[Eril-l] Information security requirements and vendor audits in eresource licenses

Electronic Resources in Libraries discussion list eril-l at lists.eril-l.org
Mon May 5 16:27:36 PDT 2025 

Hi Charlotte,

I have dealt with both of these clauses in the past year:

   - specific information security measures (and associated documentation)
   to be in place
   - audit rights for the vendor, to check compliance with the required
   information security measures

For specific information security measures and associated documentation, I
was surprised by the clause and requested more information about *why* the
clause was necessary. This vendor explained they wanted reassurance that we
had security measures in place and believed documentation of
security measures is highly advisable and beneficial. They agreed to other
language changes but would not compromise on this clause. I went ahead and
agreed to it and created documentation of our authentication procedures to
comply (which ended up being a very useful process).

For audit rights, we were working with a vendor whose primary clients are
enterprise clients/corporations where this kind of clause is more
commonplace. I asked about their audit procedures and triggers and was
reassured it was pretty unlikely we'd be audited based on what we were
licensing and our authentication procedures.

Happy to talk about either of these scenarios more in-depth off list.

All the best,
*Amy Pham *(she/her)
*Senior Electronic and Open Content Librarian*
*Associate Professor*
Helen K. and James S. Copley Library
University of San Diego
5998 Alcala Park, San Diego, CA  92110-2492
Phone:  (619) 260-7724 | abpham at sandiego.edu
*www.sandiego.edu/library* <http://www.sandiego.edu/library>
*Copley Library: Explore ▪ Discover ▪ Succeed*


On Thu, May 1, 2025 at 1:06 PM <eril-l-request at lists.eril-l.org> wrote:

> Send Eril-l mailing list submissions to
>         eril-l at lists.eril-l.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
> or, via email, send a message with subject or body 'help' to
>         eril-l-request at lists.eril-l.org
>
> You can reach the person managing the list at
>         eril-l-owner at lists.eril-l.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Eril-l digest..."
> Today's Topics:
>
>    1. Re: Information security requirements and vendor audits in
>       eresource licenses (Electronic Resources in Libraries discussion
> list)
>    2. Re: [EXTERNAL] Re: Information security requirements and
>       vendor audits in eresource licenses
>       (Electronic Resources in Libraries discussion list)
>    3. Re: Information security requirements and vendor audits in
>       eresource licenses (Electronic Resources in Libraries discussion
> list)
>    4. Primary Research Group Inc. has published the Survey of
>       American College Students 2025, Use of 3D Printers, ISBN
>       979-8-88517-298-1 (Electronic Resources in Libraries discussion list)
>
>
>
> ---------- Forwarded message ----------
> From: Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> To: eril-l at lists.eril-l.org
> Cc:
> Bcc:
> Date: Thu, 1 May 2025 08:54:18 -0400
> Subject: Re: [Eril-l] Information security requirements and vendor audits
> in eresource licenses
> Hi,
> I haven't seen this in any of our licenses, but our IT department must
> review and approve all of our license agreements before they can be signed
> (and we don't have signature authority). IT has brought other issues to our
> attention like authentication and authorized users and would presumably
> flag clauses like the ones you've seen.
>
> Patrick
>
> *Patrick Hartsfield | Assistant Director for Collections and Metadata*
>
> Springfield College
> Office of Library Services
>
> 263 Alden Street
> Springfield, Massachusetts 01109
>
> springfield.edu | 413-748-3784
> jhartsfield at springfield.edu
>
>
> On Wed, Apr 30, 2025 at 4:21 PM <eril-l-request at lists.eril-l.org> wrote:
>
>> Message: 3
>> Date: Tue, 29 Apr 2025 21:31:58 +0000
>> From: Electronic Resources in Libraries discussion list
>>         <eril-l at lists.eril-l.org>
>> To: Electronic Resources in Libraries discussion list via Eril-l
>>         <eril-l at lists.eril-l.org>
>> Subject: [Eril-l] Information security requirements and vendor audits
>>         in eresource licenses
>> Message-ID:
>>         <
>> mailman.994.1745962325.1175082.eril-l-eril-l.org at lists.eril-l.org>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Hi all,
>>
>> I'm looking for input on whether others have encountered clauses in their
>> license agreements that require:
>>
>>   *   specific information security measures (and associated
>> documentation) to be in place
>>   *   audit rights for the vendor, to check compliance with the required
>> information security measures
>>
>> If so - did you accept these terms? Did you coordinate with your
>> institution's IT?
>>
>> Thank you!
>>
>> Charlotte Peterson
>> Electronic Resources Librarian
>> Butler University Libraries
>> cpeterson1 at butler.edu
>> 317-940-5877
>>
>
>
>
> ---------- Forwarded message ----------
> From: Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> To: Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> Cc:
> Bcc:
> Date: Thu, 1 May 2025 08:57:55 -0400
> Subject: Re: [Eril-l] [EXTERNAL] Re: Information security requirements and
> vendor audits in eresource licenses
> Charlotte, you could consider submitting this to the LIBLICENSE listserv,
> in case someone on there has a thought!
>
> On Thu, May 1, 2025 at 8:55 AM Electronic Resources in Libraries
> discussion list via Eril-l <eril-l at lists.eril-l.org> wrote:
>
>> [*Caution*: Email from External Sender. Do not click or open links or
>> attachments unless you know this sender.]
>>
>> Hi,
>> I haven't seen this in any of our licenses, but our IT department must
>> review and approve all of our license agreements before they can be signed
>> (and we don't have signature authority). IT has brought other issues to our
>> attention like authentication and authorized users and would presumably
>> flag clauses like the ones you've seen.
>>
>> Patrick
>>
>> *Patrick Hartsfield | Assistant Director for Collections and Metadata*
>>
>> Springfield College
>> Office of Library Services
>>
>> 263 Alden Street
>> Springfield, Massachusetts 01109
>>
>> springfield.edu | 413-748-3784
>> jhartsfield at springfield.edu
>>
>>
>> On Wed, Apr 30, 2025 at 4:21 PM <eril-l-request at lists.eril-l.org> wrote:
>>
>>> Message: 3
>>> Date: Tue, 29 Apr 2025 21:31:58 +0000
>>> From: Electronic Resources in Libraries discussion list
>>>         <eril-l at lists.eril-l.org>
>>> To: Electronic Resources in Libraries discussion list via Eril-l
>>>         <eril-l at lists.eril-l.org>
>>> Subject: [Eril-l] Information security requirements and vendor audits
>>>         in eresource licenses
>>> Message-ID:
>>>         <
>>> mailman.994.1745962325.1175082.eril-l-eril-l.org at lists.eril-l.org>
>>> Content-Type: text/plain; charset="us-ascii"
>>>
>>> Hi all,
>>>
>>> I'm looking for input on whether others have encountered clauses in
>>> their license agreements that require:
>>>
>>>   *   specific information security measures (and associated
>>> documentation) to be in place
>>>   *   audit rights for the vendor, to check compliance with the required
>>> information security measures
>>>
>>> If so - did you accept these terms? Did you coordinate with your
>>> institution's IT?
>>>
>>> Thank you!
>>>
>>> Charlotte Peterson
>>> Electronic Resources Librarian
>>> Butler University Libraries
>>> cpeterson1 at butler.edu
>>> 317-940-5877
>>>
>> _______________________________________________
>> Eril-l mailing list
>> Eril-l at lists.eril-l.org
>> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>>
>
>
>
> ---------- Forwarded message ----------
> From: Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> To: Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> Cc:
> Bcc:
> Date: Thu, 1 May 2025 13:23:54 +0000
> Subject: Re: [Eril-l] Information security requirements and vendor audits
> in eresource licenses
> Charlotte,
> I have seen that language before, though I can't remember what
> resource/vendor. I think I did check with our in-house Library IT
> department and was assured that the University IT department had all of
> those documents. I accepted the language, and to my knowledge we have never
> been audited.
>
> I thought it was strangely specific, too.
> All the best,
> Christina
>
> Christina Torbert
>
> Head of Continuing Resources and Acquisitions
>
> Liaison to departments of Philosophy, Religion, and Gender Studies
>
> J.D. Williams Library
>
> University of Mississippi
>
> P.O. Box 1848
>
> University, MS 38677
>
> 662-915-7059 (o)
>
> Pronouns: she/her
>
>
> ------------------------------
> *From:* Eril-l <eril-l-bounces at lists.eril-l.org> on behalf of Electronic
> Resources in Libraries discussion list via Eril-l <eril-l at lists.eril-l.org
> >
> *Sent:* Tuesday, April 29, 2025 4:31 PM
> *To:* Electronic Resources in Libraries discussion list via Eril-l <
> eril-l at lists.eril-l.org>
> *Subject:* [Eril-l] Information security requirements and vendor audits
> in eresource licenses
>
> [EXTERNAL]
>
> Hi all,
>
>
>
> I’m looking for input on whether others have encountered clauses in their
> license agreements that require:
>
>    - specific information security measures (and associated
>    documentation) to be in place
>    - audit rights for the vendor, to check compliance with the required
>    information security measures
>
>
>
> If so – did you accept these terms? Did you coordinate with your
> institution’s IT?
>
>
>
> Thank you!
>
>
>
> Charlotte Peterson
>
> Electronic Resources Librarian
>
> Butler University Libraries
>
> cpeterson1 at butler.edu
>
> 317-940-5877
>
>
>
> Schedule a meeting <https://butler.libcal.com/appointments/cpeterson1>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Electronic Resources in Libraries discussion list <
> eril-l at lists.eril-l.org>
> To: eril-l at lists.eril-l.org
> Cc:
> Bcc:
> Date: Thu, 1 May 2025 11:11:11 -0400
> Subject: [Eril-l] Primary Research Group Inc. has published the Survey of
> American College Students 2025, Use of 3D Printers, ISBN 979-8-88517-298-1
>
> This report looks at how and how often American college students use
> additive manufacturing equipment, popularly known as 3D printing.  The
> study gives detailed data on the percentage and kind of students who use 3D
> printers in the academic library, in overall university facilities, in
> their own homes, and in other domeciles – with detailed data sets for use
> in each of these and other places.
>
>
>
> The report pinpoints the extent of use, reporting minutes of use per
> month, broken down by type of student, by gender, age, sexual orientation,
> race and ethnicity, religión, academic major, income level, school size,
> tuition level and public/private status and many other variables.
>
>
>
> In open ended questions, students discuss how they use 3D printing on
> campus and their hopes for the development and availability of the
> technology at their college or university.  The study presents data on the
> type of input materials preferred by students, and their overall
> satisfaction level with the provision and quality of additive manufacturing
> technology at their colleges and universities.
>
>
>
> *Just a few of this 125-page report’s many findings are that:*
>
>
>
> ·         44% of students younger than age 20 have ever used a 3D printer
>
>
>
> ·         Students of Asian or Hispanic origins were far more likely than
> those of other backgrounds to have used a 3D printer at their academic
> library
>
>
>
> ·         11.3% of male students had ever used a 3D printer in their own
> homes.
>
>
>
> ·         Students raised abroad were also much more likely than those
> raised in the USA to highly value access to 3D printers – more than 27%
> believed it to be very important or important.
>
>
>
>
>
> For a table of contents, the questionnaire and an excerpt – view the
> product page for this report at:
> https://www.primaryresearch.com/AddCart.aspx?ReportID=843
> _______________________________________________
> Eril-l mailing list
> Eril-l at lists.eril-l.org
> http://lists.eril-l.org/listinfo.cgi/eril-l-eril-l.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20250505/8655caeb/attachment.htm>

More information about the Eril-l mailing list