System Security

4a. Trusted Digital Repositories:

The organization will ensure the reliable operation of the Trusted Digital Repository by adopting appropriate security measures. You may also refer to Tutorial Section 5: Challenges, Balancing Security and Accessibility.

Organizational requirements:
>> ensure security of systems for digital assets
>> establish policies and procedures to meet requirements (copying, authentication, firewalls, backups, disaster preparedness, response, recovery, training)
>> stress processes that will detect, avoid, and repair loss. It is critical to document changes and resulting actions

The organizational responsibility is to establish the level of security required for the digital preservation program (space, equipment, stored digital objects, etc.) and to define the requirements and metrics for ensuring that adequate security measures are in place and well-maintained as an integral part of the infrastructure. Special requirements for classes of objects that have restricted access or have extra integrity concerns, such as institutional records, should be of particular importance.

$$$$ The resources required to ensure effective system security for digital preservation (e.g., skills, software, policies, procedures) should be present in any organization that maintains a networked environment. The organization needs to determine how to leverage existing resources and provide additional protection as needed.

0101 Meeting the requirements of this attribute falls almost entirely on the technological side. Once the parameters have been set by the organization, security for digital preservation requires technical solutions, ongoing upgrades and enhancements, and means for auditing processes.

Background note: System security has two levels. The first is the general policy and procedural level that defines the overall approach the organization will take for ensuring the integrity of the system and its content. The second level includes implementation-specific protocols to invoke the appropriate policies and procedures. It's the latter that makes this attribute implementation-specific and largely dependent on other attributes. Therefore it is not the first consideration for digital preservation.


The IT community has developed standards, policies, protocols, and tools for ensuring system security, including evaluation and testing procedures. ISO 17799, ITIL, ISO 9000, and other standards are some examples.

1. Identify the individual or unit responsible for system security at your organization and begin to discuss existing practices that could be the base for digital preservation.

2. Do you have a disaster plan that includes digital assets? If not, what would it take to develop such a plan?


Check out these resources.