Main Web>AvailabilityMatrix>WorkingDocuments>MandatoryReqts>MandatoryReqtsC (28 Jan 2008, BarbaraSierman)

Identification of mandatory requirements: Section C

Please choose an option under your initials for each requirement. Comments may be added to the table below each requirement, by adding a row to the table.

At the Megameeting on 26th November 2007, it was agreed that the following definitions would be used:

Mandatory means it is a critical requirement that must be done in order to either be doing preservation adequately or demonstrating the same
Marking with Y means accepting the requirement as mandatory as it is now expressed; N means considering it is not mandatory as it is now expressed; ? means that it needs clarification.

C1. System infrastructure

C1.1 Repository functions on well supported operating systems and other core infrastructural software.

C1.1 Repository functions on well supported operating systems and other core infrastructural software.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	?	N	?	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
CF	This seems too vague to be mandatory
BS	As discussed earlier, it is a bit dangerous to put IT Requirements here, as it is done well (and may be better) elsewhere. As Chris Rusbridge mentioned: should not we focus on the extras, needed for long term preservation. I think particularly of the logging aspect, as we want to give insight in our actions to our successors, and may be for a far longer time than a general IT system.

C1.2 Repository ensures that it has adequate hardware and software support for backup functionality sufficient for the repository’s services and for the data held, e.g., metadata associated with access controls, repository main content.

C1.2 Repository ensures that it has adequate hardware and software support for backup functionality sufficient for the repository’s services and for the data held, e.g., metadata associated with access controls, repository main content.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	Y	Y	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
DGia	The word "sufficient" in the metric makes this almost a tautology - the difficulty will be to decide what is sufficient.
BS	Agree with David, need some rewording as it not clear enough

C1.3 Repository manages the number and location of copies of all digital objects.

C1.3 Repository manages the number and location of copies of all digital objects.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	?	?	N	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
DGia	I have put "N" because I am worried about the "all" in the metric - perhaps it should be "all objects to be preserved"
CF	I think managing numbers and locations of copies is an important management function. Perhaps we could re-word the metric?
BS	Of all, not of each object

C1.4 Repository has mechanisms in place to ensure any/multiple copies of digital objects are synchronized.

C1.4 Repository has mechanisms in place to ensure any/multiple copies of digital objects are synchronized.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	-	?	N	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
DGia	I am concerned about the "any/multiple"
CF	Another important function I think. Maybe we could drop the 'any' and leave the 'multiple'

C1.5 Repository has effective mechanisms to detect bit corruption or loss.

C1.5 Repository has effective mechanisms to detect bit corruption or loss.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	Y	Y	-	-	-	-	-	-	-	-	-	-	-

C1.6 Repository reports to its administration all incidents of data corruption or loss, and steps taken to repair/replace corrupt or lost data.

C1.6 Repository reports to its administration all incidents of data corruption or loss, and steps taken to repair/replace corrupt or lost data.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	?	?	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
BS	You need to know what happened in your repository, and if there are automated processes to repair corrupt or lost data, there should be reports about these actions

C1.7 Repository has defined processes for storage media and/or hardware change (e.g., refreshing, migration).

C1.7 Repository has defined processes for storage media and/or hardware change (e.g., refreshing, migration).

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	Y	Y	-	-	-	-	-	-	-	-	-	-	-

! DGia | Hovever the defined process could be "do nothing" |

C1.8 Repository has a documented change management process that identifies changes to critical processes that potentially affect the repository’s ability to comply with its mandatory responsibilities.

C1.8 Repository has a documented change management process that identifies changes to critical processes that potentially affect the repository’s ability to comply with its mandatory responsibilities.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	?	Y	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
CF	Could 'critical processes' be defined?

C1.9 Repository has a process for testing the effect of critical changes to the system.

C1.9 Repository has a process for testing the effect of critical changes to the system.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	?	?	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
DGia	Presumably this means testing without affecting operation system

C1.10 Repository has a process to react to the availability of new software security updates based on a risk-benefit assessment.

C1.10 Repository has a process to react to the availability of new software security updates based on a risk-benefit assessment.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	?	Y	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
BS	Need some rewording, as not only security updates might be a risk, also other software

C2. Appropriate technologies

C2.1 Repository has hardware technologies appropriate to the services it provides to its designated communities and has procedures in place to receive and monitor notifications, and evaluate when hardware technology changes are needed.

C2.1 Repository has hardware technologies appropriate to the services it provides to its designated communities and has procedures in place to receive and monitor notifications, and evaluate when hardware technology changes are needed.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	?	?	Y	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
BS	Both C2.1 and C2.2 depends on the policies of the archives, so the mandatory requirement should be that the promised services are facilitated

C2.2 Repository has software technologies appropriate to the services it provides to its designated community(ies) and has procedures in place to receive and monitor notifications, and evaluate when software technology changes are needed.

C2.2 Repository has software technologies appropriate to the services it provides to its designated community(ies) and has procedures in place to receive and monitor notifications, and evaluate when software technology changes are needed.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	?	?	Y	-	-	-	-	-	-	-	-	-	-	-

C3. Security

C3.1 Repository maintains a systematic analysis of such factors as data, systems, personnel, physical plant, and security needs.

C3.1 Repository maintains a systematic analysis of such factors as data, systems, personnel, physical plant, and security needs.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	?	?	?	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
DGia	Almost a "Y" but the phrase "such factrs as" seems a bit weak

C3.2 Repository has implemented controls to adequately address each of the defined security needs.

C3.2 Repository has implemented controls to adequately address each of the defined security needs.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	Y	Y	-	-	-	-	-	-	-	-	-	-	-

C3.3 Repository staff have delineated roles, responsibilities, and authorizations related to implementing changes within the system.

C3.3 Repository staff have delineated roles, responsibilities, and authorizations related to implementing changes within the system.

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	Y	?	-	-	-	-	-	-	-	-	-	-	-

Who	Comment (add a row to the table for your comment)
DGia	Not sure what delineated roles implies

C3.4 Repository has suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).

C3.4 Repository has suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).

Mandatory requirement?

BAmb	BSie	CFen	DGia	DSaw	HTib	JGar	KTho	MCon	NMcG	PInn	RDow	SLam	RFer	MWal
-	Y	Y	Y	-	-	-	-	-	-	-	-	-	-	-

-- SimonLambert - 23 Dec 2007

Topic revision: r5 - 28 Jan 2008 - BarbaraSierman

Main

Webs
Main
Sandbox
TWiki