Organisational Infrastructure
A1. Governance & organizational viability
Regardless of the size, scope, or nature of the digital preservation program, a trusted repository must
demonstrate an explicit, tangible, and long-term commitment to compliance with prevailing standards,
policies, and practices.
A1.1 Repository has a mission statement that reflects a commitment to the long-term retention of, management of, and access to digital information.
The mission statement of the repository must be clearly identified and accessible to depositors
and other stakeholders and contain an explicit long-term commitment.
Evidence: Mission statement for the repository; mission statement for the organizational context in which the repository sits; legal or legislative mandate; regulatory requirements.
--
KatiaThomaz - 10 May 2007 - It lacks "and this mission statement complies with principles of security of information: awareness, responsability, response, ethics, democracy, risk assessment, security design and implementation, security management, reassessment"; (see OECD Guidelines).
A1.2 Repository has an appropriate, formal succession plan, contingency plans, and/or escrow arrangements in place in case the repository ceases to operate or the governing or funding institution substantially changes its scope.
Part of the repository’s perpetual-care promise is a commitment to identify appropriate successors or
arrangements should the need arise. Consideration needs to be given to this responsibility while the
repository or data is viable—not when a crisis occurs—to avoid irreparable loss. Organizationally, the
data in a repository can be at risk regardless of whether the repository is run by a commercial organization
or a government entity (national library or archives). At government-managed repositories and archives, a
change in government that significantly alters the funding, mission, collecting scope, or staffing of the
institution may put the data at risk. These risks are similar to those faced by commercial and researchbased
repositories and should minimally be addressed by succession plans for significant collections
within the greater repository.
A formal succession plan should include the identification of trusted inheritors, if applicable, and the
return of digital objects to depositors with adequate prior notification, etc. If a formal succession plan is
not in place, the repository should be able to point to indicators that would form the basis of a plan, e.g.,
partners, commitment statements, likely heirs. Succession plans need not specify handoff of entire
repository to a single organization if this is not feasible. Multiple inheritors are possible so long as the
data remains accessible.
Evidence: Succession plan(s); escrow plan(s); explicit and specific statement documenting the intent to ensure continuity of the repository, and the steps taken and to be taken to ensure continuity; formal documents describing exit strategies and contingency plans; depositor agreements.
A2. Organizational structure & staffing
A repository must have designated staff with requisite skills and training and must provide ongoing
development. The repository should be able to document efforts to define and maintain requisite skills,
roles, job descriptions, and development plans.
A2.1 Repository has identified and established the duties that it needs to perform and has appointed staff with adequate skills and experience to fulfill these duties.
The repository must identify the competencies and skill sets required to operate the repository over time
and demonstrate that the staff and consultants have the range of requisite skills—e.g., archival training,
technical skills, and legal expertise.
Evidence: A staffing plan; competency definitions; job description; development plans; plus evidence that the repository review and maintains these documents as requirements evolve.
A2.2 Repository has the appropriate number of staff to support all functions and services.
Staffing for the repository must be adequate for the scope and mission of the archiving program. The
repository should be able to demonstrate an effort to determine the appropriate number and level of staff
that corresponds to requirements and commitments. (These requirements are related to the core
functionality covered by a certification process. Of particular interest to repository certification is whether
the organization has appropriate staff to support activities related to the long-term preservation of the
data.) The accumulated commitments of the repository can be identified in deposit agreements, service
contracts, licenses, mission statements, work plans, priorities, goals, and objectives. Understaffing or a
mismatch between commitments and staffing indicates that the repository cannot fulfill its agreements
and requirements.
Evidence: Organizational charts; definitions of roles and responsibilities; comparison of staffing levels to commitments and estimates of required effort.
--
KatiaThomaz - 10 May 2007 - It lacks “repository evaluate staff effectiveness and suitability” (see DCC/DPE DRAMBORA R24).
A2.3 Repository has an active professional development program in place that provides staff with skills and expertise development opportunities.
Technology will continue to change, so the repository must ensure that its staff’s skill sets evolve,
ideally through a lifelong learning approach to developing and retaining staff. As the requirements and
expectations pertaining to each functional area evolve, the repository must demonstrate that staff are
prepared to face new challenges.
Evidence: Professional development plans and reports; training requirements and training budgets, documentation of training expenditures (amount per staff); performance goals and documentation of staff assignments and achievements, copies of certificates awarded.
A3. Procedural accountability & policy framework
A repository must provide clear and explicit documentation of its requirements, decisions, development,
and actions to ensure long-term preservation and access to digital content in its care. This documentation
assures consumers, management, producers, and certifiers that the repository is meeting its requirements
and fully performing its role as a trusted digital repository. Certification, the clearest indicator of a
repository’s sound and standards-based practice, is facilitated by procedural accountability that results in
comprehensive and current policies, procedures, and practice.
A3.1 Repository has defined its designated community(ies) and associated knowledge base(s) and has publicly accessible definitions and policies in place to dictate how its preservation service requirements will be met.
The definition of the designated community(ies) (producer and user community) is arrived at through the
planning processes used to create the repository and define its services. The definition will be drawn from
various sources ranging from market research to service-level agreements for producers to the mission or
scope of the institution within which the repository is embedded.
Meeting the needs of the designated community—the expected understandability of the information, not
just access to it—will affect the digital object management, as well as the technical infrastructure of the
overall repository. For appropriate long-term planning, the repository or organization must understand
and institute policies to support these needs.
For a given submission of information, the repository must make clear the operational definition of
understandability that is associated with the corresponding designated community(ies). The designated
community(ies) may vary from one submission to another, as may the definition of understandability that
establishes the repository’s responsibility in this area. This may range from no responsibility, if bits are
only to be preserved, to the maintenance of a particular level of use, if understanding by the members of
the designated community(ies) is determined outside the repository, to a responsibility for ensuring a
given level of designated community(ies) human understanding, requiring appropriate Representation
Information.
The documentation of understandability will typically include a definition of the applications the
designated community(ies) will use with the information, possibly after transformation by repository
services. For example, if a designated community is defined as readers of English with access to widely
available document rendering tools, and if this definition is clearly associated with a given set of Content
Information and Preservation Description Information, then the requirement is met.
Examples of designated community definitions include:
- General English-reading public educated to high school and above, with access to a Web Browser (HTML 4.0 capable).
- For GIS data: GIS researchers—undergraduates and above—having an understanding of the concepts of Geographic data and having access to current (2005, USA) GIS tools/computer software, e.g., ArcInfo (2005).
- Astronomer (undergraduate and above) with access to FITS software such as FITSIO, familiar with astronomical spectrographic instruments.
- Student of Middle English with an understanding of TEI encoding and access to an XML rendering environment.
- Variant 1: Cannot understand TEI
- Variant 2: Cannot understand TEI and no access to XML rendering environment
- Variant 3: No understanding of Middle English but does understand TEI and XML
- Two groups: the publishers of scholarly journals and their readers, each of whom have different rights to access material and different services offered to them.
Evidence: Mission statement; written definitions of the designated community(ies); documented policies; service-level agreements.
--
KatiaThomaz - 10 May 2007 - It lacks “repository has defined the external parties”; (see ISO27001 A.6.2).
--
KatiaThomaz - 10 May 2007 - It lacks “repository has defined its assets, owners and uses”; (see ISO27001 A.7). added
A3.2 Repository has procedures and policies in place, and mechanisms for their review, update, and development as the repository grows and as technology and community practice evolve.
The policies and procedures of the repository must be complete, written or available in a tangible form,
remain current, and must evolve to reflect changes in requirements and practice. The repository must
demonstrate that a policy and procedure audit and maintenance is in place and regularly applied. Policies
and procedures should address core areas, including, for example, transfer requirements, submission,
quality control, storage management, disaster planning, metadata management, access, rights
management, preservation strategies, staffing, and security. High-level documents should make
organizational commitments and intents clear. Lower-level documents should make day-to-day practice
and procedure clear. Versions of these documents must be well managed by the repository (e.g., outdated
versions are clearly identified or maintained offline) and qualified staff and peers must be involved in
reviewing, updating, and extending these documents. The repository should be able to document the
results of monitoring for relevant developments; responsiveness to prevailing standards and practice,
emerging requirements, and standards that are specific to the domain, if appropriate; and similar
developments. The repository should be able to demonstrate that it has defined “comprehensive
documentation” for the repository. See Appendix 3: Minimum Required Documents for more
information.
Evidence: Written documentation in the form of policies, procedures, protocols, rules, manuals, handbooks, and workflows; specification of review cycle for documentation; documentation detailing review, update, and development mechanisms. If documentation is embedded in system logic, functionality should demonstrate the implementation of policies and procedures.
A3.3 Repository maintains written policies that specify the nature of any legal permissions required to preserve digital content over time, and repository can demonstrate that these permissions have been acquired when needed.
Because the right to change or alter digital information is often restricted by law to the creator, it is
important that digital repositories address the need to be able to work with and potentially modify digital
objects to keep them accessible over time. Repositories should have written policies and agreements with
depositors that specify and/or transfer certain rights to the repository enabling appropriate and necessary
preservation actions to take place on the digital objects within the repository.
Because legal negotiations can take time, potentially slowing or preventing the ingest of digital objects at
risk, a digital repository may take in or accept digital objects even with only minimal preservation rights
using an open-ended agreement and address more detailed rights later. A repository’s rights must at least
limit the repository’s liability or legal exposure that threatens the repository itself. A repository does not
have sufficient control of the information if the repository itself is legally at risk.
Evidence: Deposit agreements; records schedule; digital preservation policies; records legislation and policies; service agreements.
--
KatiaThomaz - 10 May 2007 - It lacks “repository specify IPR, legislative requirements, and regulatory requirements” (see DCC/DPE DRAMBORA R15, R17, R18 and ISO27001 A15) [One must keep in mind that according to OAIS RM a producer-archive contract is NOT an obligation for an archive].
A3.4 Repository is committed to formal, periodic review and assessment to ensure responsiveness to technological developments and evolving requirements.
Long-term preservation is a shared and complex responsibility. A trusted digital repository contributes to
and benefits from the breadth and depth of community-based standards and practice. Regular review is a
requisite for ongoing and healthy development of the repository. The organizational context of the
repository should determine the frequency of, extent of, and process for self-assessment. The repository
must also be able to provide a specific set of requirements it has defined, is maintaining, and is striving to
meet. (See also A3.9.)
Evidence: A self-assessment schedule, timetables for review and certification; results of self-assessment; evidence of implementation of review outcomes.
A3.5 Repository has policies and procedures to ensure that feedback from producers and users is sought and addressed over time.
The repository should be able to demonstrate that it is meeting explicit requirements, that it systematically
and routinely seeks feedback from stakeholders to monitor expectations and results, and that it is
responsive to the evolution of requirements.
Evidence: A policy that requires a feedback mechanism; a procedure that addresses how the repository seeks, captures, and documents responses to feedback; documentation of workflow for feedback (i.e., how feedback is used and managed); quality assurance records.
A3.6 Repository has a documented history of the changes to its operations, procedures, software, and hardware that, where appropriate, is linked to relevant preservation strategies and describes potential effects on preserving digital content.
The repository must document the full range of its activities and developments over time, including
decisions about the organizational and technological infrastructure. If the repository uses software to
document this history, it should be able to demonstrate this tracking.
Evidence: Policies, procedures, and results of changes that affect all levels of the repository: objects, aggregations of objects; object-level preservation metadata; repository’s records retention strategy document.
A3.7 Repository commits to transparency and accountability in all actions supporting the operation and management of the repository, especially those that affect the preservation of digital content over time.
Transparency is the best assurance that the repository operates in accordance with accepted standards and
practice. Transparency is essential to accountability, and both are achieved through active, ongoing
documentation. The repository should be able to document its efforts to make information about its
development, implementation, evolution, and performance available and accessible to relevant
stakeholders. The usual means of communication an organization uses to provide significant news and
updates to stakeholders should suffice for meeting this requirement.
Evidence: Comprehensive documentation that is readily accessible to stakeholders; unhindered access to content and associated information within repository.
A3.8 Repository commits to defining, collecting, tracking, and providing, on demand, its information integrity measurements.
The repository must develop or adapt appropriate measures for ensuring the integrity of its holdings. The
mechanisms to measure integrity will evolve as technology evolves, but currently include examples such
as the use of checksums at ingest and throughout the preservation process. The chain of custody for all of
its digital content from the point of deposit forward must be explicit, complete, correct, and current. The
repository must demonstrate that the content it has matches the content it received, e.g., with an
implemented registry function that documents content from submission onward. Losses associated with
migration and other preservation actions should also be documented and made available to relevant
stakeholders. (See C1.5 and C1.6.)
If protocols, rules, and mechanisms are embedded in the repository software, there should be some way to
demonstrate the implementation of integrity measurements.
Evidence: An implemented registry system; a definition of the repository’s integrity measurements; documentation of the procedures and mechanisms for integrity measurements; an audit system for collecting, tracking, and presenting integrity measurements; procedures for responding to results of integrity measurements that indicate digital content is at risk; policy and workflow documentation.
A3.9 Repository commits to a regular schedule of self-assessment and certification and, if certified, commits to notifying certifying bodies of operational changes that will change or nullify its certification status.
A repository cannot self-certify because an objective, external measurement using a consistent and
repeatable certification process is needed to ensure and demonstrate that the repository meets and will
likely continue to meet preservation requirements. Therefore, certification is the best indicator that the
repository meets its requirements, fulfills its role, and adheres to appropriate standards. The repository
must demonstrate that it integrates certification preparation and response into its operations and planning.
(See also A3.4.)
Evidence: Completed, dated audit checklists from self-assessment or objective audit; certificates awarded for certification; presence in a certification register (when available); timetable or budget allocation for future certification.
A4. Financial sustainability
A trusted digital repository should be able to prove its financial sustainability. Overall, a trusted
repository adheres to all good business practices and should have a sustainable business plan—a general
set of documents that reflect the past, present, and future of the repository and its activities. A business
plan incorporates management plans and financial implications related to development and normal
production activities, and may note the strategies and/or risks that would affect operations.
Normal business and financial fitness should be reviewed at least annually. Standard accounting
procedures should be used. Both short- and long-term financial planning cycles should demonstrate an
ongoing balance of risk, benefit, investment, and expenditure. Operating budgets and reserves should be
adequate.
A4.1 Repository has short- and long-term business planning processes in place to sustain the repository over time.
The repository must demonstrate that it has formal, cyclical, proactive business planning processes in
place. A brief description of the repository’s business plan should show how the repository will generate
income and assets through services, third-party partnerships, grants, and so forth. As for A1.2
(succession/ contingency/escrow planning), the repository must establish these processes when it is viable
to avoid business crises.
These questions may be pertinent to this requirement:
- Under this plan, to what extent is the repository supported, or expected to be supported, by revenue from content-contributing organizations and agencies, such as publishers?
- To what extent is the repository supported, or expected to be supported, by revenue from subscribers or subscribing institutions?
- What measures are in place, if any, to limit access by nonsubscribing stakeholders?
- What financial incentives are offered, if any, to discourage subscribers from postponing their investment in the repository? From discontinuing investing in the repository?
- To what extent is the repository supported, or expected to be supported, by other kinds of parties?
- How will major future costs, such as migrations, capital improvements, enhancements, providing access in the event of publisher failure, etc., be distributed between publishers, subscribers, and other supporting parties?
- What contingency plans are in place to cover the loss of future revenue and/or outside funding?
- In the event of a catastrophic failure, are reserve assets sufficient to ensure the restoration of subscriber access to content reasonably quickly?
- If this is a national or government-sponsored repository, how is it insulated from political events, such as international conflicts or diplomatic crises, that might affect its ability to serve foreign constituencies?
Evidence: Operating plans; financial reports; budgets; financial audit reports; annual financial reports; financial forecasts; business plans; audit procedures and calendars; evidence of comparable institutions; exposure of business plan to scenarios.
DavidGiaretta - we should perhaps add here that there should be an evaluation of the risks implied by the business plans. Risk is mentioned in A4.4 but that seems rather vague.
A4.2 Repository has in place processes to review and adjust business plans at least annually.
The repository must demonstrate its commitment to proactive business planning by performing cyclical
planning processes at least yearly. The repository should be able to demonstrate its responsiveness to
audit results, for example.
Evidence: Business plans, audit planning (e.g., scope, schedule, process, and requirements) and results; financial forecasts; recent audits and evidence of impact on repository operating procedures.
A4.3 Repository’s financial practices and procedures are transparent, compliant with relevant accounting standards and practices, and audited by third parties in accordance with territorial legal requirements.
The repository cannot just claim transparency, it must show that it adjusts its business practices to keep
them transparent, compliant, and auditable. Confidentiality requirements may prohibit making
information about the repository’s finances public, but the repository should be able to demonstrate that it
is as transparent as it needs to be and can be within the scope of its community.
Evidence: Demonstrated dissemination requirements for business planning and practices; citations to and/or examples of accounting and audit requirements, standards, and practice; evidence of financial audits already taking place.
A4.4 Repository has ongoing commitment to analyze and report on risk, benefit, investment, and expenditure (including assets, licenses, and liabilities).
The repository must commit to at least these categories of analysis and reporting, and maintain an
appropriate balance between them. The repository should be able to demonstrate that it has identified and
documented these categories, and actively manages them, including identifying and responding to risks,
describing and leveraging benefits, specifying and balancing investments, and anticipating and preparing
for expenditures.
Evidence: Risk management documents that identify perceived and potential threats and planned or implemented responses (a risk register); technology infrastructure investment planning documents; costbenefit analyses; financial investment documents and portfolios; requirements for and examples of licenses, contracts, and asset management; evidence of revision based on risk.
DavidGiaretta - should we require that the risk analysis be made available at least to those who deposit information?
A4.5 Repository commits to monitoring for and bridging gaps in funding.
The repository must recognize the possibility of gaps between funding and the costs of meeting the
repository’s commitments to its stakeholders. It commits to bridging these gaps by securing funding and
resource commitments specifically for that purpose; these commitments can come either from the
repository itself or parent organizations, as applicable. Even with effective business planning procedures
in place, any repository with long-term commitments will likely face some kind of resource gap in the
future. The repository must provide essentially an insurance buffer as a first—and hopefully effective—
line of defense, obviating the need to invoke a succession plan except in extreme situations, such as the
repository ceasing operations permanently.
Evidence: Fiscal and fiduciary policies, procedures, protocols, requirements; budgets and financial analysis documents; fiscal calendars; business plan(s); any evidence of active monitoring and preparedness.
A5. Contracts, licenses, & liabilities
A repository’s contracts, licenses, and liabilities should be explicit. They should define clear and
measurable terms; delineate roles, responsibilities, timeframes, and conditions; and be either readily
accessible or available to stakeholders on demand. Contracts include those between the repository and
content owners (depositors, publishers, etc) and those between the repository and its own service
providers (system service/maintenance contracts), with system developers, etc. Regardless of the
relationship, these contracts and licenses must be available for audits so that liabilities and risks can be
evaluated.
A5.1 If repository manages, preserves, and/or provides access to digital materials on behalf of another organization, it has and maintains appropriate contracts or deposit agreements.
Repositories, especially those with third-party deposit arrangements, should guarantee that relevant
contracts, licenses, or deposit agreements express rights, responsibilities, and expectations of each party.
Contracts and formal deposit agreements should be countersigned and current.
When the relationship between depositor and repository is less formal (i.e., a faculty member depositing
work in an academic institution’s preservation repository), documentation articulating the repository’s
capabilities and commitments should be provided to each depositor.
Repositories engaged in Web archiving may find this requirement difficult because of how Web-based
information is harvested/captured for long-term preservation. This kind of data is rarely acquired with
contracts or deposit agreements. By its very nature, digital information on the Web is perceived to belong
to “everyone and no one.” Some repositories capture, manage, and preserve access to this material
without written permission from the content creators. Others go through the very time-consuming and
costly process of contacting content owners before capturing and ingesting information. Regardless of
process, repositories harvesting and ingesting Web-based materials must articulate their rights issues
within publicly accessible policies, and have mechanisms to respond to content owners if the repository’s
rights to collect and preserve certain information are challenged.
Ideally, these agreements will be tracked, linked, managed, and made accessible in a contracts database.
Evidence: Deposit agreements; policies on third-party deposit arrangements; contracts; definitions of service levels; Web archiving policies; procedure for reviewing and maintaining agreements, contracts, and licenses.
A5.2 Repository contracts or deposit agreements must specify and transfer all necessary preservation rights, and those rights transferred must be documented.
Because the right to change or alter digital information is often restricted by law to the creator, it is
important that digital repository contracts and agreements address the need to be able to work with and
potentially modify digital objects to keep them accessible. Repository agreements with depositors must
specify and/or transfer certain rights to the repository enabling appropriate and necessary preservation
actions for the digital objects within the repository. (This requirement is linked to A3.3.)
Because legal negotiations can take time, potentially preventing or slowing the ingest of digital objects at
risk, it is acceptable for a digital repository to take in or accept digital objects even with only minimal
preservation rights using an open-ended agreement and then deal with expanding to detailed rights later.
A repository’s rights must at least limit the repository’s liability or legal exposure that threatens the
repository itself.
Evidence: Contracts, deposit agreements; specification(s) of rights transferred for different types of digital content (if applicable); policy statement on requisite preservation rights.
A5.3 Repository has specified all appropriate aspects of acquisition, maintenance, access, and withdrawal in written agreements with depositors and other relevant parties.
The deposit agreement specifies all aspects of these issues that are necessary for the repository to carry
out its function. There may be a single agreement covering all deposits, or specific agreements for each
deposit, or a standard agreement supplemented by special conditions for some deposits. These special
conditions may add to the standard agreement or override some aspects of the standard agreement.
Agreements may need to cover restrictions on access and will need to cover all property rights in the
digital objects. Agreements may place responsibilities on depositors, such as ensuring that Submission
Information Packages (SIPs) conform to some pre-agreed standards, and may allow repositories to refuse
SIPs that do not meet these standards. Other repositories may take responsibility for fixing errors in SIPs.
The division of responsibilities must always be clear. Agreements, written or otherwise, may not always
be necessary. The burden of proof is on the repository to demonstrate that it does not need such
agreements—for instance, because it has a legal mandate for its activities.
An agreement should include, at a minimum, property rights, access rights, conditions for withdrawal,
level of security, level of finding aids, SIP definitions, time, volume, and content of transfers. One
example of a standard to follow for this is the CCSDS/ISO Producer-Archive Interface Methodology
Abstract Standard.
Evidence: Submission agreements/deposit agreements/deeds of gift; written standard operating procedures.
A5.4 Repository tracks and manages intellectual property rights and restrictions on use of repository content as required by deposit agreement, contract, or license.
--
MarkConrad - 10 Sep 2007 Need to include a reference to the law as well. Have to be able to track legal requirements that impact the jurisdiction of the repository and the depositors (These may be a different set.).
The repository should have a mechanism for tracking licenses and contracts to which it is obligated.
Whatever the format of the tracking system, it must be sufficient for the institution to track, act on, and
verify rights and restrictions related to the use of the digital objects within the repository.
Evidence: A policy statement that defines and specifies the repository’s requirements and process for managing intellectual property rights; depositor agreements; samples of agreements and other documents that specify and address intellectual property rights; demonstrable way to monitor intellectual property; results from monitoring.
A5.5 If repository ingests digital content with unclear ownership/rights, policies are in place to address liability and challenges to those rights.
The repository’s policies and mechanisms must be vetted by appropriate institutional authorities and/or
legal experts to ensure that responses to challenges adhere to relevant laws and requirements, and that the
potential liability for the repository is minimized.
Evidence: A definition of rights; citations for relevant laws and requirements; policy on responding to challenges; documented track record for responding to challenges in ways that do not inhibit preservation; examples of legal advice sought and received.
--
DavidGiaretta - 09 May 2007
--
KatiaThomaz - 10 May 2007
--
SimonLambert - 21 Jun 2007