Presentation is loading. Please wait.

Presentation is loading. Please wait.

Repository audit and risk profiles: trust through transparency

Published byDeborah Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Repository audit and risk profiles: trust through transparency"— Presentation transcript:

1 Repository audit and risk profiles: trust through transparency
Raivo Ruusalepp Repository audit and risk profiles: trust through transparency Raivo Ruusalepp Institute for Information Studies Tallinn University DCI Conference, Toronto 16/6/2010

2 Topics How to tell whether a repository is “rotten”?
Audit as a method for demonstrating trustworthiness Trust in digital preservation Risk as a measure of success Risk profiles of different repositories

3 Asymmetric information
Raivo Ruusalepp Asymmetric information The problem of quality uncertainty: Information asymmetry occurs when the seller knows more about a product or service than the buyer (G. Akerlof, 1970) How to tell whether a digital preservation repository is a “cherry” or a “lemon”?

4 The Call for Repository Certification
Raivo Ruusalepp The Call for Repository Certification “A critical component of the digital archiving infrastructure is the existence of a sufficient number of trusted organizations capable of storing, migrating, and providing access to digital collections… A process for certification of digital archives is needed to create an overall climate of trust about the prospects of preserving digital information.” Task Force on Archiving of Digital Information: Preserving Digital Information, 1996 Raivo Ruusalepp, Tallinn University

5 Chronology of repository audit work
Raivo Ruusalepp Chronology of repository audit work 2002: Trusted Repositories Attributes & Responsibilities 2005: RLG/NARA Draft Audit Check-list for Repository Certification : CRL and DCC Pilot Repository Audits Dec 2006: Catalogue of Criteria for Trusted Digital Repositories published (in English) by nestor Feb 2007: Digital Repository Audit Method Based on Risk Assessment (DRAMBORA) published by DPE/DCC Mar 2007: Trustworthy Repositories Audit & Certification (TRAC) Criteria and Check-list published by CRL and OCLC 2007: Birds of a Feather group of audit checklist standardisation Mar 2008: DRAMBORA Interactive released May 2008: Data Seal of Approval by DANS Nov 2008: Version 2 of the nestor repository criteria Oct 2009: CCSDS draft standard on Repository Certification Jan 2010: CRL issues first certificate of a trusted repository (to Portico) Raivo Ruusalepp, Tallinn University 5

6 Trust through audit Independent measuring of repositories is seen as an essential aim Taken as axiomatic that audit is a mechanism for establishing the trustworthiness of a repository Internal audit Self assessment Internal Audit Service External audit Financial auditing Operational auditing IT systems and services audit Information security audit

7 Stakeholders’ trust in a repository
Users may trust a repository because: it is deemed as safe place of deposit through law, regulations, community consensus its content is verified (authorship, authenticity, accuracy) Depositors may trust a repository because: it is deemed as a safe place of deposit it uses software that has been adopted by many other repositories it has been certified as a trusted repository (since January 2010)

8 The nature of trust in a repository
Raivo Ruusalepp The nature of trust in a repository Trust as a layered concept: Attitude, belief Decision (linked with achieving a goal and often based on assessment of associated risks) Act, behaviour (i.e. establishing a relation) TRUST(X Y C τ gx) Occurrent trust vs dispositional trust Can the risks associated with future digital preservation actions be measured?

9 Two concepts of trust through audit
Raivo Ruusalepp Two concepts of trust through audit The TRAC “family” of audit methods: A fixed set of (minimum) requirements Rely on the OAIS Reference Model as the repository standard Rely on policies to create dispositional trust The DRAMBORA method: The repository needs to demonstrate its capability to identify and prioritise the risks that impede its activities manage the risks to mitigate the likelihood of their occurrence establishing effective contingencies to alleviate the effects of the risks that occur Awareness of risks and ability to treat them creates trust Raivo Ruusalepp, Tallinn University

10 Digital Repository Audit Method Based on Risk Assessment
Raivo Ruusalepp Digital Repository Audit Method Based on Risk Assessment Jointly developed by the Digital Curation Centre (DCC) and DigitalPreservationEurope (DPE) First released in March 2007 Over 200 users (registered repositories) DRAMBORA provides: A methodology for conducting repository self-assessments An on-line tool to facilitate the assessment and document its results – DRAMBORA Interactive

11 Raivo Ruusalepp Objectives The purpose of the DRAMBORA toolkit is to facilitate the auditor in: defining the mandate and objectives of the repository defining the scope and constraints of functions of the repository identifying the activities and assets of the repository identifying the risks and vulnerabilities associated with the mandate, activities and assets assessing and calculating the risks defining risk management measures reporting on the self-audit Raivo Ruusalepp, Tallinn University

12 Repository Service Classification
Raivo Ruusalepp Repository Service Classification DRAMBORA includes some rudimentary tools for identifying and describing classes of repositories in terms of their common services and characteristics Audits are only meaningful within the context of comparable repositories (‘repository-sphere’) Performance is understood in terms of services and translated into baseline risk registers OCLC Research, Research Libraries, Risk and Systemic Change (2010) Raivo Ruusalepp, Tallinn University

13 Raivo Ruusalepp Trust in Repositories Strong link between the organisational context of the repository and its users’ expectations For example, different treatment of authenticity in archives of records and research data centres Linking trust to services that a repository is offering is more meaningful than to a whole institution or unit within an organisation Services are much more meaningful in the context of federated repository consortia and in the Web 2.0 environment Raivo Ruusalepp, Tallinn University

14 Raivo Ruusalepp Concluding questions Who will drive the automation of audits – the community or the technology developers? How much disclosure is good for a repository? With very little transparency from audits we may become over-confident (the excess of trust) which will lead to additional risks With too much transparency may lead to insufficient confidence (excess of diffidence) and we may miss good opportunities/services

15 Raivo Ruusalepp URLs Trustworthy Repositories Audit & Certification (TRAC) Criteria and Checklist nestor Catalogue of Criteria for Trusted Digital Repositories DCC/DPE Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)‏ MOIMS-Repository Audit and Certification BoF group Data Seal of Approval Ten basic characteristics of digital preservation repositories Raivo Ruusalepp, Tallinn University

16 Contacts

Download ppt "Repository audit and risk profiles: trust through transparency"

Similar presentations

Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.

Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.
DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.

DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.
ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012.

ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012.
DRIVER Long Term Preservation for Enhanced Publications in the DRIVER Infrastructure 1 WePreserve Workshop, October 2008 Dale Peters, Scientific Technical.

DRIVER Long Term Preservation for Enhanced Publications in the DRIVER Infrastructure 1 WePreserve Workshop, October 2008 Dale Peters, Scientific Technical.
Platter Planning Tool For Trusted Electronic Repositories

Platter Planning Tool For Trusted Electronic Repositories
The AIDA toolkit: Assessing Institutional Digital Assets Ed Pinsent, ULCC.

The AIDA toolkit: Assessing Institutional Digital Assets Ed Pinsent, ULCC.
Digital Preservation: Logical and bit-stream preservation using Plato and Eprints Introduction: Digital Preservation Recap Hannes Kulovits Andreas Rauber.

Digital Preservation: Logical and bit-stream preservation using Plato and Eprints Introduction: Digital Preservation Recap Hannes Kulovits Andreas Rauber.
Digital Preservation Tools for Repository Managers A practical course in five parts presented by the KeepIt project in association with Module 5, Trust.

Digital Preservation Tools for Repository Managers A practical course in five parts presented by the KeepIt project in association with Module 5, Trust.
Digital Preservation and Trusted Digital Repositories Priscilla Caplan Florida Center for Library Automation ALA 2005 Chicago IL.

Digital Preservation and Trusted Digital Repositories Priscilla Caplan Florida Center for Library Automation ALA 2005 Chicago IL.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Planning for Secure Services (DMP-SS) † Tito Castillo,

Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Planning for Secure Services (DMP-SS) † Tito Castillo,
11 December 2014 Trusted Repository Certification and the National Transportation Library Mary Moulton, Digital Librarian, National Transportation Library.

11 December 2014 Trusted Repository Certification and the National Transportation Library Mary Moulton, Digital Librarian, National Transportation Library.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Authentication of the Federal Register Charley Barth Director, Office of the Federal Register United States Government.

Authentication of the Federal Register Charley Barth Director, Office of the Federal Register United States Government.
Data Archiving and Networked Services DANS is een instituut van KNAW en NWO Certification at DANS Ingrid Dillo DSA Conference 2014 Amsterdam, 24 September.

Data Archiving and Networked Services DANS is een instituut van KNAW en NWO Certification at DANS Ingrid Dillo DSA Conference 2014 Amsterdam, 24 September.
Co-funded by the European Union under FP7-ICT-2009-6 Alliance Permanent Access to the Records of Science in Europe Network Co-ordinated by aparsen.eu #APARSEN.

Co-funded by the European Union under FP7-ICT Alliance Permanent Access to the Records of Science in Europe Network Co-ordinated by aparsen.eu #APARSEN.
Check Me Out! - The RLG/NARA task force on certifying digital repositories Kevin Ashley Head of Digital Archives Department ULCC.

Check Me Out! - The RLG/NARA task force on certifying digital repositories Kevin Ashley Head of Digital Archives Department ULCC.
Data Requirements and Digital Repositories IASSIST Workshop Tampere, Finland 26 May, 2009.

Data Requirements and Digital Repositories IASSIST Workshop Tampere, Finland 26 May, 2009.
ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.

ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.
Tools for assessing trustworthy repositories A quick overview of TRAC leading to DRAMBORA by Steve Hitchcock by eurovision_nicolaeurovision_nicola Haven’t.

Tools for assessing trustworthy repositories A quick overview of TRAC leading to DRAMBORA by Steve Hitchcock by eurovision_nicolaeurovision_nicola Haven’t.
Certification of Trustworthy Digital Repositories Arnold Rots Harvard-Smithsonian CfA.

Certification of Trustworthy Digital Repositories Arnold Rots Harvard-Smithsonian CfA.

Similar presentations

Ads by Google