1Science Archives in the 21st Century 25/26 April 2007

Towards an International standard for Audit and Certification of Digital

RepositoriesDavid Giaretta

2Science Archives in the 21st Century 25/26 April 2007

Need for a Certification Process

• Task Force on Archiving of Digital Information (1996) declared,– “a critical component of digital archiving

infrastructure is the existence of a sufficient number of trusted organizations capable of storing, migrating, and providing access to digital collections.”

– “a process of certification for digital archives is needed to create an overall climate of trust about the prospects of preserving digital information.”

• A recurring request in many studies

3Science Archives in the 21st Century 25/26 April 2007

OAIS

• ISO 14721– Created via an OPEN process (via CCSDS) with

full international review

• Technical issues of digital preservation of digitally encoded information

• “Testability” based on whether the information remains understandable to the Designated Community– Just saying “we are preserving this digital object”

cannot be tested (except at the bit level)

4Science Archives in the 21st Century 25/26 April 2007

Trusted Digital Repositories

• Invited group, hosted by RLG

• Concerned with organisational and financial issues

• Trusted Digital Repositories: Attributes and Responsibilities – http://www.rlg.org/legacy/longterm/repositories.pdf

5Science Archives in the 21st Century 25/26 April 2007

RLG/NARA Working Group

• Group of individuals selected by RLG/NARA• Representatives of TDR document• OAIS standard• Various types of archive• Combine

– TDR – financial, organisational infrastructure– OAIS – technical issues

• Produced “Trustworthy Repositories Audit & Certification: Criteria and Checklist”

6Science Archives in the 21st Century 25/26 April 2007

Outline of TRAC (1):Organisational Infrastructure

• A1. Governance and organizational viability

• A2. Organizational structure and staffing

• A3. Procedural accountability and policy framework

• A4. Financial sustainability• A5. Contracts, licenses, and

liabilities

Organizational infrastructure includes but is not restricted to these elements:

• Governance• Organizational

structure• Mandate or purpose• Scope• Roles and

responsibilities• Policy framework• Funding system• Financial issues,

including assets• Contracts, licenses,

and liabilities• Transparency

7Science Archives in the 21st Century 25/26 April 2007

Outline of TRAC (2): Digital Object Management

• B1: Ingest: acquisition of content: – The initial phase of ingest that addresses acquisition of digital content.

• B2: Ingest: creation of the archivable package: – The final phase of ingest that places the acquired digital content into the forms,

often referred to as Archival Information Packages (AIPs), used by the repository for long-term preservation.

• B3: Preservation planning– Current, sound, and documented preservation strategies along with mechanisms to

keep them up to date in the face of changing technical environments.• B4: Archival storage & preservation/maintenance of AIPs

– Minimal conditions for performing long-term preservation of AIPs.• B5: Information management

– Minimal-level metadata to allow digital objects to be located and managed within the system.

• B6: Access management– The repository’s ability to produce and disseminate accurate, authentic versions of

the digital objects.

8Science Archives in the 21st Century 25/26 April 2007

Outline of TRAC (3):Technologies, Technical Infrastructure, & Security

• C1: General system infrastructure requirements.• C2: Appropriate technologies, building on the

system infrastructure requirements, with additional criteria specifying the use technologies and strategies appropriate to the repository’s designated community(ies).

• C3: Security–from IT systems, such as servers, firewalls, or routers to fire protection systems and flood detection to systems that involve actions by people

9Science Archives in the 21st Century 25/26 April 2007

Critique of TRAC

• Closed process– Single review of draft document

• Many changes based on unpublished “test audits”• Underplays “understandability”• Simple list –

– Do ALL boxes have to be ticked?– What does a “tick” mean anyway?

• Link to other standards – ISO 17799 for security – but cannot demand multiple

independent audits– ISO 9000 – say what you do and do what you say

10Science Archives in the 21st Century 25/26 April 2007

NESTOR

Criteria catalogue

• A. Organisational framework

• B. Object management

• C. Infrastructure and Security

• Produced by closed German-based consortium

11Science Archives in the 21st Century 25/26 April 2007

ISO process status• New group set up with the primary aim of producing an

ISO standard• OPEN process

– Wiki open to all– Mailing list open to all– Virtual meetings every 2 or 3 weeks– See http://wiki.digitalrepositoryauditandcertification.org

• Into ISO via CCSDS – same route as OAIS– Some organisational/procedural changes in CCSDS

• Currently a Birds of a Feather (BoF) group– To demonstrate adequate support for th work

• Subsequently will be come a Working Group• Documents agreed by the WG will then be reviewed by

CCSDS and more broadly via international ISO process

12Science Archives in the 21st Century 25/26 April 2007

ScheduleDate Milestone Status

Jan 2007 Action: Seek inputs to the review process Ongoing Feb 2007 Action: Collect requirements on standard

Feb 2007 Action: Review results of Chicago meeting of RLG/NARA, NESTOR, DCC groups

Waiting documents

March 2007

Action: Review requirements collection

March 2007

Deliverable: Summary of lessons from existing audit and certification standards

June 2007 Action: Submit Committee draft to ISO July 2007 Deliverable: Report on Requirements October 2007

Deliverable: Options paper on hierarchy of audit requirements

October 2007

Meeting: CCSDS International workshop, Germany

March 2008

Deliverable: Draft certification document (White Book V0)

Added for compatibility with charter (ChrisRusbridge) October 2008

Deliverable: White Book V1

March 2009

Deliverable: Red Book for external review including ISO

13Science Archives in the 21st Century 25/26 April 2007

Current status• Reviewing and comparing

– TRAC– NESTOR– DCC documents

• Also considered whether we could simply add to ISO 27001– The view is that ISO 27001 CANNOT be modified

adequately• It’s view of Information is too limited

• About to start drafting a strawman document– Plan to take one (probably TRAC) and add

concepts from other docs

14Science Archives in the 21st Century 25/26 April 2007

Key Issues

• How to get from a checklist to an international accreditation/ certification system?

• Evidence – short term• Evidence – long term

– The real crunch!• Quantification

– The marking system• Levels of

– External review– Internal maturity

15Science Archives in the 21st Century 25/26 April 2007

Links• RAC group Wiki:

– http://wiki.digitalrepositoryauditandcertifiation.org• TRAC document

– http://www.crl.edu/PDF/trac.pdf• NESTOR “Catalogue of Criteria for Trusted Digital Long-term

Repostories” – http://edoc.hu-berlin.de/series/nestor-materialien/8en/PDF/8en.pdf

• Trusted Digital Repositories– http://www.rlg.org/legacy/longterm/repositories.pdf

• CASPAR project – EU project on digital preservation – Science, Culture and Arts data

• Detailed case studies – what does one need to actually “understand” the data

– http://www.casparpreserves.eu