DRAMBORA Notes

DRAMBORA is short for Digital Repository Audit Method Based on Risk Assessment. The DRAMBORA creators are the Digital Curation Centre (DCC) and DigitalPreservationEurope (DPE). The notes are for the DRAMBORA guide version 1.0 Draft for Public Testing & Comment.

• Executive Summary

• Introduction

• PART I: Background

• PART II: Audit Process

• PART III: Conclusions

• Appendix 3: Example Risk Register

Executive Summary

The DRAMBORA toolkit represents the latest developement in an effort to conceive criteria, means and methodologies for audit and certification of digital repositories. The RLG/NARA Task Force (TRAC) and the nestor working group have also developed criteria (check-lists) for audit and certification of trustworthy digital repositories. Drambora can be used in association with one or both of these check-lists.

Introduction

• Digital curation is characterised as a process of transforming controllable and uncontrollable uncertainties into a framework of manageable risks.
• The method seeks to determine whether the repository has made every effort to avoid and contain identified risks that might impede its ability to recieve, curate and provide access to authentic, understandable digital information.
• Repositories are expected not only to identify and manage risks, but also to demonstrate their ability to do so.
• This toolkit is meant for self-assessment and should help identify risks and measures.
• The primary repository functions are receiving, keeping, documenting and disseminating authentic usable objects.
• Risks should be divided into functional classes and internal and external risks.

PART I: Background

Notes on the background.

PART II: Audit Process

Audit Process Stages:

• Stage 1: Identify organisational context
• Stage 2: Document policy and regulatory framework
• Stage 3: Identify activities, and their owners (see functional classes activity examples pages 71-73)
• Stage 4: Identify risks (see generic list of risks pages 81-83)
• Stage 5: Assess risks
• Stage 6: Manage risks

Functional classes:

• Operational functional classes:

  • Acquisition & Ingest

  • Preservation & Storage

  • Metadata management

  • Access & dissemination

• Support functional classes:

  • Organisation & management

  • Staffing
  • Financial management

  • Technical infrastructure & security

More notes on the audit process.

PART III: Conclusions

Valuable results of the process are a documented self-awareness of fundamental objectives, a documented understanding of the risks and choice of means for risk management including strategies for avoidance, treatment, transfer and tolerance.

Appendix 3: Example Risk Register

The summary example list is on pages 81-83; this appendix contain the full examples. There are examples which focus on management, resource allocation, business reputation and staffing, but there are also a couple on community requirements, some on policies and procedures, some on legal liability (IPR is Intellectual Property Rights), a couple on 'repository success' and some on hardware, software, storage media, security, third-party services, recieved packages (for ingest), loss of confidentiality/availability/authenticity/integrity/reliability/provenance of information, backups/copies, preservation, metadata management and access and dissemination (78 in total). We should probably take a quick look at all of them.