Re-expression of requirements using uniform template: Section A

-- DavidGiaretta - 11 Aug 2008 - r11 - proposed changes to clarify Preservation Policies - Preservation Strategic Plans - Preservation Implementation Plans

To fill in the template for a requirement, simply click on the "Edit" tab at the top of the page and type text to replace the "..." where they appear under each requirement. When you have finished, click on "Save" at the bottom of the edit page.

A1. Governance & organizational viability

A1.1 Repository has a mission statement that reflects a commitment to the long-term retention of, management of, and access to digital information.

Supporting Text

The repository must have a mission statement that addresses the long-term preservation of, access to and overall management of the digital information it holds. This is necessary in order to provide evidence of an organizational vision and commitment to the long-term preservation of access of digital information. It provides a foundation for appropriate and focused repository Preservation Ppolicy development in support of long-term preservation and resource allocation in keeping with its mission.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Mission statement for the repository; mission statement for the organizational context in which the repository sits; legal or legislative mandate; regulatory requirements.

Discussion

The mission statement should comply “with principles of security of information: awareness, responsability, response, ethics, democracy, risk assessment, security design and implementation, security management, reassessment" (see OECD Guidelines)..

A1.2 Repository has an appropriate, formal succession plan, contingency plans, and/or escrow arrangements in place in case the repository ceases to operate or the governing or funding institution substantially changes its scope.

Supporting Text

The repository must develop and maintain viable succession, contingency, or escrow arrangements to ensure the long-term sustainability of its digital holdings if the repository closes or faces substantial changes in its funding, scope, or mission. A formal succession plan should include the identification of trusted inheritors and the plan and process to ensure long-term sustainability of the digital objects.

This is necessary in order to identify appropriate successors or arrangements should the need arise. As part of the repository's perpetual-care promise, consideration needs to be given to this responsibility while the repository and data are viable& - not when a crisis occurs - to avoid irreparable loss.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Succession plan(s); escrow plan(s); explicit and specific statement documenting the intent to ensure continuity of the repository, and the steps taken and to be taken to ensure continuity; formal documents describing exit strategies and contingency plans; depositor agreements.

Discussion

Organizationally, the data in a repository can be at risk regardless of whether the repository is run by a commercial organization or a government entity (national library or archives). At government-managed repositories and archives, a change in government that significantly alters the funding, mission, collecting scope, or staffing of the institution may put the data at risk. These risks are similar to those faced by commercial and research-based repositories and should minimally be addressed by succession plans for significant collections within the greater repository.

If a formal succession plan is not in place, the repository should be able to point to indicators that would form the basis of a plan, e.g., partners, commitment statements, likely heirs. Succession plans need not specify hand-off of entire repository to a single organization if this is not feasible. Multiple inheritors are possible so long as the data remains accessible. A contingency plan may include a process for the return of digital objects to depositors with adequate prior notification, but the depositor should agree to such an option at the time of deposit.

A2. Organizational structure & staffing

A2.1 Repository has identified and established the duties that it needs to perform and has appointed staff with adequate skills and experience to fulfill these duties.

Supporting Text

The repository must identify the competencies and skill sets required to operate the repository over time and demonstrate that the staff and consultants have the range of requisite skills—e.g., archival training, technical skills, and legal expertise.

This is necessary in order to ensure that the repository can complete all tasks associated with the management of, access to, and long-term preservation of the data objects. Preservation depends upon a range of activities from maintaining hardware and software to migrating content and storage media to negotiating intellectual property rights agreements. In order to ensure long-term sustainability, a repository must be aware of all the required activities and demonstrate that it can successfully complete them. The preservation chain is only as strong as its weakest link.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

A staffing plan; competency definitions; job description; development plans; plus evidence that the repository review and maintains these documents as requirements evolve.

Discussion

A2.2 Repository has the appropriate number of staff to support all functions and services.

Supporting Text

The repository must maintain staffing that is adequate for the scope and mission of the archiving program. The repository should determine the appropriate number and level of staff that corresponds to requirements and commitments. The repository should also demonstrate how it evaluates staff effectiveness and suitability to support its functions and services.

This is necessary in order to ensure the long-term retention of, management of, and access to the digital information held within the repository.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Organizational charts; definitions of roles and responsibilities; comparison of staffing levels to commitments and estimates of required effort.

Discussion

The accumulated commitments of the repository can be identified in deposit agreements, service contracts, licenses, mission statements, work plans, priorities, goals, and objectives. Understaffing or a mismatch between commitments and staffing indicates that the repository cannot fulfill its agreements and requirements.(These requirements are related to the core functionality covered by a certification process. Of particular interest to repository certification is whether the organization has appropriate staff to support activities related to the long-term preservation of the data.)

-- KatiaThomaz - 10 May 2007 - It lacks “repository evaluate staff effectiveness and suitability” (see DCC/DPE DRAMBORA R24).

A2.3 Repository has an active professional development program in place that provides staff with skills and expertise development opportunities.

Supporting Text

Technology will continue to change, so the repository must ensure that its staff’s skill sets evolve.

This is necessary in order to ensure that staff can meet the challenges posed by new technology to the viability of the repository.

As the requirements and expectations pertaining to each functional area evolve, the repository must demonstrate that staff are prepared to face new challenges.

This is necessary in order to ensure the repository can meet the evolving requirements of its designated community(ies).

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Professional development plans and reports; training requirements and training budgets, documentation of training expenditures (amount per staff); performance goals and documentation of staff assignments and achievements, copies of certificates awarded.

Discussion

Ideally the repository will meet this requirement through a lifelong learning approach to developing and retaining staff.

A3. Procedural accountability & Preservation Ppolicy framework

A repository must provide clear and explicit documentation of its requirements, decisions, development, and actions to ensure long-term preservation and access to digital content in its care. This documentation assures consumers, management, producers, and certifiers that the repository is meeting its requirements and fully performing its role as a trusted digital repository. Certification, the clearest indicator of a repository’s sound and standards-based practice, is facilitated by procedural accountability that results in comprehensive and current Preservation Ppolicies, procedures, and practice.

A3.1 Repository has defined its designated community(ies) and associated knowledge base(s) and has publicly accessible definitions and Preservation Ppolicies in place to dictate how its preservation service requirements will be met.

Supporting Text

The repository must have Preservation Ppolicies in place that define its technical infrastructure, its services, and the expected level of understandability for each of its designated community(ies) for each Archival Information Product.

This is necessary in order to ensure each designated community knows the operational definition of understandability for its community and the base knowledge set each user must possess.

The repository's level of service must be able to vary from one submission to another, as may the definition of understandability that establishes the repository’s responsibility in this area. This may range from no responsibility, if bits are only to be preserved, to the maintenance of a particular level of use, if understanding by the members of the designated community(ies) is determined outside the repository, to a responsibility for ensuring a given level of designated community(ies) human understanding, requiring appropriate Representation Information.

This is necessary in order to provide appropriate levels of service to each designated community while keeping the necessary resource commitment to a minimum.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement: *
Mission statement; written definitions of the designated community(ies); documented policies; service-level agreements.|

Discussion

The documentation of understandability will typically include a definition of the applications the designated community(ies) will use with the information, possibly after transformation by repository services. For example, if a designated community is defined as readers of English with access to widely available document rendering tools, and if this definition is clearly associated with a given set of Content Information and Preservation Description Information, then the requirement is met.

Examples of designated community definitions include:

General English-reading public educated to high school and above, with access to a Web Browser (HTML 4.0 capable). For GIS data: GIS researchers—undergraduates and above—having an understanding of the concepts of Geographic data and having access to current (2005, USA) GIS tools/computer software, e.g., ArcInfo (2005). Astronomer (undergraduate and above) with access to FITS software such as FITSIO, familiar with astronomical spectrographic instruments. Student of Middle English with an understanding of TEI encoding and access to an XML rendering environment. Variant 1: Cannot understand TEI Variant 2: Cannot understand TEI and no access to XML rendering environment Variant 3: No understanding of Middle English but does understand TEI and XML Two groups: the publishers of scholarly journals and their readers, each of whom have different rights to access material and different services offered to them. ...

-- KatiaThomaz - 28 Apr 2008 - It lacks “repository has defined the external parties” (see ISO27001 A.6.2), and “repository has defined its assets, owners and uses” (see ISO27001 A.7).

A3.2 Repository has procedures and Preservation Ppolicies in place, and mechanisms for their review, update, and development as the repository grows and as technology and community practice evolve.

Supporting Text

The repository must have current, complete policies and procedures in place in a written or otherwise tangible form.

This is necessary to reflect changes in requirements and practice.

The repository must demonstrate that an audit and maintenance process based on Preservation Policies, Preservation Strategic Plans and Preservation Implementation Planspolicy and procedure is in place and regularly applied.

This is necessary in order to demonstrate that Preservation Ppolicies and procedures are understood and implemented.

The repository must have Preservation Implementation Planspolicies and procedures that address core areas, including, for example, transfer requirements, submission, quality control, storage management, disaster planning, metadata management, access, rights management, Preservation Strategic Planspreservation strategies, staffing, and security. High-level documents should make organizational commitments and intents clear. Lower-level documents should make day-to-day practice and procedure clear.

This is necessary in order make the repository's operations transparent and understandable.

The repository must manage all versions of these documents (e.g., outdated versions are clearly identified or maintained offline) and qualified staff and peers must be involved in reviewing, updating, and extending these documents.

This is necessary in order to document the results of monitoring for relevant developments; responsiveness to prevailing standards and practice, emerging requirements, and standards that are specific to the domain, if appropriate; and similar developments.

The repository should be able to demonstrate that it has defined “comprehensive documentation” for the repository.

This is necessary in order to demonstrate that Preservation Ppolicies and procedures are understood and implemented. See Appendix 3: Minimum Required Documents for more information.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

_Written documentation in the form of Preservation Policies, Preservation Strategic Plans and Preservation Implementation Planspolicies, procedures, protocols, rules, manuals, handbooks, and workflows; specification of review cycle for documentation; documentation detailing review, update, and development mechanisms. If documentation is embedded in system logic, functionality should demonstrate the implementation of policies and procedures.

Discussion
NOTE: Katia Thomaz comments not transferred

A3.3 Repository maintains written Preservation Ppolicies that specify the nature of any legal permissions required to preserve digital content over time, and repository can demonstrate that these permissions have been acquired when needed.

The repositories must have written policies and agreements with depositors that specify and/or transfer certain rights to the repository enabling appropriate and necessary preservation actions to take place on the digital objects within the repository.

This is necessary in order to work with and potentially modify digital objects to keep them accessible over time, a right often restricted by law to the creator.

The repository must be able to take in or accept digital objects even with only minimal preservation rights using an open-ended agreement and address more detailed rights later. A repository’s rights must at least limit the repository’s liability or legal exposure that threatens the repository itself. A repository does not have sufficient control of the information if the repository itself is legally at risk.

This is necessary in order to ensure the transfer and preservation of digital objects at risk because legal negotiations can take time, potentially slowing or preventing the ingest of such objects.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

* Deposit agreements; records schedule; digital preservation policies; records legislation and policies; service agreements

...

Discussion

NOTE: Katia Thomaz comment not transferred

-- KatiaThomaz - 28 Apr 2008 - Does it include IPR, legislative requirements, and regulatory requirements (see DCC/DPE DRAMBORA R15, R17, R18 and ISO27001 A15)?

A3.4 Repository is committed to formal, periodic review and assessment to ensure responsiveness to technological developments and evolving requirements.

Supporting Text

The repository must commit to regular review and assessment.

This is necessary in order to provide for ongoing and healthy development of the repository. The organizational context of the repository should determine the frequency of, extent of, and process for self-assessment.

The repository must be able to provide a specific set of requirements it has defined, is maintaining, and is striving to meet for such reviews.

This is necessary in order to demonstrate the commitment to and quality of all reviews and assessments.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

A self-assessment schedule, timetables for review and certification; results of self-assessment; evidence of implementation of review outcomes.

Discussion

(See also A3.9.)

A3.5 Repository has Preservation Implementation Planspolicies and procedures to ensure that feedback from producers and users is sought and addressed over time.

Supporting Text

_Mandatory text The repository must be able to demonstrate that it seeks feedback from stakeholders to monitor expectations and results and that it is responsive to this feedback over time. This is necessary in order to ensure stakeholders expectations are being met.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Policies, Plans procedures, and results of changes that affect all levels of the repository, including: objects, aggregations of objects, object-level preservation metadata, and repository records that retain strategy documents.

Discussion
See 27A6.1.7 -MEW

A3.6 Repository has a documented history of the changes to its operations, procedures, software, and hardware. .

Supporting Text
The repository must document the full range of its activities and developments over time. This should include decisions about the organizational and technical infrastructure.

This is necessary in order to provide auditors and stakeholders with documentation that clearly traces decisions made by the repository.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Policies, Plans procedures and results of changes that affect all levels of the repository. These include: object aggregations of objects; object-level preservation metadata; respository records retention strategy document.

Discussion
If the respository uses software to document its history, it should be able to demonstrate these tracking tools.

Where appropriate, the history is linked to relevant preservation strategies and describes potential effects on preserving digital content.

-MEW

A3.7 Repository commits to transparency and accountability in all actions supporting the operation and management of the repository, especially those that affect the preservation of digital content over time.

Supporting Text
The repository must show a committment to transparency and accountability through providing reasonable access to its content and to whatever documentation gives information about the development, implementation, evolution, preservation and performance of the repository.

This is necessary because transparency is the best assurance that the repository operates in accordance with accepted standards and practices.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
Documentation regarding the retention of sign up sheets, access logs, copies of communications in which a repository has provided significant news and updates to stakeholders, such as newsletters, e-mails, etc.

Discussion
-MEW

A3.8 Repository commits to defining, collecting, tracking, and providing, on demand, its information integrity measurements.

Supporting Text
The repository must provide documentation that is has developed or adapted appropriate measures for ensuring the integrity of its holdings.

This is necessary in order to ensure documentation exists regarding how the loss in content or in the integrity of the data is prevented.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement
An implemented registry system, a definition of the repository's integrity measures, documentation of the procedures and mechanisms for integrity measurements, an audit system for collecting, tracking and presenting integrity measurements, procedures for responding to results of integrity measurements that indicate digital content is at risk, Preservation Ppolicy and workflow documentation.

Discussion
See 27A12.2.2 We know that the mechanisms to measure integrity will evolve as technology evolves.

If protocols, rules and mechanisms are embedded in the repository software, there should be some way to demonstrate the implementation of integrity measures.

-MEW

A3.9 Repository commits to a regular schedule of self-assessment and certification and, if certified, commits to notifying certifying bodies of operational changes that will change or nullify its certification status.

Supporting Text
The repository must commit to a regular schedule of self-assessment and certification.

This is necessary because certification is the best indicator that the repository meets its requirements, fulfills its role, and adheres to appropriate standards.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Completed, dated audit checklists from self-assessment or objective audit. Certificates awarded for certification. A timetable or budget allocation for future certification.

Discussion
Presence in a certification register (when available.) Isn't this very similar to A3.4? See 27A6.1.8 -MEW

A4. Financial sustainability

A4.1 Repository has short- and long-term business planning processes in place to sustain the repository over time.

-- MarkConrad - 05 Mar 2008

Supporting Text

The repository must demonstrate that it has formal, cyclical, proactive business planning processes in place.

This is necessary in order to ensure the viability of the repository over the period of time it has promised to provide access to its contents for its designated community(ies).

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Operating plans; financial reports; budgets; financial audit reports; annual financial reports; financial forecasts; business plans; audit procedures and calendars; evidence of comparable institutions; exposure of business plan to scenarios.

Discussion

A brief description of the repository’s business plan should show how the repository will generate income and assets through services, third-party partnerships, grants, and so forth.

These questions may be pertinent to this requirement:

* Under this plan, to what extent is the repository supported, or expected to be supported, by revenue from content-contributing organizations and agencies, such as publishers?

* To what extent is the repository supported, or expected to be supported, by revenue from subscribers or subscribing institutions?

* What measures are in place, if any, to limit access by nonsubscribing stakeholders?

* What financial incentives are offered, if any, to discourage subscribers from postponing their investment in the repository? From discontinuing investing in the repository?

* To what extent is the repository supported, or expected to be supported, by other kinds of parties?

* How will major future costs, such as migrations, capital improvements, enhancements, providing access in the event of publisher failure, etc., be distributed between publishers, subscribers, and other supporting parties?

* What contingency plans are in place to cover the loss of future revenue and/or outside funding?

* In the event of a catastrophic failure, are reserve assets sufficient to ensure the restoration of subscriber access to content reasonably quickly?

* If this is a national or government-sponsored repository, how is it insulated from political events, such as international conflicts or diplomatic crises, that might affect its ability to serve foreign constituencies?

A4.2 Repository has in place processes to review and adjust business plans at least annually.

-- MarkConrad - 05 Mar 2008

Supporting Text

The repository must demonstrate its commitment to proactive business planning by performing cyclical planning processes at least yearly.

This is necessary in order to ensure the business plans are responsive to changes in the repository's environment that might affect its economic viability.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Business plans, audit planning (e.g., scope, schedule, process, and requirements) and results; financial forecasts; recent audits and evidence of impact on repository operating procedures.

Discussion

The repository should be able to demonstrate its responsiveness to audit results, for example.

A4.3 Repository’s financial practices and procedures are transparent, compliant with relevant accounting standards and practices, and audited by third parties in accordance with territorial legal requirements.

-- MarkConrad - 05 Mar 2008

Supporting Text

The repository cannot just claim transparency, it must show that it adjusts its business practices to keep them transparent, compliant, and auditable.

This is necessary in order to guard against malfeasance or other untoward activity that might threaten the economic viability of the repository.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Demonstrated dissemination requirements for business planning and practices; citations to and/or examples of accounting and audit requirements, standards, and practice; evidence of financial audits already taking place.

Discussion

Confidentiality requirements may prohibit making information about the repository’s finances public, but the repository should be able to demonstrate that it is as transparent as it needs to be and can be within the scope of its community.

A4.4 Repository has ongoing commitment to analyze and report on risk, benefit, investment, and expenditure (including assets, licenses, and liabilities).

-- MarkConrad - 05 Mar 2008

Supporting Text

The repository must commit to at least these categories of analysis and reporting, and maintain an appropriate balance between them.

This is necessary in order to to demonstrate that the repository has identified and documented these categories, and actively manages them, including identifying and responding to risks, describing and leveraging benefits, specifying and balancing investments, and anticipating and preparing for expenditures.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Risk management documents that identify perceived and potential threats and planned or implemented responses (a risk register); technology infrastructure investment planning documents; costbenefit analyses; financial investment documents and portfolios; requirements for and examples of licenses, contracts, and asset management; evidence of revision based on risk.

Discussion

-- MarkConrad - 05 Mar 2008 ??? Not sure what to put here.

A4.5 Repository commits to monitoring for and bridging gaps in funding.

-- MarkConrad - 05 Mar 2008

Supporting Text

The repository must recognize the possibility of gaps between funding and the costs of meeting the repository’s commitments to its stakeholders. It must commit to bridging these gaps by securing funding and resource commitments specifically for that purpose.

This is necessary because even with effective business planning procedures in place, any repository with long-term commitments will likely face some kind of resource gap in the future. If the repository cannot bridge these gaps its viability is threatened.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Fiscal and fiduciary policies, procedures, protocols, requirements; budgets and financial analysis documents; fiscal calendars; business plan(s); any evidence of active monitoring and preparedness.

Discussion

These commitments to bridge funding gaps can come either from the repository itself or parent organizations, as applicable. The repository must provide essentially an insurance buffer as a first—and hopefully effective— line of defense, obviating the need to invoke a succession plan except in extreme situations, such as the repository ceasing operations permanently.

A5. Contracts, licenses, & liabilities

A5.1 If repository manages, preserves, and/or provides access to digital materials on behalf of another organization, it has and maintains appropriate contracts or deposit agreements.

Supporting Text

The repository must articulate their rights issues within publicly accessible Preservation Ppolicies or be able to produce relevant contracts, licenses, or deposit agreements that express rights, responsibilities, and expectations of each party for digital materials that the repository manages, preserves or provides access to on behalf of another organization.

This is necessary in order to have mechanisms to respond to content owners if the repository’s rights to collect and preserve certain information are challenged.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Deposit agreements; Preservation Ppolicies on third-party deposit arrangements; contracts; definitions of service levels; Web archiving policies; procedure for reviewing and maintaining agreements, contracts, and licenses.

Discussion

Repositories, especially those with third-party deposit arrangements, should guarantee that relevant contracts, licenses, or deposit agreements express rights, responsibilities, and expectations of each party. Contracts and formal deposit agreements should be countersigned and current.

When the relationship between depositor and repository is less formal (i.e., a faculty member depositing work in an academic institution’s preservation repository), documentation articulating the repository’s capabilities and commitments should be provided to each depositor.

Repositories engaged in Web archiving may find this requirement difficult because of how Web-based information is harvested/captured for long-term preservation. This kind of data is rarely acquired with contracts or deposit agreements. By its very nature, digital information on the Web is perceived to belong to “everyone and no one.” Some repositories capture, manage, and preserve access to this material without written permission from the content creators. Others go through the very time-consuming and costly process of contacting content owners before capturing and ingesting information.

Ideally, these agreements will be tracked, linked, managed, and made accessible in a contracts database.

- RD

A5.2 Repository contracts or deposit agreements must specify and transfer all necessary preservation rights, and those rights transferred must be documented.

Supporting Text

The repository must possess at least minimal preservation rights for the objects that it accepts.

This is necessary in order to have sufficient control of the information and limit the repository’s liability or legal exposure that could threaten the repository itself.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Contracts, deposit agreements; specification(s) of rights transferred for different types of digital content (if applicable); policy statement on requisite preservation rights.

Discussion

Because the right to change or alter digital information is often restricted by law to the creator, it is important that digital repository contracts and agreements address the need to be able to work with and potentially modify digital objects to keep them accessible. Repository agreements with depositors must specify and/or transfer certain rights to the repository enabling appropriate and necessary preservation actions for the digital objects within the repository. (This requirement is linked to A3.3.)

Because legal negotiations can take time, potentially preventing or slowing the ingest of digital objects at risk, it is acceptable for a digital repository to take in or accept digital objects even with only minimal preservation rights using an open-ended agreement and then deal with expanding to detailed rights later.

-RD

A5.3 Repository has specified all appropriate aspects of acquisition, maintenance, access, and withdrawal in written agreements with depositors and other relevant parties.

Supporting Text

The repository must possess written agreements with producers that specify appropriate responsibilities for acquisition, maintenance, access, and withdrawal of objects that it accepts or demonstrate that it does not need such agreements.

This is necessary in order to enable the repository to carry out its function.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

Submission agreements/deposit agreements/deeds of gift; written standard operating procedures.

Discussion

The deposit agreement specifies all aspects of these issues that are necessary for the repository to carry out its function. There may be a single agreement covering all deposits, or specific agreements for each deposit, or a standard agreement supplemented by special conditions for some deposits. These special conditions may add to the standard agreement or override some aspects of the standard agreement. Agreements may need to cover restrictions on access and will need to cover all property rights in the digital objects. Agreements may place responsibilities on depositors, such as ensuring that Submission Information Packages (SIPs) conform to some pre-agreed standards, and may allow repositories to refuse SIPs that do not meet these standards. Other repositories may take responsibility for fixing errors in SIPs. The division of responsibilities must always be clear. Agreements, written or otherwise, may not always be necessary. The burden of proof is on the repository to demonstrate that it does not need such agreements—for instance, because it has a legal mandate for its activities.

An agreement should include, at a minimum, property rights, access rights, conditions for withdrawal, level of security, level of finding aids, SIP definitions, time, volume, and content of transfers. One example of a standard to follow for this is the CCSDS/ISO Producer-Archive Interface Methodology Abstract Standard.

-RD

A5.4 Repository tracks and manages intellectual property rights and restrictions on use of repository content as required by deposit agreement, contract, or license.

Supporting Text

The repository must have mechanisms that are sufficient for the institution to track, act on, and verify rights and restrictions related to the use of the digital objects within the repository.

This is necessary in order to determine the rights and restrictions for the use of the digital objects within the repository.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

A Preservation Ppolicy statement that defines and specifies the repository’s requirements and process for managing intellectual property rights; depositor agreements; samples of agreements and other documents that specify and address intellectual property rights; demonstrable way to monitor intellectual property; results from monitoring.

Discussion

-- MarkConrad - 10 Sep 2007 Need to include a reference to the law as well. Have to be able to track legal requirements that impact the jurisdiction of the repository and the depositors (These may be a different set.).

The repository should have a mechanism for tracking licenses and contracts to which it is obligated. Whatever the format of the tracking system, it must be sufficient for the institution to track, act on, and verify rights and restrictions related to the use of the digital objects within the repository.

-RD

A5.5 If repository ingests digital content with unclear ownership/rights, Preservation Ppolicies are in place to address liability and challenges to those rights.

Supporting Text

The repository must possess Preservation Policies and Preservation Implementation Planspolicies and mechanisms that have been vetted by appropriate institutional authorities and/or legal experts.

This is necessary in order to minimize potential liability and challenges to the rights of the repository.

Examples of Ways the Repository can Demonstrate it is Meeting this Requirement

A definition of rights; citations for relevant laws and requirements; policy on responding to challenges; documented track record for responding to challenges in ways that do not inhibit preservation; examples of legal advice sought and received.

Discussion

The repository’s Preservation Policies and Preservation Implementation Planspolicies and mechanisms must be vetted by appropriate institutional authorities and/or legal experts to ensure that responses to challenges adhere to relevant laws and requirements, and that the potential liability for the repository is minimized.

-RD

Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r13 - 2009-02-07 - DavidGiaretta
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback