OCLC (UK) Ltd

CONTENTdm

CONTENTdm allows you to easily build and showcase your digital collections on your personalised website, making them more discoverable to people around the world. In many places, CONTENTdm also secures and monitors your master files in a cloud‑based preservation archive so they remain safe for the future.

Features

  • Create and organize collections
  • Quickly add digital items and metadata
  • Manage complex media types
  • Customizable web site
  • Preservation archive, secure storage of your master files /digital originals
  • Turn scanned page images into searchable text with OCR
  • API for extended integration and supports the IIIF Image API
  • Search, browse, display digital items
  • Full-text search
  • Supports image, text, audio, video files

Benefits

  • Customize without programming
  • Quickly add digital items and metadata
  • Show results quickly
  • Easily brand your collections
  • Users can find your resources through various services
  • Store any type of file
  • Understand how your collections are used and accessed
  • Users can browse unfamiliar collections without specific search terms
  • Displays highlighted search terms within the image with prepared documents
  • Guide the search journey by configuring which fields are displayed

Pricing

£5,828 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.evans@oclc.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 5 9 0 7 2 1 2 2 2 8 0 0 3 6

Contact

OCLC (UK) Ltd Andrew Evans
Telephone: 01142677500
Email: andrew.evans@oclc.org

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
OCLC will notify Institution promptly of any factor, occurrence, or event coming to its attention likely to affect OCLC's ability to meet the Uptime Commitment, or that is likely to cause any material interruption or disruption in the Hosted Services. Maintenance may occur any Sunday during a 4 hour window and may occasionally be extended. Notice of scheduled maintenance will generally occur 3 days prior to scheduled downtime. In the event emergency maintenance is required, OCLC will make commercially reasonable efforts to notify Institution in advance.
System requirements
Not Applicable

User support

Email or online ticketing support
Email or online ticketing
Support response times
An email response is given immediately to acknowledge receipt of a question and Support assign a call number used to track the query. All customers receive the same level of support. The UK Support Desk is open during UK business hours (Mon–Fri, 09:00-17:30 and excluding public holidays). Outside of these hours customers can report system issues to our global, Service Operation Centre, which operates 24/7. They deal with critical calls, typically focusing on system availability issues. Lower priority critical calls can be registered via the online ticketing system and will be picked up when the support desk re-opens.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support work to the following SLAs: * Level 1 Definition: An outage or an almost total loss of functionality, SLA Response time 2hrs SLA for time to fix / provide workaround 24 hours/ * Level 2 Definition: A significant proportion of the system loses functionality, SLA Response time 4hrs SLA for time to fix / provide workaround 7 days/ * Level 3 Definition: The system does not operate in accordance with the product description, but the Library is still able to use significant elements of the system, SLA Response time 4hrs SLA for time to fix / provide workaround 20 days. All customers receive the same level of support and support costs are included in the fee for providing and maintaining software. OCLC provides a Technical Services/Cloud support contact person
Support available to third parties
Yes

Onboarding and offboarding

Getting started
OCLC provides regularly, monthly public webinar-style on-boarding sessions as well as pre-recorded sessions for immediate viewing.

A complete set of help files, tutorials, FAQs, and training schedules is available at https://www.oclc.org/support/services/contentdm.en.html.

OCLC provides onsite training tailored to the individual organization's needs for an addition fee.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Customers may retrieve all metadata and digital items stored from their CONTENTdm site. Multiple metadata export options are available directly from the interface. Digital items can be delivered over the internet or via physical media for larger collections.
End-of-contract process
Export of metadata is the responsibility of the customer and is available through the CONTENTdm administrator tools at no additional charge.

Export of digital items can be arranged with CONTENTdm support and is available at no additional charge. Digital items are delivered via ftp for smaller collections and via physical media through the post for larger collections.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We utilize a responsive design based on the ReactJS framework. All features of the user interface are available on mobile phones, tablets, and desktops.
Service interface
Yes
Description of service interface
CONTENTdm's website is accessible from any device and it includes an image viewer that supports hand gestures for zoom and pan. It includes a flexible and mobile advanced search which provides end users with more options to search through sophisticated search queries. CONTENTdm offers audio and video players optimized for smooth play on cellular networks. The PDF viewer is tuned for all devices to create a universal viewing experience.

We’ve performed usability testing and WCAG compliance testing to ensure the best possible result for your users. We continue to make WCAG a priority with each release
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
OCLC tests with JAWS and Google accessibility tools for developers. In addition, we encourage external audits from our user’s accessibility teams and are happy to review and incorporate findings from those audits.
API
Yes
What users can and can't do using the API
The API is publicly available as a RESTful service. Documentation for the API is available at https://www.oclc.org/support/services/contentdm.en.html.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Users can customize the look and feel of their public CONTENTdm end-user interface utilizing a web administrator interface. Feature customizations toggles are available as well as adding custom style sheets and web pages. Only customer-authorized CONTENTdm administrators have access to the web administrator interface. Authorized access is controlled through CONTENTdm administrator's dashboard.

Scaling

Independence of resources
Our webscale services are highly scalable, and can support any number of simultaneous users without negatively affecting system performance. Performance will be monitored to ensure that response time meets quality standards that have been set. CONTENTdm achieves scale and robustness through horizontal partitioning. A partition is defined by the subset of institutions it serves. For scale, we deploy multiple copies of each service, with each instance serving one or more partitions. As more institutions come online and load increases we add partitions and deploy additional service instances across additional hardware; therefore, each service, partition and institution is scaled independently.

Analytics

Service usage metrics
Yes
Metrics types
CONTENTdm has some basic usage reporting in CONTENTdm administration. Basic reporting shows the number of items and number of collections as well as the count of different item types such as text, image, video and audio items.

CONTENTdm is compatible with Google Analytics and supports detailed website analytics as well as CONTENTdm-specific item view and page view information.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Physical security within the data center allows only authorized staff to have access to the servers. This includes biometric mechanisms for staff identification. Logical access control allows only authorized staff or users to have appropriate access to data. Identity management data is encrypted at rest.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users export metadata through CONTENTdm administration tools.
Users may request digital item export through CONTENTdm support, typically at no additional charge.
Data export formats
  • CSV
  • Other
Other data export formats
Xml
Data import formats
  • CSV
  • Other
Other data import formats
Xml

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
While we do not encrypt traffic within a data center, all traffic between data centers is encrypted using Legacy SSL and TLS (1.2). Robust perimeter controls ensure that no unencrypted private traffic flows across the internet. We employ state of the art Intrusion Detection Systems and user enterprise-grade anti virus protection on our Windows servers. Since our public APIs are exposed to the internet, client traffic to and from those APIs is encrypted.

Availability and resilience

Guaranteed availability
Our SLA states an Uptime Commitment of 99.5%. All software applications are monitored 24x7x365 and alerts are captured in both log files and a centralized internal dashboard which is proactively managed by IT specialists. Customers may choose to sign up for global system alerts and associated updates about resolution. With regard to the system's performance, we aim for 95% of transactions to complete within three seconds across 10 minute reporting windows during office hours (measured from system ingress point to system egress point, thus excluding network transit time beyond OCLC data centres). UK Helpdesk available 09:00-17:30 Monday–Friday. High priority calls are answered via the global support desks, available 24/7. The UK Support team is made up of nine analysts. Response times relate to the urgency rating of a call: Critical – 2hrs response with a fix or work-around within 4 hrs [average resolution achieved 1hr, 55 mins] High – 4 hrs response with a fix or work-around within 7 days [average resolution achieved 6 hrs] Medium – 4 hrs response with a fix or work-around within 20 days [average resolution achieved 9 days]. We have no case of refunding for failure to meet these standards.
Approach to resilience
Information on how our service is designed to be resilient is available on request
Outage reporting
Customers may sign up for global system alerts and any associated resolution updates. This can be via email or RSS feed.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
Access to management interfaces is restricted to specific user names and is configured by the CONTENTdm administrator for the site.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date
04/02/2020
What the ISO/IEC 27001 doesn’t cover
We did not implement ISO 27001 control A.18.1.5 because because OCLC does not create, manage, or export cryptographic controlled items.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Head of Global Security is responsible for implementing the Information Security Policy, and this position reports to the Chief Information Officer (CIO). The CIO reports to the Chief Executive Officer (CEO). Our policies follow the ISO 27001:2013 standard, and we will be happy to review them with you on request. Yearly ISO 27001 audits ensure that we comply with our policies, and internal security staff routinely engages with other staff to ensure policies are considered and addressed during development and deployment.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Supplier-defined controls
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We conduct vulnerability scans monthly to identify potential threats. A team consisting of security and support staff review each vulnerability for its severity and potential impact the business. We deploy patches as needed based on our analysis, and we have a process for handling emergency/critical patches. We use vulnerability scans, vendor security bulletins, and trusted news sources to keep informed of potential threats. We also rely on the Common Vulnerability Enumeration and follow the principles of the Common Vulnerability Scoring System.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use an industry-leading IDS to monitor incoming and outgoing traffic. We closely monitor system performance for early indication of security issues. We preserve audit logs for at least six months and use those logs for diagnostic and forensic purposes. OCLC maintains a robust Incident Response process, and we conduct annual training on that process.
Incident management type
Supplier-defined controls
Incident management approach
Users can report events through the website or by calling the OCLC service desk. Operations has a full runbook detailing how to respond to common events. OCLC also maintains a full escalation matrix that defines critical staff to involve for each product and service. Should an incident require it, OCLC has a time-tested Computer Incident Response Procedure that is reviewed annually by the Director of Global Security. This procedures defines the team and the individual roles to handle an incident. We maintain a website for customers to monitor overall system health.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5,828 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A free trial option is available upon request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.evans@oclc.org. Tell them what format you need. It will help if you say what assistive technology you use.