chapter 25 - who is doing a good job; audit and certification

7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification

1/20

Chapter 25

Who Is Doing a Good Job? Audit

and Certification

Comradeship and trust will emerge naturally when discipline and high standards

are enforced.(Tao Zhu Gong)

By the CCSDS/ISO RAC working group, led by David Giaretta

25.1 Background

The Preserving Digital Information report of the Task Force on Archiving of Digital

Information [242] declared,

a critical component of digital archiving infrastructure is the existence of a

sufficient number of trusted organizations capable of storing, migrating, and

providing access to digital collections.

a process of certification for digital archives is needed to create an overall climate

of trust about the prospects of preserving digital information.

The issue of certification, and how to evaluate trust into the future, as opposed to a

relatively temporary trust which may be more simply tested, has been a recurring

request, repeated in many subsequent studies and workshops.

The OAIS Reference Model Open Archival Information System (OAIS) [4], isnow adopted as the de facto standard for building digital archives [243].

25.1.1 Testability and Key OAIS Concepts

As discussed in Chap. 6 one of the key drivers of OAIS is the need for claims about

preservation of digitally encoded information to be testable. These are summarised

here and then developed in more detail.

461D. Giaretta, Advanced Digital Preservation, DOI 10.1007/978-3-642-16809-3_25,C Springer-Verlag Berlin Heidelberg 2011
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


2/20

462 25 Who Is Doing a Good Job? Audit and Certification

25.1.1.1 Preservation

We need first some methodology by which to test the basic claim that someone is

preserving some digitally encoded information; without such a test this is a mean-

ingless claim. OAIS introduces the, quite reasonable, test that the digital object mustsomehow be useable and understandable in the future. However by itself this is

too broad are we to be forced to ensure that the digitally encoded designs of a

battleship are to be understood by everyone, for example a 6 year old child? In

order to make this a practical test the obvious next refinement is to describe the

type of person and more particularly their background knowledge by whom

the information should be understandable. Thus OAIS introduces the concept of

Designated Community, defined as an identified group of potential Consumers

who should be able to understand a particular set of information. The Designated

Community may be composed of multiple user communities. Note that a Designated

Community is defined by the repository and this definition may change/evolve

over time.

Bringing these ideas together we can then say, following OAIS, that preserving

digitally encoded information means that we must ensure that the information to

be preserved is Independently Understandable to (and usable by) the Designated

Community.

We are clearly concerned about long term preservation, but how long is that?

OAIS defines Long Term as long enough to be concerned with the impacts of

changing technologies, including support for new media and data formats, or with a

changing Designated Community. Long Term may extend indefinitely.

25.1.1.2 Definition of the Designated Community

An important clarification is needed here, namely that the definition of the

Designated Community is left to the preserver. The same digital object held in dif-

ferent repositories could be being preserved for different Designated Communities,

each of which could consist of many disjoint communities.

The quid pro quo is that those funding or entrusting digital objects to the repos-itory can judge whether the definition of the Designated Community is appropriate

for their needs.

25.1.1.3 OAIS Conformance

OAIS conformance was discussed in some detail in Sect. 6.1. The standard

itself defines conformance in terms of the Information Model and the mandatory

responsibilities.

OAIS introduces a number of important concepts and conformance criteria; how-

ever this is not enough on which to base a certification scheme. The next section

describes some of the factors which must also be taken into consideration.


3/20

25.2 TRAC and Related Documents 463

25.2 TRAC and Related Documents

Section 1.5 of OAIS (the section entitled Road map for development of related stan-

dards) included an item for accreditation of archives, reflecting the long-standing

demand for a standard against which Repositories of digital information maybe audited and on which an international accreditation and certification process

may be based. It was agreed that RLG and NARA take a lead on this follow-on

standard.

A group was gathered by NARA and RLG (the latter subsequently incorpo-

rated into OCLC) to form the Task Force on Trusted Digital Repositories. This

group produced the Trustworthy Repositories Audit and Certification: Criteria

and Checklist [244]. The work combined concepts from OAIS and the Trusted

Digital Repositories: Attributes and Responsibilities [245]. The latter allowed the

group to supplement OAIS with considerations of financial stability and training ofpersonnel.

The document has a number of metrics grouped into

Organisational Infrastructure

Digital Object Management and Technologies

Technical Infrastructure

Security.

Accompanying each of the metrics is extensive additional explanatory text andexamples of the types of evidence which might be used as proof of fulfilling the

metrics. The document has being used as the basis for internal and test audits in

a number of repositories, however it is not part of a formal audit and certification

process.

Other work in this area includes:

the German preservation consortium, nestor, has produced a Catalogue of Criteria

for Trusted Digital Repositories [246] in early 2007 representatives from the Digital Curation Center [3],

DigitalPreservationEurope (DPE, http://www.digitalpreservationeurope.eu/),

NESTOR (Germany) and the Center for Research Libraries (North America)

met and produced a list of 10 core criteria for digital preservation repositories, to

guide further international efforts on auditing and certifying repositories [247].

A comparison of this list with the OAIS responsibilities was produced [ 248].

Ross et al. [249] produced comments on the TRAC document

a cross-walk between the TRAC, nestor and Ross documents was produced

[250]

the DCC and DPE projects produced the Digital Repository Audit Method Based

on Risk Assessment (DRAMBORA) toolkit. This toolkit is intended to facilitate

internal audit by providing repository administrators with a means to assess their

capabilities, identify their weaknesses, and recognise their strengths.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://www.digitalpreservationeurope.eu/http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://www.digitalpreservationeurope.eu/http://-/?-http://-/?-http://-/?-http://-/?-


4/20


All this work has been helpful in providing information and experience in assessing

digital repositories, and some provide a local or project-backed certificate of qual-

ity. However none provide an ISO based accreditation and certification system of

the kind which is available in other areas, such as the one concerning Information

Security, based on ISO 27001 series. Without this we cannot expect to have a markof quality and trustability for digital repositories which is recognised world-wide.

Efforts to produce such a system are described next.

25.3 Development of an ISO Accreditation

and Certification Process

The development of OAIS was hosted by the Consultative Committee for SpaceData Systems [5] and approved by ISO as ISO 14721. OAIS contained a roadmap

which listed a number of possible follow-on standards, some of which e.g. the

Producer-archive interface Methodology abstract standard (ISO 20652:2008),

have already become ISO standards, after development within CCSDS.

The need for a standard for certification of archives was included in that list

and the RLG/NARA work which produced TRAC was the first step in that pro-

cess. The next step was to bring the output of the RLG/NARA working group back

into CCSDS. This has been done and the Digital Repository Audit and Certification

(RAC) Working Group [6] has been created, the CCSDS details are available fromhttp://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAC, while the working docu-

ments are available from http://wiki.digitalrepositoryauditandcertification.org. Both

may be read by anybody but, in order to avoid hackers, only authorised users may

add to them. The openness of the development process is particularly important and

the latter site contains the notes from the weekly virtual meetings as well as the live

working version of the draft standards.

Besides developing the metrics, which started from the TRAC document, the

working group also has been working on the strategy for creating the accredita-

tion and certification process. Review of existing systems which have accreditation

and certification standard processes it became clear that there was a need for two

documents

1. Audit and Certification of Trustworthy Digital Repositories [251]

2. Requirements for bodies providing audit and certification of candidate trustwor-

thy digital repositories. [252]

The first document lists the metrics against which a digital repository may be

judged. It is anticipated that this list will be used for internal metrics or peer-

review of repositories, as well as for the formal ISO audit process. In addition

tools such as DRAMBORA could use these metrics as guidance for its risk

assessments.
http://-/?-http://-/?-http://-/?-http://-/?-http://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAChttp://wiki.digitalrepositoryauditandcertification.org/http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://wiki.digitalrepositoryauditandcertification.org/http://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAChttp://-/?-http://-/?-


5/20

25.4 Understanding the ISO Trusted Digital Repository Metrics 465

25.4 Understanding the ISO Trusted Digital Repository Metrics

It is clear that one cannot cover all possible situations in the metrics, nor can one

prescribe exactly what each repository must do. This is the case with all types of

audits. Instead one must leave a lot to the judgement of the auditors.To understand the way in which the metrics in Audit and Certification of

Trustworthy Digital Repositories [251] (referred to below as the metrics docu-

ment) were written it is helpful to think about the document in the following way,

building it up in the same way that the authors of that document.

A very important thing to understand is that in judging a repository one could

look at many types of issues. For example is the restaurant good, is the lighting

adequate, is wheelchair access, does the repository respond to requests within 3 min,

is it easy to find what one is looking for and so on. However these are not the things

against which the repository is to be judged here. Instead we are concerned abouthow well a repository preserves the digitally encoded information with which it has

been entrusted.

With this in mind, one could say that since the audit and certification depends on

the judgement of the auditors, the metrics document could have one metric, namely

Make sure the repository does a good job in preserving its holdings.

Of course this would not be adequate. We need to provide more guidance for the

auditors. Therefore we start by saying Well at least look at the organisation make

sure it cannot suddenly go out of business, and also make sure that they know how

to preserve the digital objects. This one can say that there are two guidelines forauditors:

Look at the organisation and its finances

Look at the way it takes care of the digital stuff

In fact there is a third area, which one could argue is part of the second one,

namely:

Make sure that the digital holdings cannot be stolen or otherwise lost.

The reason this third bullet is added is that the repository could undergo a security

audit separately (ISO 27000) so that it seemed sensible to provide a separate group

which could essentially be replaced by ISO 27000 certification but such additional

certification is definitely not required.

Therefore we have three main headings:


Digital Object Management

Infrastructure and Security Risk Management

Continuing this process we can specify the topics where the auditor really needs to

be sure to look. The metrics document has the following breakdown:
http://-/?-http://-/?-http://-/?-


6/20



GOVERNANCE & ORGANIZATIONAL VIABILITY

ORGANIZATIONAL STRUCTURE & STAFFING

PROCEDURAL ACCOUNTABILITY & PRESERVATION POLICY

FRAMEWORK

FINANCIAL SUSTAINABILITY

CONTRACTS, LICENSES, & LIABILITIES

Digital Object Management

INGEST: ACQUISITION OF CONTENT

INGEST: CREATION OF THE AIP

PRESERVATION PLANNING

AIP PRESERVATION

INFORMATION MANAGEMENT

ACCESS MANAGEMENT

Infrastructure and Security Risk Management

TECHNICAL INFRASTRUCTURE RISK MANAGEMENT

SECURITY RISK MANAGEMENT

This breakdown into topics is not unique and indeed several different breakdowns

have been tried; this one seemed to fit best.

Looking in even more detail the guidance for the auditors is further split out into

metrics. Some of these metrics are broken into sub-metrics indicating that the audi-tor needs to check these even more specific points; a few of these sub-metrics have

some even more specific sub-sub-metrics specified. Even these sub-sub-metrics are

not hugely specific it is still a matter for the judgement of the auditor. Indeed

the metrics themselves are a matter of judgement; in this case of course it is the

judgement of the working group which produced the metrics.

The following table shows the metrics at the time of writing, showing clearly the

metrics and sub-metrics, with number of comments which should be helpful.

Each metric has one or more of the following informative pieces of textassociated with it

Supporting text: giving an explanation of why the metric is important

Examples of Ways the Repository can Demonstrate it is Meeting this

Requirement: providing examples of the evidence which might be examined to

test whether the repository satisfies the metric

Discussion: clarifications about the intent of the metric


7/20


Table25

.1Auditand

certificationmetrics

Comments

Metric

Musthave

organisationalcommitment

3OrganizationalInfrastructure

3.1

GovernanceandO

rganizationalViability

3.1.1

Therepositoryshallhaveamissionstatementthat

reflectsacommitmenttothepre

servation

of,longtermretentionof,managementof,andaccesstodigitalinformation.

3.1.2

TherepositoryshallhaveaPreservationStrategicPlanthatdefinestheapproachth

e

repositorywilltakeinthelong-termsupportofits

mission.

Thesetwo

aresomespecificthingswhichare

essentialp

artsofsuchanapproachhave

a

planandk

nowwhentoputinintoeffect.

3.1.2.1

Therepositoryshallhaveanappropriate,formalsuccessionplan,contingencyplans,

and/oresc

rowarrangementsinplaceincasetherepositoryceasestooperateorthe

governing

orfundinginstitutionsubstantia

llychangesitsscope.

3.1.2.2

Therepositoryshallmonitoritsorganizationalenvironmenttodeterminew

hen

toexecute

itsformalsuccessionplan,contingencyplans,and/orescrow

arrangements.

3.1.3

TherepositoryshallhaveaCollectionPolicyorotherdocumentthatspecifiesthetypeof

informationitwillpreserve,retain,manageandprovideaccessto.

Musthave

appropriateorganisationandstaff

3.2

OrganizationalStr

uctureandStaffing

3.2.1

Therepositoryshallhaveidentifiedandestablishedthedutiesthatitneedstoperfo

rmand

shallhaveappointedstaffwithadequateskillsand

experiencetofulfiltheseduties.

Theseare

theessentialcomponentsofthe

metrick

nowwhatthedutiesareandhave

peoplecapableofcarryingthemout.

3.2.1.1

Therepositoryshallhaveidentifiedandestablishedthedutiesthatitneeds

toperform

.


8/20


Table25

.1

(continued)

3.2.1.2

Therepositoryshallhavetheappropriaten

umberofstafftosupportallfunctionsand

services.

3.2.1.3

Therepositoryshallhaveinplaceanactiveprofessionaldevelopmentprogramthat

providesstaffwithskillsandexpertisedev

elopmentopportunities.

Theseare

thepolicylevelrequirements

detailscomelater.

3.3

ProceduralAccountabilityandPreservationPolicyFramework

Tohavea

DesignatedCommunitydefined

isafundamentalrequirement

3.3.1

Therepositoryshallhavedefineditsdesignatedco

mmunityandassociatedknowle

dge

base(s)andshallhavethesedefinitionsappropriatelyaccessible.

3.3.2

TherepositoryshallhavePreservationPoliciesinplacetoensureitsPreservationS

trategic

Planwillbemet.

Thepoliciesmustnotbestaticthey

mustbere

viewed

3.3.2.1

Therepositoryshallhavemechanismsforreview,update,andongoingdevelopment

ofitsPres

ervationPoliciesastherepositorygrowsandastechnologyandc

ommunity

practiceevolve

3.3.3

Therepositoryshallhaveadocumentedhistoryof

thechangestoitsoperations,procedures,

software,andhardware.

3.3.4

Therepositoryshallcommittotransparencyandaccountabilityinallactionssuppo

rting

theoperationand

managementoftherepositoryth

ataffectthepreservationofdigi

talcontent

overtime.

3.3.5

Therepositoryshalldefine,collect,track,andappropriatelyprovideitsinformationintegrity

measurements.

3.3.6

Therepositoryshallcommittoaregularschedule

ofself-assessmentandexternal

certification.


9/20


Table25.1(continued)

Moneyis

fundamentalonecannotask

forguaran

teesaboutfundingforever,

but

onecanm

akesurethattherepository

cannotsuddenlygooutofbusiness.

3.4

FinancialSustaina

bility

3.4.1

Therepositoryshallhaveshort-andlong-termbus

inessplanningprocessesinplace

tosustaintherepositoryovertime.

3.4.2

Therepositoryshallhavefinancialpracticesandprocedureswhicharetransparent,

compliant

withrelevantaccountingstandardsandpractices,andauditedbythirdpartiesinac

cordance

withterritorialleg

alrequirements.

3.4.3

Therepositoryshallhaveanongoingcommitmenttoanalyzeandreportonrisk,benefit,

investment,andexpenditure(includingassets,

lice

nses,andliabilities).

Therepositorymustensurethatithas

appropriatelegalauthority.

3.5

Contracts,License

s,andLiabilities

3.5.1

Therepositoryshallhaveandmaintainappropriatecontractsordepositagreements

fordigitalmaterialsthatitmanages,preserves,an

d/ortowhichitprovidesaccess.

Theseare

someofthekeyaspectstothe

legalauthorityneeded.

3.5.1.1

Therepositoryshallhavecontractsordepositagreementswhichspecifyan

dtransfer

allnecessarypreservationrights,andthoserightstransferredshallbedocumented.

3.5.1.2

Therepositoryshallhavespecifiedallappropriateaspectsofacquisition,

maintenance,access,andwithdrawalinwrittenagreementswithdepositorsandother

relevantp

arties.

3.5.1.3

Therepositoryshallhavewrittenpoliciesthatindicatewhenitacceptspres

ervation

responsibilityforcontentsofeachsetofsubmitteddataobjects.

3.5.1.4

Therepositoryshallhavepoliciesinplace

toaddressliabilityandchallenges

toownership/rights.

Legalrigh

tsandIPRetcchangeovertime

andthism

ustbetrackedandrespondedto.

3.5.2

Therepositoryshalltrackandmanageintellectual

propertyrightsandrestrictionsonuseof

repositorycontentasrequiredbydepositagreement,contract,orlicense.


10/20



Thiscollectionofmetricsisaboutthe

digitalobjectsthemselves.

4DigitalObjectMana

gement

Firstonemustingesttheobjects.There

areanumberofcheckswhichmustbe

made.Inadditionanumberofpiecesof

informatio

n(metadata)mustbe

captured.

4.1

Ingest:Acquisition

ofContent

TheInformationPropertieswillbethe

Transform

ationalInformationProperties

discussed

inSect.13.6.

4.1.1

TherepositoryshallidentifytheContentInformationandtheInformationPropertiesthatthe

repositorywillpreserve.

4.1.1.1

Therepositoryshallhaveaprocedure(s)fo

ridentifyingthoseInformationProperties

thatitwillpreserve.

4.1.1.2

TherepositoryshallhavearecordoftheC

ontentInformationandtheInfor

mation

Propertiesthatitwillpreserve.

Thisinclu

dessuchthingsasProvenance.

4.1.2

Therepositoryshallclearlyspecifytheinformationthatneedstobeassociatedwithspecific

ContentInformationatthetimeofitsdeposit.

Ofcourse

theinformationcomesin

asSIPs

4.1.3

Therepositoryshallhaveadequatespecificationsenablingrecognitionandparsing

ofthe

SIPs.

Theprodu

cersareakeypart

ofProvenanceandthestartofthe

evidenceaboutAuthenticity.

Therepositorymustbesureofthesource

oftheinfo

rmation.

4.1.4

TherepositoryshallhavemechanismstoappropriatelyverifytheidentityoftheProducer

ofallmaterials.

4.1.5

Therepositoryshallhaveaningestprocesswhich

verifieseachSIPforcompletene

ss

andcorrectness.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


11/20



4.1.6

TherepositoryshallobtainsufficientcontrolovertheDigitalObjectstopreserveth

em.

4.1.7

Therepositoryshallprovidetheproducer/deposito

rwithappropriateresponsesata

greed

pointsduringthe

ingestprocesses.

Theremustberecordsofwhathappens

partofthe

Provenance.

4.1.8

Therepositoryshallhavecontemporaneousrecord

sofactionsandadministrationp

rocesses

thatarerelevanttocontentacquisition.

TheAIPm

ustbecreated.

4.2

Ingest:CreationoftheAIP

Thereshouldbesomepre-planningfor

theAIPs

4.2.1

TherepositoryshallhaveforeachAIPorclassofAIPspreservedbytherepository

an

associateddefinitionthatisadequateforparsingtheAIPandfitforlong-term

preservationneed

s.

4.2.1.1

Therepositoryshallbeabletoidentifywh

ichdefinitionappliestowhichA

IP.

4.2.1.2

Therepositoryshallhaveadefinitionofea

chAIPthatisadequateforlong-term

preservati

on,enablingtheidentificationan

dparsingofalltherequiredcom

ponents

withintha

tAIP.

4.2.2

TherepositoryshallhaveadescriptionofhowAIP

sareconstructedfromSIPs.

Therepositorymustbeabletoshowthat

ithasnotlostanyoftheinputinformation

(SIPs).

4.2.3

TherepositoryshalldocumentthefinaldispositionofallSIPs.

Ofparticu

larconcernistobesurethat

anySIPsthatarenotusedinAIPsare

accounted

for.

4.2.3.1

Therepositoryshallfollowdocumentedpr

oceduresifaSIPisnotincorpor

atedinto

anAIPor

discardedandshallindicatewhytheSIPwasnotincorporatedor

discarded.

4.2.4

Therepositoryshallhaveanduseaconventiontha

tgeneratespersistent,uniqueidentifiers

forallAIPs.

4.2.4.1

Therepositoryshalluniquelyidentifyeach

AIPwithintherepository.


12/20



Persistent

Identifiersarequitetricky,as

discussed

inSect.10.3.2.

Itseems

worthwhiletomakesureanumberof

pointsare

checked..

4.2.4.1.1T

herepositoryshallhaveunique

identifiers.

4.2.4.1.2T

herepositoryshallassignandm

aintainpersistentidentifiersoftheAIP

a

nditscomponentssoastobeun

iquewithinthecontextoftherepository.

4.2.4.1.3D

ocumentationshalldescribeanyprocessesusedforchangestos

uch

identifiers.

4.2.4.1.4T

herepositoryshallbeabletoprovideacompletelistofallsuchidentifiers

a

nddospotchecksforduplications.

4.2.4.1.5T

hesystemofidentifiersshallbe

adequatetofittherepositorysc

urrentand

foreseeablefuturerequirementssuchasnumbersofobjects.

4.2.4.2

Therepositoryshallhaveasystemofreliablelinking/resolutionservicesin

orderto

findtheuniquelyidentifiedobject,regardlessofitsphysicallocation.

Represent

ationInformationiskeyfor

preservation.

4.2.5

Therepositoryshallhaveaccesstonecessarytoolsandresourcestoprovideauthor

itative

RepresentationIn

formationforallofthedigitalobjectsitcontains.

Thereare

anumberofwaystoobtain

enoughRepresentationInformation.

Thesesub

-metricsaboutatleastthese

aspectsof

RepresentationInformation.

4.2.5.1

Therepositoryshallhavetoolsormethods

toidentifythefiletypeofallsubmitted

DataObje

cts.

4.2.5.2


todeterminewhatRepresentation

InformationisnecessarytomakeeachDataObjectunderstandabletotheD

esignated

Community.

4.2.5.3

TherepositoryshallhaveaccesstotherequisiteRepresentationInformation.

4.2.5.4


toensurethattherequisiteRepresentation

Informationispersistentlyassociatedwith

therelevantDataObjects.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


13/20



PDIisthe

otherkeypartoftheAIP.

4.2.6

TherepositoryshallhavedocumentedprocessesforacquiringPreservationDescription

Information(PDI)foritsassociatedContentInformationandacquirePDIinaccordance

withthedocumen

tedprocesses.

4.2.6.1

TherepositoryshallhavedocumentedprocessesforacquiringPDI.

4.2.6.2

Therepositoryshallexecuteitsdocumente

dprocessesforacquiringPDI.

4.2.6.3

TherepositoryshallensurethatthePDIis

persistentlyassociatedwiththerelevant

contentin

formation.

Thisisav

eryimportantmetricthisis

wherethe

repositorycanproveithasdone

enoughin

creatingtheAIP.

4.2.7

Therepositoryshallensurethatthecontentinform

ationoftheAIPsisunderstanda

blefor

theirdesignatedc

ommunityatthetimeofcreation

oftheAIP.

4.2.7.1

Repositoryshallhaveadocumentedprocessfortestingunderstandabilityfor

theirdesignatedcommunitiesofthecontentinformationoftheAIPsattheir

creation.

4.2.7.2

Therepositoryshallexecutethetestingprocessforeachclassofcontentinformation

oftheAIP

s.

4.2.7.3

TherepositoryshallbringthecontentinformationoftheAIPuptotherequiredlevel

ofunderstandabilityifitfailstheunderstandabilitytesting.

4.2.8

TherepositoryshallverifyeachAIPforcompletenessandcorrectnessatthepoint

itis

created.

4.2.9

Therepositoryshallprovideanindependentmechanismforverifyingtheintegrity

oftherepositorycollection/content.

Asbefore,enoughevidencemustbe

collected.

4.2.1

0Therepositoryshallhavecontemporaneousrecordsofactionsandadministration

processes

thatarerelevant

toAIPcreation.


14/20



HavingcreatedtheAIP,

therepository

mustensu

retheirpreservation.

4.3

PreservationPlann

ing

Thereshouldbesomepre-planning.

4.3.1

Therepositoryshallhavedocumentedpreservationstrategiesrelevanttoitsholdings.

Thingschangeandthesechangescan

threatenpreservation;therepositorymust

besureitknowswhatchangeshave

happened

tothatitcancounterthem.

4.3.2

Therepositoryshallhavemechanismsinplacefor

monitoringitspreservationenvironment.

4.3.2.1

Therepositoryshallhavemechanismsinp

laceformonitoringandnotificationwhen

representationinformationisinadequateforthedesignatedcommunityto

understandthedataholdings.

Theplans

whichhavebeenmadeearlier

mayhave

tobechanged.

4.3.3

Therepositoryshallhavemechanismstochangeitspreservationplansasaresulto

fits

monitoringactivities.

4.3.3.1

Therepositoryshallhavemechanismsforcreating,

identifyingorgathering

anyextra

representationinformationrequired.

Thisisan

absolutelyvitalmetricbecause

heretherepositorymustshowthatits

plansactu

allyworkshowingthe

designatedcommunitycanunderstandthe

digitallye

ncodedinformation.

The

discussion

associatedwiththismetric

says:

4.3.4

Therepositoryshallprovideevidenceoftheeffectivenessofitspreservationactivities.


15/20



Therepositoryshouldbeableto

demonstra

tethecontinuedpreservation,

including

understandability,o

fits

holdings.Thiscouldbeevaluatedata

numberofdegreesanddependsonthe

specificity

ofthedesignatedcommunity.

Ifadesign

atedcommunityisfairly

broad,an

auditorcouldrepresentthetest

subjectin

theevaluation.Morespecific

designatedcommunitiescouldrequire

significantefforts.

AIPpreservationisaspecialcaseof

preservation.

4.4

AIPPreservation

4.4.1

Therepositoryshallhavespecificationsforhowth

eAIPsarestoreddowntothebitlevel.

4.4.1.1

TherepositoryshallpreservethecontentinformationofAIPs.

4.4.1.2

TherepositoryshallactivelymonitortheintegrityofAIPs.

4.4.2

Therepositoryshallhavecontemporaneousrecord

sofactionsandadministrationp

rocesses

thatarerelevanttostorageandpreservation

oftheAIPs.

4.4.2.1

TherepositoryshallhaveproceduresforallactionstakenonAIPs.

4.4.2.2

TherepositoryshallbeabletodemonstratethatanyactionstakenonAIPs

were

compliantwiththespecificationofthosea

ctions.


16/20



Herewew

anttomakesurethatthe

contentinformationcanbefound.

4.5

InformationMana

gement

4.5.1

Therepositoryshallspecifyminimuminformation

requirementstoenablethedesignated

communitytodiscoverandidentifymaterialofinterest.

4.5.2

Therepositoryshallcaptureorcreateminimumde

scriptiveinformationforeachA

IP.

4.5.3

Therepositoryshallcreatebi-directionallinkages

betweeneachAIPanditsdescriptive

information.

4.5.3.1

Therepositoryshallmaintainthebi-directionalassociationsbetweenitsAIPsand

theirdescriptiveinformationovertime.

Accessne

edstobecontrolled.

4.6

AccessManagement

4.6.1

Therepositoryshallcomplywithaccesspolicies.

4.6.1.1

Therepositoryshalllogandreviewallacc

essmanagementfailuresandano

malies.

4.6.2

Therepositoryshallfollowpoliciesandprocedure

sthatenablethedisseminationo

fdigital

objectsthataretraceabletotheoriginals,withevidencesupportingtheirauthenticity.

4.6.2.1

Therepositoryshallrecordandactuponproblemreportsabouterrorsinda

taor

responses

fromusers.

Inthissec

tiontheauditorshouldlookat

thehardwareandsoftwareisused.

In

additionclearlysecurityisvital.

One

optionwo

uldbetoduplicatetheISO

27000metrics.Howeverthisseems

excessive

soaminimalsetofmetricsis

specified.

5InfrastructureandS

ecurityRiskManagement


17/20



Thissub-sectionistoensurethehardware

andsoftwareischeckedbytheauditor.

5.1

TechnicalInfrastructureRiskManagement

5.1.1

Therepositoryshallidentifyandmanagetherisks

toitspreservationoperationsandgoals

associatedwithsysteminfrastructure.

5.1.1.1

Therepositoryshallemploytechnologywatchesorothertechnologymonitoring

notificatio

nsystems.

5.1.1.1.1T

herepositoryshallhavehardwa

retechnologiesappropriatetotheservices

itprovidestoitsdesignatedcommunities.

5.1.1.1.2T

herepositoryshallhaveproceduresinplacetomonitorandreceive

notificationswhenhardwaretech

nologychangesareneeded.

5.1.1.1.3T

herepositoryshallhaveproceduresinplacetoevaluatewhench

angesare

neededtocurrenthardware.

5.1.1.1.4T

herepositoryshallhaveprocedures,commitmentandfundingto

replace

hardwarewhenevaluationindica

testheneedtodoso.

5.1.1.1.5T

herepositoryshallhavesoftwar

etechnologiesappropriatetothe

services

itprovidestoitsdesignatedcommunities.

5.1.1.1.6T

herepositoryshallhaveproceduresinplacetomonitorandreceive

notificationswhensoftwarechan

gesareneeded.

5.1.1.1.7T

herepositoryshallhaveproceduresinplacetoevaluatewhench

angesare

neededtocurrentsoftware.

5.1.1.1.8T

herepositoryshallhaveprocedures,commitmentandfundingto

replace

softwarewhenevaluationindicat

estheneedtodoso.

5.1.1.2

Therepositoryshallhaveadequatehardwa

reandsoftwaresupportforback

up

functionalitysufficientforpreservingtherepositorycontentandtrackingrepository

functions.

5.1.1.3

Therepositoryshallhaveeffectivemechan

ismstodetectbitcorruptionorloss.


18/20



5.1.1.3.1T

herepositoryshallrecordandreporttoitsadministrationallincidentsof

datacorruptionorloss,andsteps

shallbetakentorepair/replacecorruptor

lostdata.

5.1.1.4

Therepositoryshallhaveaprocesstoreco

rdandreacttotheavailabilityofnew

securityu

pdatesbasedonarisk-benefitassessment.

5.1.1.5

Therepositoryshallhavedefinedprocesse

sforstoragemediaand/orhardw

are

change(e.g.,refreshing,migration).

5.1.1.6

Therepositoryshallhaveidentifiedanddo

cumentedcriticalprocessesthat

affectits

abilitytocomplywithitsmandatoryrespo

nsibilities.

5.1.1.6.1T

herepositoryshallhaveadocum

entedchangemanagementproc

essthat

identifieschangestocriticalproc

essesthatpotentiallyaffectthe

repositorysabilitytocomplywithitsmandatoryresponsibilities.

5.1.1.6.2T

herepositoryshallhaveaprocessfortestingandevaluatingtheeffectof

changestotherepositoryscriticalprocesses.

5.1.2

Therepositoryshallmanagethenumberandlocationofcopiesofalldigitalobjects.

5.1.2.1

Therepositoryshallhavemechanismsinp

lacetoensureany/multiplecopiesof

digitalobjectsaresynchronized.

5.2

SecurityRiskMan

agement

5.2.1

Therepositoryshallmaintainasystematicanalysisofsecurityriskfactorsassociatedwith

data,systems,personnel,andphysicalplant.

5.2.2

Therepositoryshallhaveimplementedcontrolsto

adequatelyaddresseachofthedefined

securityrisks.

5.2.3

Therepositorysta

ffshallhavedelineatedroles,responsibilities,andauthorizations

related

toimplementingchangeswithinthesystem.

5.2.4

Therepositoryshallhavesuitablewrittendisaster

preparednessandrecoveryplan(

s),

includingatleast

oneoff-sitebackupofallpreservedinformationtogetherwithan

offsite

copyoftherecoveryplan(s).


19/20


An example metric with its informative text is:

The repository shall have mechanisms in place for monitoring and notifi-

cation when Representation Information is inadequate for the DesignatedCommunity to understand the data holdings.

Supporting Text

This is necessary in order to ensure that the preserved information remains

understandable and usable by the Designated Community.

Examples of Ways the Repository can Demonstrate it is Meeting this

Requirement

Subscription to a Representation Information registry service; subscriptionto a technology watch service, surveys amongst its designated community

members, relevant working processes to deal with this information.

Discussion

The repository must show that it has some active mechanism to warn of

impending obsolescence. Obsolescence is determined largely in terms of the

knowledge base of the Designated Community.

It must be recognised that the audit process cannot be specified in very fine,

rigid, detail. An audit process must depend upon the experience and expertise of

the auditors. For this reason the second document sets out the system under which

the audit process is carried out; in particular the expertise of the auditors and the

qualification which they should have is specified. In this way the document specifies

how auditors are accredited and thereby helps to guarantee the consistency of the

audit and certification process.

There is a hierarchy of ISO standards concerned with good auditing practice

[253256]. The second standard [252] is positioned within this hierarchy in order toensure that these good practices can be applied to the evaluation of TDRs.

ISO/IEC 17021 [255] is an International Standard which sets out criteria for

bodies operating audit and certification of organizations management systems.

If such bodies are to be accredited as complying with ISO/IEC 17021 with the

objective of auditing and certifying Trusted Digital Repositories (TDR) in accor-

dance with [251], some additional requirements and guidance to ISO/IEC 17021 are

necessary.

For this reason the RAC Working Group refers to accreditation and certification

processes.

The second standard [252] addresses issues arising from applying good audit

practice to auditing and certifying whether to what extent digital repositories can be

trusted to look after digitally encoded information for the long-term, or at least for

the period of their custodianship of that digitally encoded information.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-


20/20


It covers principles needed to inspire confidence that third party certification of

the management of the digital repository has been performed with

impartiality,

competence, responsibility,

openness,

confidentiality, and

responsiveness to complaints

At the time of writing both documents are in an advanced state of preparation; the

first of these documents has been submitted for ISO review and the second should

be submitted soon. While the reviews are underway further preparations for the

accreditation and certification processes will be undertaken. It should be noted that

the OAIS reference Model has also been undergoing revision and the new version

has been submitted for ISO review. Because of the close links between the metrics

and OAIS concepts and terminology it is important that the two remain consistent,

and cross-membership of the working groups will ensure this.

In addition to the central accreditation body there will be an eventual need for

a network of local accreditation and certification bodies.

25.5 Summary

It has been recognised for a long time that there is a need for a way to judge the

extent to which an archive can be trusted to preserve digitally encoded information.

On the one hand funders of such archives need some formal certification process

to provide assurance that their funding is well spent and that their important digital

holdings will continue to be usable and understandable into the future. On the other

hand it is probably also true that many who manage such archives would want some

less formal process.

Considerable work has been carried out on the second of these aims, namely peer

or informal certification. The RAC Working Group seems, at the time of writing, to

be close to take important steps towards the first aim (formal ISO certification).

Difficult organisational issues still need to be addressed but there is a clear roadmap

for doing this. Even if all this is put in place the take-up of the process and its

impact on, for example, determining the funding of digital repositories is far from

guaranteed. However in order to make progress the RAC Working Group believes

that the effort must be made.