We are commited to your security

SEO Service Center

The SEO Service Center is committed to securing the connection between the ILS client (WorkFlows) and the vendor’s database.  This is accomplished through the use of a firewall appliance that provides a secure VPN connection between the library and vendor.  This appliance and other networking equipment is hosted at the State of Ohio Computer Center (SOCC).  The SOCC is a Tier III rated data center that houses critical State of Ohio networking and server equipment which features a 99.092% uptime and a 72+ hour power outage protection.

Any Library Software Platform vendor utilized by the SEO Library Consortium must adhere to the State of Ohio Information Security and Privacy Requirements as well as the State Data Handling Requirements to align with current practices.

  1. Vendor must provide the following documentation to the SEO Director of Operations and Technology for approval from the State of Ohio Chief Information Security Officer (CISO):
    1. Controlled Access Plan
    2. Risk Assessment Plan
    3. Disaster Recovery Plan
    4. Incident Response Plan
    5. Audit Management Plan
    6. Change Management Plan
  1. Current vendor is certified to ISO 27001, evidencing it has a robust set of security policies and procedures for which the effectiveness has been verified by external auditors.
  1. Vendor utilizes a data center that is certified to SSAE 18 (SOC 1 Type 2 and SOC 2 Type 2).
  1. SaaS hosting media is encrypted to AES 256 at rest and communications are encrypted using TLS 1.2.
  1. Vendor requires all employees to pass a criminal, identity, and employment history background check prior to hire.
  1. Vendor maintains a policy for $5 million cyber liability insurance.

OPLIN

OPLIN (Ohio Public Library Information Network) provides an Internet connection to every Ohio public library. OPLIN delivers a symmetric fiber circuit and Internet access to each library system from OPLIN’s network core in Columbus. To support library connections, OPLIN provides a router and public IP addresses to each library, and monitors circuit uptime and bandwidth utilization. For support with your Internet connection, call OPLIN at 614-728-5252 or visit https://support.oplin.org.

Libraries may encounter internal network issues that restrict their ability to utilize their circuit bandwidth. OPLIN offers network testing to help libraries evaluate their internal network, and determine if their equipment is limiting throughput.  Learn more about OPLIN’s network testing service, and request assistance by contacting OPLIN support.

OPLIN provides a Cisco Umbrella subscription for every Ohio public library. Cisco Umbrella improves security by filtering DNS requests to block traffic from malicious domains. Umbrella may also be used to enforce content filtering policies, at the library’s discretion. Request a Cisco Umbrella account for your library by emailing support@oplin.ohio.gov.

OPLIN provides periodic security reports of vulnerabilities observed on each library’s public IPs. To request the latest report or change who receives your library’s reports, email security@oplin.ohio.gov.

SirsiDynix

The confidentiality, integrity, and availability of our clients’ data is a top priority for SirsiDynix, as your patrons are more likely to use your services if they feel their data is secure.  Your success is our success.  The SirsiDynix Information Security Program has been developed with this in mind, using overlapping layers of security, continuous monitoring, and an agile model to protect data while adapting to the ever-changing world in which we live.

The entirety of the SirsiDynix Information Security Program is based around the pillars of management commitment, comprehensive risk assessments, creation of appropriate policies and procedures, accreditation of security controls by applicable client security officers, and monitoring and enforcement of those controls—assisted by regular external audits. SirsiDynix is the clear choice for those who care about security.  read more…

What is the library's role in security?

The library’s responsibility for securing information begins where OPLIN’s responsibilities end: that is at the OPLIN provided router located inside your facility.  Any information (data) that moves past this point is the responsibility of the library.

A library computer network is normally made up of a firewall, switches, wireless access points, cameras, servers, computer workstations, laptops, wireless access devices such as tablets and cell phones, printers, cabling, and patch panels.

Network security involves maintaining and securing both hardware and software within a library’s network.

Cybersecurity is the art of monitoring and protecting networks, devices, and data from unauthorized access, unapproved modification, or deletion of records, criminal or misappropriate use while keeping data only available to authorized users.

How can you mitigate risk?

These are fundamental steps in securing a computer network

  • First and foremost is regular staff training.  Staff need to be aware of attack vectors such as email attachments, web pages, instant messages, SMS messages, malware, and viruses.  One click on the wrong link can compromise the user’s system/device in a matter of seconds and if the threat propagates automatically, the entire library’s network can be at risk.  Avoiding these attack vectors is the best prevention you can do.
  • Create a continuity plan for your Library should you become the victim of an information security breach (Cyber incident) or ransomware attack: outline specific steps to be taken and who is responsible for taking the steps.
  • Make sure all Windows Operating Systems, Firewalls, Switches, Wireless Access Points, and Wireless Devices are updated to the latest Software (OS) patches on a monthly basis.
  • Make sure all hardware is updated to the latest firmware version (Computer Systems, Servers, Firewall, Switches, Wireless Access Points) on a monthly basis.
  • Make sure all 3rd party software on workstations or devices is updated with any critical patches i.e. Chrome, Edge, Firefox, Adobe, Office software, and Vendor software.
  • Require the use of complex passwords that are changed at least every 60 days.
  • Use Antivirus and Anti-malware software on workstations or servers.
  • Back up data regularly and double-check that those backups were completed.  
  • Secure your backups. Make sure they are not connected to the computers and networks they are backing up for the best security.
  • Set a schedule to look at logs from the Firewall and/or Antivirus software to check for any compromise.
  • Review SEO Service Center Security Awareness Articles