Today OASIS announced official approval of version 1.1 of the CMIS (Content Management Interoperability Services) standard. OASIS is the nonprofit, international consortium behind many of the key technology standards in areas related to information management, cloud, privacy, and security.

I’ve been keenly watching the development and adoption of CMIS since its early beginnings in 2006 as an idea incubated by the AIIM iECM standards committee, and then moved to the stewardship of OASIS in 2008, once a critical mass of major vendor support had coalesced. Interoperability has always been an important requirement for ECM systems, not only because most large organizations have multiple systems, often from different vendors, but because business content needs to move, flow, and be accessible to many other essential line-of-business applications.

Interoperability is also finding renewed purpose as content management moves to the cloud, and content must be accessible to users, devices, and apps regardless of whether it is stored on-premises or in a hosted repository. According to the OASIS press release, “CMIS frees content trapped in traditional ‘content silos’ and facilitates ‘content in the cloud’ and mobile computing.”

Two of the new functions supported in version 1.1 are of particular interest to me and my records management/eDiscovery research agenda: support for object “Retention” and support for object “Hold.” CMIS does not itself define records management policies or business rules but is evolving to help support at some of the most basic use cases. An RM application must still define hold and retention rules, but this extension of the interoperability spec now permits these rules to be pushed into the repository layer.

  • Retention prevents an object from deletion until the retention is expired or removed.
  • Hold prevents an object from being modified until the hold is removed.

I’ve heard some criticism from ECM experts, questioning whether such records management capabilities really belong in CMIS. I believe that these foundational ones do. This evolution at last brings these fundamental information governance concepts out of the silo of RM systems. What’s happened here is not the creep of RM domain-specific functions, but the recognition that these functions are core to ECM.

What’s the potential here? It means we can now open the door to basic manage-in-place capabilities across all types of content and information management applications — even those beyond ECM. Since 2010 we’ve seen adoption of CMIS in web content management systems, collaboration tools, ERP systems, portals, and even BPM systems. Application of basic retention and legal hold rules to content generated by or residing in those applications can now be more locked-down without having to migrate or copy the content into a second repository. As business content and communication is created in web, social, mobile, and cloud apps, a broader reach of basic information governance rules is absolutely needed.

Other new functions added to version 1.1 include: type mutability (allowing CMIS clients to update type and property definitions for repositories), better support for very large file uploads by allowing content to be appended in smaller chunks, support for JSON-based bindings for more efficient browser clients, and support for secondary object types (for example, document type has a sub-type of memo).

Forrester asked 179 ECM decision-makers about their overall ECM strategy in our recent May 2013 Global Enterprise Content Management Online Survey. The majority of respondents said their strategy involved standardizing on one ECM suite, or using a standard ECM suite in parallel with Microsoft SharePoint. Thirteen percent of the respondents, however, said their strategy was to allow multiple ECM systems to coexist, leveraging interoperability standards such as CMIS for integration. This is the first time Forrester has asked about CMIS in this strategy question, and it demonstrates that enterprise architects and ECM administrators are becoming aware of its value.

Adoption of CMIS 1.0 has, over the last year, hit the mainstream among ECM vendors. Early adopters back in 2010 when version 1.0 was first ratified were the smaller, more agile, often open source vendors who didn’t have to wait for a two- to three-year development cycle to include support. Today, we see that the majority of influential vendors — large and small, open or proprietary, on-premises or cloud — have implemented CMIS. Even more important is what we’re hearing from our Forrester clients: CMIS is being identified as a central component of an overall ECM strategy in large companies. We’re seeing large global banks as well as public sector agencies lead the way, putting CMIS front and center in their architecture discussions.

Thanks very much to Carol Geyer at OASIS and David Choy, CMIS Technical Committee chair, for their time setting up a very informative briefing for my colleague Alan Weintraub and me. We look forward to hearing specific examples of the new version 1.1 feature adoption by the vendors that we cover, as well as how our large enterprise clients bring CMIS into their enterprise architecture road map.