• NotesOnDramboraPartIBackground

DRAMBORA Notes PART I: Background

4.1 A Working Perspective of Digital Repositories

• Recently proposed characteristics to differentiate a digital repository from other digital collections:

  • content is deposited in a repository, whether by the content creator, owner or third party;

  • the repository architecture manages content as well as metadata;

  • the repository offers a minimum set of basic services, e.g. put, get, search, access control;
  • the repository must be sustainable and trusted, well-supported and well-managed.
• Repositories are still very diverse and with different key services.

• Common set of criteria to which all digital preservation repositories should adhere:

  1. Commits to continuing maintenance of digital objects for its identified community(ies).
  2. Demonstrates organisational fitness (including financial, staffing, structure processes) to fulfil its commitment.
  3. Acquires and maintains requisite contractual and legal rights and fulfils responsibilities.
  4. Has effective and efficient policy framework.
  5. Acquires and ingests digital objects based upon stated criteria that cooresponds to its commitments and capabilities.
  6. Maintains/ensures the integrity, authenticity and usability of digital objects it holds over time.
  7. Creates and maintains requisite metadata about actions taken on digital objects during preservation as well as about the relevant production, access support, and usage process contexts before preservation.
  8. Fulfils requisite dissemination requirements.
  9. Has strategic programme for preservation planning and action.
  10. Has technical infrastructure adequate for continuing maintenance and security of digital objects.

• A digital repository that forms a unit within a larger organisation can delegate some of its functions and tranfer some of the risks to the organisation.

4.2 Introducing a Risk-based Approach to Audit

• A risk is not necessarily negative. A risk is a potential deviation from what is planned or expected.
• Risk management in general includes the following steps:
  • Identifying the context where risks have to be managed.
  • Identifying risks.
  • Assessing and evaluating risks.
  • Defining measures to adress and manage risks.
  • Digital preservation can be defined as a risk management exercise, where the measure of success is the 'quality' of information released to users.

4.3 Context Surrounding and Facilitating this Work

• The 2003 ERPANET [http://www.erpanet.org/guidance/docs/ERPANETRiskTool.pdf Risk Communication Tool] aimed to provide advice to digital repositories to enable them to: highlight which digital resources are at risk within their organisation, highlight which risks these digital resources are exposed to, highlight which risks this poses to the organisation as a whole, categorise and prioritise risks, facilitate communication about risk and stimulate risk management strategy developement.

• Existing approaches to repository assessment are the work by RLG/NARA (TRAC), which Kåre is looking at, and the work by [http://nestor.cms.hu-berlin.de nestor], which we could also take a look at (they have published a [http://edoc.hu-berlin.de/series/nestor-materialien/8en/PDF/8en.pdf Catalog of criteria for trusted digital repositories – version 1 (draft for public comments)]).

4.4 Principles of the Risk-based Approach to Self-Audit

• This is a self-audit tool for very diverse repositories. When more repositories have been audited (online at [http://repositoryaudit.eu/]), more focused audit guidelines for specific repository types can be developed.

• Whether 'the repository realistically and reasonably applied the risk-based self-audit toolkit' is a risk and should be identified and managed...
• DRAMBORA is primarily an internal tool and doesn't result in a nice badge...
• Upon completing the self-audit, the organisation can expect to have:
  • established a comprehensive and documented self-awareness of their mission, aims and objectives, and of activities and assets intinsic to these;
  • constructed a detailed catalogue of pertinent risks, categorised according to type and inter-risk relationships, and fully described in terms ownership, probability and potential impact of each risk;
  • created an internal understanding of the successes and shortcomings of the organisation, enabling it to effectively allocate or redirect resources to meet the most pressing issues of concern;
  • prepared the organisation for subsequent external audit whether that audit will be based upon the TRAC, nestor or forthcoming CCSDS digital repository audit assessment criteria.

4.5 Measuring Audit Results

• Success with the self-audit process is difficult to quantify.