CONTENTdm allows you to easily build and showcase your digital collections on your personalised website, making them more discoverable to people around the world. In many places, CONTENTdm also secures and monitors your master files in a cloud‑based preservation archive so they remain safe for the future.


  • Create and organize collections
  • Quickly add digital items and metadata
  • Manage complex media types
  • Customizable web site
  • Preservation archive, secure storage of your master files /digital originals
  • Turn scanned page images into searchable text with OCR
  • API for extended integration and supports the IIIF Image API
  • Search, browse, display digital items
  • Full-text search
  • Supports image, text, audio, video files


  • Customize without programming
  • Quickly add digital items and metadata
  • Show results quickly
  • Easily brand your collections
  • Users can find your resources through various services
  • Store any type of file
  • Understand how your collections are used and accessed
  • Users can browse unfamiliar collections without specific search terms
  • Displays highlighted search terms within the image with prepared documents
  • Guide the search journey by configuring which fields are displayed


£5493 per unit

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10



Andrew Evans



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints OCLC will notify Institution promptly of any factor, occurrence, or event coming to its attention likely to affect OCLC's ability to meet the Uptime Commitment, or that is likely to cause any material interruption or disruption in the Hosted Services. Maintenance may occur any Sunday during a 4 hour window and may occasionally be extended. Notice of scheduled maintenance will generally occur 3 days prior to scheduled downtime. In the event emergency maintenance is required, OCLC will make commercially reasonable efforts to notify Institution in advance.
System requirements Not Applicable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to questions within four hours, within UK office hours (09:00 – 17:30 Monday-Friday, excluding English Bank Holidays)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support work to the following SLAs: * Level 1 Definition: An outage or an almost total loss of functionality, SLA Response time 2hrs SLA for time to fix / provide workaround 24 hours/ * Level 2 Definition: A significant proportion of the system loses functionality, SLA Response time 4hrs SLA for time to fix / provide workaround 7 days/ * Level 3 Definition: The system does not operate in accordance with the product description, but the Library is still able to use significant elements of the system, SLA Response time 4hrs SLA for time to fix / provide workaround 20 days. All customers receive the same level of support and support costs are included in the fee for providing and maintaining software. OCLC provides a Technical Services/Cloud support contact person
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started OCLC provides regularly, monthly public webinar-style on-boarding sessions as well as pre-recorded sessions for immediate viewing.

A complete set of help files, tutorials, FAQs, and training schedules is available at https://www.oclc.org/support/services/contentdm.en.html.

OCLC provides onsite training tailored to individual organization's needs for an addition fee.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Customers may retrieve all metadata and digital items stored from their CONTENTdm site. Multiple metadata export options are available directly from the interface; digital items can be delivered over the Internet or via physical media for larger collections.
End-of-contract process Export of metadata is the responsibility of the customer and is available through CONTENTdm administrator tools at no additional charge.

Export of digital items can be arranged with CONTENTdm support and is available at no additional charge. Digital items are delivered via ftp for smaller collections and via physical media through the post for larger collections.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We utilize a responsive design based on the ReactJS framework. All features of the user interface are available on mobile phones, tablets, and desktops.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing We utilize WAVE to verify WCAG compatibility and verify with several in-house employees on their assistive technology such as JAWS screen-readers.
What users can and can't do using the API The API is publicly available as a RESTful service. Documentation for the API is available at https://www.oclc.org/support/services/contentdm.en.html.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Users can customize the look and feel of their public CONTENTdm end-user interface utilizing a Website administrator interface. Feature customizations toggles are available as well as adding custom style sheets and web pages. Only customer-authorized CONTENTdm administrators have access to the Website administrator interface. Authorized-access is controlled through CONTENTdm administrator's dashboard.


Independence of resources Our Webscale services are highly scalable, and can support any number of simultaneous users without negatively affecting system performance. Performance will be monitored to ensure that response time meets quality standards that have been set. WMS achieves scale and robustness through horizontal partitioning. A partition is defined by the subset of institutions it serves. For scale, we deploy multiple copies of each service, with each instance serving one or more partitions. As more institutions come online and load increases we add partitions and deploy additional service instances across additional hardware; therefore, each service, partition and institution is scaled independently .


Service usage metrics Yes
Metrics types CONTENTdm has some basic usage reporting in CONTENTdm administration. Basic reporting shows the number of items and number of collections as well as the count of different item types such as text, image, video and audio items.

CONTENTdm is compatible with Google Analytics and supports detailed website analytics as well as CONTENTdm-specific item view and page view information.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Physical security within the data center allows only authorized staff to have access to the servers. This includes biometric mechanisms for staff identification. Logical access control allows only authorized staff or users to have appropriate access to data. Identity management data is encrypted at rest.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users export metadata through CONTENTdm administration tools.
Users may request digital item export through CONTENTdm support, typically at no additional charge.
Data export formats
  • CSV
  • Other
Other data export formats Xml
Data import formats
  • CSV
  • Other
Other data import formats Xml

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network While we do not encrypt traffic within a data center, all traffic between data centers is encrypted using Legacy SSL and TLS (1.2). Robust perimeter controls ensure that no unencrypted private traffic flows across the internet. We employ state of the art Intrusion Detection Systems and user enterprise-grade anti virus protection on our Windows servers. Since our public APIs are exposed to the internet, client traffic to and from those APIs is encrypted.

Availability and resilience

Availability and resilience
Guaranteed availability Our SLA states an Uptime Commitment of 99.5%. All software applications are monitored 24x7x365 and alerts are captured in both log files and a centralized internal dashboard which is proactively managed by IT specialists. Customers may choose to sign up for global system alerts and associated updates about resolution. With regard to the LMS performance, we aim for 95% of transactions to complete within three seconds across 10 minute reporting windows during office hours (measured from system ingress point to system egress point, thus excluding network transit time beyond OCLC data centres). UK Helpdesk available 09:00 - 17:30 Monday – Friday. High priority calls are answered via the global support desks, available 24/7. The UK Support team is made up of nine analysts. Response times relate to the urgency rating of a call: Critical – 2hrs response with a fix or work-around within 4 hrs [average resolution achieved 1hr, 55 mins) High – 4 hrs response with a fix or work-around within 7 days [average resolution achieved 6 hrs] Medium – 4 hrs response with a fix or work-around within 20 days [average resolution achieved 9 days] We have no case of refunding for failure to meet these standards.
Approach to resilience Information on how our service is designed to be resilient is available on request
Outage reporting Customers may sign up for global system alerts and any associated resolution updates. This can be via email or RSS feed.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels Access to management interfaces is restricted to specific user names and is configured by the CONTENTdm administrator for the site.
Access restriction testing frequency At least once a year
Management access authentication Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date 29/06/2016
What the ISO/IEC 27001 doesn’t cover We did not implement ISO 27001 control A.18.1.5 because because OCLC does not create, manage, or export cryptographic controlled items.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Head of Global Security is responsible for implementing the Information Security Policy, and this position reports to the Chief Information Officer (CIO). The CIO reports to the Chief Executive Officer (CEO). Our policies follow the ISO 27001:2013 standard, and we will be happy to review them with you on request. Yearly ISO 27001 audits ensure that we comply with our policies, and internal security staff routinely engages with other staff to ensure policies are considered and addressed during development and deployment.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Supplier-defined controls
Vulnerability management type Supplier-defined controls
Vulnerability management approach We conduct vulnerability scans monthly to identify potential threats. A team consisting of security and support staff review each vulnerability for its severity and potential impact the business. We deploy patches as needed based on our analysis, and we have a process for handling emergency/critical patches. We use vulnerability scans, vendor security bulletins, and trusted news sources to keep informed of potential threats. We also rely on the Common Vulnerability Enumeration and follow the principles of the Common Vulnerability Scoring System.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use an industry-leading IDS to monitor incoming and outgoing traffic. We closely monitor system performance for early indication of security issues. We preserve audit logs for at least six months and use those logs for diagnostic and forensic purposes. OCLC maintains a robust Incident Response process, and we conduct annual training on that process.
Incident management type Supplier-defined controls
Incident management approach Users can report events through the website or by calling the OCLC service desk. Operations has a full runbook detailing how to respond to common events. OCLC also maintains a full escalation matrix that defines critical staff to involve for each product and service. Should an incident require it, OCLC has a time-tested Computer Incident Response Procedure that is reviewed annually by the Director of Global Security. This procedures defines the team and the individual roles to handle an incident. We maintain a website for customers to monitor overall system health.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5493 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free version of CONTENTdm is not available


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑