Section A: Organisational Infrastructure (BR & MEW)

A1. Governance & organizational viability

The TRAC Checklist identifies and defines the criteria that must be met by a given repository to be considered capable of managing, maintaining and preserving digital materials over time (Please note that division of the TRAC Checklist into three sections has been done for organizational purposes, and does not suggest that any single section can stand alone or should be applied without a review of all three sections). Section A addresses the administrative and structural aspects of the organization responsible for providing repository services. Criteria in this section address how the organization is governed, managed, staffed, and sustained financially, and describe activities that contribute to the organization's long term viability. The criteria in Section A relate to all operations of the repository, as robust policy infrastructure and attentiveness to the legal and financial environments in which a repository operates are essential to the implementation of adequate systems and technologies.

A1.1 Repository shall have a mission statement that reflects a commitment to the long-term retention of, management of, and access to digital information.

Supporting Text
The long-term preservation and management of digital content, and, where appropriate, provision of access to that information, should be integral parts of the repository's mission. The ideal locus for such work is within an organization that by mission is devoted to the continuity of information and other resources. This is necessary in order to ensure that the commitment at the highest organizational level, for preservation and access.
Bruce Ambacher 16April2009 - Does "highest level" refer to the organizational hierarchy or to the largest financial commitment possible for preservation activities?
DG 20090418 I assumed this is organizational aspects

Financial committment is a big part of it, but it isn't everything. mew

BA 20April2009 - This was changed per the webchat of 20April2009.
The mission shall
-Bruce Ambacher 16April2009 - "should" is used here and above and in Discussion. Is this appropriate language for ISO or should it be "must"?
DG 20090418 - need to check Pub Manual
provide a foundation for appropriate and focused repository Preservation Policy development in support of long-term planning and resource allocation.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Mission statement or charter of the repository or its parent organization that specifically addresses or implicitly calls for the preservation of information and/or other resources under its purview; a legal, statutory, or government regulatory mandate applicable to the repository that specifically addresses or implicitly requires the preservation of information and/or other resources under its purview.
Discussion
The repository or its parent organization's mission statement should explicitly address preservation. If preservation is not among the primary purposes of an organization that houses a digital repository then preservation may not be essential to the organization's mission. In some instances a repository pursues its preservation mission as an outgrowth of the larger goals of an organization in which it is housed, such as a university or a government agency, and its narrower mission may be formalized through policies explicitly adopted and approved by the larger organization. Government agencies and other organization's may have legal mandates that require they preserve materials, in this case these mandates can be substituted for mission statements, as they define the purpose of the organization. Mission statements should be kept up to date and continue to reflect the common goals and practices for preservation.

A1.2 Repository shall have a Preservation Strategic Plan that defines the approach the repository will take in the long-term support of its mission.

Discussion
A Strategic planning should be a printable document which define's a repository's long-term plans in support of its mission. This is necessary in order to help the repository make administrative choices, shape policies and allocate resources in order to achieve long-term preservation.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
One definition of a strategic plan is, "a disciplined effort to produce decisions and actions that guide and shape what the organization is, what it does, and why it does it"[1]. A strategic plan for a repository can address such issues as, the overall direction the repository is taking and its preservation goals. The plan needs to tie into the organization's established mission, and define the values, vision, and goals. Strategic plans typically cover a particular finite time period, normally in the 3-5 year range.---[1] Bryson, J. M. ""Strategic planning for public and nonprofit organizations: A guide to strengthening and sustaining Organizational achievement."" Rev. ed.. San Francisco: Jossey-Bass Publishers. 1995

A1.2.1 Repository shall have an appropriate, formal succession plan, contingency plans, and/or escrow arrangements in place in case the repository ceases to operate or the governing or funding institution substantially changes its scope.

Supporting Text
These plans, and/or escrow arrangement’s are meant to address what actions a repository takes when failure occurs due to closure or substantial changes in its funding, scope, or mission. Failure will lead to threats to the long-term sustainability of a repository’s information content. This is necessary in order to preserve the information content entrusted to the repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Succession plan(s); escrow plan(s); escrow of critical code, software, and metadata sufficient to enable reconstitution of the repository and its content with a trusted, independent agent or entity that is authorized to maintain and provide access to same in the event of repository failure; escrow and/or reserve funds set aside for contingencies; insurance policies indemnifying the repository for recovery of critical systems in the event of system failure; explicit agreements with successor organizations documenting the intent to ensure continuity of the repository, and the measures to be taken to ensure the complete and formal transfer of responsibility for the repository’s digital content and related assets, and granting the requisite rights necessary to ensure continuity of the content and repository services; documents outlining crisis management plans, disaster plans, business continuity plan etc); depositor agreements
Discussion
It is not sufficient for the repository to have an informal plan or policy regarding where its data goes should a failure occur. A formal, printable plan must be in place with identified procedures needs to be in place.

A1.2.2 The Repository shall monitor its organizational environment to determine when to execute its formal succession plan, contingency plans, and/or escrow arrangements

Supporting Text
The repository must recognize the conditions under which it may need to execute these plans (succession plan, contingency plans, and/or escrow arrangements), such as the possibility of gaps between funding and the costs of meeting the repository's commitments to its stakeholders. This is necessary because even with effective business planning procedures in place, any repository with long-term commitments will likely face some kind of resource gap in the future. If the repository cannot bridge these gaps its viability is threatened.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Fiscal and fiduciary policies, procedures, protocols, requirements; budgets and financial analysis documents; fiscal calendars; business plan(s); any evidence of active monitoring and changes in policys and preparedness.
Discussion
The intent of this metric is that the repository shows it is monitoring and responding to risks and bridging funding gaps before they have reached the crisis point. The respository must demonstrate it is implementing sensible solutions which protect the long term viability of the repository. This continual monitoring and revising of the repository's environment helps to avoid situations where there is a need to invoke a succession plan, such as the repository ceasing operations permanently.

A1.3 Repository shall have a Collection Policy or other document that specifies the type of information to be preserved.

Supporting Text
A collection policy guides the development and management of the digital content to be preserved by the repository. This is necessary in order to ensure the repository is collecting materials which support its mission. The collection policy is written and may address any or all of the following areas: selection criteria (data formats, subject matter, languages, producers, etc), acquisition criteria (rights issues, access limitations, data quality, cost thresholds for purchase of digital content, etc.)
Bruce Ambacher 16April2009 - I question the need or desirability of putting "cost threshholds" and "access policies" in the Collection Pplicy. This is about collection policy not other repository procedures such as data purchase and/or acwho can access the data
DG 20090418 - no strong feelings about this but accept Bruce's view

MEW-I have come across repository's that sdo incldue this as part of their collection policy because it is an important way to explain why somethign never made it into the policy, the above are only examples, and I think it helps to illustrate the diversity of collection fevelopment policy's
protocols for selecting digital content for inclusion in the repository, access policies, benefits of depositing in the repository, and a definition of the designated community who will produce the information. The policy should also specify under what circumstances and how often the policy is to be reviewed.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
A collection policy and supporting documents, preservation policy,
Bruce Ambacher 16April2009 - Again I question whether preservation policy should be part of the Collection Policy and how it is evidence of the Collection Policy.
DG 20090418 - OK

MEW-Took it out.
mission, goals and vision of the repository, and definition of the designated community are necessary in order to define what the repository preserves and how the needs of the designated community are to be met by repository activities.
Discussion
The Collection policy is one of the most important documents the repository produces because it defines what the repository is storing and why. The Collection Policy supports the broader mission of the repository. Without such a policy the repository is likely to collect in a haphazard manner, or store large amounts of low-value digital content. The Collection Policy helps the organization identify what digital content it will and will not accept for ingestion. In an organization with a broader mission than preservation of digital content the collection policy helps to define the role of the repository within the larger organizational context. The Collection Policy should be reviewed with new digital content producers to ensure the repository is following its policies and that the producer understands the requirements for the repository’s designated community. The policy should be useable in order to understand what the repository holds, what it does not hold, and why. There are differences in the criteria for selection of data content. For example, if an object is in a language or subject area in which the repository is collecting it will be eligible for ingestion, but if it costs too much, or the data quality is bad it may not be possible to ingest it. Selection criteria are the "does it fit into the collection criteria" while acquisition criteria are about "is it practical for the object to be included in the collection." The distinction is important for explaining why something wasn’t ingested into the repository.

A2 Organizational structure & staffing

Discussion
Staffing of the repository must be by professionals with the required training and skills to carry out the activities of the repository. The repository must be able to document through development plans, organizational charts, job descriptions and related policies and procedures that the repository is defining and maintaining the skills and roles that are required for the sustained operation of the repository.

A2.1 Repository shall identify and establish the duties that it needs to perform and appointed staff with adequate skills and experience to fulfil these duties.

Discussion
Staffing of the repository must be by professionals with the required training and skills to carry out the activities of the repository. The repository must be able to document through development plans, organizational charts, job descriptions and related policies and procedures that the repository is defining and maintaining the skills and roles that are required for the sustained operation of the repository.

A2.1.1 Repository shall identify and establish the duties their staff need to perform.

Supporting Text
The repository shall identify the competencies and skill sets required to carry out its activities over time and must demonstrate that the staff and consultants have the appropriate range of requisite skills—e.g., archival training, technical skills, and legal expertise. This is necessary in order to ensure that the repository can complete all tasks associated with the long-term preservation and management of the data objects.
Bruce Ambacher 16April2009 - Some word(s) is missing here and after "that".
DG 20090418 - "that" should probably be replaced by "the data objects"

MEW-changed"
and provide appropriate access to that . Preservation depends upon a range of activities from maintaining hardware and software to migrating content and storage media to negotiating intellectual property rights agreements. In order to ensure long-term sustainability, a repository must be aware of all required activities and demonstrate that it can successfully complete them.
*Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
A staffing plan; competency definitions; job descriptions; staff professional development plans; certificates of training and accreditation; plus evidence that the repository reviews and maintains these documents as requirements evolve.
Discussion Preservation depends upon a range of activities from maintaining hardware and software to migrating content and storage media to negotiating intellectual property rights agreements. In order to ensure long-term sustainability, a repository must be aware of all required activities and demonstrate that it can successfully complete them.

A2.1.2 Repository shall have the appropriate number of staff to support all functions and services.

Supporting Text
The repository must maintain staffing that is adequate for the scope and mission of preservation.
Bruce Ambacher 16April2009 - I prefer "preservation" over "archiving".
DG 20090418 - agree

mew-done
program. This is necessary in order to ensure repository staffing levels are adequate for preserving the digital content and providing a secure, quality repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Organizational charts; definitions of roles and responsibilities; comparison of staffing levels to industry benchmarks and standards.
Discussion
Technology and general practices for digital preservation will continue to change, so the repository must ensure that its staff skill sets evolve, as will the requirements of its designated community(ies). The repository should determine the appropriate number and level of staff that corresponds to requirements and commitments through reference to established industry benchmarks. The repository should also demonstrate how it evaluates staff effectiveness and suitability to support its functions and services.
-- KatiaThomaz - 10 May 2007 - It lacks %u201Crepository evaluate staff effectiveness and suitability%u201D (see DCC/DPE DRAMBORA R24).

A2.1.3 Repository shall have an active professional development program in place that provides staff with skills and expertise development opportunities.

Supporting Text
Technology and general practices for digital preservation will continue to change, so the repository must ensure that its staff skill sets evolve, as will the requirements of its designated community(ies)
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Professional development plans and reports; training requirements and training budgets, documentation of training expenditures (amount per staff); performance goals and documentation of staff assignments and achievements, copies of certificates awarded.
Discussion
Ideally the repository will meet this requirement through a lifelong learning approach to developing and retaining staff.

A3 Procedural accountability & Preservation Policy framework

Documentation assures stakeholders (consumers, producers, and contributors of digital content) that the repository is meeting its requirements and fully performing its role as a trusted digital repository. A repository must create documentation that reflects its Mission and Strategic plan and captures its habitual activities. This entails documenting all repository processes, decision-making, and goal setting. Documentation is provided so that the activities of the repository will be understood by stakeholders and management. It ensures that repository policies and procedures are carried out in approved, consistent ways, resulting in long-term preservation and access to digital content in its care. Certification, the clearest indicator of a repository’s sound and standards-based practice, is facilitated by procedural accountability and documentation.

A3.1 Repository shall define its designated community(ies) and associated knowledge base(s) and has these definitions appropriately accessible .

Supporting Text
It is the repository’s responsibility to determine and document the community(ies) to be served and the requirements for service. This is necessary in order to meet the needs of the designated community.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
A written definition, in a standalone document or contained in the Collection policy; listing or register of contributors, subscribers.
Discussion
The designated community is defined as “a repository’s identified group of potential consumers who should be able to understand a particular set of information. The designated community may be composed of multiple user communities.”(TRAC Glossary) The producers or contributors of the content held by a repository may also be considered a designated community.

A.3.2 Repository shall have Preservation Policies in place to describe how its Preservation Strategic Plan will be met.

Supporting Text
The repository must have Preservation Policies in place that define its technical infrastructure, its services, and the expected level of understandability for each of its designated community(ies) for each Archival Information Product. This is necessary in order to ensure that each designated community knows the operational definition of understandability for its community and the knowledge base each user must possess in order to understand the preserved
Bruce Ambacher 16April2009 - I prefer "preserved" over "archived"
DG 20090418 - agree

MEW-done
content. This allows the repository to provide appropriate levels of service to each designated community while keeping the necessary resource commitment to a minimum.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Mission statement; written definitions of the designated community(ies); documented policies; protocols, rules, manuals, handbooks, and workflows; service-level agreements.
Discussion
The repository's level of service can vary from one submission to another, just as the definition of understandability that establishes the repository’s responsibility in this area may vary. This may range from no responsibility, if bits are only to be preserved, to the maintenance of a particular level of use, if understanding by the members of the designated community(ies) is determined outside the repository, to a responsibility for ensuring a given level of designated community(ies) human understanding, requiring appropriate Representation Information. The documentation of understandability will typically include a definition of the applications the designated community(ies) will use with the information, possibly after transformation by repository services. For example, if a designated community is defined as readers of English with access to widely available document rendering tools, and if this definition is clearly associated with a given set of Content Information and Preservation Description Information, then the requirement is met. Examples of designated community definitions include: General English-reading public educated to high school and above, with access to a Web Browser (HTML 4.0 capable). For GIS data: GIS researchers%u2014undergraduates and above%u2014 having an understanding of the concepts of Geographic data and having access to current (2005, USA) GIS tools/computer software, e.g., ArcInfo? (2005). Astronomer (undergraduate and above) with access to FITS software such as FITSIO, familiar with astronomical spectrographic instruments. Student of Middle English with an understanding of TEI encoding and access to an XML rendering environment. Variant 1: Cannot understand TEI Variant 2: Cannot understand TEI and no access to XML rendering environment Variant 3: No understanding of Middle English but does understand TEI and XML Two groups: the publishers of scholarly journals and their readers, each of whom have different rights to access material and different services offered to them. ...
-- KatiaThomaz - 28 Apr 2008 - It lacks %u201Crepository has defined the external parties%u201D (see ISO27001 A.6.2), and %u201Crepository has defined its assets, owners and uses%u201D (see ISO27001 A.7).

A3.2.1 Repository shall have mechanisms for reviewing, updating, and ongoing development of its Preservation Policies as the repository grows and as technology and community practice evolve.

Supporting Text
The repository must have up-to-date, complete policies and procedures in place that reflect the current requirements and practices of its community(ies) for preservation. These policies must be understandable by the repository staff. Preservation Policies and Strategic Plans are high level documents that capture organizational commitments and intents for staffing, security and other preservation-related concerns. Preservation Implementation Plans address such preservation activities and practices as transfer, submission, quality control, storage management, metadata management, and access and rights management.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Current and past written documentation in the form of Preservation Policies, Preservation Strategic Plans and Preservation Implementation Plans, procedures, protocols, and workflows; specifications of review cycles for documentation; documentation detailing reviews, surveys and feedback. If documentation is embedded in system logic, functionality should demonstrate the implementation of policies and procedures.
Discussion
The repository must manage all versions of these preservation documents (e.g., outdated versions are clearly identified and maintained in some organized way) and qualified staff and peers must be involved in reviewing, updating, and expanding these documents. Older versions must be preserved in order to document the results of monitoring for new developments; responsiveness to prevailing standards and practice, emerging requirements, and standards that are specific to the domain, if appropriate; and similar developments. Preservation Policies and procedures must be demonstrated to be understandable and implementable. Appendix 3 explains the Minimum Required Documents.

A3.2.2 Repository shall maintain policies that specify the nature of any legal permissions required to preserve digital content over time, and repository can demonstrate that these permissions have been acquired when needed.

Supporting Text
The repositories must have written policies and agreements with depositors that specify and/or transfer certain rights to the repository enabling appropriate and necessary preservation actions to take place on the digital objects within the repository. This is necessary in order to maintain and modify digital objects to keep them accessible over time, a right often restricted by law to the creator.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Deposit agreements; licenses and written grants and/or assignments of rights; records schedule; digital preservation policies; records legislation and policies; service agreements.
Discussion
A repository should obtain the rights necessary to limit if not eliminate liability or legal exposure stemming from the repository’s preservation activities. Rights are best obtained at or before the time of ingest since it is often difficult to secure them later when the authors may no longer be available
-- KatiaThomaz - 28 Apr 2008 - Does it include IPR, legislative requirements, and regulatory requirements (see DCC/DPE DRAMBORA R15, R17, R18 and ISO27001 A15)?

A3.3 (A3.6) Repository shall have a documented history of the changes to its operations, procedures, software, and hardware.

Supporting Text
The repository must document all activities and developments over time that may have affected its management and preservation. This should include decisions about the organizational and technical infrastructure. This is necessary in order to provide an “audit trail” through which stakeholders can identify and trace decisions made by the repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Capital equipment inventories; documentation of the acquisition, implementation, update, and retirement of critical repository software and hardware file retention and disposal schedules and policies.
Discussion
Documentation should be in printable form with some explanation of local practices given by appropriate staff.

A3.4 (A3.7) Repository shall commit to transparency and accountability in all actions supporting the operation and management of the repository that affect the preservation of digital content over time.

Supporting Text
The repository must show a commitment to transparency and accountability through providing reasonable access to its content and to whatever documentation gives information about the development, implementation, evolution, preservation and performance of the repository. This is necessary because transparency is the best assurance that the repository operates in accordance with accepted standards and practices.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Reports of financial and technical audits and certifications; disclosure of governance documents, independent program reviews, and contracts and agreements with providers of funding and critical services.
Discussion
If the repository uses software to document its history, it should be able to demonstrate these tracking tools. Where appropriate, the history is linked to relevant preservation strategies and describes potential effects on preserving digital content. This requirement does not mean that the organization must make information which would make it vulnerable to competitors available, but rather that the organization commits to disclosing its methods for preserving digital content at least to the designated community or other appropriate stakeholder in order to demonstrate that is meeting all current preservation requirements.

A3.5 (A3.8) Repository shall commit to defining, collecting, tracking, and appropriately providing its information integrity measurements.

Supporting Text
The repository must provide documentation that it has developed or adapted appropriate measures for ensuring the integrity of its holdings. This is necessary in order to ensure that documentation exists regarding how the loss of content or compromise of the integrity of the repository is prevented.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Written definition or specification of the repository's integrity measures (for example, computed checksum or hash value); documentation of the procedures and mechanisms for monitoring integrity measurements and for responding to results of integrity measurements that indicate digital content is at risk; an audit process for collecting, tracking and presenting integrity measurements; Preservation Policy and workflow documentation.
Discussion
We know that the mechanisms to measure integrity will evolve as technology evolves. If protocols, rules and mechanisms are embedded in the repository software, there should be some way to demonstrate the implementation of integrity measures.

A3.6 (A3.9) Repository shall commit to a regular schedule of self-assessment and certification.

Supporting Text
The repository must commit to regular, periodic self-assessment and certification as a way of systematically and objectively verifying that it fulfills its preservation requirements. This is necessary in order to ensure the repository is trustworthy
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Completed, dated checklists from self-assessments and/or third-party audits; certificates awarded for compliance with relevant ISO standards; timetables and evidence of adequate budget allocations for future certification.

A4 Financial sustainability

A4.1 The Repository shall have short- and long-term business planning processes in place to sustain the repository over time.

Supporting Text
The repository must demonstrate that it has formal, cyclical (at minimum, annual), and proactive business planning processes in place. This is necessary in order to ensure the viability of the repository over the period of time it has promised to provide access to its contents for its designated community(ies).
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Up-to-date, multi-year strategic, operating and/or business plans; audited annual financial statements; financial forecasts with multiple budget scenarios; contingency plans; market analysis.

A4.2 (A4.3) The Repository shall have financial practices and procedures which are transparent, compliant with relevant accounting standards and practices, and audited by third parties in accordance with territorial legal requirements.

Supporting Text
The repository cannot simply claim transparency, but must show that it adjusts its business practices to keep them transparent, compliant, and auditable. This is necessary in order to guard against malfeasance or other untoward activity that might threaten the economic viability of the repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Demonstrated dissemination requirements for business planning and practices; citations to and/or examples of accounting and audit requirements, standards, and practice; audited annual financial statements.
Bruce Ambacher 16April2009 - This entire text is a repeat of the previous. with the addition of Discussion

A4.3 (A4.4) The Repository shall have an ongoing commitment to analyze and report on risk, benefit, investment, and expenditure (including assets, licenses, and liabilities).

Supporting Text
The repository must commit to at least these categories of analysis and reporting, with the goal, of maintaining an appropriate balance between risk and benefits, investment and return. This is necessary in order to demonstrate that the repository has identified and documented these categories, and actively manages them, including identifying and responding to risks, describing and leveraging benefits, specifying and balancing investments, and anticipating and preparing for expenditures.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Risk management documents that identify perceived and potential threats and planned or implemented responses (a risk register); technology infrastructure investment planning documents; cost/benefit analyses; financial investment documents and portfolios; requirements for and examples of licenses, contracts, and asset management; evidence of revision based on risk.

A5 Contracts, licenses, & liabilities

A5.1 The Repository shall have and maintain appropriate contracts or deposit agreements for digital materials that it manages, preserves, and/or to which it provides access.

Supporting Text
The repository must be able to produce/execute and adhere to
Bruce Ambacher 16April2009 - I suggest replacing "produce" with "execute and adhere to"
DG 20090418 - could argue that "produce" is needed here because archive must be able to show them - BUT probably should also need to be able to show evidence that the contracts have been followed
relevant contracts, licenses, and/or deposit agreements that express rights, responsibilities, and expectations of each party for digital materials that the repository manages and preserves and to which it provides access. This is necessary in order to ensure that the repository has the rights and authorizations needed to enable it to collect and preserve digital content over time, make that information available to its designated community(ies), and defend those rights when challenged.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Properly signed and executed deposit agreements and licenses; Preservation Policies on third-party deposit arrangements; definitions of service levels and permitted uses; repository policies on the treatment of “orphan works” and copyright dispute resolution; reports of independent risk assessments of these policies; procedures for regularly reviewing and maintaining agreements, contracts, and licenses.
Discussion
Repositories, especially those with third-party deposit arrangements, should guarantee that relevant contracts, licenses, or deposit agreements express rights, responsibilities, and expectations of each party. The repository must show evidence that the contracts have been followed. Contracts and formal deposit agreements should be countersigned and current. When the relationship between depositor and repository is less formal (i.e., a faculty member depositing work in an academic institution's preservation repository), documentation articulating the repository's capabilities and commitments should be provided to each depositor. Repositories engaged in Web archiving may find this requirement difficult because of how Web-based information is harvested/captured for long-term preservation. This kind of data is rarely acquired with contracts or deposit agreements. By its very nature, digital information on the Web is perceived to belong to "everyone and no one." Some repositories capture, manage, and preserve access to this material without written permission from the content creators. Others go through the very time-consuming and costly process of contacting content owners before capturing and ingesting information. Ideally, these agreements will be tracked, linked, managed, and made accessible in a contracts database.

A5.1.1 The Repository shall have contracts or deposit agreements which specify and transfer all necessary preservation rights, and these transferred rights shall be documented.

Supporting Text
The repository shall possess at least minimal preservation rights for the objects that it accepts. This is necessary in order to have sufficient control of the information and limit the repository’s exposure to liability or legal and financial harm that might threaten its viability.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Contracts, deposit agreements; specification(s) of rights transferred for different types of digital content (if applicable); policy statements on requisite preservation rights.
Discussion
Because the right to change or alter digital information is often restricted by law to the creator, it is important that digital repository contracts and agreements address the need to be able to work with and potentially modify digital objects to keep them accessible. Repository agreements with depositors must specify and/or transfer certain rights to the repository enabling appropriate and necessary preservation actions for the digital objects within the repository (this requirement is linked to A3.3.) Because legal negotiations can take time, potentially preventing or slowing the ingest of digital objects at risk, it is acceptable for a digital repository to take in or accept digital objects even with only minimal preservation rights using an open-ended agreement and then deal with expanding to detailed rights later.

A5.1.2 Repository shall have specified all appropriate aspects of acquisition, maintenance, access, and withdrawal in written agreements with depositors and other relevant parties.

Supporting Text
The repository must possess written agreements with producers and contributors of digital content it accepts that specify appropriate responsibilities for the acquisition, maintenance, access, and withdrawal of such information or that demonstrate that it does not need such agreements. This is necessary in order to ensure that the respective roles of repository, producers and contributors in the depositing of digital content and transfer of responsibility for preservation are understood and accepted by all parties
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Properly executed submission agreements, deposit agreements, and deeds of gift; written standard operating procedures
Discussion
The deposit agreement specifies all aspects of these issues that are necessary for the repository to carry out its function. There may be a single agreement covering all deposits, or specific agreements for each deposit, or a standard agreement supplemented by special conditions for some deposits. These special conditions may add to the standard agreement or override some aspects of the standard agreement. Agreements may need to cover restrictions on access and will need to cover all property rights in the digital objects. Agreements may place responsibilities on depositors, such as ensuring that Submission Information Packages (SIPs) conform to some pre-agreed standards, and may allow repositories to refuse SIPs that do not meet these standards. Other repositories may take responsibility for fixing errors in SIPs. The division of responsibilities must always be clear. Agreements, written or otherwise, may not always be necessary. The burden of proof is on the repository to demonstrate that it does not need such agreements for instance, because it has a legal mandate for its activities. An agreement should include, at a minimum, property rights, access rights, conditions for withdrawal, level of security, level of finding aids, SIP definitions, time, volume, and content of transfers. One example of a standard to follow for this is the CCSDS/ISO Producer- Archive Interface Methodology Abstract Standard.

A5.1.3 (was B1.8) The Repository shall have written policies that indicate when it accepts preservation responsibility for contents of each set of submitted data objects

Supporting Text
The repository must ensure that the point at which it accepts responsibility for the preservation of digital content is evident to all producers and depositors. This is necessary in order to avoid misunderstandings between the repository and producer/depositor as to when and how the transfer of responsibility for the digital content occurs.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Properly executed submission agreements, deposit agreements, and deeds of gift; confirmation receipt sent back to producer/depositor.
Discussion
If this requirement is not met, there is a risk that, for example, the original is erased before the repository has taken responsibility for the submitted data objects. Without the understanding that the repository has already taken preservation responsibility for the SIP, there is the risk that the producer/depositor may make changes to the data and these would not be properly archived since they had already been ingested by the repository. For example, for convenience the repository could receive a copy of raw science data from the instrument at the same time the science team gets it, but the science team would have responsibility for it until they turn over responsibility to the final repository. Repositories that report back to their depositors generally will mark this acceptance with some form of notification (for example, confirmation receipts) to the depositor. (This may depend on repository responsibilities as designated in the depositor agreement.) A repository may mark the transfer by sending a formal document, often a final signed copy of the transfer agreement, back to the depositor signifying the completion of the transformation from SIP to AIP process. Other approaches are equally acceptable. Brief daily updates may be generated by a repository that only provides annual formal transfer reports.

A5.1.4 The repository shall have Policies in place to address liability and challenges to ownership/rights.

Supporting Text
The repository must possess Preservation Policies and Preservation Implementation Plans and mechanisms that have been vetted by the appropriate institutional authorities and/or legal experts. This is necessary in order to minimize potential liability and challenges to the rights of the repository
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
A definition of rights, licenses and permissions to be obtained from producers and contributors of digital content; citations to relevant laws and regulations; policy on responding to challenges; documented track record for responding to challenges in ways that do not inhibit preservation; records of relevant legal advice sought and received.
Discussion
The repository's Preservation Policies and Preservation Implementation Plans and mechanisms must be vetted by appropriate institutional authorities and/or legal experts to ensure that responses to challenges adhere to relevant laws and requirements, and that the potential liability for the repository is minimized.

A5.2 The repository shall track and manage intellectual property rights and restrictions on use of repository content as required by deposit agreement, contract, or license.

Supporting Text
The repository must have mechanisms that are sufficient for the institution to track, act on, and verify rights and restrictions related to the use of the digital objects within the repository. This is necessary in order to determine the rights and restrictions for the use of the digital objects within the repository.
Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
A Preservation Policy statement that defines and specifies the repository’s requirements and process for managing intellectual property rights; depositor agreements; samples of agreements and other documents that specify and address intellectual property rights; documentation of monitoring by repository over time of changes in status and ownership of intellectual property in digital content held by the repository ; results from monitoring, metadata that captures rights information.
Discussion

-- MarkConrad - 10 Sep 2007 Need to include a reference to the law as well. Have to be able to track legal requirements that impact the jurisdiction of the repository and the depositors (These may be a different set.).
-- The repository should have a mechanism for tracking licenses and contracts to which it is obligated. Whatever the format of the tracking system, it must be sufficient for the institution to track, act on, and verify rights and restrictions related to the use of the digital objects within the repository. -RD
Bruce Ambacher 16April2009 - I suggest the RD comment be moved up into Supporting Text.
DG 20090418 - looks as if this metric needs to be reviewed
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2009-04-27 - MarieWaltz
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback