DRAMBORA Notes PART I: Background
4.1 A Working Perspective of Digital Repositories
Recently proposed characteristics to differentiate a digital repository from other digital collections:
- content is deposited in a repository, whether by the content creator, owner or third party;
the repository architecture manages content as well as metadata;
- the repository offers a minimum set of basic services, e.g. put, get, search, access control;
- the repository must be sustainable and trusted, well-supported and well-managed.
- Repositories are still very diverse and with different key services.
Common set of criteria to which all digital preservation repositories should adhere:
- Commits to continuing maintenance of digital objects for its identified community(ies).
- Demonstrates organisational fitness (including financial, staffing, structure processes) to fulfil its commitment.
- Acquires and maintains requisite contractual and legal rights and fulfils responsibilities.
- Has effective and efficient policy framework.
- Acquires and ingests digital objects based upon stated criteria that cooresponds to its commitments and capabilities.
- Maintains/ensures the integrity, authenticity and usability of digital objects it holds over time.
- Creates and maintains requisite metadata about actions taken on digital objects during preservation as well as about the relevant production, access support, and usage process contexts before preservation.
- Fulfils requisite dissemination requirements.
- Has strategic programme for preservation planning and action.
- Has technical infrastructure adequate for continuing maintenance and security of digital objects.
A digital repository that forms a unit within a larger organisation can delegate some of its functions and tranfer some of the risks to the organisation.
4.2 Introducing a Risk-based Approach to Audit
- A risk is not necessarily negative. A risk is a potential deviation from what is planned or expected.
- Risk management in general includes the following steps:
- Identifying the context where risks have to be managed.
- Identifying risks.
- Assessing and evaluating risks.
- Defining measures to adress and manage risks.
- Digital preservation can be defined as a risk management exercise, where the measure of success is the 'quality' of information released to users.
4.3 Context Surrounding and Facilitating this Work
The 2003 ERPANET [http://www.erpanet.org/guidance/docs/ERPANETRiskTool.pdf Risk Communication Tool] aimed to provide advice to digital repositories to enable them to: highlight which digital resources are at risk within their organisation, highlight which risks these digital resources are exposed to, highlight which risks this poses to the organisation as a whole, categorise and prioritise risks, facilitate communication about risk and stimulate risk management strategy developement.
Existing approaches to repository assessment are the work by RLG/NARA (TRAC), which Kåre is looking at, and the work by [http://nestor.cms.hu-berlin.de nestor], which we could also take a look at (they have published a [http://edoc.hu-berlin.de/series/nestor-materialien/8en/PDF/8en.pdf Catalog of criteria for trusted digital repositories – version 1 (draft for public comments)]).
4.4 Principles of the Risk-based Approach to Self-Audit
This is a self-audit tool for very diverse repositories. When more repositories have been audited (online at [http://repositoryaudit.eu/]), more focused audit guidelines for specific repository types can be developed.
- Whether 'the repository realistically and reasonably applied the risk-based self-audit toolkit' is a risk and should be identified and managed...
- DRAMBORA is primarily an internal tool and doesn't result in a nice badge...
- Upon completing the self-audit, the organisation can expect to have:
- established a comprehensive and documented self-awareness of their mission, aims and objectives, and of activities and assets intinsic to these;
- constructed a detailed catalogue of pertinent risks, categorised according to type and inter-risk relationships, and fully described in terms ownership, probability and potential impact of each risk;
- created an internal understanding of the successes and shortcomings of the organisation, enabling it to effectively allocate or redirect resources to meet the most pressing issues of concern;
- prepared the organisation for subsequent external audit whether that audit will be based upon the TRAC, nestor or forthcoming CCSDS digital repository audit assessment criteria.
4.5 Measuring Audit Results
- Success with the self-audit process is difficult to quantify.