OCLC (UK) Ltd

CONTENTdm

CONTENTdm allows you to easily build and showcase your digital collections on your personalised website, making them more discoverable to people around the world. In many places, CONTENTdm also secures and monitors your master files in a cloud‑based preservation archive so they remain safe for the future.

Features

• Create and organise collections
• Quickly add digital items and metadata
• Manage complex media types
• Customisable web site
• Preservation archive, secure storage of your master files /digital originals
• Turn scanned page images into searchable text with OCR
• Extended integration & support - IIIF Image and Presentation APIs
• Search, browse, display digital items
• Full-text search
• Supports image, text, audio, video files

Benefits

• Customise without programming
• Quickly add digital items and metadata
• Show results quickly
• Easily brand your collections
• Users can find your resources through various services
• Store any type of file
• Understand how your collections are used and accessed
• Users can browse unfamiliar collections without specific search terms
• Displays highlighted search terms within the image with prepared documents
• Guide the search journey by configuring which fields are displayed

£3,447 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.evans@oclc.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

802889013732868

Contact

Andrew Evans
01142677500
andrew.evans@oclc.org

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: OCLC will notify Institutions promptly of any factor, occurrence, or event coming to its attention likely to affect OCLC's ability to meet the Uptime Commitment, or that is likely to cause any material interruption or disruption in the Hosted Services. Maintenance may occur any Sunday during a 4 hour window and may occasionally be extended. Notice of scheduled maintenance will generally occur 3 days prior to scheduled downtime. In the event emergency maintenance is required, OCLC will make commercially reasonable efforts to notify Institution in advance.
• System requirements: Not Applicable

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An email response is given immediately to acknowledge receipt of a question and Support assign a call number used to track the query. All customers receive the same level of support. The UK Support Desk is open during UK business hours (Mon–Fri, 09:00-17:30 and excluding public holidays). Outside of these hours customers can report system issues to our global, Service Operation Centre, which operates 24/7. They deal with critical calls, typically focusing on system availability issues. Lower priority critical calls can be registered via the online ticketing system and will be picked up when the support desk re-opens.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support work to the following SLAs: * Level 1 Definition: An outage or an almost total loss of functionality, SLA Response time 2hrs - SLA for time to fix / provide workaround 48 hours/ * Level 2 Definition: A significant proportion of the system loses functionality, SLA Response time 4hrs - SLA for time to fix / provide workaround 7 days/ * Level 3 Definition: The system does not operate in accordance with the product description, but the Library is still able to use significant elements of the system, SLA Response time 4hrs - SLA for time to fix / provide workaround 20 days. All customers receive the same level of support and support costs are included in the fee for providing and maintaining software. OCLC provides a Technical Services/Cloud support contact person.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: OCLC provides quarterly webinar-style on-boarding sessions as well as pre-recorded sessions for immediate viewing.; ; A complete set of help files, tutorials, FAQs, and training schedules is available at https://www.oclc.org/support/services/contentdm.en.html.; ; OCLC provides onsite training tailored to the individual organisation's needs for an additional fee.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers may retrieve all metadata and digital items stored from their CONTENTdm site. Multiple metadata export options are available directly from the interface. Digital items can be delivered over the internet or via physical media for larger collections.
• End-of-contract process: Export of metadata is the responsibility of the customer and is available through the CONTENTdm administrator tools at no additional charge.; ; Export of digital items can be arranged with CONTENTdm support and is available at no additional charge. Digital items are delivered via ftp for smaller collections and via physical media through the post for larger collections.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We use a responsive design based on the ReactJS framework. All features of the user interface are available on mobile phones, tablets, and desktops.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: CONTENTdm's website is accessible from any device and it includes an image viewer that supports hand gestures for zoom and pan. It includes a flexible and mobile advanced search which provides end users with more options to search through sophisticated search queries. CONTENTdm offers audio and video players optimised for smooth play on cellular networks. The PDF viewer is tuned for all devices to create a universal viewing experience.; ; We’ve performed usability testing and WCAG compliance testing to ensure the best possible result for your users. We continue to make WCAG a priority with each release.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: OCLC tests with JAWS and Google accessibility tools for developers. In addition, we encourage external audits from our user’s accessibility teams and are happy to review and incorporate findings from those audits.
• API: Yes
• What users can and can't do using the API: The API is publicly available as a RESTful service. Documentation for the API is available at https://www.oclc.org/support/services/contentdm.en.html.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users can customise the look and feel of their public CONTENTdm end-user interface using a web administrator interface. Feature customisations toggles are available as well as adding custom style sheets and webpages. Only customer-authorised CONTENTdm administrators have access to the web administrator interface. Authorised access is controlled through CONTENTdm administrator's dashboard.

Scaling

• Independence of resources: Our webscale services are highly scalable, and can support any number of simultaneous users without negatively affecting system performance. Performance will be monitored to ensure that response time meets quality standards that have been set. CONTENTdm achieves scale and robustness through horizontal partitioning. A partition is defined by the subset of institutions it serves. For scale, we deploy multiple copies of each service, with each instance serving one or more partitions. As more institutions come online and load increases we add partitions and deploy additional service instances across additional hardware; therefore, each service, partition and institution is scaled independently.

Analytics

• Service usage metrics: Yes
• Metrics types: CONTENTdm has basic usage reporting in CONTENTdm administration. Basic reporting shows the number of items and number of collections, as well as the count of different item types such as text, image, video, and audio items.; ; CONTENTdm is compatible with Google Analytics and supports detailed website analytics, as well as CONTENTdm-specific item view and page view information.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Physical security within the data centre allows only authorised staff to have access to the servers. This includes biometric mechanisms for staff identification. Logical access control allows only authorised staff or users to have appropriate access to data. Identity management data is encrypted at rest. Data is encrypted at rest using AES-256 encryption.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users export metadata through CONTENTdm administration tools.; Users may request digital item export through CONTENTdm support, typically at no additional charge.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Xml
• Data import formats:
  • CSV
  • Other
• Other data import formats: Xml

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: While we do not encrypt traffic within a data centre, all traffic between data centres is encrypted using Legacy SSL and TLS (1.2). Robust perimeter controls ensure that no unencrypted private traffic flows across the internet. We employ state of the art Intrusion Detection Systems and user enterprise-grade anti-virus protection on our Windows servers. Since our public APIs are exposed to the internet, client traffic to and from those APIs is encrypted.

Availability and resilience

• Guaranteed availability: Our SLA states an Uptime Commitment of 99.5%. All software applications are monitored 24x7x365 and alerts are captured in both log files and a centralised internal dashboard which is proactively managed by IT specialists. Customers may choose to sign up for global system alerts and associated updates about resolution. With regard to the system's performance, we aim for 95% of transactions to complete within three seconds across 10 minute reporting windows during office hours (measured from system ingress point to system egress point, thus excluding network transit time beyond OCLC data centres). UK Helpdesk available 09:00-17:30 Monday–Friday. High priority calls are answered via the global support desks, available 24/7. The UK Support team is made up of nine analysts. Response times relate to the urgency rating of a call: Critical – 2hrs response with a fix or work-around within 4 hrs [average resolution achieved 1hr, 55 mins] High – 4 hrs response with a fix or work-around within 7 days [average resolution achieved 6 hrs] Medium – 4 hrs response with a fix or work-around within 20 days [average resolution achieved 9 days]. We have no case of refunding for failure to meet these standards.
• Approach to resilience: Information on how our service is designed to be resilient is available on request
• Outage reporting: Customers may sign up for global system alerts and any associated resolution updates. This can be via email or RSS feed.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access to management interfaces is restricted to specific user names and is configured by the CONTENTdm administrator for the site.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman
• ISO/IEC 27001 accreditation date: 09-06-2023
• What the ISO/IEC 27001 doesn’t cover: Control A.18.1.5 has been declared not applicable because OCLC does not create, manage, or export cryptographic controlled items.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 06/02/2023
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 27018:2019
  • ISO/IEC 27701:2019

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 27018:2019, ISO/IEC 27701:2019
• Information security policies and processes: The Head of Global Security is responsible for implementing the Information Security Policy, and this position reports to the Chief Information Officer (CIO). The CIO reports to the Chief Executive Officer (CEO). Our policies follow the ISO 27001:2013 standard, and we will be happy to review them with you on request. Yearly ISO 27001 audits ensure that we comply with our policies, and internal security staff routinely engages with other staff to ensure policies are considered and addressed during development and deployment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Supplier-defined controls
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We conduct vulnerability scans monthly to identify potential threats. A team consisting of security and support staff review each vulnerability for its severity and potential impact the business. We deploy patches as needed based on our analysis, and we have a process for handling emergency/critical patches. We use vulnerability scans, vendor security bulletins, and trusted news sources to keep informed of potential threats. We also rely on the Common Vulnerability Enumeration and follow the principles of the Common Vulnerability Scoring System.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use an industry-leading IDS to monitor incoming and outgoing traffic. We closely monitor system performance for early indication of security issues. We preserve audit logs for at least six months and use those logs for diagnostic and forensic purposes. OCLC maintains a robust Incident Response process, and we conduct annual training on that process.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report events through the website or by calling the OCLC service desk. Operations has a full runbook detailing how to respond to common events. OCLC also maintains a full escalation matrix that defines critical staff to involve for each product and service. Should an incident require it, OCLC has a time-tested Computer Incident Response Procedure that is reviewed annually by the Director of Global Security. This procedures defines the team and the individual roles to handle an incident. We maintain a website for customers to monitor overall system health.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  As a company, OCLC were able to transition staff to homeworking successfully for two years, without the need to reduce headcount. Staff were supported remotely during this time with ongoing communications and provisions to allow for them to continue working successfully. Staff have come to appreciate the flexibility we have found in our remote workplace during Covid and OCLC have returned to the office in a hybrid model.; We have adopted a hybrid format that balances the need for flexibility, in-person engagement, and dedicated workspaces and technology that allow us to give our best to the customers who rely on OCLC’s products and services to serve their communities. This approach allows us to maintain and foster OCLC’s collaborative culture.; Consistent, in-person engagement allows important aspects of a healthy workplace to thrive, including mentoring, diversity and inclusion, problem-solving, creativity, and relationship-building.; In addition, the REALM research project www.oclc.org/realm conducted by OCLC, the Institute of Museum and Library Services, and Battelle, was set up to produce and distribute science-based COVID-19 information that can aid local decision making regarding operations of archives, libraries, and museums.; The project has:; Collected and summarised research related to the COVID-19 virus that may be applicable to the collections, operations, and facilities of archives, libraries, and museums.; Completed and published a laboratory study on how the COVID-19 virus interacts with materials commonly handled by staff and public in those facilities.; Produced toolkit resources that support operational and other decision making, specific to cultural heritage institutions.

  Equal opportunity

  OCLC is an equal opportunity employer. Employment practices are based on ability and performance, including hiring, promotions, training and development, compensation, and disciplinary actions. OCLC does not discriminate on the basis of race, colour, religion, national origin, sex, age, marital status, non-disqualifying physical or mental disability, veteran status, sexual orientation, political affiliation, and/or any other lawfully protected classification in the state, country, or province in which the employee is employed. Reasonable accommodation is provided in accordance with the law to advance employment opportunities for qualified individuals with physical or mental disabilities and disabled veterans.; Our diverse workforce is a tremendous asset. Valuing each associate as a unique and talented individual leads to a more productive and fulfilling work environment. Inclusion at OCLC is defined as “an active strategic process that values and leverages similarities and differences in order to accomplish a common goal.”; The Inclusion Initiative has the following primary aims:; To cultivate a corporate culture that promotes, understands the value of, and knows how to leverage a wide array of perspectives in the conviction that inclusive thinking will improve solutions for libraries and the diversity of people they serve.; To promote understanding of social and cultural contexts so that OCLC can operate effectively in the markets it serves.; To promote a work environment where every person within OCLC can feel significant, valued, and influential, thereby building broad commitment and ownership for the work of the cooperative. OCLC is committed to advancing equity, diversity, and inclusion https://www.oclc.org/en/about/diversity-and-advancing-racial-equity.html ; Our organization has a strong sense of public purpose and we commit to evaluating and calibrating our practices and policies. One initiative is Reimagine Descriptive Workflows https://www.oclc.org/research/areas/community-catalysts/reimagine-descriptive-workflows.html ; The report Reimagine Descriptive Workflows: A Community-informed Agenda for Reparative and Inclusive Descriptive Practice, synthesizes the findings from research and ongoing operational work.

  Wellbeing

  OCLC offers valuable benefits to protect the health and the wellbeing of employees and their families. OCLC promotes and encourages a healthy lifestyle, helping employees to live happier and healthier and aims to support staff to improve their health and make positive changes.; Some of the initiatives offered at OCLC UK include private medical insurance, flu vaccinations, eye care vouchers, a cycle to work scheme, as well an employee assistance program which gives employees and their family members access to expert guidance and specialist support on any kind of issue – from everyday matters to more serious wellbeing problems. This includes guidance on family relationships, dealing with conflict and debt management, as well as online tools such videos and podcasts on staying healthy.; Regular initiatives within the office such as yoga sessions, fresh fruit, and massages are also made available to staff.; OCLC UK also has its own Mental Health First Aider based at the Sheffield office who regularly promotes and communicates wellbeing advice. They are a point of contact if an employee or someone they are concerned about are experiencing a mental health issue or emotional distress and can give employees initial support and signpost them to appropriate help if required.; In recognition of our international teamwork and collaborative culture, we also encourage a flexible working environment and will endeavour to support our people, where possible, in alternative working patterns to support a healthy work life balance. This also aligns with our hybrid working model, allowing employees to work from both the office and home flexibly.

Pricing

• Price: £3,447 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free trial option is available upon request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.evans@oclc.org. Tell them what format you need. It will help if you say what assistive technology you use.