Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Webinar on Trust.

Published byAlisha Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Webinar on Trust."— Presentation transcript:

1 www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Webinar on Trust and Certification 18 April 2016 Heiko Tjalsma DANS with contributions by Urpo Kaila CSC This work is licensed under the Creative Commons CC-BY 4.0 licence. Attribution: EUDAT – www.eudat.eu

2 Topics Trust and certification: history of the European framework of certification levels (DSA – DIN – ISO) The near future: ‘common requirements for certification’ WSD and DSA DSA in a nutshell Common requirements Organisational infrastructure Digital Object Management Technology Compliance levels OAIS as a reference model Certification of security: a separate chapter General certification experiences Relevant links Questions on Trust and Certification 2

3 Trust and certification: the European framework of certification: certifying Trustworthy Digital Repositories “Perhaps the biggest challenge in sharing data is trust: how do you create a system robust enough for scientists to trust that, if they share, their data won’t be lost, garbled, stolen or misused?” 3

4 What is a Trustworthy Digital Repository? A repository…. With a mission to provide reliable, long-term access to digital resources, now and in the future Understanding threats to and risks to the data within its systems Having a regular cycle of audit and/or certification 4

5 European framework of certification levels Basic Certification is granted to repositories which obtain DSA certification Extended Certification is granted to Basic Certification repositories which in addition perform a structured, externally reviewed and publicly available self-audit based on DIN 31644/nestorSeal Formal Certification is granted to repositories which in addition to Basic Certification obtain full external audit and certification based on ISO 16363 5

6 DIN 31644: extended certification 34 criteria written by German NESTOR group and adopted in Germany as DIN 31644 Self-assessment procedure by NESTOR leads to NESTOR seal Review of the assessment by 2 reviewers, appointed by NESTOR Self assessment and evidence on website DANS the very first one to acquire a NESTOR Seal http://www.langzeitarchivierung.de/Subsites/nestor/EN/nestor -Siegel/siegel_node.htm 6

7 ISO 16363: formal certification Based on Open Archival Information System (OAIS) and Trusted Repository Audit and Certification (TRAC) Over 100 metrics Test audits 2011 by PTAB (Primary Trustworthy Digital Repository Authorisation Body) Full external auditing process ISO 16919: Requirements for bodies providing audit and certification of candidate trustworthy digital repositories No ISO certifications yet.. http://www.iso16363.org/ 7

8 The DSA has entered into a partnership with ICSU World Data System. This has lead to an amalgamation and renewal of their respective certifications (DSA and WDS) in the course of 2016 DSA and WDS will remain as seals The existing, separate DSA and WDS guidelines will be replaced by one new “common catalogue of requirements” The near future: “Common Requirements for certification” 8

9 Timescale transition to “Common Requirements for certification” Until the cut-off data (mid June 2016) DSA self-assessments can be submitted The current Data Seal (2014-2015) will be extended to the end of 2017 for existing holders and for those completing current applications before the cut-off date 9

10 World Data System part of ICSU Light-weight certification procedure for regular and network members 17 criteria Based on self assessment Peer review by WDS Scientific Committee (IPO in Tokyo) Focus on earth observation and space Many members in US and Asia Renewal between 3 and 5 years 71 accredited members https://www.icsu-wds.org/services/certification WDS key characteristics comparable with DSA

11 Launched in 2008 More than 50 Seals granted (April 2016) Adopted by several European (data) infrastructures as primary trust facilitator: EUDAT CESSDA CLARIN DARIAH DSA- Data Seal of Approval 11

12 DSA in a nutshell Basic, lightweight certification mechanism 16 Guidelines for Trustworthy Digital Repositories Guidelines that relate to Data Producers, Data Repositories, and Data Consumers Self-assessment, with no site visit Peer-reviewed process supervised by DSA Board DSA granted for a period of two years Online tool for self-assessment and review 12

13 DSA Data Seal of Approval: Objectives The DSA is granted to repositories committed to archiving and providing access to data in a sustainable way for: DATA PRODUCERS -Assurance of reliable data storage FUNDERS – Confidence that data is available for re- use DATA CONSUMERS – Assurance of using reliable data 13

14 Data Seal of Approval: Principles The data of a repository are ……. Available on the Internet Accessible (restricted if necessary for legal reasons) Usable (file formats) Reliable (Authentic) Citable 14

15 Common Requirements Organisational Infrastructure Six requirements: I to VI Digital Object Management Eight requirements: VII to XIV Technology Two requirements: XV to XVI 15

16 Common Requirements First step: Background Information: What is the context of the repository? Are you outsourcing functions? 16

17 OUTSOURCING Outsourcing of some tasks is possible, under the following conditions: 17  Provide a list of Outsource Partners that your organization works with, describing the nature of the relationship (organizational, contractual, etc.), and whether the Partner has undertaken any Trusted Digital Repository assessment. Such Partners may include, but are not limited to: any services provided by an institution you are part of, storage provided by others as part of multicopy redundancy, or membership in organizations that may undertake stewardship of your data collection when a business continuity issue arises.  List the certification requirements for which the Partner provides all, or part of, the relevant functionality/service, including any contracts or Service Level Agreements in place.  Because outsourcing will almost always be partial, you will still need to provide appropriate evidence for certification requirements that are not outsourced and for the parts of the data lifecycle that you control.

18 Organisational Infrastructure I Mission / Scope II Licences III Continuity of access IV Confidentiality / Ethics V Organisational infrastructure VI Expert guidance 18

19 Digital Object Management VII Data integrity and authenticity VIII Appraisal IX Documented storage procedures X Preservation plan XI Data quality XII Workflows XIII Data discovery and identification XIV Data reuse 19

20 Technology XV Technical infrastructure XVI Security 20

21 Compliance Levels (unchanged) 21

22 OAIS Open Archival Information System OAIS is a Reference Model Originated at the CCSDS – Consultative Committee for Space Data Systems USA Aimed at longterm preservation of and access to data Developed between 1995 and 2002 ISO standard14721: 2003 revised 2012 22

23 OAIS and Certification The OAIS is a Reference Model, is referred to in Requirements IX Documented storage procedures and XV Technical infrastructure is not a technical system The OAIS gives repositories a common and conceptual framework for describing their procedures The OAIS system on its own is not enough to guarantee a trustworthy digital repository TDR! 23

24 Core of the OAIS 24

25 Information packages Packages used in the preservation process in this order:  Submission Information Package (SIP) - INGEST Provided by data producers Possibility to require many SIPs to get the full Content information and Preservation Description information (PDI) No one-to-one SIP / AIP relationship  Archival Information Package (AIP) – INGEST and ARCHIVAL STORAGE Fullfills the preservation requirements Sticks to the OAIS concepts  Dissemination Information Package (DIP) – ARCHIVAL STORAGE and ACCESS Provided to users: A copy of the AIP, fully or partly 25

26 Relation between packages and external parties 26

27 Functional Model of OAIS 27

28 Requirements for being an OAIS-compliant archive Obtaining appropriate information from the Producer (Submission Agreement) Sufficient legal mandate to handle the data A clear Designated Community (or more Designated Communities) Data to be understood by the Designated Community Disseminate authenticated data with traceable provenance Clear mission (including succession plan) and procedures 28

29 Information representation It is mandatory that the Archive preserves both the data object and the associated representation information = Content Information 29

30 About Security Certification by Urpo Kaila, EUDAT Security Officer Outline A special chapter in certification PDCA: plan-do-check-act About security certifications and security reviews Related frameworks and standards Experiences from previous audits and reviews 30

31 PDCA Security management models can be formulated as some kind of a plan-do-check-act governance cycle: Plan, based on Resources and services to be protected Risks Requirements Do Develop, implement and deploy services Check That services works according to plan Act Fix services or plan if not 31

32 About security audits and security reviews To ensure that security is implemented according to Requirements and standards Best practices and risk assessments Check by Self assessment - FitSM A quite weak form of review Internal review - SCI done by “an internal controller”, not by the person in charge of the service External audit – ISO/IEC 27001 Trusted third party, possibly by an accredited body Define standard to be checked against and scope of review Requirements should be Known In use Documented Managed Approved 32

33 Related frameworks and standards ISO/IEC 27001 The international standard for information security management Requires a high level of maturity Certification obtained by Google, Amazon, Office365,… Audit by accredited parties SCI A Trust Framework for Security Collaboration among Infrastructures https://www.eugridpma.org/sci/ A lightweight framework for internal review Done by EGI, etc In an early stage of development FitSM A lightweight framework for IT Service management based on ITIL/ISO 20 000 For self review or peer review http://fitsm.itemo.org/ 33

34 Experiences from previous audits and reviews External reviews or audits will often contribute to improve efficiency, management and security of an organisation Organisations must beware not to create rigid management models The most difficult compliant items are mostly Management involvement Change and configuration management Asset controls and continuity planning Software development 34

35 General certification experiences Documentation is very important: collect and organise sufficient and explicit documentation. Certification process can lead to more awareness within the repository of existing preservation tasks and procedures. Commitment by the management is an absolute prerequisite. DSA is a good incentive to improve procedures and describe responsibilities more adequately. 35

36 Relevant links DSA: http://datasealofapproval.org/en/http://datasealofapproval.org/en/ WDS: https://www.icsu-wds.org/services/certificationhttps://www.icsu-wds.org/services/certification Common Requirements: https://rd- alliance.org/system/files/DSA%E2%80%93WDS%20Catalogue%2 0of%20Common%20Requirements%20V2.2.pdfhttps://rd- alliance.org/system/files/DSA%E2%80%93WDS%20Catalogue%2 0of%20Common%20Requirements%20V2.2.pdf OAIS: http://public.ccsds.org/publications/archive/650x0m2.pdfhttp://public.ccsds.org/publications/archive/650x0m2.pdf 36

37 www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Questions on Trust and Certification? More information on this webinar: heiko.tjalsma@dans.knaw.nlheiko.tjalsma@dans.knaw.nl The next webinar will be in May on Research Data Management More information on future webinars and recordings: www.eudat.eu/training info@eudat.eu

Download ppt "Www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 Webinar on Trust."

Similar presentations

Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.

Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.
Data Seal of Approval 16 guidelines in 16 slides Dr. Henk Harmsen.

Data Seal of Approval 16 guidelines in 16 slides Dr. Henk Harmsen.
DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.

DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.
DANS is an institute of KNAW and NWO Data Archiving and Networked Services Certification and Dutch data management services Marjan Grootveld LIBER workshop,

DANS is an institute of KNAW and NWO Data Archiving and Networked Services Certification and Dutch data management services Marjan Grootveld LIBER workshop,
Trusted Digital Archives. Experiences from the Landesarchiv Baden-Württemberg, nestor and DIN Dr. Christian Keitel Johannesburg, 27/2/2013.

Trusted Digital Archives. Experiences from the Landesarchiv Baden-Württemberg, nestor and DIN Dr. Christian Keitel Johannesburg, 27/2/2013.
Data Seal of Approval Overview Olivier Rouchon – Data Seal of Approval conference, Florence 10 th December.

Data Seal of Approval Overview Olivier Rouchon – Data Seal of Approval conference, Florence 10 th December.
Data Archiving and Networked Services DANS is een instituut van KNAW en NWO Certification at DANS Ingrid Dillo DSA Conference 2014 Amsterdam, 24 September.

Data Archiving and Networked Services DANS is een instituut van KNAW en NWO Certification at DANS Ingrid Dillo DSA Conference 2014 Amsterdam, 24 September.
Transformations at GPO: An Update on the Government Printing Office's Future Digital System George Barnum Coalition for Networked Information December.

Transformations at GPO: An Update on the Government Printing Office's Future Digital System George Barnum Coalition for Networked Information December.
ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.

ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.
Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Matthias Hemmje (FTK)

Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Matthias Hemmje (FTK)
TRAC / TDR ICPSR 2012. Trustworthy Digital Repositories.

TRAC / TDR ICPSR Trustworthy Digital Repositories.
Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.

Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.
DANS is an institute of KNAW and NWO Data Archiving and Networked Services DSA and CESSDA Heiko Tjalsma Policy Advisor DANS Data Seal of Approval Conference.

DANS is an institute of KNAW and NWO Data Archiving and Networked Services DSA and CESSDA Heiko Tjalsma Policy Advisor DANS Data Seal of Approval Conference.
Who is doing a good job in digital preservation? Audit and Certification of Digital Repositories: ISO and the European Framework.

Who is doing a good job in digital preservation? Audit and Certification of Digital Repositories: ISO and the European Framework.
Data Seal of Approval Overview guidelines, procedures, governance, regulations Paul Trilsbeek The Language Archive, Max Planck Institute for Psycholinguistics.

Data Seal of Approval Overview guidelines, procedures, governance, regulations Paul Trilsbeek The Language Archive, Max Planck Institute for Psycholinguistics.
Walkthrough Data Seal of Approval Hervé L’Hours DSA Conference 2012.

Walkthrough Data Seal of Approval Hervé L’Hours DSA Conference 2012.
Science Archives in the 21st Century 25/26 April 2007 1 Towards an International standard for Audit and Certification of Digital Repositories David Giaretta.

Science Archives in the 21st Century 25/26 April Towards an International standard for Audit and Certification of Digital Repositories David Giaretta.
World Data Center for Human Interactions in the Environment Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as.

World Data Center for Human Interactions in the Environment Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as.
Repository Requirements and Assessment August 1, 2013 Data Curation Course.

Repository Requirements and Assessment August 1, 2013 Data Curation Course.
Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Peter Doorn Data Archiving.

Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Peter Doorn Data Archiving.

Similar presentations

Ads by Google