Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISO Process for Audit and Certification of Digital Repositories Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ISO Process for Audit and Certification of Digital Repositories Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES."— Presentation transcript:

1 ISO Process for Audit and Certification of Digital Repositories Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES FOR TRUSTED DIGITAL REPOSITORIES David Giaretta October 7- 8, 2008, College Park, Maryland

2 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Outline OAIS RLG/NARA work Other related work Repository Audit and Certification Working Group What is needed to set up an ISO process

3 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Digital Preservation… Easy to do… …as long as you can provide money forever Easy to test claims about repositories… …as long as you live a long time Reference Model for Open Archival Information System (OAIS) provides an approach

4 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland OAIS OAIS approach to digital preservation: covers all types of digitally encoded information provides a way to test whether preservation is successful does not require seeing into the future does require transparency but does not require “open access” does not cover social and organisational aspects OAIS does provide a good basis for certification

5 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Key OAIS Concepts Claiming “This is being preserved” is untestable Essentially meaningless Except “BIT PRESERVATION” How can we make it testable? Claim to be able to continue to“do something” with it Understand/use  Need Representation Information Still meaningless… Things are too interrelated Representation Information potentially unlimited Designated Community Many other concepts identified Checklist – not just blanket term of “metadata”

6 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Information is the important thing What information? Documents…… Data……. Original bits? Look and feel? Behaviour? Performance? Explicit/ Implicit/ Tacit Information : Any type of knowledge that can be exchanged. In an exchange, it is represented by data. Long Term is long enough to be concerned with the impacts of changing technologies, including support for new media and data formats, or with a changing user community. Long Term may extend indefinitely. Ensure that the information to be preserved is Independently Understandable to (and usable by) the Designated Community.

7 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Representation Information The Information Model is key Recursion ends at KNOWLEDGEBASE of the DESIGNATED COMMUNITY (this knowledge will change over time and region) Information Object Representation Information 1+ interpreted using 1+ Data Object interpreted using Physical Object Digital Object Bit Sequence 1+

8 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Issues of transferring info to future custodians Things change: Software Hardware Environment E.g. Network links to related information People What is “common knowledge” Organisations and systems Chain of preservation Only as strong as its weakest link How can we ensure that the information trapped in the “bits” remains understandable despite all these changes? How can current custodian prepare for or even be aware of these changes?

9 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Data… Level 2 GOME Satellite instrument data

10 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland RLG/NARA work Part of the OAIS Roadmap Covered in earlier talks

11 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland TRAC related work Trusted Digital Repositories: Attributes and Responsibilities from RLG and OCLC http://www.rlg.org/legacy/longterm/repositories.pdfhttp://www.rlg.org/legacy/longterm/repositories.pdf Comments on the DRAFT RLG/NARA Audit and Certification Checklist (the "DCC document") http://wiki.digitalrepositoryauditandcertification.org/pub/Main/Refere nceInputDocuments/Ross_McHugh_Buetikofer_comments_RLGNA RA_AUDIT_ver2.pdf http://wiki.digitalrepositoryauditandcertification.org/pub/Main/Refere nceInputDocuments/Ross_McHugh_Buetikofer_comments_RLGNA RA_AUDIT_ver2.pdf Trustworthy Repositories Audit & Certification: Criteria and Checklist (TRAC) also available from http://www.crl.edu/PDF/trac.pdf http://www.crl.edu/PDF/trac.pdf the earlier draft was: RLG/NARA Audit Checklist: http://www.rlg.org/en/page.php?Page_ID=20769 http://www.rlg.org/en/page.php?Page_ID=20769 TRAC-Nestor-DCC-criteria_mapping.doc: Crosswalk file between TRAC, Nestor and DCC work, which was completed by Robin Dale as a part of the Center for Research Libraries project http://wiki.digitalrepositoryauditandcertification.org/pub/Main/Refere nceInputDocuments/TRAC-Nestor-DCC-criteria_mapping.doc http://wiki.digitalrepositoryauditandcertification.org/pub/Main/Refere nceInputDocuments/TRAC-Nestor-DCC-criteria_mapping.doc

12 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Other related work English version of the nestor criteria catalogue: http://edoc.hu- berlin.de/series/nestor-materialien/8en/PDF/8en.pdfhttp://edoc.hu- berlin.de/series/nestor-materialien/8en/PDF/8en.pdf OECD Guidelines for the Security of Information Systems and Networks http://www.oecd.org/dataoecd/16/22/15582260.pdfhttp://www.oecd.org/dataoecd/16/22/15582260.pdf The outcome of the related Chicago meeting is available: Notes from a related meeting in Chicago 15-16 Jan 2007 http://wiki.digitalrepositoryauditandcertification.org/pub/Main/Refe renceInputDocuments/Chicago_meeting.doc http://wiki.digitalrepositoryauditandcertification.org/pub/Main/Refe renceInputDocuments/Chicago_meeting.doc DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) - see http://www.repositoryaudit.eu/http://www.repositoryaudit.eu/ Joint meeting of “Audit and Certification Forum” in Berlin 27 Nov 2007 agreed to use RAC as a clearing house after private discussions within the various groups (nestor, DRAMBORA, CRL etc)

13 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Repository Audit and Certification Working group Created as CCSDS “Birds of a Feather” (BoF) group in CCSDS Now an official CCSDS Working Group Open virtual meetings, notes and documents: http://www.digitalrepositoryauditandcertification.org

14 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland RAC Charter Goal 1: Obtain ISO approval of a standard that establishes the criteria that a repository/archive must meet to be designated an ISO Trusted Digital Repository. 1. Review the existing work on audit and certification criteria for digital repositories, such as that from the RLG/NARA working group and the NESTOR project. These two documents are broadly similar, and both are based on the OAIS Reference Model. 2. Prepare a draft (or adopt one of the above documents) and submit to ISO as a Committee Draft to get the ISO process going. 3. Analyse the consistency of those works with the OAIS Reference Model (ISO 14721) and follow on standards such as PAIMAS and the forthcoming PAIS. 4. Review existing audit and certification standards such as ISO 9000 and ISO 27000, and the requirements on such standards for supporting an accreditation and certification programme to obtain guidance on the form of this standard. Neither of these two standards audit the preservation of the encoded information, hence the need for a new standard.

15 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland RAC Schedule DateMilestone Jan 2007Action: Seek inputs to the review process May 2008Draft certification document (White Book v0), submit as ISO Committee Draft Oct 2008 Metrics for Digital Repository Audit and Certification White Book v1 Requirements for Bodies Providing Audit and Certification of Digital Repositories White Book v1 Dec 2008-Test report of audits using WB March 2009 Magenta Book "Metrics for Digital Repository Audit and Certification" - for review Magenta Book "Requirements for Bodies Providing Audit and Certification of Digital Repositories" - for review June 2009Parallel audits of a repository and archive to check consistency of evaluations   

16 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Participation UK STFC HATII, U Glasgow Digital Curation Centre, UK European Space Agency France CNES Netherlands KB National Library of the Netherlands Germany nestor USA NASA/GSFC/NSSDC ICPSR Smithsonian Institution Archives California Digital Library Center for Research Libraries National Archives and Records Administration Columbia University U Maryland UNC Brazil Instituto Nacional de Pesquisas Espaciais INPE

17 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Mailing list USA 40 South Africa 8 Australia 6 China 3 Israel 3 Canada 1 India 1 UK 20 Germany 6 France 5 ESA 4 Netherlands 2 Italy 2 Spain 1 Ireland 1 Czech Republic 1 Estonia 1

18 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Outline of Working Document A1. Governance and organizational viability A2. Organizational structure and staffing A3. Procedural accountability and Preservation Policy framework A4. Financial sustainability A5. Contracts, licenses, and liabilities Organizational infrastructure includes but is not restricted to these elements: Governance Organizational structure Mandate or purpose Scope Roles and responsibilities Policy framework Funding system Financial issues, including assets Contracts, licenses, and liabilities Transparency

19 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland B1: Ingest: acquisition of content: The initial phase of ingest that addresses acquisition of digital content. B2: Ingest: creation of the AIP: The final phase of ingest that places the acquired digital content into the forms, often referred to as Archival Information Packages (AIPs), used by the repository for long-term preservation. B3: Preservation planning Current, sound, and documented preservation strategies along with mechanisms to keep them up to date in the face of changing technical environments. B4: Archival storage & preservation/maintenance of AIPs Minimal conditions for performing long-term preservation of AIPs. B5: Information management Minimal-level metadata to allow digital objects to be located and managed within the system. B6: Access management The repository’s ability to produce and disseminate accurate, authentic versions of the digital objects.

20 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland C1: System infrastructure C2: Appropriate technologies building on the system infrastructure requirements, with additional criteria specifying the use technologies and strategies appropriate to the repository’s designated community(ies). C3: Security from IT systems, such as servers, firewalls, or routers to fire protection systems and flood detection to systems that involve actions by people

21 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland What does one need in order to set up a process/organisation to do the audit? Review of what ISO 27001 and others have suggests: Two documents 1. Provides the list of things which need to be considered 1. Can be fairly cryptic – bare list of topics!! 2. Provides guidance on how the audit is done 1. Some “boiler-plate” 2. Some qualification for auditors e.g. academic course 3. An initial audit team and accreditation group

22 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Example - BS7799 Accreditation

23 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Key Issues (1) How to get from a checklist to an international accreditation/ certification system? The initial auditors Qualification for auditors International set-up

24 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland Key Issues (2) Evidence – short term Evidence – long term The real crunch! Risk capture e.g. DRAMBORA tool Quantification The marking system Levels of audit? External review Internal maturity Legal issues

25 Partnerships in Innovation II: From Vision to Reality and Beyond October 7- 8, 2008, College Park, Maryland The Market Transparency Trustable? certified by whom? to what level? what evidence? with what granularity? for what Designated Community  relevant/sensible? What cost? Self-sustaining?

26 END

Download ppt "ISO Process for Audit and Certification of Digital Repositories Partnerships in Innovation II: From Vision to Reality and Beyond STANDARDS AND POLICIES."

Similar presentations

Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.

Criteria for the trustworthiness of data centres Jens Klump Helmholtz Centre Potsdam German Research Centre for Geosciences (GFZ) DataCite Summer Meeting.
A centre of expertise in data curation and preservation London :: ARK Group Workshop: Archiving the Web :: 28 Sept 2006 Funded by: This work is licensed.

A centre of expertise in data curation and preservation London :: ARK Group Workshop: Archiving the Web :: 28 Sept 2006 Funded by: This work is licensed.
May 16, 2012EDMC Workshop in College Park MDDan Kowal Trusted Digital Repositories: A New Audit Standard A Follow-on to the OAIS Dan Kowal, Data Administrator,

May 16, 2012EDMC Workshop in College Park MDDan Kowal Trusted Digital Repositories: A New Audit Standard A Follow-on to the OAIS Dan Kowal, Data Administrator,
Digital Preservation and Trusted Digital Repositories Priscilla Caplan Florida Center for Library Automation ALA 2005 Chicago IL.

Digital Preservation and Trusted Digital Repositories Priscilla Caplan Florida Center for Library Automation ALA 2005 Chicago IL.
International Audit and Certification of Digital Repositories PV 2009 David Giaretta.

International Audit and Certification of Digital Repositories PV 2009 David Giaretta.
Co-funded by the European Union under FP7-ICT-2009-6 aparsen.eu #APARSEN Audit & Certification: an auditors perspective Barbara Sierman, KB National Library.

Co-funded by the European Union under FP7-ICT aparsen.eu #APARSEN Audit & Certification: an auditors perspective Barbara Sierman, KB National Library.
DigCCurr 2007: What digital curators do and what they need to know The CASPAR view on: What digital curators do and what they need to know : Research Perspectives.

DigCCurr 2007: What digital curators do and what they need to know The CASPAR view on: What digital curators do and what they need to know : Research Perspectives.
Trusted Digital Archives. Experiences from the Landesarchiv Baden-Württemberg, nestor and DIN Dr. Christian Keitel Johannesburg, 27/2/2013.

Trusted Digital Archives. Experiences from the Landesarchiv Baden-Württemberg, nestor and DIN Dr. Christian Keitel Johannesburg, 27/2/2013.
An Introduction June 17, 2013 Open Archival Information System (OAIS)

An Introduction June 17, 2013 Open Archival Information System (OAIS)
SCIDIP-ES Components Oct 22-23 2014,Brussels. Basic Preservation Strategies Often stated as: “Emulate or Migrate” OAIS concepts change these to: Add Representation.

SCIDIP-ES Components Oct ,Brussels. Basic Preservation Strategies Often stated as: “Emulate or Migrate” OAIS concepts change these to: Add Representation.
Certification of Trustworthy Digital Repositories Arnold Rots Harvard-Smithsonian CfA.

Certification of Trustworthy Digital Repositories Arnold Rots Harvard-Smithsonian CfA.
Repository audit and risk profiles: trust through transparency

Repository audit and risk profiles: trust through transparency
By Eileen Clegg Digital Preservation at Columbia in the Old Days (2009)

By Eileen Clegg Digital Preservation at Columbia in the Old Days (2009)
TRAC / TDR ICPSR 2012. Trustworthy Digital Repositories.

TRAC / TDR ICPSR Trustworthy Digital Repositories.
Future Access to the Scientific and Cultural Heritage – A shared Responsibility Birte Christensen-Dalsgaard State and University Library.

Future Access to the Scientific and Cultural Heritage – A shared Responsibility Birte Christensen-Dalsgaard State and University Library.
ADASS 24-26 Sept 2007 1 Trusted Data Repositories David Giaretta STFC and Director of CASPAR and Associate Director UK Digital Curation Centre.

ADASS Sept Trusted Data Repositories David Giaretta STFC and Director of CASPAR and Associate Director UK Digital Curation Centre.
Co-funded by the European Union under FP7-ICT-2009-6 Alliance Permanent Access to the Records of Science in Europe Network Co-ordinated by aparsen.eu #APARSEN.

Co-funded by the European Union under FP7-ICT Alliance Permanent Access to the Records of Science in Europe Network Co-ordinated by aparsen.eu #APARSEN.
Who is doing a good job in digital preservation? Audit and Certification of Digital Repositories: ISO and the European Framework.

Who is doing a good job in digital preservation? Audit and Certification of Digital Repositories: ISO and the European Framework.
An Overview of Selected ISO Standards Applicable to Digital Archives Science Archives in the 21st Century 25 April 2007 Donald Sawyer - NASA/GSFC/NSSDC.

An Overview of Selected ISO Standards Applicable to Digital Archives Science Archives in the 21st Century 25 April 2007 Donald Sawyer - NASA/GSFC/NSSDC.
Information Security Management – Management System Requirements, Code of Practice for Controls, and Risk Management supervision Assistant Professor Dr.

Information Security Management – Management System Requirements, Code of Practice for Controls, and Risk Management supervision Assistant Professor Dr.

Similar presentations

Ads by Google