Repository audit and risk profiles: trust through transparency

Slides:



Advertisements
Similar presentations
Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.
Advertisements

DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.
ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012.
DRIVER Long Term Preservation for Enhanced Publications in the DRIVER Infrastructure 1 WePreserve Workshop, October 2008 Dale Peters, Scientific Technical.
Platter Planning Tool For Trusted Electronic Repositories
The AIDA toolkit: Assessing Institutional Digital Assets Ed Pinsent, ULCC.
Digital Preservation: Logical and bit-stream preservation using Plato and Eprints Introduction: Digital Preservation Recap Hannes Kulovits Andreas Rauber.
Digital Preservation Tools for Repository Managers A practical course in five parts presented by the KeepIt project in association with Module 5, Trust.
Digital Preservation and Trusted Digital Repositories Priscilla Caplan Florida Center for Library Automation ALA 2005 Chicago IL.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Planning for Secure Services (DMP-SS) † Tito Castillo,
11 December 2014 Trusted Repository Certification and the National Transportation Library Mary Moulton, Digital Librarian, National Transportation Library.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Authentication of the Federal Register Charley Barth Director, Office of the Federal Register United States Government.
Data Archiving and Networked Services DANS is een instituut van KNAW en NWO Certification at DANS Ingrid Dillo DSA Conference 2014 Amsterdam, 24 September.
Co-funded by the European Union under FP7-ICT Alliance Permanent Access to the Records of Science in Europe Network Co-ordinated by aparsen.eu #APARSEN.
Check Me Out! - The RLG/NARA task force on certifying digital repositories Kevin Ashley Head of Digital Archives Department ULCC.
Data Requirements and Digital Repositories IASSIST Workshop Tampere, Finland 26 May, 2009.
ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.
Tools for assessing trustworthy repositories A quick overview of TRAC leading to DRAMBORA by Steve Hitchcock by eurovision_nicolaeurovision_nicola Haven’t.
Certification of Trustworthy Digital Repositories Arnold Rots Harvard-Smithsonian CfA.
By Eileen Clegg Digital Preservation at Columbia in the Old Days (2009)
TRAC / TDR ICPSR Trustworthy Digital Repositories.
ISO Process for Audit and Certification of Digital Repositories Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES.
Kevin L. Glick Electronic Records Archivist Manuscripts and Archives Yale University ECURE Arizona State University March 2, 2005 Fedora and the Preservation.
Designing Flexible Workflow for Upstream Participation of the Scientific Data Community Robert R. Downs and Robert S. Chen NASA Socioeconomic Data and.
ADASS Sept Trusted Data Repositories David Giaretta STFC and Director of CASPAR and Associate Director UK Digital Curation Centre.
Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.
Who is doing a good job in digital preservation? Audit and Certification of Digital Repositories: ISO and the European Framework.
© HATII, University of Glasgow Introduction to the UK ’ s Digital Curation Centre Prof Seamus Ross Visiting Fellow at Oxford Internet Institute ,
Ensuring Enduring Access: A Forum on Digital Preservation, July 21, 2009.
Science Archives in the 21st Century 25/26 April Towards an International standard for Audit and Certification of Digital Repositories David Giaretta.
Petra Pejšová, National Technical Library, Czech Republic Marcus Vaska, University of Calgary, Canada GL13, DECEMBER 5-6, 2011 Audit DRAMBORA for Trustworthy.
World Data Center for Human Interactions in the Environment Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as.
Repository Requirements and Assessment August 1, 2013 Data Curation Course.
MOIMS Reportp. 1 Digital Repository Audit and Certification BOF Goal  Obtain CCSDS / ISO approval of a standard that establishes the criteria that a repository.
INFuture2009: “Digital Resources and Knowledge Sharing”Zagreb 4-6 November 2009 Chiara Cirinnà, Maurizio Lunghi DigitalPreservationEurope: a way forward.
Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Peter Doorn Data Archiving.
Data Archiving and Networked Services DANS is an institute of KNAW en NWO and the Peter Doorn Data Archiving and Networked Services EUDAT Conference Trust.
OAIS Open Archival Information System. “Content creators, systems developers, custodians, and future users are all potential stakeholders in the preservation.
Nestor – German network of expertise in digital preservation nestor German Network of Expertise in Digital Preservation nestor.
OAIS in the Library Environment Managing and Preserving Electronic Resources FLICC/CENDI Washington DC, December 11,2001 Anne Van Camp RLG, Member Initiatives.
DRAMBORA Auditors Training: Chapel Hill, June 09 1 Session 0: DRAMBORA Chapel Hill.
DigCCurr Professional Institute: Curation Practices for the Digital Object Lifecycle Digital Curation Program Development Nancy Y McGovern Research Assistant.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
OCLC Western Service Center Practical Digital Data Curation Gayle Palmer, Digital & Preservation Services Manager OCLC Western Service Center January 2006.
Automation in Digital Preservation: Three Scenarios Milena Dobreva 1, Yunhyong Kim 2, Gillian Oliver 3, Seamus Ross 2, Raivo Ruusalepp 4 1 Centre for Digital.
APT Trustworthy Digital Repository / Certification Working Group Progress Report, October 2015 Stephen Paul Davis, Columbia University Libraries.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
The OAIS Reference Model Michael Day, Digital Curation Centre UKOLN, University of Bath Reference Models meeting,
Author(s): Paul Conway, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Noncommercial–Share.
Aligning Digital Preservation Policies with Community Standards Nancy McGovern Digital Preservation Officer.
SEDAC Long-Term Archive Development Robert R. Downs Socioeconomic Data and Applications Center Center for International Earth Science Information Network.
Bringing Self-Assessment Home: 1 Bringing Self Assessment Home: Repository Profiling & Key Lines of Enquiry Within DRAMBORA Andrew McHugh, Perla Innocenti,
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
DP Knowhow: Introduction to Audit and Certification in ISO APARSEN-EGI Community Workshop on Managing, Computing and Preserving Big Data for Research.
Audit & Certification with ISO standards
Digital Repository Certification Schema A Pathway for Implementing the GEO Data Sharing and Data Management Principles Robert R. Downs, PhD Sr. Digital.
Auditing of Trustworthy Data Repositories – Speakers
Preparing a Trustworthy Domain Repository for ISO Certification
Trusted Repository Systems Overview
Test Audit – DIN Sabine Schrimpf Deutsche Nationalbibliothek
Certification of Trusted Repositories
D33.1B PEER REVIEW OF DIGITAL REPOSITORIES
Trustworthiness of Preservation Systems
Digital Repository Audit and Certification BOF
TIMBUS Crash Course 19th July 2011
Fedora and the Preservation of University Records ECURE
Certifying Preservation Actions - TRAC and related initiatives
Certifying Preservation Actions - TRAC and related initiatives
Digital Preservation and Trusted Digital Repositories
Presentation transcript:

Repository audit and risk profiles: trust through transparency Raivo Ruusalepp 16.06.2010 Repository audit and risk profiles: trust through transparency Raivo Ruusalepp Institute for Information Studies Tallinn University DCI Conference, Toronto 16/6/2010

Topics How to tell whether a repository is “rotten”? Audit as a method for demonstrating trustworthiness Trust in digital preservation Risk as a measure of success Risk profiles of different repositories 16.06.2010

Asymmetric information Raivo Ruusalepp 16.06.2010 Asymmetric information The problem of quality uncertainty: Information asymmetry occurs when the seller knows more about a product or service than the buyer (G. Akerlof, 1970) How to tell whether a digital preservation repository is a “cherry” or a “lemon”?

The Call for Repository Certification Raivo Ruusalepp 16.06.2010 The Call for Repository Certification “A critical component of the digital archiving infrastructure is the existence of a sufficient number of trusted organizations capable of storing, migrating, and providing access to digital collections… A process for certification of digital archives is needed to create an overall climate of trust about the prospects of preserving digital information.” Task Force on Archiving of Digital Information: Preserving Digital Information, 1996 16.06.2010 Raivo Ruusalepp, Tallinn University

Chronology of repository audit work Raivo Ruusalepp 16.06.2010 Chronology of repository audit work 2002: Trusted Repositories Attributes & Responsibilities 2005: RLG/NARA Draft Audit Check-list for Repository Certification 2006-2007: CRL and DCC Pilot Repository Audits Dec 2006: Catalogue of Criteria for Trusted Digital Repositories published (in English) by nestor Feb 2007: Digital Repository Audit Method Based on Risk Assessment (DRAMBORA) published by DPE/DCC Mar 2007: Trustworthy Repositories Audit & Certification (TRAC) Criteria and Check-list published by CRL and OCLC 2007: Birds of a Feather group of audit checklist standardisation Mar 2008: DRAMBORA Interactive released May 2008: Data Seal of Approval by DANS Nov 2008: Version 2 of the nestor repository criteria Oct 2009: CCSDS draft standard on Repository Certification Jan 2010: CRL issues first certificate of a trusted repository (to Portico) 16.06.2010 Raivo Ruusalepp, Tallinn University 5

Trust through audit Independent measuring of repositories is seen as an essential aim Taken as axiomatic that audit is a mechanism for establishing the trustworthiness of a repository Internal audit Self assessment Internal Audit Service External audit Financial auditing Operational auditing IT systems and services audit Information security audit 16.06.2010

Stakeholders’ trust in a repository Users may trust a repository because: it is deemed as safe place of deposit through law, regulations, community consensus its content is verified (authorship, authenticity, accuracy) Depositors may trust a repository because: it is deemed as a safe place of deposit it uses software that has been adopted by many other repositories it has been certified as a trusted repository (since January 2010) 16.06.2010

The nature of trust in a repository Raivo Ruusalepp 16.06.2010 The nature of trust in a repository Trust as a layered concept: Attitude, belief Decision (linked with achieving a goal and often based on assessment of associated risks) Act, behaviour (i.e. establishing a relation) TRUST(X Y C τ gx) Occurrent trust vs dispositional trust Can the risks associated with future digital preservation actions be measured? 16.06.2010

Two concepts of trust through audit Raivo Ruusalepp 16.06.2010 Two concepts of trust through audit The TRAC “family” of audit methods: A fixed set of (minimum) requirements Rely on the OAIS Reference Model as the repository standard Rely on policies to create dispositional trust The DRAMBORA method: The repository needs to demonstrate its capability to identify and prioritise the risks that impede its activities manage the risks to mitigate the likelihood of their occurrence establishing effective contingencies to alleviate the effects of the risks that occur Awareness of risks and ability to treat them creates trust 16.06.2010 Raivo Ruusalepp, Tallinn University

Digital Repository Audit Method Based on Risk Assessment Raivo Ruusalepp 16.06.2010 Digital Repository Audit Method Based on Risk Assessment Jointly developed by the Digital Curation Centre (DCC) and DigitalPreservationEurope (DPE) First released in March 2007 Over 200 users (registered repositories) DRAMBORA provides: A methodology for conducting repository self-assessments An on-line tool to facilitate the assessment and document its results – DRAMBORA Interactive 16.06.2010

Raivo Ruusalepp 16.06.2010 Objectives The purpose of the DRAMBORA toolkit is to facilitate the auditor in: defining the mandate and objectives of the repository defining the scope and constraints of functions of the repository identifying the activities and assets of the repository identifying the risks and vulnerabilities associated with the mandate, activities and assets assessing and calculating the risks defining risk management measures reporting on the self-audit 16.06.2010 Raivo Ruusalepp, Tallinn University

Repository Service Classification Raivo Ruusalepp 16.06.2010 Repository Service Classification DRAMBORA includes some rudimentary tools for identifying and describing classes of repositories in terms of their common services and characteristics Audits are only meaningful within the context of comparable repositories (‘repository-sphere’) Performance is understood in terms of services and translated into baseline risk registers OCLC Research, Research Libraries, Risk and Systemic Change (2010) 16.06.2010 Raivo Ruusalepp, Tallinn University

Raivo Ruusalepp 16.06.2010 Trust in Repositories Strong link between the organisational context of the repository and its users’ expectations For example, different treatment of authenticity in archives of records and research data centres Linking trust to services that a repository is offering is more meaningful than to a whole institution or unit within an organisation Services are much more meaningful in the context of federated repository consortia and in the Web 2.0 environment 16.06.2010 Raivo Ruusalepp, Tallinn University

Raivo Ruusalepp 16.06.2010 Concluding questions Who will drive the automation of audits – the community or the technology developers? How much disclosure is good for a repository? With very little transparency from audits we may become over-confident (the excess of trust) which will lead to additional risks With too much transparency may lead to insufficient confidence (excess of diffidence) and we may miss good opportunities/services 16.06.2010

Raivo Ruusalepp 16.06.2010 URLs Trustworthy Repositories Audit & Certification (TRAC) Criteria and Checklist http://www.crl.edu/PDF/trac.pdf nestor Catalogue of Criteria for Trusted Digital Repositories http://nbn-resolving.de/urn:nbn:de:0008-2008021802 DCC/DPE Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)‏ http://www.repositoryaudit.eu/download MOIMS-Repository Audit and Certification BoF group http://wiki.digitalrepositoryauditandcertification.org/ Data Seal of Approval http://www.datasealofapproval.org/ Ten basic characteristics of digital preservation repositories http://www.crl.edu/content.asp?l1=13&l2=58&l3=162&l4=92 16.06.2010 Raivo Ruusalepp, Tallinn University

Contacts raivo@eba.ee 16.06.2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.