Trustworthy Repositories Audit & Certification

Last updated

Trustworthy Repositories Audit & Certification (TRAC) is a document describing the metrics of an OAIS-compliant digital repository that developed from work done by the OCLC/RLG Programs and National Archives and Records Administration (NARA) task force initiative. [1]

Contents

The TRAC checklist is an Auditing tool to assess the reliability, commitment and readiness of institutions to assume long-term preservation responsibilities. Currently the repository is under the care of the CRL who are utilizing it in several independent projects. [2] The TRAC checklist was superseded in 2012 by the ISO 16363, known as the Trusted Digital Repository (TDR) Checklist. [3]

History

A diagram of the development of digital repository standards Digitalrepositorystandards.png
A diagram of the development of digital repository standards

In 1996 the Consultative Committee for Space Data Systems established a task force that developed OAIS, a high-level model for the operation of archives. OAIS was accepted as ISO 14721 in 2002. The original task force stated that an independent auditing method was necessary to certify OAIS-compliance and thus engender trust. [4] However, despite the lack of certified auditors and auditing metrics, repositories were already implementing OAIS concepts and labeling themselves OAIS-compliant. [5]

Development of OAIS auditing metrics began in 2003. A joint task force of OCLC/RLG and NARA built upon a previous OCLC/RLG project, Trusted Digital Repositories: Attributes and Responsibilities, [6] and wrote the metrics collectively known as Trustworthy Repositories Audit & Certification (TRAC). After the publication of TRAC in 2007, CRL was given the responsibility to carry out test audits using the metrics.

TRAC is the basis of the Trusted Digital Repository (TDR) document that was accepted as ISO 16363 in 2012. [7]

Process

The TRAC metrics are split into three subject groups:

A TRAC audit consists of a repository completing the TRAC checklist by citing they fulfill each metric. Metrics can be fulfilled by citing relevant documentation, typical practice, or a combination of both. The TRAC auditors then examine this self-audit. After an on-site visit to discuss any concerns with the provided evidence, the auditors grade the repository on a scale of 1 to 5 for each of the three subject groups.

To retain certification, repositories meet with the auditors within 18 to 24 months for a consultation. After 4 years, the certification expires and the repository must begin a new audit.

Trustworthiness as concept

The concept of trust underpins the relationship between repositories and their users. The development of the OAIS model (Open Archival Information System) was accompanied by a demand for assurance that repositories claiming to use OAIS actually adhere to those standards; that is, a demand for trustworthiness. [8] The team behind TRAC, led by Robin Dale and Bruce Ambacher, conceived of the trustworthiness of the TRAC-certified repositories as not only providing for well-sourced and well-formatted records and metadata, but transparent managerial procedures and sustainable, long-term structural support. [9] The TRAC creators conceived of four core principles that underpin the checklist's criteria for a trusted digital repository (TDR): documentation (evidence), transparency, adequacy and measurability.

TRAC expanded upon the previous definition of a TDR that had been developed from the seminal 1996 PDI report that first called for audit and certification of digital repositories. [4] It selectively drew upon models such as Germany's nestor, RLG and OCLC's original TDR description and the Cornell model for Trusted Digital Repository Attributes. [10] According to Elizabeth Yakel, Ixchel Faniel, Adam Kriesberg and Ayoung Yoon, it still overlooked key factors in perceived trustworthiness. They demonstrated that understandings of trustworthiness vary across disciplines, and the 2007 TRAC checklist did not address or fully weigh the impact of differences within designated communities in perceptions of trust. [11] Another key conclusion of their study was there is a difference between users' trust in data and their trust in repositories. Further research by Yoon identified a strong correlation between TRAC's first two metrics (organizational infrastructure and digital object management) and user trust of repositories, but little user interest in the third metric (technical infrastructure and security). [12] Drawing on previous work on TRAC, Yoon identified a "lack of deception" as the key feature in establishing trust in both sources and repositories. In 2012, ISO 16363 expanded upon and superseded the 2007 TRAC checklist by adding more detailed criteria, as well as providing a new standard for bodies seeking to be certified to perform certification. [13]

Alternatives

TRAC is not the only certification system to assess the trustworthiness of a digital information system. Other systems include: [13]

Because of the time and resources required by the certification process, information professionals have also developed other models for trustworthiness assessment of digital repositories. [17] These include:

Implementation and impact

The CRL lays out and oversees the TRAC metrics. To date, CRL has certified six repositories according to criteria set out in the TRAC checklist. [22] However, its influence has spread far beyond CRL-certified repositories since TRAC is commonly used as a self-auditing tool, such as at the University of North Texas and Cornell University. [23] [24] TRAC's successor, ISO 16363, also provides the basis of the services provided by the Primary Trustworthy Digital Repository Authorization Body (PTAB), a private sector agency providing outside auditing services. [25] The first certification of a repository by PTAB was for the Indira Gandhi National Centre for the Arts, completed in January 2018. [26] Beyond these direct successors, TRAC remains among the most influential resource for independent systems of self-audit and assessment. [27] [17]

See also

Related Research Articles

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.

<span class="mw-page-title-main">Digital obsolescence</span>

Digital obsolescence is the risk of data loss because of inabilities to access digital assets, due to the hardware or software required for information retrieval being repeatedly replaced by newer devices and systems, resulting in increasingly incompatible formats. While the threat of an eventual "digital dark age" was initially met with little concern until the 1990s, modern digital preservation efforts in the information and archival fields have implemented protocols and strategies such as data migration and technical audits, while the salvage and emulation of antiquated hardware and software address digital obsolescence to limit the potential damage to long-term information access.

In library and archival science, digital preservation is a formal endeavor to ensure that digital information of continuing value remains accessible and usable. It involves planning, resource allocation, and application of preservation methods and technologies, and it combines policies, strategies and actions to ensure access to reformatted and "born-digital" content, regardless of the challenges of media failure and technological change. The goal of digital preservation is the accurate rendering of authenticated content over time. The Association for Library Collections and Technical Services Preservation and Reformatting Section of the American Library Association, defined digital preservation as combination of "policies, strategies and actions that ensure access to digital content over time." According to the Harrod's Librarian Glossary, digital preservation is the method of keeping digital material alive so that they remain usable as technological advances render original hardware and software specification obsolete.

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

An Open Archival Information System is an archive, consisting of an organization of people and systems, that has accepted the responsibility to preserve information and make it available for a Designated Community. The OAIS model can be applied to various archives, e.g., open access, closed, restricted, "dark", or proprietary.

The Digital Curation Centre (DCC) was established to help solve the extensive challenges of digital preservation and digital curation and to lead research, development, advice, and support services for higher education institutions in the United Kingdom.

Quality engineering is the discipline of engineering concerned with the principles and practice of product and service quality assurance and control. In software development, it is the management, development, operation and maintenance of IT systems and enterprise architectures with a high quality standard.

The digital repository audit method based on risk assessment (DRAMBORA) is a methodology and associated software-based toolkit developed by Digital Curation Centre (DCC) and DigitalPreservationEurope (DPE) to support the assessment of digital preservation repositories.

The Digital Preservation Award is an international award sponsored by the Digital Preservation Coalition. The award 'recognises the many new initiatives being undertaken in the challenging field of digital preservation'. It was inaugurated in 2004 and was initially presented as part of the Institute of ConservationConservation Awards. Since 2012 the prize, which includes a trophy and a cheque, is presented independently. Awards ceremonies have taken place at the British Library, the British Museum and the Wellcome Trust.

Preservation metadata is item level information that describes the context and structure of a digital object. It provides background details pertaining to a digital object's provenance, authenticity, and environment. Preservation metadata, is a specific type of metadata that works to maintain a digital object's viability while ensuring continued access by providing contextual information, usage details, and rights.

The Center for Research Libraries is a consortium of North American universities, colleges, and independent research libraries, based on a buy-in concept for membership of the consortia. The consortium acquires and preserves traditional and digital resources for research and teaching and makes them available to member institutions through interlibrary loan and electronic delivery. It also gathers and analyzes data pertaining to the preservation of physical and digital resources, and fosters the sharing of expertise, in order to assist member libraries in maintaining their collections.

Digital curation is the selection, preservation, maintenance, collection, and archiving of digital assets. Digital curation establishes, maintains, and adds value to repositories of digital data for present and future use. This is often accomplished by archivists, librarians, scientists, historians, and scholars. Enterprises are starting to use digital curation to improve the quality of information and data within their operational and strategic processes. Successful digital curation will mitigate digital obsolescence, keeping the information accessible to users indefinitely. Digital curation includes digital asset management, data curation, digital preservation, and electronic records management.

PREservation Metadata: Implementation Strategies (PREMIS) is the de facto digital preservation metadata standard.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

The UK Data Service is the largest digital repository for quantitative and qualitative social science and humanities research data in the United Kingdom. The organisation is funded by the UK government through the Economic and Social Research Council and is led by the UK Data Archive at the University of Essex, in partnership with other universities.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

eCOGRA is a London-based testing agency and standards organisation in the realm of online gambling. The company was established in 2003 in the United Kingdom at the behest of the online gaming industry as the first industry self-regulation system. eCOGRA is a testing laboratory, inspection body, and certification body, specializing in the certification of online gaming software and the audit of Information Security Management Systems.

Keeping the foresight of rapidly changing technologies and rampant digital obsolescence, in 2008, the R & D in IT Group, Ministry of Electronics and Information Technology, Government of India envisaged to evolve Indian digital preservation initiative. In order to learn from the experience of developed nations, during March 24–25, 2009, an Indo-US Workshop on International Trends in Digital Preservation was organized by C-DAC, Pune with sponsorship from Indo-US Science & Technology Forum, which lead to more constructive developments towards formulation of the national program.

<span class="mw-page-title-main">Helen Tibbo</span> American archivist

Helen Ruth Tibbo is an American archivist, professor and author writing about digital preservation in the archival profession. At the University of North Carolina, she created and directed the first American master's degree on digital curation. She is a past President of the Society of American Archivists

References

  1. Giaretta, David (2011). Advanced Digital Preservation. ISBN   9783642168086.
  2. "Digital Preservation Metrics | CRL".
  3. "September 2011 Magenta Draft of ISO 16363" (PDF). Retrieved March 15, 2018.
  4. 1 2 "Preserving Digital Information" (PDF).
  5. "NARAtions". 2011-03-15. Retrieved June 21, 2011.
  6. "Trusted Digital Repositories: Attributes and Responsibilities" (PDF). Retrieved August 1, 2012.
  7. "September 2011 Magenta Draft of ISO 16363" (PDF). Retrieved August 1, 2012.
  8. Lee, Christopher (2007). "Digital Curation and Trusted Repositories: Steps Toward Success". Texas Digital Library. 8 (2). Retrieved March 15, 2018.
  9. "Trustworthy Repositories Audit and Certification: Criteria and Checklist" (PDF). OCLC. February 2007. Retrieved February 21, 2022.
  10. McGovern, Nancy (April 15, 2007). "A Digital Decade: Where Have We Been and Where Are We Going in Digital Preservation?". RLG DigiNews.
  11. Yoon, Ayoung; Kriesberg, Adam; Faniel, Ixchel M.; Yakel, Elizabeth (2013). "Trust in Digital Repositories". International Journal of Digital Curation. 8: 143–156. doi: 10.2218/ijdc.v8i1.251 .
  12. Yoon, Ayoung (2014). "End users' trust in data repositories: definition and influences on trust development". Archival Science. 14: 17–34. doi:10.1007/s10502-013-9207-8. hdl: 1805/13592 . S2CID   62212257.
  13. 1 2 Aligning National Approaches to Digital Preservation Proceedings (PDF). Educopia Institute. August 2012. ISBN   978-0-9826653-1-2.
  14. "Home". Core Trust Seal. 19 February 2020. Retrieved February 21, 2022.
  15. "nestor Seal for Trustworthy Digital Archives". nestor. Archived from the original on July 20, 2017. Retrieved February 21, 2022.
  16. "Audit and Certification of Trustworthy Digital Repositories" (PDF). The Consultative Committee for Space Data Systems. September 2011. Retrieved February 21, 2022.
  17. 1 2 Maemura; et al. (July 2017). "Organizational assessment frameworks for digital preservation: A literature review and mapping". Journal of the Association for Information Science and Technology. 68 (7): 1619–1637. doi:10.1002/asi.23807. hdl: 1807/73869 . S2CID   19658659.
  18. "Welcome to DRAMBORA Interactive: Log in or Register to Use the Toolkit". www.repositoryaudit.eu.
  19. Charles, Dollar. "Digital Preservation Capability Maturity Model" (PDF).
  20. "Levels of Digital Preservation".
  21. "Scoremodel self-assessment tool".
  22. "Certification and Assessment of Digital Repositories | CRL".
  23. "Trusted Digital Repository - University Libraries - UNT".
  24. Steinhart, Gail (September–October 2009). "Establishing Trust in a Chain of Preservation The TRAC Checklist Applied to a Data Staging Repository (DataStaR)". DLib. 15 (9/10).
  25. "PTAB - Primary Trustworthy Digital Repository Authorisation Body Ltd". 2014-10-07. Retrieved 2018-03-18.
  26. Giaretta, David (2018-01-17). "First repository in the world has been awarded ISO 16363 certification" . Retrieved 2018-03-18.
  27. Ray, Joyce (2012). "The rise of digital curation and cyberinfrastructure: From experimentation to implementation and maybe integration". Library Hi Tech. 30 (4): 604–622. doi:10.1108/07378831211285086.