OverDrive maintains security policies which are applicable to all its employees. Policies align with common industry standards, like PCI-DSS. Employees are responsible for safeguarding confidential information as well as any such information OverDrive may have because of a business relationship.
OverDrive utilizes physical and technical access controls to protect data. Physical access controls protect site security. Only the employees who need access to perform their job functions have physical access to the location where data is stored.
Employees only have technical access to information for which there is a specific need to know. Technical access controls include password protection, role-based access control, network segmentation, multifactor authentication, and single sign on. Data is encrypted in transit over the Internet. OverDrive performs ongoing vulnerability scans of both internal and external infrastructure using industry standard tools. OverDrive also completes third-party penetration testing of internal and external systems.
OverDrive monitors security and system performance, including up/down times, site and server responsiveness, latency, error rate and many other metrics. Internal operational procedures are well established and executed as appropriate so that immediate actions may be taken to resolve issues whenever required. In the event of a loss of service for public-facing systems, OverDrive has a rapid response plan in place to notify customers of the potential issue, with actions and expected resolution time indicated when possible. Full backups are performed regularly. Essential backup data is stored at a secure off-site confidential location.
OverDrive’s services are typically available to users 99.95% of the time. Users can view OverDrive’s status page, available at https://status.overdrive.com/, which indicates any downtime for scheduled maintenance or interruptions in service. Customers are notified via email regarding any extended periods of downtime.
OverDrive takes data privacy seriously. OverDrive’s privacy statements can be found here: https://overdrive.com/privacy