Network Policy

Added by Aaron Skog (09/05/2018 - 09:29) , last updated by Tara Wood (01/30/2019 - 09:03)

Approved by the SWAN Board on 7/28/2017.

SWAN is dedicated to ensuring that all data stored or processed by SWAN, including data pertaining to patrons, the catalog, and associated transactions, are secured in such a way that prevents unpermitted tampering, eavesdropping, or harvesting. For this reason, all communication with the SWAN ILS from a Member Library or vendor must occur through a secure network connection, using current encryption methods approved by SWAN’s Information Technology team.  

Secured connectivity requirement for Member Libraries

Each SWAN Member Library is required to utilize a Virtual Private Network (VPN) tunnel to establish secure connectivity to the SWAN ILS and associated SWAN services (with the exception being SWAN’s web-based Online Patron Access Catalog). All interaction with SWAN patron and catalog data must occur via the ILS staff client and/or associated SIP/API connections to ensure protected data transmissions. No Member Library shall be permitted to connect to SWAN without an approved VPN connection, and any vendors serving the Member Libraries must also comply with this Policy, whether their connectivity routes through the Member Library’s network to SWAN, or is direct to the SWAN’s servers. 

SWAN reserves the right to modify network, encryption and security requirements at any time as necessary to meet the demands of ever-changing network security landscape. By participating in SWAN membership, Member Libraries and vendors agree to accommodate any network, encryption or security changes deemed necessary by SWAN Information Technology team, and to value network security and data integrity with the highest regard. 

Secured connectivity requirement for vendors

Each vendor serving SWAN or a Member Library must establish their connection to the ILS over an approved SIP2, API, Web Services, Z39.50, or SFTP connection, and secure this connection over a VPN or other encryption method approved by SWAN Information Technology team. 

SWAN’s network services

The SWAN Information Technology team will seek to ensure a library’s connectivity to SWAN (ISP connectivity permitting) to the best of their abilities and within the capacity of their administrative reach. 

In VPN-managed SonicWall libraries

Member Libraries that have purchased SWAN’s recommended SonicWall firewall hardware and requested SWAN’s support are entitled to extended support of their firewall and VPN connection courtesy of SWAN, as long as SWAN is the sole administrator of that hardware.

SWAN will maintain the Member Library-purchased SonicWall to the best of their abilities to ensure secured connectivity to the SWAN network, ILS servers, and to the internet. SWAN will advise, when possible, to ensure proper routing through the library network to SWAN’s VPN. The Member Library shall maintain their ISP connectivity and seek assistance from the ISP in the event of a widespread outage that does not exclusively impact SWAN traffic. VPN-Managed Member Libraries are also required to contact SWAN to perform any changes to the SonicWall firewall or to the ISP. SWAN reserves the right to deny any firewall change request if it undermines SWAN’s ability to adequately manage traffic or security for that Member Library.

In self-maintained firewall libraries

If a Member Library has signed the SWAN Self-Maintenance VPN Agreement, the Member Library’s IT staff or contractor is responsible for any and all maintenance and administration of their network and firewall, and are to ensure connectivity to the ILS through methods agreed upon by SWAN’s IT staff. For additional details, please see the SWAN Self-Maintenance VPN Agreement.

Liability

Member Libraries assume all responsibility for loss or damage to their networks, equipment and systems connected to SWAN, and the Member Libraries waive and release SWAN, its officers, agents, employees and vendors of, and from, any and all losses, damages, liability, or claims for damage to or destruction of their networks, equipment and systems connected to SWAN. By participating in SWAN, Member Libraries acknowledge full responsibility for any and all damages incurred to their local networks, the ILS and other Member Libraries in the event of a breach or outage, if determined to have been related to negligence of the Member Library or a Member Library’s vendor or agent.