Identification of mandatory requirements: Section C

Please choose an option under your initials for each requirement. Comments may be added to the table below each requirement, by adding a row to the table.

At the Megameeting on 26th November 2007, it was agreed that the following definitions would be used:

  • Mandatory means it is a critical requirement that must be done in order to either be doing preservation adequately or demonstrating the same
  • Marking with Y means accepting the requirement as mandatory as it is now expressed; N means considering it is not mandatory as it is now expressed; ? means that it needs clarification.

C1. System infrastructure


C1.1 Repository functions on well supported operating systems and other core infrastructural software.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- ? N ? - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
CF This seems too vague to be mandatory
BS As discussed earlier, it is a bit dangerous to put IT Requirements here, as it is done well (and may be better) elsewhere. As Chris Rusbridge mentioned: should not we focus on the extras, needed for long term preservation. I think particularly of the logging aspect, as we want to give insight in our actions to our successors, and may be for a far longer time than a general IT system.


C1.2 Repository ensures that it has adequate hardware and software support for backup functionality sufficient for the repository’s services and for the data held, e.g., metadata associated with access controls, repository main content.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y Y Y - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
DGia The word "sufficient" in the metric makes this almost a tautology - the difficulty will be to decide what is sufficient.
BS Agree with David, need some rewording as it not clear enough


C1.3 Repository manages the number and location of copies of all digital objects.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- ? ? N - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
DGia I have put "N" because I am worried about the "all" in the metric - perhaps it should be "all objects to be preserved"
CF I think managing numbers and locations of copies is an important management function. Perhaps we could re-word the metric?
BS Of all, not of each object


C1.4 Repository has mechanisms in place to ensure any/multiple copies of digital objects are synchronized.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- - ? N - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
DGia I am concerned about the "any/multiple"
CF Another important function I think. Maybe we could drop the 'any' and leave the 'multiple'


C1.5 Repository has effective mechanisms to detect bit corruption or loss.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y Y Y - - - - - - - - - - -


C1.6 Repository reports to its administration all incidents of data corruption or loss, and steps taken to repair/replace corrupt or lost data.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y ? ? - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
BS You need to know what happened in your repository, and if there are automated processes to repair corrupt or lost data, there should be reports about these actions


C1.7 Repository has defined processes for storage media and/or hardware change (e.g., refreshing, migration).

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y Y Y - - - - - - - - - - -

! DGia | Hovever the defined process could be "do nothing" |


C1.8 Repository has a documented change management process that identifies changes to critical processes that potentially affect the repository’s ability to comply with its mandatory responsibilities.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y ? Y - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
CF Could 'critical processes' be defined?


C1.9 Repository has a process for testing the effect of critical changes to the system.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y ? ? - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
DGia Presumably this means testing without affecting operation system


C1.10 Repository has a process to react to the availability of new software security updates based on a risk-benefit assessment.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y ? Y - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
BS Need some rewording, as not only security updates might be a risk, also other software

C2. Appropriate technologies


C2.1 Repository has hardware technologies appropriate to the services it provides to its designated communities and has procedures in place to receive and monitor notifications, and evaluate when hardware technology changes are needed.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- ? ? Y - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
BS Both C2.1 and C2.2 depends on the policies of the archives, so the mandatory requirement should be that the promised services are facilitated


C2.2 Repository has software technologies appropriate to the services it provides to its designated community(ies) and has procedures in place to receive and monitor notifications, and evaluate when software technology changes are needed.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- ? ? Y - - - - - - - - - - -

C3. Security


C3.1 Repository maintains a systematic analysis of such factors as data, systems, personnel, physical plant, and security needs.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- ? ? ? - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
DGia Almost a "Y" but the phrase "such factrs as" seems a bit weak


C3.2 Repository has implemented controls to adequately address each of the defined security needs.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y Y Y - - - - - - - - - - -


C3.3 Repository staff have delineated roles, responsibilities, and authorizations related to implementing changes within the system.

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y Y ? - - - - - - - - - - -

Who Comment (add a row to the table for your comment)
DGia Not sure what delineated roles implies


C3.4 Repository has suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).

Mandatory requirement?

BAmb BSie CFen DGia DSaw HTib JGar KTho MCon NMcG PInn RDow SLam RFer MWal
- Y Y Y - - - - - - - - - - -

-- SimonLambert - 23 Dec 2007

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2008-01-28 - BarbaraSierman
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback