Notes from Megameeting 28th October 2009


DavidGiaretta STFC
DonaldSawyer NASA GSFC
JohnGarrett GSFC
MarkConrad NARA
RobertDowns CIESIN, Columbia University
SimonLambert STFC


The focus of discussion was the notes of the small face-to-face meeting held today at the CCSDS meeting in the Netherlands - see CcsdsMeeting20091028. The five points therein were broadly agreed.

There was also discussion of auditing multi-site repositories, or those with cloud-based storage. The formulation of the security standard ISO 17021 should also be applicable here.

ACTION DavidGiaretta to speak to ISO liaison about when ISO review will start

ACTION All to read the notes of the CCSDS face-to-face meeting and prepare for discussion at the next MegaMeeting

The next meeting will be back to the usual schedule, on Monday 2 November.

Transcript of chat

John Garrett >> (All): David put some notes on the wiki  from this morning's meeting.
Don Sawyer >> (All): We talked about how we might set up the international audit 
and certification system - and what might help us do that in terms of text in 
the standard
John Garrett >> (All): David's working on getting connected again.  Seems to be 
there is some kind of networking problems.  
John Garrett >> (All): We suggest that in the couple minutes he takes to 
reconnect, perhaps you can look up David's notes from this morning and we will 
entertain any questions on them.  
David Giaretta >> (All): Hi
Mark Conrad >> (All): Is there any way to find out about the history of setting 
up certification bodies for ISO standards? I poked around various ISO 9000 
websites and I couldn't find anything that talked about how they established the 
first committee.
David Giaretta >> (All): John found some stuff 
Mark Conrad >> (All): Where?
John Garrett >> (All): Yes, we were doing similar things, we did however find an 
Internation Accreditation Forum that accredites the certification bodies for ISO 
9000 and other ISO standards
David Giaretta >> (All): I also plan to talk to the UK ISO committee - BSI in 
London. Also there are some other people in the UK who might be useful
Mark Conrad >> (All): I looked at the IAF website. I didn't find anything about
how they set up the initial committee. You found such information on their site?
David Giaretta >> (All): We probably need to talk to people - its probably not 
the sort of stuff that gets put on web sites
David Giaretta >> (All): We have some connection problems here
David Giaretta >> (All): The other ideas were to make the primary audit 
committee more prominent - to approve training etc
David Giaretta >> (All): ...that would mean that we don't need to be absolutely 
certain about the number of days traiining in the standard
RobertDowns >> (All): That seems to be a reasonable way to move forward.
David Giaretta >> (All): If we accept that then it means we can move forward 
fairly quickly.
Mark Conrad >> (All): Presuming that everyone is willing to accept the 
credentials of the members of the committee.
John Garrett >> (All): I did not find anything related to an initial committee 
on the IAF website (or elsewhere).  Just found contact information for people we 
might talk to that might have some insights.
SimonLambert >> (All): I suppose one issue is the principle of the committee,
another is actually setting it up.
David Giaretta >> (All): There do seem to be other examples of this sort of 
thing - i.e. just saying there is a way to do something but it is determined 
elsewhere (not necessarily a standard)
Mark Conrad >> (All): David, Can you give an example?
David Giaretta >> (All): Mark - yes that's the main point - are people credible
RobertDowns >> (All): In addition to our credentials, we could consider our 
participation in these meetings as equivalent to training.
David Giaretta >> (All): Mark - example - to say the committee has procedures 
e.g. to vote, but it is specified in an internal document
Mark Conrad >> (All): Yes, but credible to whom? Who is the potential audience 
for certification?
David Giaretta >> (All): Mark - it probably has to be credible to funders 
David Giaretta >> (All): ...with some community cred. also 
David Giaretta >> (All): Hence the idea to have a 2 page draft to put to funders
John Garrett >> (All): ...and to marketing portions of companies who then use 
the certification in marketing their company's services.
Mark Conrad >> (All): My concern is that if we hinge the whole thing on 
potential consumers of the accreditation services accepting the credibility of 
the committee members we may see many years of work go down the drain. I suppose 
we have to step off the cliff at some point.
David Giaretta >> (All): Mark - yes that was always going to be a risk.
John Garrett >> (All): I think standards are always in that precarious area.  
They are only useful if enough people pick them up and use them.
David Giaretta >> (All): ...But I suggest we can start to get the ball rolling - 
as noted on the Wiki
David Giaretta >> (All): .........see if we can persuade funders to get a few 
audits done and then eventually to mandate it
Mark Conrad >> (All): Under bullet 3 we still have the question of what on-site 
means. For example I have a seven node data grid that spans the United States. 
Does that mean that the audit team would have to visit all seven sites?
David Giaretta >> (All): But one critical point is what the certificate says - 
one suggestion is in the notes
David Giaretta >> (All): Mark - I assume other audits have the same problem - 
need to investigate
RobertDowns >> (All): The suggestion for specifying collections certified makes 
sense, David.
RobertDowns >> (All): as well as the provisions
Mark Conrad >> (All): My collections span the grid. 
RobertDowns >> (All): It could be expensive to visit all seven sites with a 
certification team
David Giaretta >> (All): Yes - we do need to think about cloud/grid
Mark Conrad >> (All): There will be similar questions for LOCKSS, DuraCloud, etc 
David Giaretta >> (All): Robert - I guess taht would have cost implications
John Garrett >> (All): This works much like ISO 9000 certification.  We specify 
what portion of the organization you want certified.  Then size and cost of the 
audit can be set by that decision.
David Giaretta >> (All): ...or we could not certifiy those systems.
Mark Conrad >> (All): Trips to Mumbai for the first cloud inspection could be 
John Garrett >> (All): NASA projects have been certified and NASA centers have 
been.  I don't know but I don't think NASA as a whole is certified.
Mark Conrad >> (All): certified by who for what?
David Giaretta >> (All): Mark - I guess that's why we suggested some virtual 
participation - some someone in India could be there physically plus someone 
else. The rest could participate virtually
John Garrett >> (All): I don't think you can certify things you can't inspect.  
Who would want the legal and profressional creditibility hit of being the person 
to certify something they really didn't inspect?
David Giaretta >> (All): The problem with the cloud is that I guess the data 
might be in Mumbai today but in Iceland tomorrow
RobertDowns >> (All): Even small repositories could have offsite facilities for 
backup and recovery
David Giaretta >> (All): ... or both
John Garrett >> (All): I also agree with David.  Only part of the team needs to 
present.  But as a team, some part of it needs to be present.
RobertDowns >> (All): I also agree that it should not be necessary for an entire 
team to visit each site.
David Giaretta >> (All): ANyway the thought was that we should consider putting 
some wording along those lines in the draft so taht it will make the practical 
process do-able
John Garrett >> (All): Another option is that certification could be for on-site 
activities of an organization.
Mark Conrad >> (All): Actually it will be in both places and several others as 
well. Most cloud services use multiple sites for redundancy. Unless you specify 
geographic limitations in your contract with the cloud provider, they will store 
copies of your data lots of places around the world.
David Giaretta >> (All): Mark - yes - even more difficult
David Giaretta >> (All): ...I wonder what they do for securiy audit?
Mark Conrad >> (All): John, In the cases we have been talking about the majority 
of the activity may be some place else.
David Giaretta >> (All): But I think the repository needs to have some physical 
control - cannot remember the wording
RobertDowns >> (All): Certainly, we need to verify that there are locks on the 
John Garrett >> (All): Yes and if the majority of the activity takes place 
elsewhere, it should be investigated there.  (assuming not cloud now)
John Garrett >> (All): Certifying the cloud for anything may be problematic.  
What do you think is sufficient proof that the cloud is doing whatever it is 
supposed to be doing?
David Giaretta >> (All): The metrics doc says " ..shall obtain sufficient 
control over the digital objects to preserve them"
RobertDowns >> (All): It might be that a repository has to specify it primary 
locations and the activities conducted at each location, then the team can 
decide which ones need to be inspected physically
David Giaretta >> (All): I guess the repository has to present evidence that is 
sufficiently persuasive that this is the case
Mark Conrad >> (All): David, If the repository needs to have physical control, 
does that mean using an outsourced cloud (as opposed to an on-site, private 
cloud) could not be certified as a TDR.
David Giaretta >> (All): Mark - the working was "sufficient control"
Mark Conrad >> (All): Ok so how do we specify the notion of on-site in the 
document given our discussions here?
John Garrett >> (All): It might be enough to show that you can get information 
back from the cloud and you have enough copies in the cloud and enough local 
fixity information to guarantee that you have authentic information back.
David Giaretta >> (All): Mark - if that wording is good enough for the security 
audit then it should be good enough for us - except that we add the points about 
possible virtual participation
David Giaretta >> (All): other words however "on-site" is defined for 
John Garrett >> (All): From 12071 In the case of multiple sites or 
certification to multiple management system standards beingprovided by the 
certification body, the planning for the audit shall ensure adequate on-site 
audit coverage toprovide confidence in the certification.
Mark Conrad >> (All): David, Thank you. I was trying to look that up.
John Garrett >> (All): 9.1.9 The certification body shall have a process for 
conducting on-site audits defined in documentedrequirements drawn up in 
accordance with the relevant guidance provided in ISO 19011.NOTE 1 In addition 
to visiting physical location(s) (e.g. factory), “on-site” can include remote 
access to electronic site(s)that contain(s) information that is relevant to the 
audit of the management system.NOTE 2 The term “auditee” as used in ISO 19011 
means the organization being audited.
RobertDowns >> (All): John - These both seem to be appropriate for repository 
Mark Conrad >> (All): So do we need to mark up the wiki document to reflect what 
we have discussed here or do we need to wait until next week when more of the 
usual suspects are able to attend the web meeting?
David Giaretta >> (All): Maybe we can propose some wording so people can see 
what the implications are - we can always backtrack and remove them
David Giaretta >> (All): ...or would you prefer to wait and not push it?
Mark Conrad >> (All): Proposing wording might speed things up next week. That 
said, I can only stay on the webmeeting for about another hour.
David Giaretta >> (All): Here in Holland we were planning to leave in 30 mins
David Giaretta >> (All): Perhaps we should do it off-line rather than wordsmith 
right now - unless you have a suggestion
David Giaretta >> (All): But am I right in thinking that the people here are OK 
with the 5 bullet points on the WIki at
David Giaretta >> (All): we may of course discover that say point 5 is 
already covered in the set of ISO standards
Mark Conrad >> (All): I was just looking at that bullet. It would be good to 
know if the ISO standards cover that.
Mark Conrad >> (All): Under bullet 2. Do we have to specify anything about the 
onditions under which certification would be revoked?
David Giaretta >> (All): I'm fairly sure the tree of standards we inherit covers 
that but I was not sure
SimonLambert >> (All): Am I right in thinking that the primary audit cttee would 
only concern itself with qualifications of auditors - not with repositories or 
particular audit exercises?
David Giaretta >> (All): Bullet 2 was about auditors but I guess the primary 
committee would have to do audits initially
David Giaretta >> (All): Mark - I would guess that we might only specify 
something very general "..if standards were not upheld"
Mark Conrad >> (All): Simon, Bullets 3-5 seem to be concerned with more than the 
qualifications of the auditors.
SimonLambert >> (All): Mark - yes, but I'm not sure if the primary audit cttee 
has a role there.
Mark Conrad >> (All): David, Ok. I gues that the conditions for revokation would 
have to be spelled out in more detail in the contract for the audit. People are 
not going to want to put down money for an audit with the possibility that it 
could be revoked at any time.
David Giaretta >> (All): Simon - in practical terms there will ONLY be the 
primary committee who would be able to do these audits
David Giaretta >> (All): Mark - I was referring to accreditation of auditors
John Garrett >> (All): But ISO 9000 certification can be withdrawn at any time 
and there are now close to 1M ISO 9000 certifications worldwide
David Giaretta >> (All): Mark - presumably a repository's certificate would only 
be revoked after another audit - of course the certificate expires after a 
specified date
John Garrett >> (All): Normally however no one will have any way to get any 
information on which to withdraw a certification without doing another audit.
David Giaretta >> (All): John - good point - we might want to revoke a 
certificate if it is announced that a repository has gone bankrupt
Mark Conrad >> (All): David, I misunderstood the bullet. If an auditor's 
qualification can be revoked, does this mean that the committee will have to 
publish and maintain a list of qualified auditors?
John Garrett >> (All): There is another standard ISO 17024 that deals with 
accrediting persons
David Giaretta >> (All): Mark - I assume we will get into that if and when the 
whole thing take off
David Giaretta >> (All): ....but I could see that people should be able to check 
that someone who claims to be an auditor is actually accredited
David Giaretta >> (All): ...I think we may have said something about that in the 
Security section
Mark Conrad >> (All): Ok. It just seems like this will require a little more 
infrastructure that just the committee if it takes off.
David Giaretta >> (All): Oh yes indeed
RobertDowns >> (All): Yes, there should be a way to verify credentials of the 
David Giaretta >> (All): ....but it would eventually be self-funding
John Garrett >> (All): Yes, I think it will require more infrastructure once it 
takes off.  Once it takes off it will also be easier to get support for the 
David Giaretta >> (All): My hope was taht we could get the standards into review
 - with any appropriate wording that would facilitate having a workable system - 
and then start the set-up
RobertDowns >> (All): Is there any update on the review schedule?
Mark Conrad >> (All): I think you have answered all my questions about the 5 
bullets. I would think it would be a good idea to get Bruce's input on the 
outline for the funding agencies.
David Giaretta >> (All): I need to speak to the ISO liaison about when the ISO 
review will start
David Giaretta >> (All): ...the Metrics doc is already undergoing CCSDS review
David Giaretta >> (All): ......or did you mean the "Requirements..." doc
David Giaretta >> (All): If the latter then it's as sooon as we finish it
RobertDowns >> (All): I was referring to the Metrics doc
David Giaretta >> (All): Let me email now
David Giaretta >> (All): I was planning to make contact here in Holland but she 
is coming next week
Mark Conrad >> (All): "Perhaps we should do it off-line rather than wordsmith 
right now - unless you have a suggestion." Does that mean that you all in 
Holland will be preparing proposed wording off-line and post it send it to the 
rest of us?
David Giaretta >> (All): Mark - don't think we will be doing anything 
collectively here.  It's something for the weekend or evening. We are almost at 
the end of the RAC meeting here.
Mark Conrad >> (All): Oh. I thought it ran for another day or two.
David Giaretta >> (All): Mark - only 1 day for RAC - there are other CCSDS 
things tomorrow and Friday
Mark Conrad >> (All): Hopefully other folks will read the bullets between now 
and Monday and we can tackle it then.
Mark Conrad >> (All): So are we done for now?
David Giaretta >> (All): I think so
David Giaretta >> (All): Bye all
John Garrett >> (All): Bye
Mark Conrad >> (All): OK. Talk to you on Monday. The U.S. will be off Summer 
time by then.
RobertDowns >> (All): Bye

-- SimonLambert - 28 Oct 2009

Topic revision: r1 - 2009-10-28 - SimonLambert
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback