Information Technology Reference
In-Depth Information
An example metric with its informative text is:
The repository shall have mechanisms in place for monitoring and notifi-
cation when Representation Information is inadequate for the Designated
Community to understand the data holdings.
Supporting Text
This is necessary in order to ensure that the preserved information remains
understandable and usable by the Designated Community.
Examples of Ways the Repository can Demonstrate it is Meeting this
Requirement
Subscription to a Representation Information registry service; subscription
to a technology watch service, surveys amongst its designated community
members, relevant working processes to deal with this information.
Discussion
The repository must show that it has some active mechanism to warn of
impending obsolescence. Obsolescence is determined largely in terms of the
knowledge base of the Designated Community.
It must be recognised that the audit process cannot be specified in very fine,
rigid, detail. An audit process must depend upon the experience and expertise of
the auditors. For this reason the second document sets out the system under which
the audit process is carried out; in particular the expertise of the auditors and the
qualification which they should have is specified. In this way the document specifies
how auditors are accredited and thereby helps to guarantee the consistency of the
audit and certification process.
There is a hierarchy of ISO standards concerned with good auditing practice
[
253
-
256
]. The second standard
[
252
]
is positioned within this hierarchy in order to
ensure that these good practices can be applied to the evaluation of TDRs.
ISO/IEC 17021 [
255
] is an International Standard which sets out criteria for
bodies operating audit and certification of organizations
management systems.
If such bodies are to be accredited as complying with ISO/IEC 17021 with the
objective of auditing and certifying Trusted Digital Repositories (TDR) in accor-
dance with [
251
], some additional requirements and guidance to ISO/IEC 17021 are
necessary.
For this reason the RAC Working Group refers to accreditation and certification
processes.
The second standard [
252
] addresses issues arising from applying good audit
practice to auditing and certifying whether to what extent digital repositories can be
trusted to look after digitally encoded information for the long-term, or at least for
the period of their custodianship of that digitally encoded information.
