ISO 16363:2012. Audit & Certification of Trustworthy Digital Repositories defines recommended practices for assessing the trustworthiness of digital repositories. The document will help those who audit repositories, but also those to design or redesign their digital repository processes. Some highlights from the standard:
3.1 Governance and Organizational viability: The repository shall have a collection policy or other document that specifies the type of information it will preserve, retain, manage, and provide access to. Without the policy the collection scope is unclear and it becomes difficult to say no to out of scope content. The standard expects a policy to exist and be documented.
4.2 Ingest: Creation of AIPs: Organizations should have a description of how AIPs are constructed from SIPs. It should document all changes to the processes, as well as defining what happens to the content (such as normalization of files, etc.)
5.2 Security Risk Management: The repository should have a written disaster preparedness and recovery plan, including at least one off-site backup of all preserved information together with an off-site copy of the recovery plan. This means the organization should be prepared administratively.
The elements are scored as follows
- 0 - non-compliant or not started
- 1 - slightly compliant (needs a lot of work to do in address the requirement.
- 2 - half compliant: partially addressed but still significant work to do
- 3 - mostly compliant: mostly addressed and working on full compliance.
- 4 - fully compliant: can demonstrate the requirement is comprehensively addressed.
- Documentation: records of policy, procedure, and outcomes of activities
- Policy: the definition of approaches and protocol for repository functions and procedures
- Procedures: specification of preservation and infrastructure management activities
- Software: development or configuration of preservation systems
- Infrastructure: procurement, monitoring, and management of hardware infrastructure
- Organization: organizational infrastructure including funding, staffing, and strategy
- Action Plan