Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris Data Retention Policy

    Version 1.6

    Purpose and Scope

    Ex Libris, part of Clarivate, is committed to protecting our systems, information, and our customers’ information. The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Ex Libris or are of no value are discarded at the proper time. This policy defines the retention requirements for customer data in the Ex Libris SaaS service and Ex Libris business systems and data. This policy applies to all Ex Libris employees or contractors working on behalf of Ex Libris as well as Ex Libris customers using Ex Libris products.


    Ex Libris will define a retention schedule for all systems and data in use within the organization and will document them in the Data Retention Schedule.

    Data retention for customer data – SaaS Services

    The customer is in full control of the customer data stored through the Ex Libris SaaS service and has responsibility to determine the retention scheme for the customer data.

    The Ex Libris contract specifies that customer data will be available in industry-standard format for download upon termination or completion of the service (free of charge). Except as otherwise agreed or required by applicable law, the customer will have 30 days to download such data before it is deleted and, thereafter, all such customer data (including backups) will be cycled out of the SaaS service systems and deleted within 120 days.


    Employees and Contractors

    All employees who create and use records and information are responsible for maintaining Ex Libris records according to this policy.

    Management and Business Units

    All levels of management within Ex Libris are responsible for ensuring compliance with this policy within their respective group, region, or function.
    They are responsible for ensuring that their employees know where to locate the current Data Retention Schedule and that hard copy and electronic files are kept, stored, or destroyed in compliance with this Policy.


    All customers using Ex Libris products.

    Business Systems

    Ex Libris business systems include:

    • Mail 
    • Instant Messaging 
    • Business server logs
    • Storage 
    • IT authentication  
    • Helpdesk ticketing 
    • CRM, Sales, Marketing
    • HR
    • Learning and Certification
    • ITSM
    • Internal ticketing 
    • Finance
    • Ex Libris websites
    • Knowledge Center

    Retention Requirements

    • Ex Libris will retain or destroy data files in compliance with the retention periods stated in the Data Retention Schedule.
    • The retention periods provided in the Data Retention Schedule are intended to be as short as possible to minimize the volume of Ex Libris Records while still complying with legal, contractual, and/or operational requirements. Records will be kept only for the period stated in the Schedule and will be destroyed or discarded at the stated retention period expiration.
    • For the business systems listed above, the retention policy will follow Clarivate Retention Policy and Clarivate will manage retention.  

    Safeguarding of Data

    Measures will be taken to ensure that the information can be accessed by authorized users during the retention period (both with respect to the information carrier and the readability of formats) and will also be stored according to its classification level. For Ex Libris internal systems, the responsibility for the storage belongs to IT/MIS team.

    Disposal of Data

    As data expires according to the Retention Schedule, the data will be deleted, shredded or otherwise destroyed in accordance with its classification and destruction requirements.

    Policy Enforcement

    The Ex Libris Chief Information Security Officer (CISO) is responsible for ensuring compliance with this policy and will assist with the protection of Ex Libris data.
    Any employee found to willfully or intentionally violate this policy may be subject to disciplinary action, up to and including termination of employment.




    Record of Changes

    Type of Information Document Data

    Document Title:

    Ex Libris Data Retention Policy

    Document Owner:

    Eddie Lavian - Security Specialist

    Approved by:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)


    Jul 05, 2017

    Reviewed & Revised:

    Aug 29, 2022


    Revision Control

    Version Number Nature of Change Date Approved


    Initial version

    Jul 05, 2017


    Review and update – Tomer S

    May 14, 2018


    Review and update – Tomer S

    Jun 3, 2018


    Review and update – Tomer S

    Jun 5, 2019


    Review and update – Tomer S

    Oct 29, 2020


    Review and update – Tomer S

    Sep 01, 2021


    Review and update – Shai B

    Aug 29, 2022

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

    • Was this article helpful?