all third-party vendors to stringently ensure previous compliance and performance capabilities remain the same or are better than before. All production system changes are logged for each application, system, database, infrastructure, and other services.

Cybersecurity Standards

Our information security capabilities for threat and vulnerability management follow the National Institute of Standards and Technology (NIST) and UK Cyber Essentials Plus cybersecurity framework guidelines. These guidelines provide for the controls Soutron has in place for the detection, prevention, and recovery to protect and recover against malicious code in addition to our security logging and review process.

Network Security Programs

The network topology is straightforward. The network security solutions Soutron has in place enable us to provide a secure platform using technologies such as HTTPS within our application, Single Sign-On (SSO), IP Whitelisting, multi-factor authentication for remote access, a robust network firewall, and other internal application configurations. Augmented by a robust device management security, these policies protect your confidential information.

Data Security

The Soutron application runs on a web server and the data is stored in a separate database server housed within a secure datacenter facility. These servers are protected by a robust firewall. Access to the servers is controlled by an AD server hosted on the same virtual network within the datacenter.

Cybersecurity Awareness

Cybersecurity awareness and knowing how your applications and data are securely protected is more important than ever, and your organization can rest assured that Soutron follows current cybersecurity frameworks and standards to ensure your collections are stored securely, access and use are securely controlled, and personally identifiable information contained in your system is securely stored and compliant with GDPR regulations.

 

Learn more about:

> Soutron Library Management
> Soutron Records Management
> Soutron Archive
> Soutron Discovery

 

>> Compare our Software Solutions