Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris Data Retention Policy

    Version 1.5

    Purpose and Scope

    Ex Libris, a Pro Quest Company, is committed to protecting our systems, information, and our customers’ information. The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Ex Libris or are of no value are discarded at the proper time. This policy defines the retention requirements for customer data in the Ex Libris SaaS service and Ex Libris business systems and data. This policy applies to all Ex Libris employees or contractors working on behalf of Ex Libris.

    Ex Libris business systems include:

    • Mail 
    • Instant Messaging 
    • Business server logs
    • Storage 
    • IT authentication  
    • Helpdesk ticketing 
    • CRM, Sales, Marketing
    • HR
    • Learning and Certification
    • ITSM
    • Internal ticketing 
    • Finance
    • Ex Libris websites
    • Knowledge Center

    Policy

    Ex Libris will define a retention schedule for all systems and data in use within the organization and will document them in the Data Retention Schedule.

    Data retention for customer data – SaaS Services

    The customer is in full control of the customer data stored through the Ex Libris SaaS service and has responsibility to determine the retention scheme for the customer data.

    The Ex Libris contract specifies that customer data will be available in industry-standard format for download upon termination or completion of the service (free of charge). Except as otherwise agreed or required by applicable law, the customer will have 30 days to download such data before it is deleted and, thereafter, all such customer data (including backups) will be cycled out of the SaaS service systems and deleted within 120 days.

    Responsibilities

    Employees and Contractors

    All employees who create and use records and information are responsible for maintaining Ex Libris Records according to this Policy.

    Management and Business Units

    All levels of management within Ex Libris are responsible for ensuring compliance with this Policy within their respective group, region, or function.
    They are responsible for ensuring that their employees know where to locate the current Data Retention Schedule and that hard copy and electronic files are kept, stored, or destroyed in compliance with this Policy.

    Retention Requirements

    • Ex Libris will retain or destroy data files in compliance with the retention periods stated in the Data Retention Schedule.
    • The retention periods provided in the Data Retention Schedule are intended to be as short as possible to minimize the volume of Ex Libris Records while still complying with legal, contractual, and/or operational requirements. Records will be kept only for the period stated in the Schedule and will be destroyed or discarded at the stated retention period expiration.
    • For Ex Libris business systems listed above, Ex Libris will follow ProQuest Retention Policy and ProQuest will manage retention.  

    Safeguarding of Data

    Measures will be taken to ensure that the information can be accessed by authorized users during the retention period (both with respect to the information carrier and the readability of formats) and will also be stored according to its classification level. For Ex Libris internal systems, the responsibility for the storage belongs to IT/MIS team.

    Disposal of Data

    As data expires according to the Retention Schedule, the data will be deleted, shredded or otherwise destroyed in accordance to its classification and destruction requirements.
    Overall responsibility for the disposal of data belongs to the IT/MIS team for business systems and Cloud team for Cloud systems.

    Policy Enforcement

    The Ex Libris Chief Information Security Officer (CISO) is responsible for ensuring compliance with this policy and will assist with the protection of Ex Libris data.
    Any employee found to willfully or intentionally violate this policy may be subject to disciplinary action, up to and including termination of employment.

     

     

     

    Record of Changes

    Type of Information Document Data

    Document Title:

    Ex Libris Data Retention Policy

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved by:

    Barak Rozenblat - VP Cloud Services

    Issued:

    Jul 05, 2017

    Reviewed & Revised:

    Sep 01, 2021

     

     

    Revision Control

    Version Number Nature of Change Date Approved

    1.0

    Initial version

    Jul 05, 2017

    1.1

    Review and update – Tomer S

    May 14, 2018

    1.2

    Review and update – Tomer S

    Jun 3, 2018

    1.3

    Review and update – Tomer S

    Jun 5, 2019

    1.4

    Review and update – Tomer S

    Oct 29, 2020

    1.5

    Review and update – Tomer S

    Sep 01, 2021

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

    • Was this article helpful?