DP Knowhow: Introduction to Audit and Certification in ISO 16363 APARSEN-EGI Community Workshop on Managing, Computing and Preserving Big Data for Research.

Slides:

Advertisements

Similar presentations

1 IAF Working Group on FSMS Azusa Nakagawa-Inoue PAC TC meeting 16 June 2010.

Advertisements

DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.

Co-funded by the European Union under FP7-ICT Co-ordinated by aparsen.eu #APARSEN Sustainability and the APARSEN Network of Excellence: Preservation.

May 16, 2012EDMC Workshop in College Park MDDan Kowal Trusted Digital Repositories: A New Audit Standard A Follow-on to the OAIS Dan Kowal, Data Administrator,

The International Register of Certificated Auditors Putting Annex SL into context An awareness and orientation session about the new common text framework.

DigCCurr 2007: What digital curators do and what they need to know The CASPAR view on: What digital curators do and what they need to know : Research Perspectives.

Peer-Reviewer Guidance Data Seal of Approval Hervé L’Hours DSA Conference Amsterdam. 24 September, 2014.

Prepared and presented by Paul French AJA Registrars Operations Director AJA are a multi-accredited International Certification Body based in Portishead.

The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.

SCIDIP-ES Components Oct ,Brussels. Basic Preservation Strategies Often stated as: “Emulate or Migrate” OAIS concepts change these to: Add Representation.

Certification of Trustworthy Digital Repositories Arnold Rots Harvard-Smithsonian CfA.

TRAC / TDR ICPSR Trustworthy Digital Repositories.

Dr. Julian Lo Consulting Director ITIL v3 Expert

Co-funded by the European Union under FP7-ICT Alliance Permanent Access to the Records of Science in Europe Network Co-ordinated by aparsen.eu #APARSEN.

Office of Inspector General (OIG) Internal Audit

ASPEC Internal Auditor Training Version

Registration Management Committee Body of Knowledge (BoK) for Other Party (OP) Assessors David Day GE Aviation.

Who is doing a good job in digital preservation? Audit and Certification of Digital Repositories: ISO and the European Framework.

Creating a service Idea. Creating a service Networking / consultation Identify the need Find funding Create a project plan Business Plan.

David Giaretta Associate Director (Development) Funders: DCC Development Digital Curation Centre a centre of expertise in data curation and preservation.

Postgraduate Educational Course in radiation protection and the Safety of Radiation sources PGEC Part IV The International System of Radiation Protection.

Lec#3 Project Quality Management Ghazala Amin. 2 Quality Specialist-Job responsibility Responsibilities Reports monitoring and measurement of processes.

Science Archives in the 21st Century 25/26 April Towards an International standard for Audit and Certification of Digital Repositories David Giaretta.

Repository Requirements and Assessment August 1, 2013 Data Curation Course.

Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Peter Doorn Data Archiving.

Nestor – German network of expertise in digital preservation nestor German Network of Expertise in Digital Preservation nestor.

1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

DigCCurr Professional Institute: Curation Practices for the Digital Object Lifecycle Digital Curation Program Development Nancy Y McGovern Research Assistant.

Review and Revision of ISO/IEC 17021

ISO 9001:2008 to ISO 9001:2015 Summary of Changes

Archival Workshop on Ingest, Identification, and Certification Standards Certification (Best Practices) Checklist Does the archive have a written plan.

Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July Supplemental Oversight AS9104/2A & Special.

ISO/IEC 17065:2012. Objective Identification of new/changed requirements in ISO/IEC 17065:2012 and the implications of these changes for certification.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

DP Knowhow: Audit and Certification in ISO Standard APARSEN-EGI-Community-Forum Training on Data Preservation 22 nd of May 2014 Helsinki, Finland.

April 12, 2005 WHAT DOES IT MEAN TO BE AN ARCHIVES? Trusted Digital Repository Model Original Presentation by Bruce Ambacher Extended by Don Sawyer 12.

NDSR Boston webinar: Digital Preservation Introduction Presenter: Nancy Y McGovern October 2015.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

The common structure and ISO 9001:2015 additions

Assessment Validation. MORE THAN YOU IMAGINE ASQA (Australian Skills Quality Authority) New National Regulator ASQA as of 1 July, 2011.

SEDAC Long-Term Archive Development Robert R. Downs Socioeconomic Data and Applications Center Center for International Earth Science Information Network.

APA’s Virtual Centre of Excellence (VCOE) and its Vision APARSEN-EGI-Community-Forum Training on Data Preservation 22 nd of May 2014 Helsinki Matthias.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

WORKSHOP ON ACCREDITATION OF BODIES CERTIFYING MEDICAL DEVICES INT MARKET TOPIC 6 CH 5 ISO MANAGEMENT RESPONSIBILITY Philippe Bauwin Medical.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

The International Society for Quality in Health Care (ISQua) – Guidelines.

SciDataCon 2014, WDS Forum, Dehli WDS Certification Objective: building trust in the usage of data & data services Michael Diepenbroek Rorie Edmunds Mustapha.

A Peer-to-Peer Approach to Review Compliance with Trustworthy Repository Audit and Certification (TRAC) Introduction A trusted digital repository has been.

Co-funded by the European Union under FP7-ICT Alliance Permanent Access to the Records of Science in Europe Network aparsen.eu #APARSEN Options.

Co-funded by the European Union under FP7-ICT Co-ordinated by aparsen.eu #APARSEN CoE offerings Simon Lambert STFC All Hands Meeting, Amsterdam,

DP Knowhow: Open Archival Information Systems (OAIS) in ISO APA/C-DAC International Conference on Digital Preservation and the Development of Trusted.

Audit & Certification with ISO standards

The Role of Trustworthy Digital Repositories in Sustainability

Digital Repository Certification Schema A Pathway for Implementing the GEO Data Sharing and Data Management Principles Robert R. Downs, PhD Sr. Digital.

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Preparing a Trustworthy Domain Repository for ISO Certification

Certification of Trusted Repositories

RDA/WDS IG Certification of Digital Repositories The new 'Core Trustworthy Data Repository Requirements' hands-on RDA Plenary 9, Barcelona,

D33.1B PEER REVIEW OF DIGITAL REPOSITORIES

Trustworthiness of Preservation Systems

2. ISO Certification Discussed already at 2015 PoW and several WLCG OB meetings Proposed approach: An Operational Circular that describes the organisation's.

Body Of Knowledge for Other Party (OP) Assessors

UNIT V QUALITY SYSTEMS.

Training Course on Integrated Management System for Regulatory Body

Americas Aerospace Quality Group

EN/AS/SJAC 9101 Re-Write EN/AS/SJAC 9101 Audit Process Coordination Draft IAQG Working Group Prepared by: Tony Marino The Boeing Company Supplier Quality.

Agenda Why this group exists Who is behind it

ACCREDITATION PROCESS

Presentation transcript:

DP Knowhow: Introduction to Audit and Certification in ISO APARSEN-EGI Community Workshop on Managing, Computing and Preserving Big Data for Research 4-6 March 2014 Amsterdam David Giaretta APA This work is made available under the terms of the Creative Commons Attribution- ShareAlike 3.0 license,

OAIS (ISO 14721) Trusted Digital Repositories: Attributes and Responsibilities TRAC Audit and Certification of Trustworthy Digital Repositories (ISO ) Requirements For Bodies Providing Audit And Certification (ISO ) Certification See and Standards will be available free from There is a hierarchy of ISO standards concerned with good auditing. ISO is positioned within this hierarchy in order to ensure that these good practices can be applied to the evaluation of the trustworthiness of digital repositories using ISO It covers principles needed to inspire confidence that third party certification of the management of the digital repository has been performed with impartiality, competence, responsibility, openness, confidentiality, and responsiveness to complaints Metrics concerning: Organizational Infrastructure e.g. The repository shall have a documented history of the changes to its operations, procedures, software, and hardware. Digital Object Management e.g. The repository shall have access to necessary tools and resources to provide authoritative Representation Information for all of the digital objects it contains. Infrastructure and Security Risk Management eg. The repository shall have procedures in place to evaluate when changes are needed to current software. Audit by external, accredited, auditors Standards based Repository Audit and Certification (ISO 16363)

ISO Overall Structure: – Section A: Organisational Infrastructure – Section B: Digital Object Management – Section C: Infrastructure and Security Risk Management Metrics and their structure: – Statement of requirement – Supporting text – Examples of Ways the Repository can Demonstrate it is Meeting this Requirement – Discussion

Repository ISO Certification Body ISO (ISO) National Accreditation Body (NAB) ISO 17011(?) NAB Regional Group IAF TC WG Regional Group USA: ANSI ANAB UK: UKAS INDIA: NABCB National Accreditation Body appoints ASSESSORS to help decide whether or not to accredit

ISO Process for Audits Comprehensive view of repository’s capabilities Preparatory work by repository First audit and resulting certification – Identifies improvements needed – Repository prepares improvement plan Repository implements improvement plan Surveillance audit after a period Re-certification

The audits Self-audit process covering all metrics, providing information to audit team: The basics: Are the bits safe? Are the data understandable/usable by the Designated Community? Is authenticity safeguarded (evidence based) E.g. Is the information really what it is claimed to be? Can the digital holdings be handed over to another repository if/when necessary? The repository must try to provide evidence Why do they think people (including their funders) should trust them?

What would Certification look like? NOTE: The audit and certification would be undertaken by an accredited organisation Not a simple statement that “Yes this repository is perfect”! Should be regarded as part of a process of improvement – Audit/certification provides information on which an organization can act to improve its performance – Improvement plan “repository OK as long as ….” – Cycle of certification/ surveillance audit/ re- certification

Example Issues from ISO Metrics Metric THE REPOSITORY SHALL HAVE DEFINED ITS DESIGNATED COMMUNITY AND ASSOCIATED KNOWLEDGE BASE(S) AND SHALL HAVE THESE DEFINITIONS APPROPRIATELY ACCESSIBLE. – The metric was not satisfied. There were no records or documentary evidence presented to describe any Designated Community, nor any AIP associations with any Designated Community.

Example Issues from ISO Metrics Metric THE REPOSITORY SHALL HAVE TOOLS OR METHODS TO DETERMINE WHAT REPRESENTATION INFORMATION IS NECESSARY TO MAKE EACH DATA OBJECT UNDERSTANDABLE TO THE DESIGNATED COMMUNITY. – This metric was not satisfied. In our discussions, we perceived that s view of their designated communities was ambiguous. Consequently, there were few indications that representation information was being organized to support the long term use and understanding of the AIPs. While a great deal of representation information, and indeed, metadata in general is being collected, there appear to be few opportunities within for explicit review of those ancillary data in light of changes in long-term preservation needs of one or more Designated Communities.

Example Issues from ISO Metrics METRIC THE REPOSITORY SHALL HAVE A PRESERVATION STRATEGIC PLAN THAT DEFINES THE APPROACH THE REPOSITORY WILL TAKE IN THE LONG-TERM SUPPORT OF ITS MISSION – Currently there is no preservation strategic plan separate from the overall strategic plan of the organization. The metric was not satisfied.

Support for Repositories Managers Handbook for repository being prepared Information for managers to understand what the repository staff is attempting to accomplish Training for staff to understand what is required Help in preparation for audit and self-audit

Support for auditors Training courses aligned with the competencies are becoming available

Links ISO Audit OAIS Reference Model – Original version available from – Updated version at – Alliance for Permanent Access – – Information about SCIDIP-ES and APARSEN at projects/ and and projects/ – Additional OAIS and ISO Audit information will be at /member-resources/ /member-resources/ 15

END