Information Technology Reference
In-Depth Information
Table 25.1
(continued)
Here we want to make sure that the
content information can be found.
4.5 Information Management
4.5.1 The repository shall specify minimum information requirements to enable the designated
community to discover and identify material of interest.
4.5.2 The repository shall capture or create minimum descriptive information for each AIP.
4.5.3 The repository shall create bi-directional linkages between each AIP and its descriptive
information.
4.5.3.1 The repository shall maintain the bi-directional associations between its AIPs and
their descriptive information over time.
Access needs to be controlled.
4.6 Access Management
4.6.1 The repository shall comply with access policies.
4.6.1.1 The repository shall log and review all access management failures and anomalies.
4.6.2 The repository shall follow policies and procedures that enable the dissemination of digital
objects that are traceable to the originals, with evidence supporting their authenticity.
4.6.2.1 The repository shall record and act upon problem reports about errors in data or
responses from users.
In this section the auditor should look at
the hardware and software is used. In
addition clearly security is vital. One
option would be to duplicate the ISO
27000 metrics. However this seems
excessive so a minimal set of metrics is
specified.
5 Infrastructure and Security Risk Management
