Notes from MM 21 Feb 2007

4pm UK time using MegaMeeting at RAC

Present

Status

Discussion

a) the proposed standard should use a continuous quality improvement model

b) the quality improvement model should be based on the PDCA approach used in ISO 27001 and 9001

c) the proposed standard should use a risk assessment approach rather than a fully mandated approach.]

There was considerable discussion of the relevance of standards such as ISO 27001 and COBIT.

It was agreed that we should not attempt to produce material well covered by existing standards. There is an issue, as discussed by the RLG/NARA group, about the desire to avoid forcing archives to obtain, for example, ISO27001 certified as well as "our" certification.

There are a number of ways around this:

1. identify the additions needed to ISO 27001 and perhaps have auditors trained in these as well as ISO 27001.
   • several people thought that "section C" of the draft RLG/NARA document contained the key additional ideas i.e. understandability and usability by a Designated Community
2. we could allow additional audits based on COBIT - again identifying additional features - the point here is COBIT is freely available.

It was agreed that the whole group should undertake a detailed review of ISO 27001 .

• ACTION DonaldSawyer to check whether we can obtain copies of ISO documents for those in the group who could not obtain them
• ACTION DavidGiaretta to see if a restricted access area could be created on the Wiki - accessible only to registered Wiki users

In addition, following a suggestion from DonaldSawyer:

• ACTION all to collect and put on the Wiki charters or mission statements of existing archives/repositories

Finally, since much of the communication was via the chat facility,

• ACTION DavidGiaretta to see if a persistent chat could be set up on MegaMeeting

-- DavidGiaretta - 21 Feb 2007