<!DOCTYPE html><html lang="en-us"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><link rel="preload" href="/_next/static/css/ebe08d55cdedff15.css" as="style"/><link rel="stylesheet" href="/_next/static/css/ebe08d55cdedff15.css" data-n-g=""/><link rel="preload" href="/_next/static/css/339c0ea2c4cbea13.css" as="style"/><link rel="stylesheet" href="/_next/static/css/339c0ea2c4cbea13.css" data-n-p=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-5cd94c89d3acac5f.js"></script><script src="/_next/static/chunks/webpack-d4a0d90a748285e2.js" defer=""></script><script src="/_next/static/chunks/framework-568b840ecff66744.js" defer=""></script><script src="/_next/static/chunks/main-340999ebc20e4ab9.js" defer=""></script><script src="/_next/static/chunks/pages/_app-0e8395c8e2cbbbf7.js" defer=""></script><script src="/_next/static/chunks/1449-51dad6ee7db6a77a.js" defer=""></script><script src="/_next/static/chunks/7374-503f62456db22fc5.js" defer=""></script><script src="/_next/static/chunks/pages/policies/%5Bslug%5D-ad5a3fad9de21cc7.js" defer=""></script><script src="/_next/static/Wt_k0n_F_gOAUApDTneRU/_buildManifest.js" defer=""></script><script src="/_next/static/Wt_k0n_F_gOAUApDTneRU/_ssgManifest.js" defer=""></script><script src="/_next/static/Wt_k0n_F_gOAUApDTneRU/_middlewareManifest.js" defer=""></script></head><body><div id="__next" data-reactroot=""><div class=""><div class="PolicyPage_container__Ie1lp"><div class="PolicyPage_legal__IZHUa"><div class="PolicyPage_logo____sd2"><div class="PolicyPage_OD_logo__gApNw" alt="OverDrive_Logo_2020.svg"></div></div><div class="PolicyPage_linkTabs__STkCI"><ul><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="Privacy Policy" href="/policies/privacy-policy">Privacy Policy</a></li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="OverDrive and the GDPR" href="/policies/gdpr">OverDrive and the GDPR</a></li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="OverDrive &amp; Accessibility" href="/policies/accessibility">OverDrive &amp; Accessibility</a></li><li>Security Statement</li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="Cookie Policy" href="/policies/cookie-policy">Cookie Policy</a></li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="Privacy Policy for Children" href="/policies/privacy-policy-for-children">Privacy Policy for Children</a></li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="Terms &amp; Conditions" href="/policies/terms-and-conditions">Terms &amp; Conditions</a></li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="Data Request" href="/policies/data-request">Data Request</a></li><li><a target="_self" rel="noreferrer" class="PolicyPage_linkTab__fONIK" aria-label="Datenschutzhinweise" href="/policies/datenschutzvereinbarung">Datenschutzhinweise</a></li></ul></div><div id="page-content"><h1>OverDrive Security and Business Continuity Statement</h1><h2>I. Administrative Security</h2><p>OverDrive maintains security policies which are applicable to all its employees. Policies align with common industry standards, like PCI-DSS. Employees are responsible for safeguarding confidential information as well as any such information OverDrive may have because of a business relationship.</p><h2>II. Site Security</h2><p>OverDrive utilizes physical and technical access controls to protect data. Physical access controls protect site security. Only the employees who need access to perform their job functions have physical access to the location where data is stored.</p><h2>III. Technical Security</h2><p>Employees only have technical access to information for which there is a specific need to know. Technical access controls include password protection, role-based access control, network segmentation, multifactor authentication, and single sign on. Data is encrypted in transit over the Internet. OverDrive performs ongoing vulnerability scans of both internal and external infrastructure using industry standard tools. OverDrive also completes third-party penetration testing of internal and external systems.</p><h2>IV. Business Continuity</h2><p>OverDrive monitors security and system performance, including up/down times, site and server responsiveness, latency, error rate and many other metrics. Internal operational procedures are well established and executed as appropriate so that immediate actions may be taken to resolve issues whenever required. In the event of a loss of service for public-facing systems, OverDrive has a rapid response plan in place to notify customers of the potential issue, with actions and expected resolution time indicated when possible. Full backups are performed regularly. Essential backup data is stored at a secure off-site confidential location.</p><p>OverDrive鈥檚 services are typically available to users 99.95% of the time. Users can view OverDrive鈥檚 status page, available at <a href="https://status.overdrive.com/" target="_self">https://status.overdrive.com/</a>, which indicates any downtime for scheduled maintenance or interruptions in service. Customers are notified via email regarding any extended periods of downtime.</p><h2>V. Data Privacy</h2><p>OverDrive takes data privacy seriously. OverDrive鈥檚 privacy statements can be found here: <a href="https://overdrive.com/privacy" target="_self">https://overdrive.com/privacy</a></p><h2>VI. Certifications</h2><div style="display: grid;grid-template-columns: 1fr 1fr;"><a href="https://static.od-cdn.com/OverDrive_PCI_certificate_2024-02-22.pdf" target="_blank"><img alt="Certificate of PCI" inline="true" src="https://images.contentstack.io/v3/assets/bltcf09817a67889aa9/blta9e6b08dfa5eec18/65de042aae62f777124be612/certificate-pci-2024.png" max-width="95%" width="95%" style="text-align: left;float: left;display: inline-block;"/></a><a href="https://static.od-cdn.com/Cyber_Essentials_certificate_2024-03-14.pdf" target="_blank"><img alt="Certificate of Assurance" inline="true" src="https://images.contentstack.io/v3/assets/bltcf09817a67889aa9/blt18ab9b9b20b91c77/65f8a0ada93acb1c71312788/Cyber-Essentials-certificate-2024-03-14.png" max-width="95%" width="95%" style="text-align: left;float: left;"/></a></div></div></div></div></div></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"thisPage":{"form":{"href":"","title":""},"nav_barConnection":{"edges":[{"node":{"title":"Policy page nav bar","navigation_links":[{"href":"/privacy-policy","title":"Privacy Policy"},{"href":"/gdpr","title":"OverDrive and the GDPR"},{"href":"/accessibility","title":"OverDrive \u0026 Accessibility"},{"href":"/security-statement","title":"Security Statement"},{"href":"/cookie-policy","title":"Cookie Policy"},{"href":"/privacy-policy-for-children","title":"Privacy Policy for Children"},{"href":"/terms-and-conditions","title":"Terms \u0026 Conditions"},{"href":"/data-request","title":"Data Request"},{"href":"/datenschutzvereinbarung","title":"Datenschutzhinweise"}],"logoConnection":{"edges":[{"node":{"url":"https://images.contentstack.io/v3/assets/bltcf09817a67889aa9/blta3493db9a59cbc01/62c6f8485a74e05a00716da1/OverDrive_Logo_2020.svg","title":"OverDrive_Logo_2020.svg"}}]}}}]},"section":"\u003ch1\u003eOverDrive Security and Business Continuity Statement\u003c/h1\u003e\u003ch2\u003eI. Administrative Security\u003c/h2\u003e\u003cp\u003eOverDrive maintains security policies which are applicable to all its employees. Policies align with common industry standards, like PCI-DSS. Employees are responsible for safeguarding confidential information as well as any such information OverDrive may have because of a business relationship.\u003c/p\u003e\u003ch2\u003eII. Site Security\u003c/h2\u003e\u003cp\u003eOverDrive utilizes physical and technical access controls to protect data. Physical access controls protect site security. Only the employees who need access to perform their job functions have physical access to the location where data is stored.\u003c/p\u003e\u003ch2\u003eIII. Technical Security\u003c/h2\u003e\u003cp\u003eEmployees only have technical access to information for which there is a specific need to know. Technical access controls include password protection, role-based access control, network segmentation, multifactor authentication, and single sign on. Data is encrypted in transit over the Internet. OverDrive performs ongoing vulnerability scans of both internal and external infrastructure using industry standard tools. OverDrive also completes third-party penetration testing of internal and external systems.\u003c/p\u003e\u003ch2\u003eIV. Business Continuity\u003c/h2\u003e\u003cp\u003eOverDrive monitors security and system performance, including up/down times, site and server responsiveness, latency, error rate and many other metrics. Internal operational procedures are well established and executed as appropriate so that immediate actions may be taken to resolve issues whenever required. In the event of a loss of service for public-facing systems, OverDrive has a rapid response plan in place to notify customers of the potential issue, with actions and expected resolution time indicated when possible. Full backups are performed regularly. Essential backup data is stored at a secure off-site confidential location.\u003c/p\u003e\u003cp\u003eOverDrive鈥檚 services are typically available to users 99.95% of the time. Users can view OverDrive鈥檚 status page, available at \u003ca href=\"https://status.overdrive.com/\" target=\"_self\"\u003ehttps://status.overdrive.com/\u003c/a\u003e, which indicates any downtime for scheduled maintenance or interruptions in service. Customers are notified via email regarding any extended periods of downtime.\u003c/p\u003e\u003ch2\u003eV. Data Privacy\u003c/h2\u003e\u003cp\u003eOverDrive takes data privacy seriously. OverDrive鈥檚 privacy statements can be found here: \u003ca href=\"https://overdrive.com/privacy\" target=\"_self\"\u003ehttps://overdrive.com/privacy\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eVI. Certifications\u003c/h2\u003e\u003cdiv style=\"display: grid;grid-template-columns: 1fr 1fr;\"\u003e\u003ca href=\"https://static.od-cdn.com/OverDrive_PCI_certificate_2024-02-22.pdf\" target=\"_blank\"\u003e\u003cimg alt=\"Certificate of PCI\" inline=\"true\" src=\"https://images.contentstack.io/v3/assets/bltcf09817a67889aa9/blta9e6b08dfa5eec18/65de042aae62f777124be612/certificate-pci-2024.png\" max-width=\"95%\" width=\"95%\" style=\"text-align: left;float: left;display: inline-block;\"/\u003e\u003c/a\u003e\u003ca href=\"https://static.od-cdn.com/Cyber_Essentials_certificate_2024-03-14.pdf\" target=\"_blank\"\u003e\u003cimg alt=\"Certificate of Assurance\" inline=\"true\" src=\"https://images.contentstack.io/v3/assets/bltcf09817a67889aa9/blt18ab9b9b20b91c77/65f8a0ada93acb1c71312788/Cyber-Essentials-certificate-2024-03-14.png\" max-width=\"95%\" width=\"95%\" style=\"text-align: left;float: left;\"/\u003e\u003c/a\u003e\u003c/div\u003e","title":"Security Statement","url":"/security-statement"},"locale":"en-us"},"__N_SSG":true},"page":"/policies/[slug]","query":{"slug":"security-statement"},"buildId":"Wt_k0n_F_gOAUApDTneRU","isFallback":false,"gsp":true,"locale":"en-us","locales":["en-us"],"defaultLocale":"en-us","scriptLoader":[]}</script></body></html>