Security awareness, and practices to protect our customers’ library and the organization’s data they manage, is something Softlink IC takes very seriously. In November 2020, we posted a blog discussing the security sins our Liberty integrated library management system (ILMS) customers should be aware of, as they continue to ensure their data is safe.

But what steps do we take to protect library data, we hear you ask? Fair question! Here are 5 measures we take to ensure our customers data is safe and secure with Softlink IC.

1. Software Updates

Security researchers regularly find vulnerabilities in existing software – take Windows® or your internet browser for example. Researchers frequently find vulnerabilities that have existed for a while (sometimes years), to make sure they are reported and fixed.

Softlink IC works to make sure that our library and research software, and software used to deliver our software, is updated. Our team receives regular notifications, alerts, and more that ensure we have the latest relevant patches applied to the environment.

2. Regular Training

All Softlink staff are required to complete official monthly security awareness training courses. Aside from the learning and refresher aspects of the training courses, they are a great way to ensure Softlink IC staff keep security front-of-mind.

For developers, targeted system training is also regularly completed. This training includes:

• Learning about how vulnerabilities can be introduced into a program and how to avoid them.
• Softlink practices when dealing with the hosting servers or customer data.

Typically, targeted training consists of multiple sessions covering a wide range of topics each year.

3. Penetration (Pen) Tests

The Development team ensures that every release is put through a Pen test. This process is used to try and identify any vulnerabilities that exist in our software products so that they can be addressed before unleashing them on our world of customers!

Both Liberty and illumin also go through regular 3rd party penetration testing. This helps us to get an external view of any possible vulnerabilities we need to address.

4. Process Audits

Softink IC regularly audits all our processes against a significant number of controls derived from the applicable security standards including:

• ISO-27002.
• NIST 800-53.
• OWASP.
• CSA COM.
• GDPR (and others).

The audits are used to identify areas where we can strengthen our processes and ensure our staff are trained and follow the processes those standards require.

5. Security Action Team

The Softlink Security Team, consisting of Softlink IC staff drawn from across the business, meets regularly. It is specifically tasked with identifying any potential security issues that may arise and come up with actions to resolve them.

We take the security of our customers’ data seriously. Getting a glimpse into how we achieve that gives our customers confidence that their data is safe and sound with Softlink IC. If you have any questions, or would like to know more about Liberty, our integrated library management system or illumin, or research management system, just contact us. We are always happy to help.