Trustworthiness of Preservation Systems

Trustworthiness  of  Preservation Systems. David  Minor. PASIG Presentation. March 11, 2015. [PDF]
We  all  want  to  trust  systems, especially preservation  systems. Trust is an iterative process to verify and clarify. The principles of trust include:

•  Institutional commitment to collections
•  Infrastructure demands
•  Technical system and staffing capabilities
•  Sustainability (particularly funding, technology, collaboration)
•  Identify and communicate risks to content, examining “what if” questions

There are three levels of auditing

•  "Basic certification” is a simple self assessment
•  "Extended certification" represents a plausibility checked assessment
•  "Formal certification" is an audit driven by external experts

Major auditing frameworks include:

•  Data Seal of Approval (Basic)
•  nestor (Extended)
•  TRAC/ISO 16363 (Formal)
•  DRAMBORA (Range)

The DRAMBORA Stages

1.  Identify organizational context
2.  Document policy and regulatory framework
3.  Identify activities, assets, and their owners
4.  Identify risks
5.  Assess risks
6.  Manage risks

In the future, we need to know how these audit frameworks apply to distributed digital preservation environments, and how flexible the questions and the audit models are.

Digital Preservation Matters.

Trustworthiness: Self-assessment of an Institutional Repository against ISO 16363-2012

Trustworthiness: Self-assessment of an Institutional Repository against ISO 16363-2012. Bernadette Houghton. D-Lib Magazine. March/April 2015.
Digital preservation is a relatively young field, but progress has been made for developing tools and standards to better support preservation efforts. There is increased interest in standards for the audit and certification of digital repositories because researchers want to know they can trust digital repositories. Digital preservation is a long-term issue. The Trustworthy Repositories Audit and Certification (TRAC) checklist has been widely used as the basis of the activities. It later became ISO 16363 (based on the OAIS model) which contains 105 criteria in 3 areas:

1. Organizational infrastructure (governance, structure and viability, staffing, accountability, policies, financial sustainability and legal issues)
2. Digital object management (acquisition and ingest of content, preservation planning and procedures, information management and access)
3. Infrastructure and security risk management (technical infrastructure and security issues)

 "Undertaking a self-assessment against ISO 16363 is not a trivial task, and is likely to be beyond the ability of smaller repositories to manage." An audit is an arms-length review of the repository, requiring evidence of compliance and testing to see that the repository is functioning as a Trusted Digital Repository.  Most repositories at this time are in an ad hoc, still-evolving situation. That is appropriate at this time, but a more mature approach should be taken in the future. The assessment process would rate features for: Full Compliance, Part Compliance, Not Compliant. The conclusions in the article include:

• Self-assessment is time-consuming and resource-heavy, but a beneficial exercise
• Self-assessment is needed before considering external certification. 
• Certification is expensive.
• Get senior management on board. Their support is essential.
• Consider doing an assessment first against NDSA Levels of Digital Preservation  
• Repository software may be OAIS-compliant, but it doesn't mean your repository is also
• Not all ISO 16363 criteria have the same importance. Assess each criteria accordingly
• ISO 16363 is based on a conceptual model and may not fit your exact situation
• Determine in advance how deep the assessment will go.
• Document the self-assessment from the start on a wiki and record your findings  

Digital Preservation Matters.

GPO Prepares To Become First Federal Agency Named As Trustworthy Digital Repository For Government Information

GPO Prepares To Become First Federal Agency Named As Trustworthy Digital Repository For Government Information. U.S. Government Publishing Office. Press Release. December 18, 2014.
The GPO is preparing to become the first Federal agency to be named as a Trustworthy Digital Repository for Government information through certification under ISO 16363, which defines a recommended practice for assessing the trustworthiness of digital repositories. The Audit and Certification checklist will be used by an accredited outside organization. This would be the first Federal agency to be certified.

To begin the audit process, GPO will be one of 5 institutions to receive a resident through the National Digital Stewardship Residency program to work for one year on preparation for the audit and certification of FDsys as an ISO 16363 Trustworthy Digital Repository.

The GPO has also recently changed its name to the Government Publishing Office.

Digital Preservation Matters.

Criteria for the Trustworthiness of Data Centres

Criteria for the Trustworthiness of Data Centres. Jens Klump. D-Lib Magazine. January/February 2011.
The rapid decay of URLs for research resources is an important reason to use persistent identifiers. The use of persistent identifiers implies that the data objects are persistent themselves. The rapid obsolescence of the technology to read the information, along with the physical decay of the media, represents a serious threat to preservation of the content. Since research projects only run for a relatively short time, it is advisable to shift the responsibility for long-term data curation from the individual researcher to a trusted data repository or archive.

We need criteria for the assessment of trustworthiness of digital archives. Some of the methods presented have been:

•     Trustworthy Repositories Audit & Certification: Criteria and Checklist (TRAC)
•     Catalogue of Criteria for Trusted Digital Repositories (nestor Catalogue)
•     DCC and DPE Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)
•     DINI-Certificate Document and Publication Services
•     Data Seal of Approval (Sesink et al., 2008)

These provide useful feedback on developing additional criteria and auditing procedures to certify  trusted digital archives.