We protect library information and systems.
We maintain strict security for data and services in the cloud. Our governance processes are focused on compliance and audit standards to ensure that access to both institutional and personal data is always in controlled environments.
OCLC’s Global Security Services team
OCLC’s Global Security Services team is comprised of a Security Governance Program Lead, Information Security Manager, Security Architects, Security Engineers, and Security Compliance and Governance Analysts. In addition, OCLC has appointed a Data Protection Officer. These professionals are dedicated to the security and protection of personal and institutional data associated with OCLC’s customers.
Global Security Services team members hold a variety of industry-recognized, professional certifications, such as ISC2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Auditor, IAPP Certified Privacy Professional, and others. Our data governance body reports to executive management and our Incident Response team is trained in incident response and forensics. All OCLC staff members undergo annual training sessions and periodic testing as part of our security awareness program.
Tina Price is the Executive Director, Global Security at OCLC. She leads the Global Security team, responsible for the protection of OCLC’s systems and data. Tina Price has over 20 years of experience in cyber security, data privacy, and governance risk and compliance (GRC). In her roles, she’s been responsible for assessing the sufficiency of cyber security for organizations and providing strategic direction to achieve cyber risk mitigation and regulatory compliance.
Mira Golsteijn is our Information Security Manager for Europe, the Middle East and Africa (EMEA), and Asia Pacific (APAC) regions. She’s a subject matter expert for security programs in these regions and is fully committed to the security and protection of personal and institutional data.
Our security goals
We regularly review and improve security processes and procedures in order to:
Protect information and systems by focusing on safeguarding the confidentiality, integrity, availability, and resiliency of data and critical information systems to ensure our ability to deliver services to customers and employees.
Reduce security risk by creating the culture, frameworks, and processes required to address security risks.
Enhance security capabilities by developing the practices, processes, workforce, and overall security capabilities required to protect OCLC from security threats and ensure continual improvement to face tomorrow’s security challenges. We do this while aligning security priorities with business needs and strategies.
Approach security at the enterprise level, enhancing security across the entire organization through the establishment of company-wide security programs, best practices, common frameworks, and information security policies.
Lead the library community as a partner for helping libraries, vendors, publishers, and other partners in the sector enhance their security through workshops, educational opportunities, and collaborative opportunities.
Our security principles
We believe that all of our efforts to improve security must:
Properly reflect the borderless, interconnected, and global nature of today’s environment
Be based on risk management
Involve all employees
Adapt rapidly to emerging threats, technologies, and business models
Focus on bad actors and their threats
Keeping data available and safe
The confidentiality, integrity, and availability of information is of paramount importance as we protect the security and privacy of libraries and their users. We have dedicated security staff with backgrounds in libraries and higher education, as well as highly security-conscious industries such as financial services, government, and defense. Our Global Security Services team members hold a variety of industry-recognized, professional certifications, such as ISC2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Auditor, IAPP Certified Privacy Professional, and others.
OCLC maintains an information security program that is certified to the ISO/IEC 27001 standard, an international benchmark. Other frameworks—such as US National Institute of Standards and Technology Security and Privacy Controls for Federal Information Systems, European Network and Information Security Agency Guidelines, and the Cloud Security Alliance Cloud Controls Matrix—enable us to address concerns for both security and privacy.
OCLC processes
Addressing all security perspectives
We classify information to know what needs significant protection and what doesn’t. This means that public information can be made widely available while personal data receives greater protection.
To protect key information, we use a multilayered approach that provides a combination of preventive and detective controls at various levels of data access, storage, and transfer. Our information security program is based on the international Information Security Management Standard ISO/IEC 27001:2013.
Our commitment to secure library services incorporates risk management; physical, environmental, logical access and operational security controls; maintenance; business continuity and disaster recovery; and incident response, notification, and remediation.
We actively monitor the security landscape and continuously evolve our approach and procedures in order to protect our members’ data and our shared systems.
Contact our security team
The confidentiality, integrity, and availability of information is of paramount importance as we protect the security and privacy of libraries and their users. We have dedicated security and privacy staff with backgrounds in libraries and higher education, as well as highly security-conscious industries such as financial services, government, and defense who would love to connect.