ISO Self-Assessment at the British Library. Caylin Smith Repository

Similar documents
Trusted Digital Repositories. A systems approach to determining trustworthiness using DRAMBORA

Digital Preservation Standards Using ISO for assessment

Agenda. Bibliography

UNT Libraries TRAC Audit Checklist

Data Curation Handbook Steps

Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as a Trustworthy Digital Repository

DRI: Preservation Planning Case Study Getting Started in Digital Preservation Digital Preservation Coalition November 2013 Dublin, Ireland

MAPPING STANDARDS! FOR RICHER ASSESSMENTS. Bertram Lyons AVPreserve Digital Preservation 2014 Washington, DC

University of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version

31 March 2012 Literature Review #4 Jewel H. Ward

Applying Archival Science to Digital Curation: Advocacy for the Archivist s Role in Implementing and Managing Trusted Digital Repositories

University of Maryland Libraries: Digital Preservation Policy

UNIVERSITY OF NOTTINGHAM LIBRARIES, RESEARCH AND LEARNING RESOURCES

Digital Preservation DMFUG 2017

An overview of the OAIS and Representation Information

Certification. F. Genova (thanks to I. Dillo and Hervé L Hours)

The OAIS Reference Model: current implementations

UVic Libraries digital preservation framework Digital Preservation Working Group 29 March 2017

DRI: Dr Aileen O Carroll Policy Manager Digital Repository of Ireland Royal Irish Academy

ebooks Preservation at Scholars Portal Kate Davis & Grant Hurley Scholars Portal, Ontario Council of University Libraries

MetaArchive Cooperative TRAC Audit Checklist

Report on compliance validation

Preserving Electronic Mailing Lists as Scholarly Resources: The H-Net Archives

Certification Efforts at Nestor Working Group and cooperation with Certification Efforts at RLG/OCLC to become an international ISO standard

Importance of cultural heritage:

BUILDING A NEW DIGITAL LIBRARY FOR THE NATIONAL LIBRARY OF AUSTRALIA

TEL2813/IS2820 Security Management

Can a Consortium Build a Viable Preservation Repository?

Document Title Ingest Guide for University Electronic Records

Trust and Certification: the case for Trustworthy Digital Repositories. RDA Europe webinar, 14 February 2017 Ingrid Dillo, DANS, The Netherlands

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Preservation. Policy number: PP th March Table of Contents

Defining OAIS requirements by Deconstructing the OAIS Reference Model Date last revised: August 28, 2005

ISO27001 Preparing your business with Snare

Cambridge University Libraries Digital Preservation Policy

Security Management Models And Practices Feb 5, 2008

Protecting Future Access Now Models for Preserving Locally Created Content

Business Continuity Planning

Position Description IT Auditor

DRS Policy Guide. Management of DRS operations is the responsibility of staff in Library Technology Services (LTS).

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Collection Policy. Policy Number: PP1 April 2015

GEOSS Data Management Principles: Importance and Implementation

Sparta Systems TrackWise Digital Solution

REPORT 2015/149 INTERNAL AUDIT DIVISION

<goals> 10/15/11% From production to preservation to access to use: OAIS, TDR, and the FDLP

DCH-RP Trust-Building Report

Business Continuity and Disaster Recovery

OAIS: What is it and Where is it Going?

Digits Fugit or. Preserving Digital Materials Long Term. Chris Erickson - Brigham Young University

PRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR)

Manchester Metropolitan University Information Security Strategy

Subject: University Information Technology Resource Security Policy: OUTDATED

Data Management Checklist

Digital Preservation Policy. Principles of digital preservation at the Data Archive for the Social Sciences

Information Security Strategy

External Supplier Control Obligations. Cyber Security

Threat and Vulnerability Assessment Tool

Gatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Persistent identifiers, long-term access and the DiVA preservation strategy

Introduction to Business continuity Planning

PRESERVING DIGITAL OBJECTS

Preservation of the H-Net Lists: Suggested Improvements

Susan Thomas, Project Manager. An overview of the project. Wellcome Library, 10 October

Its All About The Metadata

CCISO Blueprint v1. EC-Council

Google Cloud & the General Data Protection Regulation (GDPR)

Basic Requirements for Research Infrastructures in Europe

INFORMATION SECURITY AND RISK POLICY

DEVELOPING, ENABLING, AND SUPPORTING DATA AND REPOSITORY CERTIFICATION

Implementation of the Data Seal of Approval

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Improving a Trustworthy Data Repository with ISO 16363

Digital Archiving at the Archaeology Data Service: A Quest for OAIS Compliance

Preservation and Access of Digital Audiovisual Assets at the Guggenheim

NSF Data Management Plan Template Duke University Libraries Data and GIS Services

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Science Europe Consultation on Research Data Management

Sparta Systems TrackWise Solution

Public Safety Canada. Audit of the Business Continuity Planning Program

Records Information Management

Security Policies and Procedures Principles and Practices

Session Two: OAIS Model & Digital Curation Lifecycle Model

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

Building on to the Digital Preservation Foundation at Harvard Library. Andrea Goethals ABCD-Library Meeting June 27, 2016

MNsure Privacy Program Strategic Plan FY

Implementation Strategy for Cybersecurity Workshop ITU 2016

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Digital Preservation with Special Reference to the Open Archival Information System (OAIS) Reference Model: An Overview

Objectives of the Security Policy Project for the University of Cyprus

Copyright 2008, Paul Conway.

Woodson Research Center Digital Preservation Policy

The International Journal of Digital Curation Issue 1, Volume

Focus: Themes within Introduction and Context

Principles for BCM requirements for the Dutch financial sector and its providers.

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

RECOGNITION POLICY (RPL)

Turning Risk into Advantage

Transcription:

ISO 16363 Self-Assessment at the British Library Caylin Smith Repository Manager caylin.smith@bl.uk @caylinssmith

Outline Digital Preservation at the British Library The Library s Digital Collections Achieving trust ISO 16363 The Library s ISO 16363 self-assessment www.bl.uk 2

Digital preservation at the British Library

Team comprised of 7 people Works cross site between London and Boston Spa Based in Collection Management division Examples of current projects o ISO 16363 o Flashback o Preservation of Ingested Collections: Assessments, Sampling, & Action plans (PICASA) project www.bl.uk 4

Our digital collections

Our digital collections Born-digital content is predominantly acquired under legal deposit legislation Born-digital and digitised content is also deposited voluntarily Collection currently comprised of over 12 million items (~550 TB) Digital items preserved within the Library s Digital Library System repository and replicated to 4 geographically separate nodes Ebooks, ejournals, web archives, newspapers, etheses, datasets, audiovisual, maps, electoral registers, personal digital archives, manuscripts, intellectual property documentation, sheet music, stamps, prints, drawings, and photographs The British Library is increasingly a digital library. www.bl.uk 6

Achieving trust

Certification for digital repositories will involve far more than the documentation of criteria It must recognize standards and best practices relevant to the community of the repository, as well as those of the information management and security industries as a whole. In other words, audit and certification of trust digital repositories cannot exist in a vacuum. CRL & OCLC, 2007 Claims of trustworthiness are easy to make but are thus far difficult to justify or objectively prove. Establishing more clear criteria detailing what a trustworthy repository is and is not has become vital. ISO 16363, 2011 Achieving Trust www.bl.uk 8

What factors influence trust? Stakeholder trust in the organization Benevolence Integrity Identification Transparency Social factors Peers Mentors Senior colleagues Structural Assurance Guarantees Reputation Third-party endorsement See Trust in Digital Repositories by E. Yakel et al. in the International Journal of Digital Curation www.bl.uk 9

ISO 16363

About ISO 16363 Replaced Trusted Repository Audit Certification (TRAC; 2007) in 2012 Recognised standard by the digital preservation community References ISO 14721: Reference Model for an Open Archival Information System (OAIS) Comprised of 109 metrics divided into three areas: Organisational infrastructure (25), Digital Object Management (60), and Infrastructure and Security Risk Management (24) Defines repository as an organisation responsible for digital preservation, not just the technical system www.bl.uk 11

The Benefits Self-assessment: Gap Analysis How are we doing? Where must we improve? Certification: Funding Assurance We are worth the money (to funding body) You can trust us to look after your content (to service users) www.bl.uk 12

Organisational Infrastructure Repository mission statement Repository Strategic Plan Collection Policy Staff who has knowledge to undertake repository activity Succession plan, contingency plans, and/or escrow arrangements Defining the repository s designated community and knowing this community s needs www.bl.uk 13

3.3.1 The repository shall have defined its Designated Community and associated knowledge base(s) and shall have these definitions appropriately accessible. Supporting Text This is necessary in order that it is possible to test that the repository meets the needs of its Designated Community. Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement A written definition of the Designated Community. Discussion The Designated Community is defined as an identified group of potential Consumers who should be able to understand a particular set of information. The Designated Community may be composed of multiple user communities. A Designated Community is defined by the archive and this definition may change/evolve over time (OAIS Glossary, reference [1]). Examples of Designated Community definitions include: General English-reading public educated to high school and above, with access to a Web Browser (HTML 4.0 capable). For Geographic Information System (GIS) data: GIS researchers undergraduates and above having an understanding of the concepts of Geographic data and having access to current (2005, USA) GIS tools/computer software, e.g., ArcInfo (2005). Astronomer (undergraduate and above) with access to Flexible Image Transport System (FITS) software such as FITSIO, familiar with astronomical spectrographic instruments. Student of Middle English with an understanding of Text Encoding Initiative (TEI) encoding and access to an XML rendering environment. Variant 1: Cannot understand TEI; Variant 2: Cannot understand TEI and no access to XML rendering environment; Variant 3: No understanding of Middle English but does understand TEI and XML. The repository has defined the external parties, and its assets, owners, and uses. Two groups: the publishers of scholarly journals and their readers, each of whom have different rights to access material and different services offered to them. Some repositories may call themselves, for example, a dark archive, an archive that has a policy not to allow consumers to get access to its contents for a certain period of time, but they would nevertheless need a Designated Community. www.bl.uk 14

Digital Object Management Deposit and submission agreements Deciding packaging information for the SIPs Representation Information for the SIP Content Data Process that verifies SIPs and AIPs Documentation clearly linking each AIP, or class of AIPs, to its definition Documentation of the SIP-AIP relationship Preservation policy, workflows, and planning Written documentation of decisions and/or action taken Integrity checking and recovery/self-healing Comply with access policy www.bl.uk 15

Infrastructure and Security Risk Management Identify and manage risks associated with the repository Technology monitoring and mitigating obsolescence Processes for storage media and/or hardware change; upgrades Recording and reporting to its administration all incidents of data corruption or loss, and steps shall be taken to repair/replace corrupt or lost data Adequate hardware and software support for backup functionality Disaster preparedness and recovery plan(s) At least 1 offsite backups of all preserved content www.bl.uk 16

The Library s ISO 16363 self-assessment

Objectives 1. Conduct an internal assessment of the Library s approach to preserving digital collections against the ISO 16363 standard to understand how we re doing 2. Identify areas to improve trustworthiness, review with stakeholders, and agree responsibilities for an outline plan of action to address these www.bl.uk 18

Approach Stage 1 Become familiar with ISO 16363 standard as well as its individual metrics and requirements Determine parameters, including which metrics do not apply to the repository Find a sponsor Determine a timeline for completing self-assessment Consider how to record findings Inform colleagues of this work and generate interest www.bl.uk 19

Approach Stage 2 Identify colleagues who are responsible for the work described in each metric Schedule individual meetings to discuss whether and how requirements are being met Record this information, as well as any relevant documentation, procedures, and standards www.bl.uk 20

Approach Stage 3 (Results; internal wiki) Create main project area as well as a page for each metric Include the text for the metric and what evidence is required Record stakeholders interviewed and their feedback Embed or link to existing supporting evidence and record what s needed This also helps with transparency and maintaining an audit trail www.bl.uk 21

Approach Stage 3 (Results; spreadsheet) Number and name of metric Short description of metric scope Supporting evidence System agnostic or system specific Current RAG status Action owner and/or actionee Timeframe and/or resource estimate www.bl.uk 22

Organizational Infrastructure 3.3.5 The repository shall define, collect, track, and appropriately provide its information integrity measurements. Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement Written definition or specification of the repository s integrity measures (for example, computed checksum or hash value); documentation of the procedures and mechanisms for monitoring integrity measurements and for responding to results of integrity measurements that indicate digital content is at risk; an audit process for collecting, tracking, and presenting integrity measurements; Preservation Policy and workflow documentation. Digital Object Management 4.4.1.2 The repository shall actively monitor the integrity of AIPs. Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement Fixity information (e.g., checksums) for each ingested digital object/aip; logs of fixity checks; documentation of how AIPs and Fixity information are kept separate; documentation of how AIPs and accession registers are kept separate. Infrastructure and Security Risk Management 5.1.1.3 The repository shall have effective mechanisms to detect bit corruption or loss. Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement Documents that specify bit error detection and correction mechanisms used; risk analysis; error reports; threat analysis; periodic analysis of the integrity of repository holdings. www.bl.uk 23

Approach Stage 4 Write a report of findings Circulate report to key organisational staff Determine next steps for implementing report recommendations Set a timeline for undertaking re-assessment www.bl.uk 24

Approach (summary) Read the standard and make a plan What is the scope? How long will it take? Who is my sponsor? Who must I speak to? How will I record my answers? Interview colleagues Obtain documentation Analyse and report to sponsor www.bl.uk 25

Lessons Learned Work out what each metric is really asking you to avoid overlap Factor advocacy and comms into your plan to get stakeholder buy-in Don t rely on one interviewee to tell you everything Resource your assessment properly Document interviews and analysis in a way that s easy to transfer into your final report Understand how your recommendations can be implemented www.bl.uk 26

attaining trustworthy status is not a one-time accomplishment, achieved and forgotten. To retain trustworthy status, a repository will need to undertake a regular cycle of audit and/or certification. ISO 16363 www.bl.uk 27

Thank you! Caylin Smith Repository Manager caylin.smith@bl.uk @caylinssmith www.bl.uk 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback