An introduction to Repository Assessement and DRAMBORA

Similar documents
Certification Efforts at Nestor Working Group and cooperation with Certification Efforts at RLG/OCLC to become an international ISO standard

International Audit and Certification of Digital Repositories

Trusted Digital Repositories. A systems approach to determining trustworthiness using DRAMBORA

Certification. F. Genova (thanks to I. Dillo and Hervé L Hours)

Agenda. Bibliography

Improving a Trustworthy Data Repository with ISO 16363

From production to preservation to access to use: OAIS, TDR, and the FDLP OAIS TRAC / TDR

Trust and Certification: the case for Trustworthy Digital Repositories. RDA Europe webinar, 14 February 2017 Ingrid Dillo, DANS, The Netherlands

Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as a Trustworthy Digital Repository

31 March 2012 Literature Review #4 Jewel H. Ward

Data Curation Handbook Steps

European digital repository certification: the way forward

GEOSS Data Management Principles: Importance and Implementation

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

From The European Library to The European Digital Library. Jill Cousins Inforum, Prague, May 2007

Ensuring Proper Storage for Earth Science Data: The USGS Process to Certify Trusted Digital Repositories

Audit & Certification: an auditors perspective. Barbara Sierman, KB National Library of the Netherlands Royal Irish Academy, Dublin 4 june 2013

RODA 3 LONG-TERM DIGITAL PRESERVATION CHARACTERISTICS AND TECHNICAL REQUIREMENTS

The OAIS Reference Model: current implementations

University of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version

Science Europe Consultation on Research Data Management

UNT Libraries TRAC Audit Checklist

DCH-RP Trust-Building Report

ISO Self-Assessment at the British Library. Caylin Smith Repository

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

The DL.org Quality Working Group

An Introduction to Digital Preservation

John Snare Chair Standards Australia Committee IT/12/4

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

DRI: Preservation Planning Case Study Getting Started in Digital Preservation Digital Preservation Coalition November 2013 Dublin, Ireland

Survey of Research Data Management Practices at the University of Pretoria

Digital Preservation Standards Using ISO for assessment

DSA WDS Partnership Working Group Catalogue of Common Requirements

Digital Preservation: How to Plan

DEVELOPING, ENABLING, AND SUPPORTING DATA AND REPOSITORY CERTIFICATION

Certification as a means of providing trust: the European framework. Ingrid Dillo Data Archiving and Networked Services

INTELLIGENCE DRIVEN GRC FOR SECURITY

An overview of the OAIS and Representation Information

Large Scale Repository Auditing to ISO José Carvalho

JISC WORK PACKAGE: (Project Plan Appendix B, Version 2 )

ebooks Preservation at Scholars Portal Kate Davis & Grant Hurley Scholars Portal, Ontario Council of University Libraries

Data Management Checklist

Edinburgh DataShare: Tackling research data in a DSpace institutional repository

Security Management Models And Practices Feb 5, 2008

UVic Libraries digital preservation framework Digital Preservation Working Group 29 March 2017

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Libraries and Disaster Recovery

Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification

Digital Preservation Policy. Principles of digital preservation at the Data Archive for the Social Sciences

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

The International Journal of Digital Curation Issue 1, Volume

DRI: Dr Aileen O Carroll Policy Manager Digital Repository of Ireland Royal Irish Academy

Applying Archival Science to Digital Curation: Advocacy for the Archivist s Role in Implementing and Managing Trusted Digital Repositories

Survey of research data management practices at the University of Pretoria, South Africa: October 2009 March 2010

Trusted Digital Archives

University of Maryland Libraries: Digital Preservation Policy

Digital repositories as research infrastructure: a UK perspective

Building an Assurance Foundation for 21 st Century Information Systems and Networks

The Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System

POSITION DESCRIPTION

Session Two: OAIS Model & Digital Curation Lifecycle Model

A structured workflow for implementing digital archiving standards in an organisation

ISO Information and documentation Digital records conversion and migration process

Indiana University Research Technology and the Research Data Alliance

DataFlow and VIDaaS Workshop

1 There is no single, authorized definition of digital preservation. 2 Definition is from the Framework for Applying OAIS to

Towards FAIRness: some reflections from an Earth Science perspective

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

TEL2813/IS2820 Security Management

falanx Cyber ISO 27001: How and why your organisation should get certified

CoSA & Preservica Practical Digital Preservation 2015/16. Achieving ISO Standards for your Digital Archive October 27, :00-15:00 EDT

INFORMATION SECURITY AND RISK POLICY

Presenter: Ian Musweu FCCA, FZICA, CRA. Head of Risk and Assurance Professional Insurance

GETTING STARTED WITH DIGITAL COMMONWEALTH

Vulnerability Assessments and Penetration Testing

REVIEW OF THE RPS MAP OF EVIDENCE

NIS Directive : Call for Proposals

Business Continuity Management Program Overview

International Civil Aviation Organization SECOND HIGH-LEVEL CONFERENCE ON AVIATION SECURITY (HLCAS/2) Montréal, 29 to 30 November 2018

Electronic Records Management the role of TNA. Richard Blake Head of the Records Management Advisory Service

Different Aspects of Digital Preservation

UNIVERSITY OF NOTTINGHAM LIBRARIES, RESEARCH AND LEARNING RESOURCES

The digital preservation technological context

Terms in the glossary are listed alphabetically. Words highlighted in bold are defined in the Glossary.

Accelerate Your Enterprise Private Cloud Initiative

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/60/488/Add.3)]

An Overview of ISO/IEC family of Information Security Management System Standards

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

POSITION DESCRIPTION

Assessing the FAIRness of Datasets in Trustworthy Digital Repositories: a 5 star scale

Position Description IT Auditor

Information Security Continuous Monitoring (ISCM) Program Evaluation

Preservation and Access of Digital Audiovisual Assets at the Guggenheim

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/56/561/Add.2)]

Security and resilience in Information Society: the European approach

ISO/IEC Information technology Security techniques Code of practice for information security controls

TERMS OF REFERENCE. ISO training and gap analysis of selected personnel certification bodies

EA Document for Recognition of Verifiers under the EU ETS Directive

Transcription:

An introduction to Repository Assessement and DRAMBORA Perla Innocenti, Andrew McHugh, Seamus Ross Raivo Ruusalepp, Hans Hofman Digital Curation Centre (DCC), DigitalPreservationEurope (DPE), HATII at the University of Glasgow & National Archives of the Netherlands Data Audit Framework and DRAMBORA Interactive Launch British Academy, London, 1 st October 2008 Repository assessment and 1

Objectives of digital longevity Digital preservation aims to ensure that future users will be able discover, retrieve, render, manipulate, interpret and use digital information in the face of constantly changing technology It involves conservation, renewal, restoration, selection, destruction, enhancing, updating, and annotating It is a risk management activity at all stages of the longevity pathway -- translating uncertainties into manageable risks Digital Preservation is an ongoing activity to ensure recurring value of digital objects. Repository assessment and 2

Preservation risk is actual It is technological It is physical It is organisational It is socio-cultural It is legal It is financial It is political It is contractual Actual risks can be assessed and managed Repository assessment and 3

What is a risk? many definitions of risk that vary by specific application and situational context risk is described both qualitatively and quantitatively frequently risk is considered as an indicator of both: - threat, vulnerability, impact, uncertainty - the chance that specific individuals are willing to undertake for some desired goal Repository assessment and 4

Risk aversion vs. risk appetite Repository assessment and 5

RBA in the digital world Risk-Benefit Analysis is one of the criteria to document appraisal - along with: relevancy to organizational mission adherence to organizational policy authenticity integrity and usability provenance physical descriptions media format and compression condition metadata availability accuracy & completeness Quantifies in monetary terms risks and benefits (with associated costs) of the appraisal process, including items for which the market does not provide a satisfactory measure of economic value Repository assessment and 6

RBA: risk modelling Flight insurance company statistical risk Passenger perceived risk European Aviation Safety Agency projected risk Repository assessment and 7

Chronology of certification and audit criteria and toolkits 2002: Trusted Repositories Attributes & Responsibilities 2002: Reference Model for an Open Archival Information System (standardised as ISO 14721 in 2003) 2005: RLG/NARA Draft Audit Check-list for Repository Certification released for public comment 2006-2007: CRL and DCC Pilot Repository Audits Dec 2006: Catalogue of Criteria for Trusted Digital Repositories published (en) by nestor Mar 2007: Digital Repository Audit Method Based on Risk Assessment (DRAMBORA toolkit), text version 1.0 published by DCC/DPE Apr 2007: Trustworthy Repositories Audit & Certification (TRAC) Criteria and Check-list published by CRL Spring 2008: DRAMBORA Interactive, online version 2.0 Repository assessment and 8

Trustworthy Repositories Audit & Certification (TRAC) Criteria and RLG/NARA assembled Check-list an International Task Force to address the issue of repository certification TRAC is a set of criteria applicable to a range of digital repositories and archives, from academic institutional preservation repositories to large data archives and from national libraries to third-party digital archiving services Provides tools for the audit, assessment, and potential certification of digital repositories Establishes audit documentation requirements required Delineates a process for certification Establishes appropriate methodologies for determining soundness and sustainability of digital repositories http://www.crl.edu/content.asp?l1=13&l2=58&l3=162&l4=91 Repository assessment and 9

TRAC example A3.4 Repository is committed to formal, periodic review and assessment to ensure responsiveness to technological developments and evolving requirements. Long-term preservation is a shared and complex responsibility. A trusted digital repository contributes to and benefits from the breadth and depth of community-based standards and practice. Regular review is a requisite for ongoing and healthy development of the repository. The organizational context of the repository should determine the frequency of, extent of, and process for self-assessment. The repository must also be able to provide a specific set of requirements it has defined, is maintaining, and is striving to meet. (See also A3.9.) Evidence: A self-assessment schedule, timetables for review and certification; results of self-assessment; evidence of implementation of review outcomes. Repository assessment and 10

DCC Pilot Audits The UK Digital Curation Centre engaged in a series of pilot audits of a TRAC draft in diverse environments Six UK, European and International organisations: national libraries, scientific data centres, cultural heritage archives British Atmospheric Data Centre at the Council for the Central Laboratory of the Research Councils, UK Beazley Archive at the University of Oxford, UK National Digital Archive of Datasets, UK National Digital Heritage Archive of the National Library of New Zealand Florida Digital Archive at the Florida Center for Library Automation, US Pilot audits showed that existing methods: are too static one size fits all approach are too much fixed on the OAIS reference model put too little emphasis on evidence in the auditing process Repository assessment and 11

DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) www.repositoryaudit.eu Developed by DCC & DPE, evidence-based, recognizes current approaches Version 1.0 released in March 2007 Version 2.0 released as an electronic tool in Spring 2008 DRAMBORA invites repositories to: - develop an organisational profile, describing and documenting mandate, objectives, activities and assets - identify and assess the risks that impede their activities and threaten their assets - manage the risks to mitigate the likelihood of their occurrence - establish effective contingencies to alleviate the effects of the risks that cannot be avoided It supports: - Validation [ Are my efforts successful? ] - Preparation [ What must I do to satisfy external auditors? ] - Anticipation [ Are my proposals likely to succeed? ] Repository assessment and 12

10 Characteristics of Digital Repositories Commitment to digital object maintenance Organisational fitness Legal & regulatory legitimacy Effective & efficient policies Acquisition & ingest criteria Integrity, authenticity & usability Audit trail and metadata Dissemination Preservation planning & action Adequate technical infrastructure HATII UofGlasgow, 2007 (CRL/OCLC/nestor/DCC/DPE meeting, January 2007) Repository assessment and 13

DRAMBORA Workflow Preliminary collecting and analysis of repository documentation Organize appointments and onsite visits with repository staff (managers, curators, IT, legal experts ) Risk registry finalization Audit report finalization Impact on individuals and organisations Repository assessment and 14

Anatomy of a risk (I) Repository assessment and 15

Anatomy of a risk (II) Repository assessment and 16

Risk Impact in the repository context Impact can be considered in terms of: impact on repository staff or public well-being impact of damage to or loss of assets impact of statutory or regulatory breach damage to reputation damage to financial viability deterioration of product or service quality environmental damage loss of ability to ensure digital object authenticity and understandability is ultimate expression of impact Repository assessment and 17

Benefits of DRAMBORA Following the successful completion of the self-audit, organisations can expect to have: 1. Established a comprehensive and documented selfawareness of their mission, aims and objectives, and of intrinsic activities and assets 2. Constructed a detailed catalogue of pertinent risks, categorised according to type and inter-risk relationships 3. Created an internal understanding of the successes and shortcomings of the organisation 4. Prepared the organisation for subsequent external audit Repository assessment and 18

DRAMBORA, RBA & Appraisal DRAMBORA = risk-based approach enabling repositories to monitor how they are handling the risks associated with preservation through repository level management It recognizes the benefits of preservation and value whether evidential, reuse, or some other purpose have been determined at object or collection level It is a manual tool + a number of mechanisms (e.g. interactive interface, automation) Repository assessment and 19

DRAMBORA collaborates with Trustworthy Repository Audit and Certification (TRAC) Criteria and Checklist Working Group Center for Research Libraries (CRL) Certification of Digital Archives Project Network of Expertise in Long-term storage of Digital Resources (nestor) DELOS Digital Preservation Cluster (WP6) International Audit and Certification Birds of a Feather Group SHAMAN (Sustaining Heritage Access through Multivalent ArchiviNg) ISO TC46 /SC 11 Working Group Repository assessment and 20

DRAMBORA 1.0 Textual version Released in early March 2007 http://www.repositoryaudit.eu/ Over 1000 individuals registered and downloaded the toolkit Six public tutorials (London, The Hague, Arlington, Manchester, München, Stockholm) Positive feedback A test period within the DPE project Repository assessment and 21

Testing DRAMBORA 1.0 National Archives of Scotland, Edinburgh, UK National Library of the Czech Republic National Central Library of Florence, Italy International Institute for Social History, Amsterdam, The Netherlands Netarkivet (Danish Internet Archive), Denmark Ludwig Boltzmann Institute in Linz, Austria, in cooperation with the Ars Electronica Center E-LIS repository managed by CILEA, Rome, Italy Lithuanian Museum of Ethnocosmology, Lithuania Repository assessment and 22

Testing DRAMBORA 1.0 DELOS Digital Preservation Cluster MBooks Michigan-Google Digitization Project, US CERN Document Server, Switzerland Kungliga Biblioteket, Stockholm Gallica, National Library of France Among other users British Library, London, UK US Geological Survey European repositories and archives American universities Repository assessment and 23

What DRAMBORA users learned Good, visible and persuading documentation of risks might help to improve conditions for their successful management. And, of course, as soon as you have the truly trusted repository, you need the good documentation and certification to prove it We discovered some points of weakness in the repository and also learned to stop fretting about the stuff we actually do very well Assessment will be continued and the risk register will be an integral part of the repository once it becomes operational We originally planned to use TRAC for both our internal and later external audit. We also looked at NESTOR. [ ] we believe that regular self audits using DRAMBORA will make the external audit easier and cheaper Repository assessment and 24

DRAMBORA 2.0 Interactive Released 2008, http://www.repositoryaudit.eu/ Online free tool offering: intuitive form based interface peer-comparison features extensible reporting mechanisms and maturity tracking It allows registering and editing a repository auditing profile DRAMBORA's uses PHP/MySQL and AJAX to output CSS styled XHTML, Linux and Apache web server Repository assessment and 25

DRAMBORA Interactive Repository assessment and 26

Further developments DPE Training Programme, Wepreserve Joint Training Event, Prague, 13-17 October 2008 For general public For auditors Accreditation of self-auditors Repository profiling DRAMBORA in Japan Dissemination in international conferences and journals DELOS report Version 3.0 (downloadable) Repository assessment and 27

Why assessing with DRAMBORA Align with international efforts Evidence-based approach using risk as a metric Repository level management Self-assessment Identify, prioritise and manage risks, verifying compliance, checking effectiveness and identifying opportunities for improvements DRAMBORA interactive interface to facilitate the collection of information necessary to conduct a risk-analysis assessment, its analysis and reporting We are working towards automating the process that DRAMBORA encapsulates Repository assessment and 28

Repository assessment and 29

Think metric! DRAMBORA: converting uncertainties into manageable risks www.repositoryaudit.eu THANK YOU Repository assessment and 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback