At Lean Library, we put honesty and transparency at the heart of everything we do. We are also working towards ISO27001 certification over 2022.

For now, here is some information regarding the security of our extension:

  • We do not store credentials or personally identifiable information for users. Data that is captured is immediately anonymised and aggregated for usage reporting only

  • All authentication is provided either by the clients SSO service (e.g. OpenAthens, Shibboleth) or Proxy client (e.g. EZProxy). No data for this is sent between the extension and server

  • We use HTTPS for all requests ensuring that they use TLS 1.2 as a minimum

  • All systems stored in the Cloud, implementing recommended best practices

  • Databases (of main concern user logins for librarians) are locked down with strict access only as needed

  • No production data is used in test or development environments

We hope this information will assure you of our determination in providing a highly secured experience to both the librarians and the patrons.

Did this answer your question?