Procedural Accountability

4a. Trusted Digital Repositories:

The organization establishes a systematic approach and supporting protocols and techniques to provide comprehensive documentation of all digital preservation activities, including the development and maintenance of relevant policies, procedures, and practices. You may also refer to Tutorial Section 5: Challenges, Legal Issues.

Organizational requirements:
>> enact all relevant policies and procedures for specified tasks and functions, document all practices
>> establish monitoring mechanisms to ensure continued operation of systems and procedures
>> record and justify preservation strategies
>> set up feedback mechanisms to support problem resolution and negotiate evolving requirements between providers and consumers
This is primarily an organizational responsibility. In spite of the importance of documentation, the requirements of this attribute have tended to be implicit and often short changed in the time and support needed to comply. Though this is an organizational area, it requires institutional support and mechanisms to provide comprehensive implementation. When the operation of the digital preservation program is not automated (with documentation), policies, procedures, and documentation fill in workflow and process for continuity. 0101 The technological side is to respond to ongoing organizational needs, to anticipate those needs when possible, and to develop mechanisms for automatically generating and capturing the necessary documentation. In some cases, compliance will require direct technical input and documentation.

$$$$ The resources required to ensure procedural accountability (e.g., staff time to develop policies and procedures, programming time and ability to develop and implement automated protocols) are often overlooked or underestimated. Resources need to be allocated to this essential responsibility.

Background note: This is perhaps the most archival of the attributes, and an aspect of digital preservation that is often overlooked or underestimated. An organization with a mature digital preservation program must determine the policies, procedures, and approaches it will adopt; document decisions and practices as they are implemented; and trace that documentation over time to ensure consistency in practice and comprehensive scope. This attribute will enable and sustain the certification of an organization's digital archive.

Exercise
 

1. Identify the documentation that your organization could provide to support compliance with community-based standards.

2. Verify that you have a mechanism in place to develop and maintain requisite policies.

3. Would someone be able to identify outdated policies on your website?

 
 
watch this spaceWatch This Space

Digital Preservation Repository Certification
What will certification mean for your organization?

In February 2007, the Digital Preservation Repository Certification Task Force, sponsored by RLG and the National Archives and Records Administration, published the Trustworthy Repositories Audit & Certification: Criteria and Checklist. This task force represents the ongoing developmental objectives of the Open Archival Information System (OAIS) Working Group to produce certification requirements (both self-assessment and external), delineate a process for certification, and identify a certifying body (or bodies) to implement the process. The host of the final version and the OAIS task force is the Center for Research Libraries (CRL).

The final report is informed by the foundation documents: Trusted Digital Repositories and the OAIS Reference Model. The Center for Research Libraries conducted a research project, funded by the Andrew W. Mellon Foundation, to test the use of the checklist in a series of real-life assessments of repositories and develop the processes and activities required to audit and certify digital archives. (For an extensive review, see the RLG DigiNews special issue on certification.)

An ISO working group is currently working to identify the necessary requirements for a draft standard on digital repository audit and certification, and developing independent criteria for audit and certification using TRAC as a starting point. The standard will then be taken to ISO by the Consultative Committee for Space Data Systems (CCSDS), in the same manner the OAIS Reference Model.

Further developments in certification activities include the work of the Network of Expertise in Long-Term Storage and Long-Term Availability of Digital Resources in Germany (nestor) and the development of the Digital Repository Audit Method Based on Risk Assessment (DRAMBORA) toolkit. nestor introduced the Catalogue of Criteria for Trusted Digital Repositories for small institutions to perform their own audit and certification activities. DINI, the German Initiative for Networked Information, builds on nestor by outlining a set of minimum requirements for institutional repositories to meet for certification. DRAMBORA provides an online interactive toolkit with an evaluation methodology for repository administrators to use risk management to assess their repositories and chart improvement. The toolkit allows administrators to identify risks at every stage of their activities, assess the probability of occurrence, and determine an action plan should a situation arise.

Certification Principles
These are some principles to consider for the certification process. It must be:

  • external to the digital archives (cannot consist solely of self-assessment)
  • managed/performed by recognized authorities
  • well-documented with comprehensive and explicit policies, procedures, and practices
  • sustainable and monitorable over time
  • replicable

Certification Questions
Certification is a digital preservation community issue. Like many other digital preservation areas, policies, procedures, and processes for certification are being developed.

Consider these community implementation questions:

  • What designated body should undertake the certification of digital preservation repositories? Who should designate that body?
  • Who should be the certifiers? How should individuals be qualified to perform certifications?
  • What stakeholders should that board represent?
  • What role should the digital preservation community have in developing and maintaining the certification process?
  • What automated tools for certification should be developed, by whom, and how used?

Consider these questions for your institution:

  • What documentation would you be able to provide to a certifying board?
  • What would a certifying board say about your institution’s digital preservation program?