1 / 26

ISO Process for Audit and Certification of Digital Repositories

ISO Process for Audit and Certification of Digital Repositories. Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES FOR TRUSTED DIGITAL REPOSITORIES David Giaretta October 7- 8, 2008, College Park, Maryland. Outline. OAIS RLG/NARA work

yehuda
Download Presentation

ISO Process for Audit and Certification of Digital Repositories

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO Process for Audit and Certification of Digital Repositories Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES FOR TRUSTED DIGITAL REPOSITORIES David Giaretta October 7- 8, 2008, College Park, Maryland

  2. Outline • OAIS • RLG/NARA work • Other related work • Repository Audit and Certification Working Group • What is needed to set up an ISO process Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  3. Digital Preservation… • Easy to do… • …as long as you can provide money forever • Easy to test claims about repositories… • …as long as you live a long time • Reference Model for Open Archival Information System (OAIS) provides an approach Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  4. OAIS • OAIS approach to digital preservation: • covers all types of digitally encoded information • provides a way to test whether preservation is successful • does not require seeing into the future • does require transparency • but does not require “open access” • does not cover social and organisational aspects • OAIS does provide a good basis for certification Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  5. Key OAIS Concepts • Claiming “This is being preserved” is untestable • Essentially meaningless • Except “BIT PRESERVATION” • How can we make it testable? • Claim to be able to continue to“do something” with it • Understand/use • Need Representation Information • Still meaningless… • Things are too interrelated • Representation Information potentially unlimited • Designated Community • Many other concepts identified • Checklist – not just blanket term of “metadata” Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  6. Information is the important thing Information: Any type of knowledge that can be exchanged. In an exchange, it is represented by data. • What information? • Documents…… • Data……. • Original bits? • Look and feel? • Behaviour? • Performance? • Explicit/ Implicit/ Tacit Long Term is long enough to be concerned with the impacts of changing technologies, including support for new media and data formats, or with a changing user community. Long Term may extend indefinitely. Ensure that the information to be preserved is Independently Understandable to (and usable by) the Designated Community. Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  7. Information Object 1+ interpreted interpreted using Data Representation 1+ using Object Information Physical Digital Object Object 1+ Bit Sequence Representation Information The Information Model is key Recursion ends at KNOWLEDGEBASE of the DESIGNATED COMMUNITY (this knowledge will change over time and region) Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  8. Issues of transferring info to future custodians How can we ensure that the information trapped in the “bits” remains understandable despite all these changes? • Things change: • Software • Hardware • Environment • E.g. Network links to related information • People • What is “common knowledge” • Organisations and systems • Chain of preservation • Only as strong as its weakest link How can current custodian prepare for or even be aware of these changes? Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  9. Data… Level 2 GOME Satellite instrument data Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  10. RLG/NARA work • Part of the OAIS Roadmap • Covered in earlier talks Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  11. TRAC related work • Trusted Digital Repositories: Attributes and Responsibilities from RLG and OCLC http://www.rlg.org/legacy/longterm/repositories.pdf • Comments on the DRAFT RLG/NARA Audit and Certification Checklist (the "DCC document") http://wiki.digitalrepositoryauditandcertification.org/pub/Main/ReferenceInputDocuments/Ross_McHugh_Buetikofer_comments_RLGNARA_AUDIT_ver2.pdf • Trustworthy Repositories Audit & Certification: Criteria and Checklist (TRAC) also available from http://www.crl.edu/PDF/trac.pdf • the earlier draft was: RLG/NARA Audit Checklist: http://www.rlg.org/en/page.php?Page_ID=20769 • TRAC-Nestor-DCC-criteria_mapping.doc: Crosswalk file between TRAC, Nestor and DCC work, which was completed by Robin Dale as a part of the Center for Research Libraries project http://wiki.digitalrepositoryauditandcertification.org/pub/Main/ReferenceInputDocuments/TRAC-Nestor-DCC-criteria_mapping.doc Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  12. Other related work • English version of the nestor criteria catalogue: http://edoc.hu-berlin.de/series/nestor-materialien/8en/PDF/8en.pdf • OECD Guidelines for the Security of Information Systems and Networks http://www.oecd.org/dataoecd/16/22/15582260.pdf • The outcome of the related Chicago meeting is available: • Notes from a related meeting in Chicago 15-16 Jan 2007 http://wiki.digitalrepositoryauditandcertification.org/pub/Main/ReferenceInputDocuments/Chicago_meeting.doc • DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) - see http://www.repositoryaudit.eu/ • Joint meeting of “Audit and Certification Forum” in Berlin 27 Nov 2007 agreed to use RAC as a clearing house after private discussions within the various groups (nestor, DRAMBORA, CRL etc) Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  13. Repository Audit and Certification Working group • Created as CCSDS “Birds of a Feather” (BoF) group in CCSDS • Now an official CCSDS Working Group • Open virtual meetings, notes and documents: • http://www.digitalrepositoryauditandcertification.org Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  14. RAC Charter • Goal 1: Obtain ISO approval of a standard that establishes the criteria that a repository/archive must meet to be designated an ISO Trusted Digital Repository. • Review the existing work on audit and certification criteria for digital repositories, such as that from the RLG/NARA working group and the NESTOR project. These two documents are broadly similar, and both are based on the OAIS Reference Model. • Prepare a draft (or adopt one of the above documents) and submit to ISO as a Committee Draft to get the ISO process going. • Analyse the consistency of those works with the OAIS Reference Model (ISO 14721) and follow on standards such as PAIMAS and the forthcoming PAIS. • Review existing audit and certification standards such as ISO 9000 and ISO 27000, and the requirements on such standards for supporting an accreditation and certification programme to obtain guidance on the form of this standard. Neither of these two standards audit the preservation of the encoded information, hence the need for a new standard. Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  15. RAC Schedule    Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  16. UK STFC HATII, U Glasgow Digital Curation Centre, UK European Space Agency France CNES Netherlands KB National Library of the Netherlands Germany nestor USA NASA/GSFC/NSSDC ICPSR Smithsonian Institution Archives California Digital Library Center for Research Libraries National Archives and Records Administration Columbia University U Maryland UNC Brazil Instituto Nacional de Pesquisas Espaciais INPE Participation Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  17. USA 40 South Africa 8 Australia 6 China 3 Israel 3 Canada 1 India 1 UK 20 Germany 6 France 5 ESA 4 Netherlands 2 Italy 2 Spain 1 Ireland 1 Czech Republic 1 Estonia 1 Mailing list Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  18. Outline of Working Document • A1. Governance and organizational viability • A2. Organizational structure and staffing • A3. Procedural accountability and Preservation Policy framework • A4. Financial sustainability • A5. Contracts, licenses, and liabilities • Organizational infrastructure includes but is not restricted to these elements: • Governance • Organizational structure • Mandate or purpose • Scope • Roles and responsibilities • Policy framework • Funding system • Financial issues, including assets • Contracts, licenses, and liabilities • Transparency Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  19. B1: Ingest: acquisition of content: • The initial phase of ingest that addresses acquisition of digital content. • B2: Ingest: creation of the AIP: • The final phase of ingest that places the acquired digital content into the forms, often referred to as Archival Information Packages (AIPs), used by the repository for long-term preservation. • B3: Preservation planning • Current, sound, and documented preservation strategies along with mechanisms to keep them up to date in the face of changing technical environments. • B4: Archival storage & preservation/maintenance of AIPs • Minimal conditions for performing long-term preservation of AIPs. • B5: Information management • Minimal-level metadata to allow digital objects to be located and managed within the system. • B6: Access management • The repository’s ability to produce and disseminate accurate, authentic versions of the digital objects. Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  20. C1: System infrastructure • C2: Appropriate technologies • building on the system infrastructure requirements, with additional criteria specifying the use technologies and strategies appropriate to the repository’s designated community(ies). • C3: Security • from IT systems, such as servers, firewalls, or routers to fire protection systems and flood detection to systems that involve actions by people Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  21. What does one need in order to set up a process/organisation to do the audit? • Review of what ISO 27001 and others have suggests: • Two documents • Provides the list of things which need to be considered • Can be fairly cryptic – bare list of topics!! • Provides guidance on how the audit is done • Some “boiler-plate” • Some qualification for auditors e.g. academic course • An initial audit team and accreditation group Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  22. Example - BS7799 Accreditation Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  23. Key Issues (1) • How to get from a checklist to an international accreditation/ certification system? • The initial auditors • Qualification for auditors • International set-up Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  24. Key Issues (2) • Evidence – short term • Evidence – long term • The real crunch! • Risk capture • e.g. DRAMBORA tool • Quantification • The marking system • Levels of audit? • External review • Internal maturity • Legal issues Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  25. The Market • Transparency • Trustable? • certified by whom? • to what level? • what evidence? • with what granularity? • for what Designated Community • relevant/sensible? • What cost? • Self-sustaining? Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland

  26. END

More Related