Chapter 3. Access to Sitka’s Evergreen

Chapter 3. Access to Sitka’s Evergreen
Home Prev	Part II. Approved Policy	Next

Table of Contents

Passwords

Libraries are responsible for ensuring the accounts used to access Sitka’s Evergreen are secure.

As per the Data Sharing Agreement in Appendix J of the Service Management Agreement) libraries MUST:

develop and maintain processes that ensure systems and data are adequately safeguarded from unauthorized access and that Evergreen is used appropriately in the Sitka context.
immediately report to the Sitka Manager any security breach. (This can be done by contacting Co-op Support who will inform the manager.)
ensure that systems are not accessed by any individual except library employees/contractors, or patrons in accordance with user authentication standards defined by the Cooperative.
ensure that passwords meet or exceed industry standards, including standards related to password length and structure, expiry times, and reuse.
have employees/contractors sign appropriate computer use/confidentiality agreements and keep them current.
ensure that reasonable security measures, such as screensavers, workstation passwords, firewalls and routers, and encryption on local area networks are in place and being used.

Please see the Data Sharing Agreement in Appendix J of the Service Management Agreement) for the complete list.

Libraries should also ensure that staff access is disabled in a timely manner when a staff member leaves the library. See Closing Library Staff Accounts for more details.

In the event of a suspected data breach libraries should ensure all staff passwords are updated as a precaution.

Passwords

Co-op Support recommends that libraries follow the below guidelines in respect to passwords used to access Sitka’s Evergreen.

Passwords:

must NEVER be saved in the internet browser
must NEVER be written down and stored in an unsecure location
must NEVER be shared via email
must NEVER be shared when submitting a ticket to Co-op Support
must be unique and not used elsewhere (e.g. don’t use the same password for Evergreen and your email)
should contain a combination of letters, numbers, symbols, and capitalization
are updated on a yearly basis
for generic staff accounts must be updated when staff members with access leave the library

Prev	Up	Next
Detailed Version	Home	Chapter 4. Sitka Shared Data Values