Re-expression of requirements using uniform template: Section C
To fill in the template for a requirement, simply click on the "Edit" tab at the top of the page and type text to replace the "..." where they appear under each requirement. When you have finished, click on "Save" at the bottom of the edit page.
C1. System infrastructure
C1.1
Repository functions on well supported operating systems and other core infrastructural software.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.2
Repository ensures that it has adequate hardware and software support for backup functionality sufficient for the repository’s services and for the data held, e.g., metadata associated with access controls, repository main content.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.3
Repository manages the number and location of copies of all digital objects.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.4
Repository has mechanisms in place to ensure any/multiple copies of digital objects are synchronized.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.5
Repository has effective mechanisms to detect bit corruption or loss.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.6
Repository reports to its administration all incidents of data corruption or loss, and steps taken to repair/replace corrupt or lost data.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.7
Repository has defined processes for storage media and/or hardware change (e.g., refreshing, migration).
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.8
Repository has a documented change management process that identifies changes to critical processes that potentially affect the repository’s ability to comply with its mandatory responsibilities.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.9
Repository has a process for testing the effect of critical changes to the system.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C1.10
Repository has a process to react to the availability of new software security updates based on a risk-benefit assessment.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C2. Appropriate technologies
C2.1
Repository has hardware technologies appropriate to the services it provides to its designated communities and has procedures in place to receive and monitor notifications, and evaluate when hardware technology changes are needed.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C2.2
Repository has software technologies appropriate to the services it provides to its designated community(ies) and has procedures in place to receive and monitor notifications, and evaluate when software technology changes are needed.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C3. Security
C3.1
Repository maintains a systematic analysis of such factors as data, systems, personnel, physical plant, and security needs.
Mandatory text that applies to all repositories goes in this section. The text should have pairs of sentences for each mandatory requirement or sub-requirement found in the supporting text of the existing document. The sentence pairs should begin with the phrases, "The repository must..." and This is necessary in order to..." .
The repository must ...
This is necessary in order to ...
Text found in the Evidence section of the current TRAC document goes here.
...
Text found in the supporting text section of the current TRAC document that does not apply to all repositories goes here.
...
C3.2
Repository has implemented controls to adequately address each of the defined security needs.
The repository must show how it has dealt with its security requirements. If some types of material are more likely to be attacked, the repository will need to provide more protection, for instance.
This is necessary in order to ensure that controls are in place to meet the security needs of the repository.
ISO 17799 certification; system control list; risk, threat, or control analyses; addition of controls based on ongoing risk detection and assessment.
Repositories that have experienced incidents could record such instances, including the times when systems or content were affected and describe procedures that have been put in place to prevent similar occurrences in the future.
C3.3
Repository staff have delineated roles, responsibilities, and authorizations related to implementing changes within the system.
The repository must assign individuals to be responsible for implementing changes within the system and provide them with the authority and resources to implement such changes.
This is necessary in order to ensure that individuals have the authority to implement changes, that adequate resources have been assigned for the effort, and that the responsible individuals will be accountable for implementing such changes.
ISO 17799 certification; organizational chart; system authorization documentation.
Authorizations are about who can do what—who can add users, who has access to change metadata, who can get at audit logs. It is important that authorizations are justified, that staff understand what they are authorized to do, and that there is a consistent view of this across the organization.
.
C3.4
Repository has suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).
The repository must have a written plan with some approval process for what happens in specific types of disaster (fire, flood, system compromise, etc.) and for who has responsibility for actions.
This is necessary in order to ensure that sufficient backup and recovery capabilities are in place to facilitate continuing preservation of and access to systems and their content with limited disruption of services.
ISO 17799 certification; disaster and recovery plans; information about and proof of at least one off-site copy of preserved information; service continuity plan; documentation linking roles with activities; local geological, geographical, or meteorological data or threat assessments.
The level of detail in a disaster plan, and the specific risks addressed need to be appropriate to the repository’s location and service expectations. Fire is an almost universal concern, but earthquakes may not require specific planning at all locations. The disaster plan must, however, deal with unspecified situations that would have specific consequences, such as lack of access to a building.
--
SimonLambert - 11 Feb 2008
Main Web>WorkingDocuments > ReqtsWithTemplate>ReqtsWithTemplateC (05 Jan 2009, RobertDowns)EditAttach
Main Web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
Main
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.