chapter 25 - who is doing a good job; audit and certification
Post on 05-Apr-2018
216 Views
Preview:
TRANSCRIPT
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
1/20
Chapter 25
Who Is Doing a Good Job? Audit
and Certification
Comradeship and trust will emerge naturally when discipline and high standards
are enforced.(Tao Zhu Gong)
By the CCSDS/ISO RAC working group, led by David Giaretta
25.1 Background
The Preserving Digital Information report of the Task Force on Archiving of Digital
Information [242] declared,
a critical component of digital archiving infrastructure is the existence of a
sufficient number of trusted organizations capable of storing, migrating, and
providing access to digital collections.
a process of certification for digital archives is needed to create an overall climate
of trust about the prospects of preserving digital information.
The issue of certification, and how to evaluate trust into the future, as opposed to a
relatively temporary trust which may be more simply tested, has been a recurring
request, repeated in many subsequent studies and workshops.
The OAIS Reference Model Open Archival Information System (OAIS) [4], isnow adopted as the de facto standard for building digital archives [243].
25.1.1 Testability and Key OAIS Concepts
As discussed in Chap. 6 one of the key drivers of OAIS is the need for claims about
preservation of digitally encoded information to be testable. These are summarised
here and then developed in more detail.
461D. Giaretta, Advanced Digital Preservation, DOI 10.1007/978-3-642-16809-3_25,C Springer-Verlag Berlin Heidelberg 2011
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
2/20
462 25 Who Is Doing a Good Job? Audit and Certification
25.1.1.1 Preservation
We need first some methodology by which to test the basic claim that someone is
preserving some digitally encoded information; without such a test this is a mean-
ingless claim. OAIS introduces the, quite reasonable, test that the digital object mustsomehow be useable and understandable in the future. However by itself this is
too broad are we to be forced to ensure that the digitally encoded designs of a
battleship are to be understood by everyone, for example a 6 year old child? In
order to make this a practical test the obvious next refinement is to describe the
type of person and more particularly their background knowledge by whom
the information should be understandable. Thus OAIS introduces the concept of
Designated Community, defined as an identified group of potential Consumers
who should be able to understand a particular set of information. The Designated
Community may be composed of multiple user communities. Note that a Designated
Community is defined by the repository and this definition may change/evolve
over time.
Bringing these ideas together we can then say, following OAIS, that preserving
digitally encoded information means that we must ensure that the information to
be preserved is Independently Understandable to (and usable by) the Designated
Community.
We are clearly concerned about long term preservation, but how long is that?
OAIS defines Long Term as long enough to be concerned with the impacts of
changing technologies, including support for new media and data formats, or with a
changing Designated Community. Long Term may extend indefinitely.
25.1.1.2 Definition of the Designated Community
An important clarification is needed here, namely that the definition of the
Designated Community is left to the preserver. The same digital object held in dif-
ferent repositories could be being preserved for different Designated Communities,
each of which could consist of many disjoint communities.
The quid pro quo is that those funding or entrusting digital objects to the repos-itory can judge whether the definition of the Designated Community is appropriate
for their needs.
25.1.1.3 OAIS Conformance
OAIS conformance was discussed in some detail in Sect. 6.1. The standard
itself defines conformance in terms of the Information Model and the mandatory
responsibilities.
OAIS introduces a number of important concepts and conformance criteria; how-
ever this is not enough on which to base a certification scheme. The next section
describes some of the factors which must also be taken into consideration.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
3/20
25.2 TRAC and Related Documents 463
25.2 TRAC and Related Documents
Section 1.5 of OAIS (the section entitled Road map for development of related stan-
dards) included an item for accreditation of archives, reflecting the long-standing
demand for a standard against which Repositories of digital information maybe audited and on which an international accreditation and certification process
may be based. It was agreed that RLG and NARA take a lead on this follow-on
standard.
A group was gathered by NARA and RLG (the latter subsequently incorpo-
rated into OCLC) to form the Task Force on Trusted Digital Repositories. This
group produced the Trustworthy Repositories Audit and Certification: Criteria
and Checklist [244]. The work combined concepts from OAIS and the Trusted
Digital Repositories: Attributes and Responsibilities [245]. The latter allowed the
group to supplement OAIS with considerations of financial stability and training ofpersonnel.
The document has a number of metrics grouped into
Organisational Infrastructure
Digital Object Management and Technologies
Technical Infrastructure
Security.
Accompanying each of the metrics is extensive additional explanatory text andexamples of the types of evidence which might be used as proof of fulfilling the
metrics. The document has being used as the basis for internal and test audits in
a number of repositories, however it is not part of a formal audit and certification
process.
Other work in this area includes:
the German preservation consortium, nestor, has produced a Catalogue of Criteria
for Trusted Digital Repositories [246] in early 2007 representatives from the Digital Curation Center [3],
DigitalPreservationEurope (DPE, http://www.digitalpreservationeurope.eu/),
NESTOR (Germany) and the Center for Research Libraries (North America)
met and produced a list of 10 core criteria for digital preservation repositories, to
guide further international efforts on auditing and certifying repositories [247].
A comparison of this list with the OAIS responsibilities was produced [ 248].
Ross et al. [249] produced comments on the TRAC document
a cross-walk between the TRAC, nestor and Ross documents was produced
[250]
the DCC and DPE projects produced the Digital Repository Audit Method Based
on Risk Assessment (DRAMBORA) toolkit. This toolkit is intended to facilitate
internal audit by providing repository administrators with a means to assess their
capabilities, identify their weaknesses, and recognise their strengths.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://www.digitalpreservationeurope.eu/http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://www.digitalpreservationeurope.eu/http://-/?-http://-/?-http://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
4/20
464 25 Who Is Doing a Good Job? Audit and Certification
All this work has been helpful in providing information and experience in assessing
digital repositories, and some provide a local or project-backed certificate of qual-
ity. However none provide an ISO based accreditation and certification system of
the kind which is available in other areas, such as the one concerning Information
Security, based on ISO 27001 series. Without this we cannot expect to have a markof quality and trustability for digital repositories which is recognised world-wide.
Efforts to produce such a system are described next.
25.3 Development of an ISO Accreditation
and Certification Process
The development of OAIS was hosted by the Consultative Committee for SpaceData Systems [5] and approved by ISO as ISO 14721. OAIS contained a roadmap
which listed a number of possible follow-on standards, some of which e.g. the
Producer-archive interface Methodology abstract standard (ISO 20652:2008),
have already become ISO standards, after development within CCSDS.
The need for a standard for certification of archives was included in that list
and the RLG/NARA work which produced TRAC was the first step in that pro-
cess. The next step was to bring the output of the RLG/NARA working group back
into CCSDS. This has been done and the Digital Repository Audit and Certification
(RAC) Working Group [6] has been created, the CCSDS details are available fromhttp://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAC, while the working docu-
ments are available from http://wiki.digitalrepositoryauditandcertification.org. Both
may be read by anybody but, in order to avoid hackers, only authorised users may
add to them. The openness of the development process is particularly important and
the latter site contains the notes from the weekly virtual meetings as well as the live
working version of the draft standards.
Besides developing the metrics, which started from the TRAC document, the
working group also has been working on the strategy for creating the accredita-
tion and certification process. Review of existing systems which have accreditation
and certification standard processes it became clear that there was a need for two
documents
1. Audit and Certification of Trustworthy Digital Repositories [251]
2. Requirements for bodies providing audit and certification of candidate trustwor-
thy digital repositories. [252]
The first document lists the metrics against which a digital repository may be
judged. It is anticipated that this list will be used for internal metrics or peer-
review of repositories, as well as for the formal ISO audit process. In addition
tools such as DRAMBORA could use these metrics as guidance for its risk
assessments.
http://-/?-http://-/?-http://-/?-http://-/?-http://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAChttp://wiki.digitalrepositoryauditandcertification.org/http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://wiki.digitalrepositoryauditandcertification.org/http://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAChttp://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
5/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 465
25.4 Understanding the ISO Trusted Digital Repository Metrics
It is clear that one cannot cover all possible situations in the metrics, nor can one
prescribe exactly what each repository must do. This is the case with all types of
audits. Instead one must leave a lot to the judgement of the auditors.To understand the way in which the metrics in Audit and Certification of
Trustworthy Digital Repositories [251] (referred to below as the metrics docu-
ment) were written it is helpful to think about the document in the following way,
building it up in the same way that the authors of that document.
A very important thing to understand is that in judging a repository one could
look at many types of issues. For example is the restaurant good, is the lighting
adequate, is wheelchair access, does the repository respond to requests within 3 min,
is it easy to find what one is looking for and so on. However these are not the things
against which the repository is to be judged here. Instead we are concerned abouthow well a repository preserves the digitally encoded information with which it has
been entrusted.
With this in mind, one could say that since the audit and certification depends on
the judgement of the auditors, the metrics document could have one metric, namely
Make sure the repository does a good job in preserving its holdings.
Of course this would not be adequate. We need to provide more guidance for the
auditors. Therefore we start by saying Well at least look at the organisation make
sure it cannot suddenly go out of business, and also make sure that they know how
to preserve the digital objects. This one can say that there are two guidelines forauditors:
Look at the organisation and its finances
Look at the way it takes care of the digital stuff
In fact there is a third area, which one could argue is part of the second one,
namely:
Make sure that the digital holdings cannot be stolen or otherwise lost.
The reason this third bullet is added is that the repository could undergo a security
audit separately (ISO 27000) so that it seemed sensible to provide a separate group
which could essentially be replaced by ISO 27000 certification but such additional
certification is definitely not required.
Therefore we have three main headings:
Organisational Infrastructure
Digital Object Management
Infrastructure and Security Risk Management
Continuing this process we can specify the topics where the auditor really needs to
be sure to look. The metrics document has the following breakdown:
http://-/?-http://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
6/20
466 25 Who Is Doing a Good Job? Audit and Certification
Organisational Infrastructure
GOVERNANCE & ORGANIZATIONAL VIABILITY
ORGANIZATIONAL STRUCTURE & STAFFING
PROCEDURAL ACCOUNTABILITY & PRESERVATION POLICY
FRAMEWORK
FINANCIAL SUSTAINABILITY
CONTRACTS, LICENSES, & LIABILITIES
Digital Object Management
INGEST: ACQUISITION OF CONTENT
INGEST: CREATION OF THE AIP
PRESERVATION PLANNING
AIP PRESERVATION
INFORMATION MANAGEMENT
ACCESS MANAGEMENT
Infrastructure and Security Risk Management
TECHNICAL INFRASTRUCTURE RISK MANAGEMENT
SECURITY RISK MANAGEMENT
This breakdown into topics is not unique and indeed several different breakdowns
have been tried; this one seemed to fit best.
Looking in even more detail the guidance for the auditors is further split out into
metrics. Some of these metrics are broken into sub-metrics indicating that the audi-tor needs to check these even more specific points; a few of these sub-metrics have
some even more specific sub-sub-metrics specified. Even these sub-sub-metrics are
not hugely specific it is still a matter for the judgement of the auditor. Indeed
the metrics themselves are a matter of judgement; in this case of course it is the
judgement of the working group which produced the metrics.
The following table shows the metrics at the time of writing, showing clearly the
metrics and sub-metrics, with number of comments which should be helpful.
Each metric has one or more of the following informative pieces of textassociated with it
Supporting text: giving an explanation of why the metric is important
Examples of Ways the Repository can Demonstrate it is Meeting this
Requirement: providing examples of the evidence which might be examined to
test whether the repository satisfies the metric
Discussion: clarifications about the intent of the metric
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
7/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 467
Table25
.1Auditand
certificationmetrics
Comments
Metric
Musthave
organisationalcommitment
3OrganizationalInfrastructure
3.1
GovernanceandO
rganizationalViability
3.1.1
Therepositoryshallhaveamissionstatementthat
reflectsacommitmenttothepre
servation
of,longtermretentionof,managementof,andaccesstodigitalinformation.
3.1.2
TherepositoryshallhaveaPreservationStrategicPlanthatdefinestheapproachth
e
repositorywilltakeinthelong-termsupportofits
mission.
Thesetwo
aresomespecificthingswhichare
essentialp
artsofsuchanapproachhave
a
planandk
nowwhentoputinintoeffect.
3.1.2.1
Therepositoryshallhaveanappropriate,formalsuccessionplan,contingencyplans,
and/oresc
rowarrangementsinplaceincasetherepositoryceasestooperateorthe
governing
orfundinginstitutionsubstantia
llychangesitsscope.
3.1.2.2
Therepositoryshallmonitoritsorganizationalenvironmenttodeterminew
hen
toexecute
itsformalsuccessionplan,contingencyplans,and/orescrow
arrangements.
3.1.3
TherepositoryshallhaveaCollectionPolicyorotherdocumentthatspecifiesthetypeof
informationitwillpreserve,retain,manageandprovideaccessto.
Musthave
appropriateorganisationandstaff
3.2
OrganizationalStr
uctureandStaffing
3.2.1
Therepositoryshallhaveidentifiedandestablishedthedutiesthatitneedstoperfo
rmand
shallhaveappointedstaffwithadequateskillsand
experiencetofulfiltheseduties.
Theseare
theessentialcomponentsofthe
metrick
nowwhatthedutiesareandhave
peoplecapableofcarryingthemout.
3.2.1.1
Therepositoryshallhaveidentifiedandestablishedthedutiesthatitneeds
toperform
.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
8/20
468 25 Who Is Doing a Good Job? Audit and Certification
Table25
.1
(continued)
3.2.1.2
Therepositoryshallhavetheappropriaten
umberofstafftosupportallfunctionsand
services.
3.2.1.3
Therepositoryshallhaveinplaceanactiveprofessionaldevelopmentprogramthat
providesstaffwithskillsandexpertisedev
elopmentopportunities.
Theseare
thepolicylevelrequirements
detailscomelater.
3.3
ProceduralAccountabilityandPreservationPolicyFramework
Tohavea
DesignatedCommunitydefined
isafundamentalrequirement
3.3.1
Therepositoryshallhavedefineditsdesignatedco
mmunityandassociatedknowle
dge
base(s)andshallhavethesedefinitionsappropriatelyaccessible.
3.3.2
TherepositoryshallhavePreservationPoliciesinplacetoensureitsPreservationS
trategic
Planwillbemet.
Thepoliciesmustnotbestaticthey
mustbere
viewed
3.3.2.1
Therepositoryshallhavemechanismsforreview,update,andongoingdevelopment
ofitsPres
ervationPoliciesastherepositorygrowsandastechnologyandc
ommunity
practiceevolve
3.3.3
Therepositoryshallhaveadocumentedhistoryof
thechangestoitsoperations,procedures,
software,andhardware.
3.3.4
Therepositoryshallcommittotransparencyandaccountabilityinallactionssuppo
rting
theoperationand
managementoftherepositoryth
ataffectthepreservationofdigi
talcontent
overtime.
3.3.5
Therepositoryshalldefine,collect,track,andappropriatelyprovideitsinformationintegrity
measurements.
3.3.6
Therepositoryshallcommittoaregularschedule
ofself-assessmentandexternal
certification.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
9/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 469
Table25.1(continued)
Moneyis
fundamentalonecannotask
forguaran
teesaboutfundingforever,
but
onecanm
akesurethattherepository
cannotsuddenlygooutofbusiness.
3.4
FinancialSustaina
bility
3.4.1
Therepositoryshallhaveshort-andlong-termbus
inessplanningprocessesinplace
tosustaintherepositoryovertime.
3.4.2
Therepositoryshallhavefinancialpracticesandprocedureswhicharetransparent,
compliant
withrelevantaccountingstandardsandpractices,andauditedbythirdpartiesinac
cordance
withterritorialleg
alrequirements.
3.4.3
Therepositoryshallhaveanongoingcommitmenttoanalyzeandreportonrisk,benefit,
investment,andexpenditure(includingassets,
lice
nses,andliabilities).
Therepositorymustensurethatithas
appropriatelegalauthority.
3.5
Contracts,License
s,andLiabilities
3.5.1
Therepositoryshallhaveandmaintainappropriatecontractsordepositagreements
fordigitalmaterialsthatitmanages,preserves,an
d/ortowhichitprovidesaccess.
Theseare
someofthekeyaspectstothe
legalauthorityneeded.
3.5.1.1
Therepositoryshallhavecontractsordepositagreementswhichspecifyan
dtransfer
allnecessarypreservationrights,andthoserightstransferredshallbedocumented.
3.5.1.2
Therepositoryshallhavespecifiedallappropriateaspectsofacquisition,
maintenance,access,andwithdrawalinwrittenagreementswithdepositorsandother
relevantp
arties.
3.5.1.3
Therepositoryshallhavewrittenpoliciesthatindicatewhenitacceptspres
ervation
responsibilityforcontentsofeachsetofsubmitteddataobjects.
3.5.1.4
Therepositoryshallhavepoliciesinplace
toaddressliabilityandchallenges
toownership/rights.
Legalrigh
tsandIPRetcchangeovertime
andthism
ustbetrackedandrespondedto.
3.5.2
Therepositoryshalltrackandmanageintellectual
propertyrightsandrestrictionsonuseof
repositorycontentasrequiredbydepositagreement,contract,orlicense.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
10/20
470 25 Who Is Doing a Good Job? Audit and Certification
Table25.1(continued)
Thiscollectionofmetricsisaboutthe
digitalobjectsthemselves.
4DigitalObjectMana
gement
Firstonemustingesttheobjects.There
areanumberofcheckswhichmustbe
made.Inadditionanumberofpiecesof
informatio
n(metadata)mustbe
captured.
4.1
Ingest:Acquisition
ofContent
TheInformationPropertieswillbethe
Transform
ationalInformationProperties
discussed
inSect.13.6.
4.1.1
TherepositoryshallidentifytheContentInformationandtheInformationPropertiesthatthe
repositorywillpreserve.
4.1.1.1
Therepositoryshallhaveaprocedure(s)fo
ridentifyingthoseInformationProperties
thatitwillpreserve.
4.1.1.2
TherepositoryshallhavearecordoftheC
ontentInformationandtheInfor
mation
Propertiesthatitwillpreserve.
Thisinclu
dessuchthingsasProvenance.
4.1.2
Therepositoryshallclearlyspecifytheinformationthatneedstobeassociatedwithspecific
ContentInformationatthetimeofitsdeposit.
Ofcourse
theinformationcomesin
asSIPs
4.1.3
Therepositoryshallhaveadequatespecificationsenablingrecognitionandparsing
ofthe
SIPs.
Theprodu
cersareakeypart
ofProvenanceandthestartofthe
evidenceaboutAuthenticity.
Therepositorymustbesureofthesource
oftheinfo
rmation.
4.1.4
TherepositoryshallhavemechanismstoappropriatelyverifytheidentityoftheProducer
ofallmaterials.
4.1.5
Therepositoryshallhaveaningestprocesswhich
verifieseachSIPforcompletene
ss
andcorrectness.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
11/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 471
Table25.1(continued)
4.1.6
TherepositoryshallobtainsufficientcontrolovertheDigitalObjectstopreserveth
em.
4.1.7
Therepositoryshallprovidetheproducer/deposito
rwithappropriateresponsesata
greed
pointsduringthe
ingestprocesses.
Theremustberecordsofwhathappens
partofthe
Provenance.
4.1.8
Therepositoryshallhavecontemporaneousrecord
sofactionsandadministrationp
rocesses
thatarerelevanttocontentacquisition.
TheAIPm
ustbecreated.
4.2
Ingest:CreationoftheAIP
Thereshouldbesomepre-planningfor
theAIPs
4.2.1
TherepositoryshallhaveforeachAIPorclassofAIPspreservedbytherepository
an
associateddefinitionthatisadequateforparsingtheAIPandfitforlong-term
preservationneed
s.
4.2.1.1
Therepositoryshallbeabletoidentifywh
ichdefinitionappliestowhichA
IP.
4.2.1.2
Therepositoryshallhaveadefinitionofea
chAIPthatisadequateforlong-term
preservati
on,enablingtheidentificationan
dparsingofalltherequiredcom
ponents
withintha
tAIP.
4.2.2
TherepositoryshallhaveadescriptionofhowAIP
sareconstructedfromSIPs.
Therepositorymustbeabletoshowthat
ithasnotlostanyoftheinputinformation
(SIPs).
4.2.3
TherepositoryshalldocumentthefinaldispositionofallSIPs.
Ofparticu
larconcernistobesurethat
anySIPsthatarenotusedinAIPsare
accounted
for.
4.2.3.1
Therepositoryshallfollowdocumentedpr
oceduresifaSIPisnotincorpor
atedinto
anAIPor
discardedandshallindicatewhytheSIPwasnotincorporatedor
discarded.
4.2.4
Therepositoryshallhaveanduseaconventiontha
tgeneratespersistent,uniqueidentifiers
forallAIPs.
4.2.4.1
Therepositoryshalluniquelyidentifyeach
AIPwithintherepository.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
12/20
472 25 Who Is Doing a Good Job? Audit and Certification
Table25.1(continued)
Persistent
Identifiersarequitetricky,as
discussed
inSect.10.3.2.
Itseems
worthwhiletomakesureanumberof
pointsare
checked..
4.2.4.1.1T
herepositoryshallhaveunique
identifiers.
4.2.4.1.2T
herepositoryshallassignandm
aintainpersistentidentifiersoftheAIP
a
nditscomponentssoastobeun
iquewithinthecontextoftherepository.
4.2.4.1.3D
ocumentationshalldescribeanyprocessesusedforchangestos
uch
identifiers.
4.2.4.1.4T
herepositoryshallbeabletoprovideacompletelistofallsuchidentifiers
a
nddospotchecksforduplications.
4.2.4.1.5T
hesystemofidentifiersshallbe
adequatetofittherepositorysc
urrentand
foreseeablefuturerequirementssuchasnumbersofobjects.
4.2.4.2
Therepositoryshallhaveasystemofreliablelinking/resolutionservicesin
orderto
findtheuniquelyidentifiedobject,regardlessofitsphysicallocation.
Represent
ationInformationiskeyfor
preservation.
4.2.5
Therepositoryshallhaveaccesstonecessarytoolsandresourcestoprovideauthor
itative
RepresentationIn
formationforallofthedigitalobjectsitcontains.
Thereare
anumberofwaystoobtain
enoughRepresentationInformation.
Thesesub
-metricsaboutatleastthese
aspectsof
RepresentationInformation.
4.2.5.1
Therepositoryshallhavetoolsormethods
toidentifythefiletypeofallsubmitted
DataObje
cts.
4.2.5.2
Therepositoryshallhavetoolsormethods
todeterminewhatRepresentation
InformationisnecessarytomakeeachDataObjectunderstandabletotheD
esignated
Community.
4.2.5.3
TherepositoryshallhaveaccesstotherequisiteRepresentationInformation.
4.2.5.4
Therepositoryshallhavetoolsormethods
toensurethattherequisiteRepresentation
Informationispersistentlyassociatedwith
therelevantDataObjects.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
13/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 473
Table25.1(continued)
PDIisthe
otherkeypartoftheAIP.
4.2.6
TherepositoryshallhavedocumentedprocessesforacquiringPreservationDescription
Information(PDI)foritsassociatedContentInformationandacquirePDIinaccordance
withthedocumen
tedprocesses.
4.2.6.1
TherepositoryshallhavedocumentedprocessesforacquiringPDI.
4.2.6.2
Therepositoryshallexecuteitsdocumente
dprocessesforacquiringPDI.
4.2.6.3
TherepositoryshallensurethatthePDIis
persistentlyassociatedwiththerelevant
contentin
formation.
Thisisav
eryimportantmetricthisis
wherethe
repositorycanproveithasdone
enoughin
creatingtheAIP.
4.2.7
Therepositoryshallensurethatthecontentinform
ationoftheAIPsisunderstanda
blefor
theirdesignatedc
ommunityatthetimeofcreation
oftheAIP.
4.2.7.1
Repositoryshallhaveadocumentedprocessfortestingunderstandabilityfor
theirdesignatedcommunitiesofthecontentinformationoftheAIPsattheir
creation.
4.2.7.2
Therepositoryshallexecutethetestingprocessforeachclassofcontentinformation
oftheAIP
s.
4.2.7.3
TherepositoryshallbringthecontentinformationoftheAIPuptotherequiredlevel
ofunderstandabilityifitfailstheunderstandabilitytesting.
4.2.8
TherepositoryshallverifyeachAIPforcompletenessandcorrectnessatthepoint
itis
created.
4.2.9
Therepositoryshallprovideanindependentmechanismforverifyingtheintegrity
oftherepositorycollection/content.
Asbefore,enoughevidencemustbe
collected.
4.2.1
0Therepositoryshallhavecontemporaneousrecordsofactionsandadministration
processes
thatarerelevant
toAIPcreation.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
14/20
474 25 Who Is Doing a Good Job? Audit and Certification
Table25.1(continued)
HavingcreatedtheAIP,
therepository
mustensu
retheirpreservation.
4.3
PreservationPlann
ing
Thereshouldbesomepre-planning.
4.3.1
Therepositoryshallhavedocumentedpreservationstrategiesrelevanttoitsholdings.
Thingschangeandthesechangescan
threatenpreservation;therepositorymust
besureitknowswhatchangeshave
happened
tothatitcancounterthem.
4.3.2
Therepositoryshallhavemechanismsinplacefor
monitoringitspreservationenvironment.
4.3.2.1
Therepositoryshallhavemechanismsinp
laceformonitoringandnotificationwhen
representationinformationisinadequateforthedesignatedcommunityto
understandthedataholdings.
Theplans
whichhavebeenmadeearlier
mayhave
tobechanged.
4.3.3
Therepositoryshallhavemechanismstochangeitspreservationplansasaresulto
fits
monitoringactivities.
4.3.3.1
Therepositoryshallhavemechanismsforcreating,
identifyingorgathering
anyextra
representationinformationrequired.
Thisisan
absolutelyvitalmetricbecause
heretherepositorymustshowthatits
plansactu
allyworkshowingthe
designatedcommunitycanunderstandthe
digitallye
ncodedinformation.
The
discussion
associatedwiththismetric
says:
4.3.4
Therepositoryshallprovideevidenceoftheeffectivenessofitspreservationactivities.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
15/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 475
Table25.1(continued)
Therepositoryshouldbeableto
demonstra
tethecontinuedpreservation,
including
understandability,o
fits
holdings.Thiscouldbeevaluatedata
numberofdegreesanddependsonthe
specificity
ofthedesignatedcommunity.
Ifadesign
atedcommunityisfairly
broad,an
auditorcouldrepresentthetest
subjectin
theevaluation.Morespecific
designatedcommunitiescouldrequire
significantefforts.
AIPpreservationisaspecialcaseof
preservation.
4.4
AIPPreservation
4.4.1
Therepositoryshallhavespecificationsforhowth
eAIPsarestoreddowntothebitlevel.
4.4.1.1
TherepositoryshallpreservethecontentinformationofAIPs.
4.4.1.2
TherepositoryshallactivelymonitortheintegrityofAIPs.
4.4.2
Therepositoryshallhavecontemporaneousrecord
sofactionsandadministrationp
rocesses
thatarerelevanttostorageandpreservation
oftheAIPs.
4.4.2.1
TherepositoryshallhaveproceduresforallactionstakenonAIPs.
4.4.2.2
TherepositoryshallbeabletodemonstratethatanyactionstakenonAIPs
were
compliantwiththespecificationofthosea
ctions.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
16/20
476 25 Who Is Doing a Good Job? Audit and Certification
Table25.1(continued)
Herewew
anttomakesurethatthe
contentinformationcanbefound.
4.5
InformationMana
gement
4.5.1
Therepositoryshallspecifyminimuminformation
requirementstoenablethedesignated
communitytodiscoverandidentifymaterialofinterest.
4.5.2
Therepositoryshallcaptureorcreateminimumde
scriptiveinformationforeachA
IP.
4.5.3
Therepositoryshallcreatebi-directionallinkages
betweeneachAIPanditsdescriptive
information.
4.5.3.1
Therepositoryshallmaintainthebi-directionalassociationsbetweenitsAIPsand
theirdescriptiveinformationovertime.
Accessne
edstobecontrolled.
4.6
AccessManagement
4.6.1
Therepositoryshallcomplywithaccesspolicies.
4.6.1.1
Therepositoryshalllogandreviewallacc
essmanagementfailuresandano
malies.
4.6.2
Therepositoryshallfollowpoliciesandprocedure
sthatenablethedisseminationo
fdigital
objectsthataretraceabletotheoriginals,withevidencesupportingtheirauthenticity.
4.6.2.1
Therepositoryshallrecordandactuponproblemreportsabouterrorsinda
taor
responses
fromusers.
Inthissec
tiontheauditorshouldlookat
thehardwareandsoftwareisused.
In
additionclearlysecurityisvital.
One
optionwo
uldbetoduplicatetheISO
27000metrics.Howeverthisseems
excessive
soaminimalsetofmetricsis
specified.
5InfrastructureandS
ecurityRiskManagement
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
17/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 477
Table25.1(continued)
Thissub-sectionistoensurethehardware
andsoftwareischeckedbytheauditor.
5.1
TechnicalInfrastructureRiskManagement
5.1.1
Therepositoryshallidentifyandmanagetherisks
toitspreservationoperationsandgoals
associatedwithsysteminfrastructure.
5.1.1.1
Therepositoryshallemploytechnologywatchesorothertechnologymonitoring
notificatio
nsystems.
5.1.1.1.1T
herepositoryshallhavehardwa
retechnologiesappropriatetotheservices
itprovidestoitsdesignatedcommunities.
5.1.1.1.2T
herepositoryshallhaveproceduresinplacetomonitorandreceive
notificationswhenhardwaretech
nologychangesareneeded.
5.1.1.1.3T
herepositoryshallhaveproceduresinplacetoevaluatewhench
angesare
neededtocurrenthardware.
5.1.1.1.4T
herepositoryshallhaveprocedures,commitmentandfundingto
replace
hardwarewhenevaluationindica
testheneedtodoso.
5.1.1.1.5T
herepositoryshallhavesoftwar
etechnologiesappropriatetothe
services
itprovidestoitsdesignatedcommunities.
5.1.1.1.6T
herepositoryshallhaveproceduresinplacetomonitorandreceive
notificationswhensoftwarechan
gesareneeded.
5.1.1.1.7T
herepositoryshallhaveproceduresinplacetoevaluatewhench
angesare
neededtocurrentsoftware.
5.1.1.1.8T
herepositoryshallhaveprocedures,commitmentandfundingto
replace
softwarewhenevaluationindicat
estheneedtodoso.
5.1.1.2
Therepositoryshallhaveadequatehardwa
reandsoftwaresupportforback
up
functionalitysufficientforpreservingtherepositorycontentandtrackingrepository
functions.
5.1.1.3
Therepositoryshallhaveeffectivemechan
ismstodetectbitcorruptionorloss.
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
18/20
478 25 Who Is Doing a Good Job? Audit and Certification
Table25.1(continued)
5.1.1.3.1T
herepositoryshallrecordandreporttoitsadministrationallincidentsof
datacorruptionorloss,andsteps
shallbetakentorepair/replacecorruptor
lostdata.
5.1.1.4
Therepositoryshallhaveaprocesstoreco
rdandreacttotheavailabilityofnew
securityu
pdatesbasedonarisk-benefitassessment.
5.1.1.5
Therepositoryshallhavedefinedprocesse
sforstoragemediaand/orhardw
are
change(e.g.,refreshing,migration).
5.1.1.6
Therepositoryshallhaveidentifiedanddo
cumentedcriticalprocessesthat
affectits
abilitytocomplywithitsmandatoryrespo
nsibilities.
5.1.1.6.1T
herepositoryshallhaveadocum
entedchangemanagementproc
essthat
identifieschangestocriticalproc
essesthatpotentiallyaffectthe
repositorysabilitytocomplywithitsmandatoryresponsibilities.
5.1.1.6.2T
herepositoryshallhaveaprocessfortestingandevaluatingtheeffectof
changestotherepositoryscriticalprocesses.
5.1.2
Therepositoryshallmanagethenumberandlocationofcopiesofalldigitalobjects.
5.1.2.1
Therepositoryshallhavemechanismsinp
lacetoensureany/multiplecopiesof
digitalobjectsaresynchronized.
5.2
SecurityRiskMan
agement
5.2.1
Therepositoryshallmaintainasystematicanalysisofsecurityriskfactorsassociatedwith
data,systems,personnel,andphysicalplant.
5.2.2
Therepositoryshallhaveimplementedcontrolsto
adequatelyaddresseachofthedefined
securityrisks.
5.2.3
Therepositorysta
ffshallhavedelineatedroles,responsibilities,andauthorizations
related
toimplementingchangeswithinthesystem.
5.2.4
Therepositoryshallhavesuitablewrittendisaster
preparednessandrecoveryplan(
s),
includingatleast
oneoff-sitebackupofallpreservedinformationtogetherwithan
offsite
copyoftherecoveryplan(s).
-
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
19/20
25.4 Understanding the ISO Trusted Digital Repository Metrics 479
An example metric with its informative text is:
The repository shall have mechanisms in place for monitoring and notifi-
cation when Representation Information is inadequate for the DesignatedCommunity to understand the data holdings.
Supporting Text
This is necessary in order to ensure that the preserved information remains
understandable and usable by the Designated Community.
Examples of Ways the Repository can Demonstrate it is Meeting this
Requirement
Subscription to a Representation Information registry service; subscriptionto a technology watch service, surveys amongst its designated community
members, relevant working processes to deal with this information.
Discussion
The repository must show that it has some active mechanism to warn of
impending obsolescence. Obsolescence is determined largely in terms of the
knowledge base of the Designated Community.
It must be recognised that the audit process cannot be specified in very fine,
rigid, detail. An audit process must depend upon the experience and expertise of
the auditors. For this reason the second document sets out the system under which
the audit process is carried out; in particular the expertise of the auditors and the
qualification which they should have is specified. In this way the document specifies
how auditors are accredited and thereby helps to guarantee the consistency of the
audit and certification process.
There is a hierarchy of ISO standards concerned with good auditing practice
[253256]. The second standard [252] is positioned within this hierarchy in order toensure that these good practices can be applied to the evaluation of TDRs.
ISO/IEC 17021 [255] is an International Standard which sets out criteria for
bodies operating audit and certification of organizations management systems.
If such bodies are to be accredited as complying with ISO/IEC 17021 with the
objective of auditing and certifying Trusted Digital Repositories (TDR) in accor-
dance with [251], some additional requirements and guidance to ISO/IEC 17021 are
necessary.
For this reason the RAC Working Group refers to accreditation and certification
processes.
The second standard [252] addresses issues arising from applying good audit
practice to auditing and certifying whether to what extent digital repositories can be
trusted to look after digitally encoded information for the long-term, or at least for
the period of their custodianship of that digitally encoded information.
http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?- -
7/31/2019 Chapter 25 - Who is Doing a Good Job; Audit and Certification
20/20
480 25 Who Is Doing a Good Job? Audit and Certification
It covers principles needed to inspire confidence that third party certification of
the management of the digital repository has been performed with
impartiality,
competence, responsibility,
openness,
confidentiality, and
responsiveness to complaints
At the time of writing both documents are in an advanced state of preparation; the
first of these documents has been submitted for ISO review and the second should
be submitted soon. While the reviews are underway further preparations for the
accreditation and certification processes will be undertaken. It should be noted that
the OAIS reference Model has also been undergoing revision and the new version
has been submitted for ISO review. Because of the close links between the metrics
and OAIS concepts and terminology it is important that the two remain consistent,
and cross-membership of the working groups will ensure this.
In addition to the central accreditation body there will be an eventual need for
a network of local accreditation and certification bodies.
25.5 Summary
It has been recognised for a long time that there is a need for a way to judge the
extent to which an archive can be trusted to preserve digitally encoded information.
On the one hand funders of such archives need some formal certification process
to provide assurance that their funding is well spent and that their important digital
holdings will continue to be usable and understandable into the future. On the other
hand it is probably also true that many who manage such archives would want some
less formal process.
Considerable work has been carried out on the second of these aims, namely peer
or informal certification. The RAC Working Group seems, at the time of writing, to
be close to take important steps towards the first aim (formal ISO certification).
Difficult organisational issues still need to be addressed but there is a clear roadmap
for doing this. Even if all this is put in place the take-up of the process and its
impact on, for example, determining the funding of digital repositories is far from
guaranteed. However in order to make progress the RAC Working Group believes
that the effort must be made.
top related