Notes from MM 04 Apr 2007

4pm UK time using MegaMeeting at RAC

Present

DavidGiaretta BNSC/CCLRC
BruceAmbacher NARA/ U Maryland
BarbaraSierman KB, Netherlands
MarieWaltz  
SimonLambert  
KatiaThomaz INPE (Instituto Nacional de Pesquisas Espaciais), Brazil
RobertDowns CIESIN, Columbia University
HelenTibbo U North Calolina
NancyMcGovern  

Discussion

It was agreed that we should not get too deep into ISO 27001, as that it cannot be adapted for our purposes just by small modifications. It may be possible to refer to the standard from within our own - there are precedents for this. We cannot require ISO 27001 compliance, though having it should be a plus. There are clearly relevant issues raised in ISO 27001 which we may need to include in our document. We may be able to isolate those metrics in 27001 which are of relevant to the preservation of the information - as disstinct from those that are relevant to the business processes of the organisation.

DavidGiaretta intends to purchase the ISO 27001 certification toolkit to examine how it operates.

A new relevant initiative is DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) - see http://www.repositoryaudit.eu/. BarbaraSierman is going on a DRAMBORA course on the 3rd May and add something to the wiki after that.

An open question is what is expected of a standard to assess compliance in quantitative terms: requiring all boxes to be ticked, requiring a threshold score, having different levels of compliance, ...? A general approach would be to define the highest "platinum" standard and then work down.

ACTION: on all to (re)read the TRAC, Nestor and DRAMBORA documents, and the cross-walks where they exist, and make notes on the wiki about anything missing in the TRAC document that the others supply.

ACTION: SimonLambert or DavidGiaretta to create a suitable wiki page for the purpose.

ACTION: on BruceAmbacher to put the TRAC-Nestor cross-walk on the wiki (or authorise DavidGiaretta to do so).

ACTION: on DavidGiaretta to try to find information from other sources on how the assessment process could work (in quantitative terms as noted above).

The next meeting will be on 25th April.

CHAT extract

NancyMcGovern >> (All): TRAC says that section C could be met by 27001 - so it's not redundant
NancyMcGovern >> (All): http://www.digitalpreservationeurope.eu/announcements/drambora/  
NancyMcGovern >> (All): I registered and looked at a copy - it didn't look all that very different from TRAC to me
Katia Thomaz >> (All): i suggested pick up one of them, TRAC or NESTOR, as a basis and compare the other in relation to it
NancyMcGovern >> (All): We talked about that some for TRAC - in the first round, repositories would not meet all the 
   requirements.  that established a development plan.  nestor talks about this as coaching.  this suggests levels of 
   development, a concept we avoided in TRAC
Marie Waltz >> (All): But how does this reassure those who are using the depository? It seems to me we need to keep them in mind too.
Barbara Sierman >> (All): I will on a DRAMBORA course on the 3th of may, i can add something to the wiki after that
Helen Tibbo >> (All): I recently surveyed ARL libraries in the US who had or were establishing IRs and asked them if they used
   the RLG/NARA document for planning. We also asked them if they were ultimately interested in certifications. 
   Most said no, but certainly there are some repositories that would seek certification very soon. I think if we create 
   a platnium standard for them and then work down to other levels that provide some level of trust but perhaps not the 
   highest level. It seems we could determine that fairly easily once we have the highest standard.
Helen Tibbo >> (All): I probably can't do too much until after the April 18-20 meeting here in Chapel Hill but after that I really
   need a specific, written assignment.
BruceAmbacher >> (All): Should the assignment be to read all three for three weeks from now?
RobertDowns >> (All): Seems like a good approach
BruceAmbacher >> (All): I will check with Robin Dale re: posting the crosswalk
Marie Waltz >> (All): It is OK to post the crosswalk
Helen Tibbo >> (All): April 25th is good for me.
</verabatim>

-- Main.DavidGiaretta - 04 Apr 2007
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2008-02-13 - KatiaThomaz
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback