Information Technology Reference
In-Depth Information
Table 25.1
(continued)
5.1.1.3.1 The repository shall record and report to its administration all incidents of
data corruption or loss, and steps shall be taken to repair/replace corrupt or
lost data.
5.1.1.4 The repository shall have a process to record and react to the availability of new
security updates based on a risk-benefit assessment.
5.1.1.5 The repository shall have defined processes for storage media and/or hardware
change (e.g., refreshing, migration).
5.1.1.6 The repository shall have identified and documented critical processes that affect its
ability to comply with its mandatory responsibilities.
5.1.1.6.1 The repository shall have a documented change management process that
identifies changes to critical processes that potentially affect the
repository's ability to comply with its mandatory responsibilities.
5.1.1.6.2 The repository shall have a process for testing and evaluating the effect of
changes to the repository's critical processes.
5.1.2 The repository shall manage the number and location of copies of all digital objects.
5.1.2.1 The repository shall have mechanisms in place to ensure any/multiple copies of
digital objects are synchronized.
5.2 Security Risk Management
5.2.1 The repository shall maintain a systematic analysis of security risk factors associated with
data, systems, personnel, and physical plant.
5.2.2 The repository shall have implemented controls to adequately address each of the defined
security risks.
5.2.3 The repository staff shall have delineated roles, responsibilities, and authorizations related
to implementing changes within the system.
5.2.4 The repository shall have suitable written disaster preparedness and recovery plan(s),
including at least one off-site backup of all preserved information together with an offsite
copy of the recovery plan(s).
