Information Technology Reference
In-Depth Information
All this work has been helpful in providing information and experience in assessing
digital repositories, and some provide a local or project-backed certificate of qual-
ity. However none provide an ISO based accreditation and certification system of
the kind which is available in other areas, such as the one concerning Information
Security, based on ISO 27001 series. Without this we cannot expect to have a mark
of quality and trustability for digital repositories which is recognised world-wide.
Efforts to produce such a system are described next.
25.3 Development of an ISO Accreditation
and Certification Process
The development of OAIS was hosted by the Consultative Committee for Space
Data Systems [
5
] and approved by ISO as ISO 14721. OAIS contained a roadmap
which listed a number of possible follow-on standards, some of which e.g. the
Producer-archive interface - Methodology abstract standard (ISO 20652:2008),
have already become ISO standards, after development within CCSDS.
The need for a standard for certification of archives was included in that list
and the RLG/NARA work which produced TRAC was the first step in that pro-
cess. The next step was to bring the output of the RLG/NARA working group back
into CCSDS. This has been done and the Digital Repository Audit and Certification
(RAC) Working Group [
6
] has been created, the CCSDS details are available from
http://cwe.ccsds.org/moims/default.aspx#_MOIMS-RAC
, while the working docu-
ments are available from
http://wiki.digitalrepositoryauditandcertification.org
.Both
may be read by anybody but, in order to avoid hackers, only authorised users may
add to them. The openness of the development process is particularly important and
the latter site contains the notes from the weekly virtual meetings as well as the live
working version of the draft standards.
Besides developing the metrics, which started from the TRAC document, the
working group also has been working on the strategy for creating the accredita-
tion and certification process. Review of existing systems which have accreditation
and certification standard processes it became clear that there was a need for two
documents
1. Audit and Certification of Trustworthy Digital Repositories [
251
]
2. Requirements for bodies providing audit and certification of candidate trustwor-
thy digital repositories. [
252
]
The first document lists the metrics against which a digital repository may be
judged. It is anticipated that this list will be used for internal metrics or peer-
review of repositories, as well as for the formal ISO audit process. In addition
tools such as DRAMBORA could use these metrics as guidance for its risk
assessments.
