Foreword

The OAIS Reference Model contained a roadmap which included the need for a certification standard. The initial work was to be carried out outside CCSDS and then brought back into CCSDS to take into the standard. In 2003, RLG and the National Archives and Records Administration created a joint task force to specifically address digital repository certification. The task force published the Trusted Repository Audit & Certification: Criteria and Checklist (TRAC) document which forms the basis of this standard.

Introduction

A decade ago, the Task Force on Archiving of Digital Information (1996) declared, “a critical component of digital archiving infrastructure is the existence of a sufficient number of trusted organizations capable of storing, migrating, and providing access to digital collections.” The task force saw that “trusted” or trustworthy organizations could not simply identify themselves. To the contrary, the task force declared, “a process of certification for digital archives is needed to create an overall climate of trust about the prospects of preserving digital information.” The task force stopped short of articulating the details of such a certification process. Certainly one obstacle was that though some archives and repositories existed at the time, there was no organized “digital preservation community” with common, consensus-driven practices, let alone standards. Each archive or repository conducted digital preservation in its own manner and to the level that seemed to address funding and user community needs.

Work in articulating responsible digital archiving infrastructure was furthered by the development of the Open Archival Information System (OAIS) Reference Model (ISO 14721:2002). Designed to create a consensus on “what is required for an archive to provide permanent or indefinite long-term preservation of digital information,” the OAIS addressed fundamental questions regarding the long-term preservation of digital materials that cut across domain-specific implementations. The reference model provides a common conceptual framework describing the environment, functional components, and information objects within a system responsible for the long-term preservation of digital materials. Long before it became an approved standard in 2002, many in the cultural heritage community had adopted OAIS as a model to better understand what would be needed from digital preservation systems.

Institutions began to declare themselves “OAIS-compliant” to underscore the trustworthiness of their digital repositories, but there was no established understanding of “OAIS-compliance” beyond meeting the high-level responsibilities defined by the standard. There were certainly no criteria for measuring compliance.

Claims of trustworthiness are easy to make but are thus far difficult to justify or objectively prove. As Clifford Lynch has stated, “Stewardship is easy and inexpensive to claim; it is expensive and difficult to honor, and perhaps it will prove to be all too easy to later abdicate” (Lynch 2003). Establishing more clear criteria detailing what a trustworthy repository is and is not has become vital. In 2002, RLG and OCLC jointly published Trusted Digital Repositories: Attributes and Responsibilities (TDR), which further articulated a framework of attributes and responsibilities for trusted, reliable, sustainable digital repositories capable of handling the range of materials held by large and small cultural heritage and research institutions. The framework was broad enough to accommodate different situations, technical architectures, and institutional responsibilities while providing a basis for the expectations of a trusted repository. The document has proven to be useful for institutions grappling with the long-term preservation of cultural heritage resources and has been used in combination with the OAIS as a digital preservation planning tool. As a framework, this document concentrated on high-level organizational and technical attributes and discussed potential models for digital repository certification. It refrained from being prescriptive about the specific nature of rapidly emerging digital repositories and archives and instead reiterated the call for certification of digital repositories, recommending the development of certification program and articulation of auditable criteria.

The RLG and NARA later published the Trusted Repository Audit & Certification: Criteria and Checklist (TRAC) document which combined ideas from OAIS and TDR. TRAC formed the basis of the metrics in this standard.

Process Approach (Perhaps this should be in the "Requirements for Auditors" document)

This International Standard should be used within a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's trustworthiness, see for example ISO 27001:2005.

An organization needs to identify and manage many activities in order to function effectively. Any activity using resources and managed in order to enable the transformation of inputs into outputs can be considered to be a process. Often the output from one process directly forms the input to the next process. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as a “process approach”.

The process approach for trustworthiness presented in this International Standard encourages its users to emphasize the importance of:

  • understanding an organization’s requirements and the need to establish policy and objectives for trustworthiness;
  • implementing and operating controls to manage an organization's preservation risks in the context of the organization’s overall business risks;
  • monitoring and reviewing the performance and effectiveness of the activities which support its trustworthiness; and
  • continual improvement based on objective measurement.

References (Probably should be at the end of the docuemnt)

  • Consultative Committee for Space Data Systems (CCSDS). 2002. Reference Model for an Open Archival Information System. (ISO Standard 14721). http://www.ccsds.org/publications/archive/650x0b1.pdf
  • CCSDS 2003. Producer-Archive Interface Methodology Abstract Standard. (ISO Standard 20652). http://www.ccsds.org/publications/archive//651x0b1.pdf
  • CCSDS May 15, 2006. XML Formatted Data Unit (XFDU) Structure and Construction Rules. http://sindbad.gsfc.nasa.gov/xfdu/pdfdocs/iprwbv2a.pdf
  • Cornell University Libraries. Digital Preservation Management: Implementing Short-term Strategies for Longterm Problems. 2004. www.library.cornell.edu/iris/tutorial/dpm/index.html
  • ISO 9000:2000 Quality management systems—Fundamentals and vocabulary. Geneva, Switzerland: International Organization for Standardization.
  • ISO/IEC 17799:2005 Information technology—Security techniques—Code of practice for information security management. Geneva, Switzerland: International Organization for Standardization.
  • ISO 27001:2005 Information technology - Security techniques - Information security management systems - Requirements
  • Lynch, Clifford A. February 2003. “Institutional Repositories: Essential Infrastructure for Scholarship in the Digital Age.” ARL BiMonthly Report 226. http://www.arl.org/newsltr/226/ir.html
  • Metadata Encoding and Transmission Standard (METS) version 1.4. 2005.Washington, DC: Digital Library Federation. http://www.loc.gov/standards/mets
  • Minnesota Historical Society, State Archives Department. 2002. Trustworthy Information Systems Handbook. http://www.mnhs.org/preserve/records/tis/tis.html
  • National Institute of Standards and Technology. 2001. Security Self-Assessment Guide for Information Technology Systems (NIST Special Publication 800-26). Washington, DC: NIST. http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
  • National Institute of Standards and Technology. April 2005. Revised NIST SP 800-26 System Questionnaire with NIST SP 800-53 References and Associated Security Control Mappings. Washington, DC: NIST. http://csrc.nist.gov/publications/drafts/Draft-sp800-26Rev1.pdf
  • Nestor Working Group on Trusted Repositories Certification. June 2006. Catalogue of Criteria for Trusted Digital Repositories. Version 1 (draft for public comment). English translation December 2006.urn:nbn:de:0008-2006060703. edoc.hu-berlin.de/series/nestor-materialien/8en/PDF/8en.pdf
  • PREMIS. May 2005. Data Dictionary for Preservation Metadata: Final Report of the PREMIS Working Group. Dublin, Ohio and Mountain View, CA: OCLC and RLG. www.oclc.org/research/projects/pmwg/premis-final.pdf
  • Task Force on Archiving of Digital Information. 1996. Preserving Digital Information. Washington, DC, and Mountain View, CA: Commission on Preservation and Access and the Research Libraries Group. http://www.rlg.org/legacy/ftpd/pub/archtf/final-report.pdf
  • Trusted Digital Repositories: Attributes and Responsibilities. May 2002. Mountain View, CA: RLG. http://www.rlg.org/en/pdfs/repositories.pdf
  • Trusted Repository Audit & Certification: Criteria and Checklist (TRAC), 2007. http://www.crl.edu/PDF/trac.pdf

-- DavidGiaretta - 20 Apr 2009

Topic revision: r1 - 2009-04-20 - DavidGiaretta
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback