This is a brief version of our data security policies. Please go to your Reindex for the full version:
- Help > Data Security
Reindex is a web-based library management system running library services against z39.50 bibliographic databases. The interface against the bibliographic subsystem is z39.50 / SRU. MARCXML / Marc Exchange is the internal bibliographic storage format. The administrative subsystem uses a relational database. Reindex si written in PHP, XSLT and JavaScript and runs on Debian Linux servers.
Reindex has been tested with 3 million bibliographic records and about 4.5 million items in one database. Reindex is built to a high degree of flexibility in both end user and admin interface. The library can expose services effectively in a variety of organizations.
Security
Reindex's server facilities are located in data centers in Denmark, Germany, and the US. The data centers have the necessary equipment to ensure stable operation. This includes cooling, computer floors and emergency power, access control and monitoring.
Backup and Data Security
Reindex run daily full backups that are stored on external media on separate physical locations. Backup cycle is 14 days. Restoration of data and start-up of new base tested once a week and documented. The customer may also choose to take home weekly backup in XML format.
The system runs on Debian and is updated automatically and continuously with system security facilities. During operation and installations Debian comprehensive "Best Practices" for safety arte followed.
The servers are monitored continuously to ensure sufficient capacity on disks, RAM and network.
Access Control
Only developers have access to the operating system and data center via SSH encrypted terminal access. Customers do not have access to the operating system.
The servers are protected by firewall that only allows access to the ssh port 22, and when relevant SIP2 devices from a number of known IP addresses.
Customer and end-user access to the system via http / s controlled primarily by one of 10 security profiles selected by the customer at startup normally based on combinations of login and pincode / passwords. Passwords are MD5 encrypted. For single signon solutions such as UNI-Login or LDAP authentication is done with the third party and is complemented by access control in Reindex. Customer access control can optionally be supplemented by an IP range and IP ban after number of failed login attempts.
Login and unsuccessful login attempts are logged. The customer does not have Web access to these logs.
Emergency procedures
A mirror of the operating system with up-to-date backup data running on separate servers can be deployed at very short notice. This server has enough capacity to run all customers with acceptable speed.