EDUCATION SOFTWARE SOLUTIONS LTD

Library Management Cloud (LMC)

Library Management Cloud (LMC) is a browser-native, fully cloud hosted and manged library management system used by public and academic libraries across the UK and Ireland. LMC serves libraries with multiple sites, mobile staff, outreach and community services and its intuitiveness promotes rapid adoption by staff and library customers alike.

Features

• Comprehensive resource management, circulation, acquisitions, stock, cataloguing, interloans
• Fully managed and maintained bibliographic records' database built-in
• Powerful library reporting and business intelligence
• Customisable online library catalogue to reflect corporate branding
• Secure internet access, device and browser agnostic
• Item discovery across all mediums and collections you serve
• Fully interoperable with other library technologies and digital services
• Routine administrative tasks undertaken on your behalf and automatically
• Multi-tenant cloud-native staff and borrower user interfaces
• Physically separate customer database servers, high availability, resilient, continuously monitored

Benefits

• Streamlines library operations for to delight your borrowers
• Quality and accurate bibliographic records to improve item discovery
• Access quality information for library decisions and operations
• Keep your online library presence topical and engaging, increase utilisation
• Confidence for users accessing the library's online services
• Increase resource discovery and use; optimise library investment
• Maximise self service capabilities, and choice for borrowers
• Free your staff to focus on customer services
• Rest assured your LMC is always up to date
• The data you control is UK resident, isolated and secure

£12,200 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at SMB-ESS-BidTeam@parentpay.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

117877053378063

Contact

Rob Clark
01234 322100
SMB-ESS-BidTeam@parentpay.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Users require devices capable of accessing the internet and web browsers.
• System requirements: Reliable internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Support Desk operates Monday to Friday, from 08:00 to 20:00 and from 09:00 to 16:00 Saturday and Sunday, excluding English public holidays. All service requests will be responded to within one hour. Depending on the priority of each request the target to resolve it will fall within 8-working hours for P1, 24-working hours for P2, and 5-working days for P3. Purchasing offers may request a Service Level Agreement if required.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The overall aim of Support Desk incident management is to respond and resolve an incident effectively, to the satisfaction of the Customer. The Service Level Agreement (available to buyers on request) sets out the procedures whereby our Support analysts, in cooperation with the Customer (and third party providers where applicable), will endeavour to resolve incidents that occur.; ; We've streamlined our support system, making it effortless to log calls via phone, email or online. We also include knowledge base and customer community forum via the Support Portal that may offer immediate advice based on known issues and knowledge articles. This user-friendly approach includes clear priorities to swiftly address urgent concerns, allowing your team to stay focused on core activities.; ; A customer success manager, and where appropriate an account manager, plays a crucial role as a liaison, ensuring seamless coordination with our technical and cloud experts if needed. They will also ensure that where an incident raised demonstrates a gap in customer knowledge or product training, this will be remediated in collaboration via online web meetings.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our implementation services cover the onboarding process end-to-end including – subject to final scope - data upload, settings configuration to ensure your library operations are fully supported (eg library rules, parameters, loan types, user accounts and privileges, e-resource connections, online catalogue theme setup including branding etc).; We train your trainers, such that your own staff can cascade knowledge to the different user groups. LMC customers engage in training to use of the staff user interface for key operations such as Circulation, Acquisitions, Cataloguing etc, provided via online web meetings that you are welcome to record and share as needed with your colleagues on demand. A Customer Success Hub provides access user guides on demand too. As go-live approaches the LMC managed service analyst assigned to look after your LMC parameters and overall platform health and admin tasks day-to-day will be introduced. They will co-ordinate a reporting workshop to confirm the reports you need from our range of templates, how they are to be configured, and how they are to be scheduled for distribution to recipients and groups. The managed service analyst will also confirm with you how frequently (typically monthly) Service Reports and review meetings are to take place.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A Standard Service Transfer Plan (SSTP) is provided, for ONE full data extraction of ALL data held within the core LMS database. The full scope of an SSTP is available upon request from G-Cloud buyers. ESS charges a fee to cover consultancy time taken to undertake the SSTP and this is given in the G-Cloud 14 Pricing document. ; ; A Configurable Data Extraction service is available as an alternative to the SSTP. The service allows you to be selective about the data to be extracted (within the capabilities of our extraction software) and provides for multiple extraction events. The Configurable Data Extraction service is chargeable as listed in the G-Cloud 14 Pricing document. A scope document available to G-Cloud buyers upon request.
• End-of-contract process: At the conclusion of a contract with ParentPay Group, operational access to LMC SaaS user applications via the internet will cease and the cloud hosted database environment will be disabled and decommissioned. The contract will state the timelines required for this process to be completed.; ; As part of decommissioning the data sanitisation process includes explicit overwriting of storage and database application servers such that data is replaced with unintelligible randomised text. Disposal at the end of the contract will render customer data entirely non-recoverable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences in the functionality available whether a user accesses the service via a mobile or desktop computer. The solution will make best use of the screen size being used by changing how the solution is displayed in response and to ensure an optimal user experience whatever device they use.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Your library staff and customers access the service online via their web browser of choice (Edge, Opera, Safari, Chrome, Firefox etc) on any devices they wish, including PC, laptop, tablet and smartphone irrespective of platform (e.g. iOS, Android, Mac, Windows). LMC makes best use of the screen size being used to ensure an intuitive, neat and accessible experience for all.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Compliance with the Web Content Accessibility Guidelines will mean that LMC should work with most screen readers.; ; Other assistive technologies include screen enlargers or magnifiers, speech or voice recognition, speech synthesisers, refreshable braille displays and braille embossers.; ; All customer online catalogues have an Accessibility page included with their tenant to inform their users who may wish to use assistive technologies. As a responsible supplier we also provide a Design Guide to help customers design their online catalogue theme too prior to go live, and for ongoing maintenance as they may wish to change the theme over time.
• API: Yes
• What users can and can't do using the API: LMC makes use of RESTful APIs for integration connectors with third party systems to provide secure data exchange. These connectors are set up by our consultants during platform setup and change control procedures are applied if required thereafter.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All LMC user profiles, for example relating to role-based capabilities, functional entitlements and information access privileges are customisable entirely to each customers' requirements. All parameters and rules underlying operations including circulation, purchasing, borrower types, item types, loan types, charges, fines, notifications, and more, required to ensure compliant lending are customisable to meet all needs of the library service and policies with with they must abide.; ; Customers will workshop the initial customisation of the configuration at the time of implementation to ensure the required set up from day one. Any changes will be managed through change control procedures requiring formal approval by the library service before any change is made by us on behalf of the service.; ; Changes to the underlying user profiles, entitlements and parameters, will be applied by an assigned and named LMC analyst as part of the LMC managed service following approval of each and every request for change.

Scaling

• Independence of resources: ParentPay Group ensures that hosted database environments for each customer are deployed as individual instances, physically isolated from each other. The multi-tenant SaaS solutions are managed to ensure that the demand does not adversely affect any individual user's experience. And by implementing robust scalability and resource allocation strategies our infrastructure is designed to manage high loads efficiently, using advanced load balancing techniques to meet demand spikes without compromising service quality. This approach guarantees high availability and consistent performance for all users, regardless of the overall system load, ensuring that each user's interaction with our service remains stable and reliable.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics metrics are provided to show borrower utilisation of the online library catalogue. It shows information including the device and operating system used to access the catalogue, geographical information, the pages searched and other information that digital librarians can use to inform theme design reviews etc.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: During the contract period with ParentPay Group, users with appropriate access privileges can actively run reports using the LMC reporting tool to extract information as needed.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA available on request
• Approach to resilience: Significant redundancy and resilience is built into the infrastructure and server capacity to ensure the service is always available. Enterprise monitoring solutions are deployed and the service is maintained on a 24x7 basis by a full IT team. Capacity management processed and procedures are established.
• Outage reporting: Email based notifications are provided where appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: ParentPay Group restricts access within management interfaces and support channels by implementing robust user privilege controls. Only staff with the appropriate privileges can make changes or access specific functionalities.; ; The staff user interface uses two-factor authentication with username and password and IP range restriction. SysAdmin users must authenticate using a Public Key TLS Certificate with internal network access only. Online catalogue Identity federation includes Shibboleth/ Open Athens/ CAS with username and password.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Active Group Limited, trading as British Assessment Bureau
• ISO/IEC 27001 accreditation date: 11/04/23
• What the ISO/IEC 27001 doesn’t cover: Providers and end users' own local computer systems and networks and their associated physical locations are outside of the ISMS scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: ParentPay operate an ISO 27001 certified Information Security Management System (ISMS) - this has been certified by a UKAS accredited certification body.; ; A dedicated security team of qualified specialists maintain, monitor and enforce technical and organisational security controls.; ; We are audited by independent specialist third parties at least four times per year.; ParentPay operate a comprehensive catalogue of security policies, processes and procedures; Including but not limited to:; ; Security Policy.; ISMS Manual.; Acceptable Use Policy.; Access Control and Onboarding-Offboarding.; Business Continuity Strategy.; Business Continuity Plans.; BYOD Policy.; Capacity Management Policy.; Change Control Process.; Clear Desk Policy.; Cryptography, Certificates and Key Management Policy.; Data Protection Policy.; Data Retention and Disposal Policy.; Development Process Standards and Practices.; Firewall & Router Configuration Strategy.; Incident Response Procedures.; Information Classification and Handling.; IT Decommission Process.; ParentPay Fraud and AML Strategy.; Password Policy.; Patch and Vulnerability Management Strategy.; Physical Security Policy.; Security within Project Management.; Remote Working and Mobile Device Policy.; Security Considerations for Key Decision Makers.; Social Media Policy.; Supplier and Third Party Management Policy.; System Build Standards.; IT Documented Operating Procedures.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Full change control process is applied to the product and hosting infrastructure. This applies to all assets. Changes require CAB review and approval. Security considerations are specifically identified as a strict requirment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Internal and external components are assessed by industry leading vulnerability scanners on a weekly basis. Additional cyber risk assessment tools monitor OSINT data feeds on an ongoing basis. PCI-DSS ASV scans take place every three months. Any and all findings are subject to risk assessment and suitable remediation through change control processes. Critical and Security updates to be installed within one month of release. All other available vendor updates to be installed within 3 months of release. We actively participate in a threat sharing community and monitor special interest security groups continuously.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We operate network and host based intrusion detection systems. All infrastructure components and logging is supported by a SIEM platform, including User-Behaviour-Analytics (UBA) capabilities. Endpoint and back-office systems run DLP controls to help detect and prevent data loss events. External breach indicators are also independently monitored on an ongoing basis. Canary tokens and honeypot technology is also applied. We operate, train and regularly test a comprehensive Incident Response Programme - including forensics evidence collection capabilities. Security Incidents are responded to immediately following identification, by a dedicated security team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our detailed Incident Response Programme has developed a full array of specific response processes for particular events. We operate, train and regularly test the full process - including forensic evidence collection processes. Security Incidents are responded to immediately following identification, by a dedicated security team. All employees are required to report any confirmed or suspected security incidents. The security team can be contacted by customers, users or employees at any time via email or telephone. Detailed incident reports are provided as necessary - including an executive summary, event timeline, investigative and containment steps, root cause analysis, remediation and lessons learned.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Environmentally friendly solution, low carbon emissions, recycled decommissioned equipment. Offers are assessed on an individual basis and dependent on client's priorities and strategic objectives.

  Tackling economic inequality

  Offers are assessed on an individual basis and dependent on client's priorities and strategic objectives.

  Equal opportunity

  We are an equal opportunities employer. We support our clients in promoting digital skills. Offers are assessed on an individual basis and dependent on client's priorities and strategic objectives.

  Wellbeing

  Offers are assessed on an individual basis and dependent on client's priorities and strategic objectives.

Pricing

• Price: £12,200 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at SMB-ESS-BidTeam@parentpay.com. Tell them what format you need. It will help if you say what assistive technology you use.