Trusted Digital Repositories A New Audit Standard A

  • Slides: 21
Download presentation
Trusted Digital Repositories: A New Audit Standard A Follow-on to the OAIS Dan Kowal,

Trusted Digital Repositories: A New Audit Standard A Follow-on to the OAIS Dan Kowal, Data Administrator, NGDC Digital Preservation and Nuclear Disaster: An Animation May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

OAIS Framework May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

OAIS Framework May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Why an Audit? Providers Trustworthiness Users OAIS Archive Other Stakeholders May 16, 2012 EDMC

Why an Audit? Providers Trustworthiness Users OAIS Archive Other Stakeholders May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

TDR: ISO-16363 www. iso 16363. org/ Audit and Certification of Trustworthy Digital Repositories ISO

TDR: ISO-16363 www. iso 16363. org/ Audit and Certification of Trustworthy Digital Repositories ISO Standard XXXXX May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

TDR Definition At the very basic level, the definition of a trustworthy digital repository

TDR Definition At the very basic level, the definition of a trustworthy digital repository must start with ‘a mission to provide reliable, long-term access to managed digital resources to its Designated Community, now and into the future. ’ May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Audit Structure • Organizational Infrastructure • Digital Object Management • Infrastructure and Security Risk

Audit Structure • Organizational Infrastructure • Digital Object Management • Infrastructure and Security Risk Management. May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Organizational Infrastructure • Governance & Organizational Viability • Organizational Structure & Staffing • Procedural

Organizational Infrastructure • Governance & Organizational Viability • Organizational Structure & Staffing • Procedural Accountability & Preservation Policy Framework. • Financial Sustainability • Contracts, Licenses & Liabilities. May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Digital Object Management • • • Ingest: Acquisition of Content Ingest: Creation of the

Digital Object Management • • • Ingest: Acquisition of Content Ingest: Creation of the AIP Preservation Planning AIP Preservation Information Management Access Management May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Risk Management • Technical Infrastructure Risk Management. • Security Risk Management. May 16, 2012

Risk Management • Technical Infrastructure Risk Management. • Security Risk Management. May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Discussions with Data Managers • • Reviewed examples of TDR criteria. Internal vs. External

Discussions with Data Managers • • Reviewed examples of TDR criteria. Internal vs. External audit. Surface vs. Deep Dive. TDR Checklist Eval. for the DOM. May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

TDR Checklist Eval. • Do the DM’s understand the criteria? – 45 DOM criteria

TDR Checklist Eval. • Do the DM’s understand the criteria? – 45 DOM criteria / 37 for DMs. – Discussed some in depth at DM Mtg. – One confirmed reading support doc. – One 1 -on-1 session with DM. – 3 weeks given to review criteria – flag those they don’t understand. – May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Results of TDR Eval • 6 DMs responded • Most tried to evaluate their

Results of TDR Eval • 6 DMs responded • Most tried to evaluate their data sets. • What don’t you understand? – No indication by two DMs. They only made it through half the questions. – 1 to 11 questions flagged. • 1 DM did not submit spreadsheet results: – “evaluation criteria not particularly clear” – “It appears that the DOM portion of TDR Certification is very narrowly directed at the OAIS…and not necessarily applicable to the broad and varied world of data management systems at NGDC. ” May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Next Steps • Clarify Criteria Further. • Remove some of the Criterion? What don’t

Next Steps • Clarify Criteria Further. • Remove some of the Criterion? What don’t apply? • Expectations for assessment feedback. • Implementation plan for the audit. – Pick a few data sets. – Include in the data migration to CLASS. • Answer the first question: Is TDR certification in NGDC’s best interest? May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Org. Infrastructure Example. 1. The repository shall have a mission statement that reflects a

Org. Infrastructure Example. 1. The repository shall have a mission statement that reflects a commitment to the preservation of, long term retention of, management of, and access to digital information. 2. The repository shall have a Preservation Strategic Plan that defines the approach the repository will take in the long-term support of its mission. 3. The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage and provide access to. May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Org. Infrastructure Metric Ex. : May 16, 2012 EDMC Workshop in College Park MD

Org. Infrastructure Metric Ex. : May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Org. Infrastructure Metric Ex. 2: May 16, 2012 EDMC Workshop in College Park MD

Org. Infrastructure Metric Ex. 2: May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Digital Object Element Ex. : May 16, 2012 EDMC Workshop in College Park MD

Digital Object Element Ex. : May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

TDR characteristics • 108 audit metrics. • TDR Board Approves, Audit Teams has to

TDR characteristics • 108 audit metrics. • TDR Board Approves, Audit Teams has to have certifiable credentials. • “Bi-directional” connections emphasized. • PDI Representation Info Emphasized. May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

TDR Audit Eval. Form Aspect B. 5 Information Management B. 2 Ingest: creation of

TDR Audit Eval. Form Aspect B. 5 Information Management B. 2 Ingest: creation of the archivable package Criterion Explanation Occurs (Y/N) B 5. 2 Repository captures or Does the Archive receive its creates minimum descriptive required metadata from the metadata and ensures that it Data Provider or does it is associated with the supply some metadata itself archived object (i. e. , AIP). during ingest? Y B 2. 7. Repository demonstrates that it has access to necessary tools and resources to establish Do your file formats authoritative semantic or subscribe to well known technical context of the standards that are digital objects it contains (i. e. , access to appropriate referenced in a technical international Representation repository that defines the Information and format and the tools to registries). access them? Y/N Evidence Archive usually creates its own metadata. Some exceptions occur where the originator supplies metadata. That depends on the dataset. Data in the Index to Marine and Lacustrine Geological Samples, the "073" grainsize database, and the DSDP/ODP/IODP datasets all conform to well established, well documented standards. https: //www. ngdc. noaa. gov/wiki/images/a/ac/Tdr_checklist. xlsx. zip May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

References • Center for Research Libraries – TDR – Audit Checklist – ISO 16919,

References • Center for Research Libraries – TDR – Audit Checklist – ISO 16919, entitled, Requirements for Bodies providing Audit and Certification • Primary Trustworthy Digital Repository • Download the ISO 16363 Standard May 16, 2012 EDMC Workshop in College Park MD Dan Kowal

Archive Audit -Summary How well does NGDC comply to the Open Archive Information System

Archive Audit -Summary How well does NGDC comply to the Open Archive Information System Standard? Trusted Digital Repository Audit Certification - ISO 16363: 2012 Defines a recommended practice for assessing the trustworthiness of digital repositories Audit Covers: Organizational Structure 25 Measures e. g. Repository has the appropriate number of staff to support all functions and services. Digital Object Management 45 Measures 17 Measures e. g. Repository identifies properties it will preserve for digital objects. e. g. Repository manages the number and location of copies of all digital objects. Three Stage Process: - Self Audit - External Audit Team Review - Audit Team Final Report 21 May 16, 2012 Infrastructure and Security Risk Status: - STP “Deep Dive” Review in 2011 - TDR Education Overview in 2011 - Documentation Collection in 2012 EDMC Workshop in College Park MD Dan Kowal