Soutron
Soutron is a fully web-based library, archive management system (LMS) designed to manage information in a structured manner using advanced database techniques. Designed to improve productivity/effectiveness within information-dependent departments. Soutron includes cataloguing, authority control, search and discovery (OPAC), acquisitions, serials, circulation, interlibrary loans, enquiry management, staff-skills register and reporting.
Features
- Library Management System (LMS/ILS)
- Archive Management
- Discovery Service
- e-book distribution and Digital Rights Management
- Secure Document Distribution
- Inter Library Loans
- Digital Media Archiving
- Cloud Hosting
- Data Migration
- Document Review
Benefits
- Cataloguing, thesaurus, search, discovery, acquisitions, serials, circulation, interlibrary loans
- Searching of library and online databases, e-journals
- Control access to e-books and distribute to reader devices securely
- ISAD(G) structures and hierarchy to manage archive collections
- Mobile friendly Search Portals easy to customise using HTML5/CSS
- Highly flexible database applied to manage know how
- Built -in Expertise Register with added Search capabilities
- Unlimited user licence
- Controlled vocabularies simplify search (acronyms as preferred terms)
- Integration via RESTful API makes data more accessible
Pricing
£1,795 to £30,000 an instance a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 7 0 6 8 6 8 4 9 0 9 1 0 6 2
Contact
SOUTRON GLOBAL, INC.
Marcus Baxendale-Baines
Telephone: 01332 844030
Email: marcus@soutron.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- No
- System requirements
-
- Web Browser - Microsoft Edge (latest only)
- Web Browser - Mozilla Firefox (latest only)
- Web Browser - Google Chrome (latest only)
- Web Browser - Apple Safari (latest only)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
1 Hour
Normal hours: 9.00am to 5.00pm GMT (Monday to Friday except UK Bank Holidays and the Xmas/New Year period between 24th December to 1st January inclusive) During the Xmas/New Year period there will be an emergency contact number available for Critical errors only. This can be obtained by calling the normal helpdesk number during this period. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Web chat may be accessed via our Support Portal. All functionality of the content is operable through a keyboard interface without requiring specific timings for individual keystrokes, except where the underlying function requires input that depends on the path of the user's movement and not just the endpoints.
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
Cloud support engineer provides standard support. Support is escalated to R&D for 3rd level.
There are no additional costs for different support levels. Support costs are included in annual licence fee.
Our engineers provide technical and cloud support. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Yes, we provide onsite training, online training and user documentation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- We provide users with a free export of their data upon termination of the contract.
- End-of-contract process
- An output of data is provided on the day of termination and the application removed from servers and backup devices. This is performed free of charge.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Resizing of interface to fit respective screen size
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- A menu driven interface with fields for data input
- Accessibility standards
- None or don’t know
- Description of accessibility
- Users can access all features depending on system settings. Users have ability to login to gain additional access where required.
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- We provide a Read-only RESTfull API, this allows users to search and retrieve results to be displayed in their own interface.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
System administrators have access to over 300 configuration settings.
The end user interface can be customised as required, this includes settings, branding and layout.
Scaling
- Independence of resources
- We monitor servers on a daily basis and move applications or introduce new servers where required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Real-time management information available
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- The system provides functions to export in a variety of formats, additional services can be provided to export data to specific formats if required.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- MarcXML
- Word
- Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Our Hosted service provides 99.5% uptime which is based on 365 x 7 x 24 availability. Exclusive of scheduled maintenance.
Compensation for failed SLA is agreed on a case by case basis. - Approach to resilience
- Available on request.
- Outage reporting
- Email alerts. Clients are advised individually via email and given regular progress reports until the problem is resolved.
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
-
All access to application management functions are protected by username and password. End user interfaces can be protected in the same way if required.
We also provide a number of other authentication options such as ADFS, SAML and active directory.
Our support portal requires a login to access tickets and knowledgebase articles. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
- Via Manual Log-in Or Single Sign On (SSO)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials Plus
- Information security policies and processes
-
We have policies for the following areas
Firewall Configuration
Hardware & Systems Configuration
Standard Configuration
Access Control Policy
Access Control Rules & Rights
User Access Management
Username Administration
Individual User Agreement
Special Access Privileges
Policy Against Malicious Code
Controls Against Malicious Code
Antivirus Work Instructions
Software Updates and Patching Policy
Data Protection Policy
Information Security Plan
Business Continuity & Information Security
Policies are managed by Head of technical services and agreed at board level.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All change requests are logged and approved by head of technical services. Once a change is approved for testing it will be tested in a sandbox environment and documented. This is then reviewed again by head of technical who then seeks approval to implement from the board.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
All application updates are tested against OWASP top 10. Additional checks are done by test engineers.
Infrastructure is checked and updated on a regular basis to prevent against threats and patches applied on a weekly maintenance cycle, or sooner if the threat is severe. Information provided from anti-virus reporting /notifications and proactive monitoring. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We have monitoring in place to trigger alerts for potential problems, log files are checked weekly for compromises. Any potential threat identified is acted upon immediately and remedied. Services are taken offline if there is a threat to data security.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Users report incidents via phone, email or the support portal.
Incident reports are provided via the support portal.
We have a number of processes for certain events which may occur. In all instances where a incident occurs an email will be sent to the named contacts, with regular updates thereafter.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Optional - Available on Request - Covid-19 recovery
-
Covid-19 recovery
Optional - Available on Request - Tackling economic inequality
-
Tackling economic inequality
Optional - Available on Request - Equal opportunity
-
Equal opportunity
Optional - Available on Request - Wellbeing
-
Wellbeing
Optional - Available on Request
Pricing
- Price
- £1,795 to £30,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Access is given to a basic unbranded version of the system. Full administrative control is not given nor is full helpdesk support, although assistance will be given, if required, via telephone or email. Trial periods usually last for 1 calendar month