Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Assessing Institutional Digital Assets The AIDA self-assessment toolkit University of London Computer Centre 20 Guilford Street London WC1N 1DZ 0207 692 1345 Ed Pinsent, Project Manager
  2. 2. AIDA self-assessment toolkit - © 2008 University of London Computer Centre REVISION HISTORY First draft released 16 May 2008 Revisions following QA by Kevin 23-29 May 2008 Ashley Additions by Patricia Sleeman 21-28 May 2008 Additions by Jim Jamieson 10 June 2008 Draft released on website 11 June 2008 QA by Colin Love of Technology leg 30 June 2008 Additions made to Technology leg 01 July 2008 Final QA by Kevin Ashley 02 July 2008 1
  3. 3. AIDA self-assessment toolkit - © 2008 University of London Computer Centre Introduction Recognising current institutional capabilities is an essential pre-requisite for taking effective decisions about how to create, manage, store and preserve their assets. Likewise, understanding future requirements is necessary to enable an institution to decide whether specific actions need to be taken in regard to particular assets, or when and how it is desirable to improve on its current capabilities. The actions an institution can take will be determined, in part, by its institutional readiness and maturity in relation to digital asset management. The AIDA project intends to help you with these decisions, linking technical awareness services with information management knowledge. Background The Assessing Institutional Digital Assets (AIDA) Project is managed by the University of London Computer Centre, and funded under the 1/07 JISC Capital Programme Call, to develop and test digital asset management tools in a variety of institutional settings. Contents Introduction........................................................................................................2 Background........................................................................................................2 Contents.............................................................................................................2 1. What are digital assets?................................................................................3 2. What is digital asset management?...............................................................3 3. Introduction to the AIDA self-assessment toolkit...........................................5 4. Who should use this self-assessment toolkit?...............................................5 5. How do I use this toolkit?...............................................................................5 5A: FAQs about using the toolkit.......................................................................6 6. What's next?..................................................................................................7 Assessment 1: Organisation Leg.......................................................................8 Assessment 2: Technology Leg.......................................................................19 Assessment 3: Resources Leg........................................................................32 APPENDIX: Cornell's Five Stages...................................................................41 Stage 1: Acknowledge.................................................................................41 Stage 2: Act..................................................................................................42 Stage 3: Consolidate....................................................................................43 Stage 4: Institutionalise................................................................................44 Stage 5: Externalise.....................................................................................45 2
  4. 4. AIDA self-assessment toolkit - © 2008 University of London Computer Centre 1. What are digital assets? Any form of salient information that plays a role in your Institution's efficiency and effectiveness. If managed properly, assets can maximize efficiency, productivity and profitability. They are held in digital form. They might have been made on a computer (born digital). Or they could have been digitised - eg a book / periodical scanned and made into a PDF; a collection of 35mm slides converted to TIFF files; magnetic audio tapes converted to FLAC files. They could be included in, but not limited to, this list of things: Reports Audio Digitised books or periodicals Scientific data Moving image Publicity material Institutional records Audiovisual Emails Research outputs Websites Databases Distance Learning Courses Image repositories e-Learning Objects Geographic information Licensed e-journal files systems They could be stored (sometimes permanently) in an archive, a digital library, or an Institutional Repository. Or they could be kept for short to medium term for business reasons, then disposed of according to a records management schedule. Quite possibly, they are not being managed at all; sometimes assets can be sitting on someone’s desktop filestore, or languishing on a disk in a drawer. They may be both shared and shareable. They could have reusable content that can support both short-term and long-term use. On the other hand, some of them may contain confidential or sensitive information that means sharing has to be managed and secure. Although the word ‘asset’ can imply some sort of financial value, this self- assessment toolkit (along with most institutions) takes a wider view. Digital objects can be thought of as assets because they help defend the value of other things (as evidence for patent claims, for instance), because they are needed for regulatory compliance, because they have intellectual value, or because they meet some other organisational need. They probably won't all be 'static', because things may change: value, use made, currency, importance, contextual significance, and so forth, all affecting the status of your assets. 2. What is digital asset management? Digital asset management is the systematic management of digital data, such as text, image, audio, and video files, so that the institution can understand its requirements for the assets, and ensure that those requirements are being 3
  5. 5. AIDA self-assessment toolkit - © 2008 University of London Computer Centre met in the most effective manner. Requirements may include reuse, commercial exploitation, or availability for audit purposes, amongst others. Effective asset management can increase value and utility of the assets: if something must be kept for one reason, then it may available for other uses, even if those other uses would not in themselves cause the asset to be retained. With the increasing dependency on digital information, institutions are recognizing that effective management of these assets is critical. Asset management includes, but is not limited to, digital preservation. It should also include activities such as selection, appraisal, retention, destruction; and concern itself with continuity and maintenance of assets. Digital asset management is the broadly scoped challenge of deploying highly valued repositories for digital information. For example: Two institutions, faced with the decision to retain the same type of material, may well reach the same conclusion about the importance and period of retention. But the actions which result may well be different, and will depend on the resources and technologies available to each institution and their relative degree of integration with relevant institutional workflows. Institution A may be able to utilise format-specific expertise in its institutional repository, which already has extensive holdings of a similar type; institution B may well decide to outsource some or all preservation actions, since it has no existing expertise in this area and does not expect to acquire significant holdings of this type in the medium-term future. On the other hand, if institution B anticipated a large growth in holdings of this type in the coming years, its best course of action might be to acquire the necessary expertise and resources to be able to deal with the problem itself. Managers of digital collections often struggle with common challenges and questions. These include but are not limited to: • Selection of hardware and hardware limitations. • Managing the persistence of assets within the data repository. • Cataloguing (metadata) processes. • Control and security of digital assets. • Rights management. • Content creation. • Interoperability among digital libraries. • Long-term funding. One of the assumptions lying behind AIDA is that this variation in appropriate solutions is commonplace. Many tools and strategies already exist to cope with different aspects of the asset management problem, but they aren’t all appropriate in every setting. AIDA therefore aims to allow you to evaluate your institution against a recognised capability scale, and then suggests appropriate actions based on that evaluation. This workbook deals with the first of those tasks: self-evaluation, or assessment. Later products from AIDA will deal with the second task, of recommending courses of action. 4
  6. 6. AIDA self-assessment toolkit - © 2008 University of London Computer Centre 3. Introduction to the AIDA self-assessment toolkit This is a toolkit to enable you institution to perform self-assessment of your capacity, state of readiness, and overall capability for digital asset management. This is not an audit. It's about measurement, not improvement; you don't need to supply 'evidence' that you are doing anything. But you do need to know that evidence exists, that you can get hold of it, and where you can get hold of it. (If you can't find any evidence at all, then that in itself may tell us something). Although the toolkit is weighted and scored, there's no such thing as a 'bad score'. 4. Who should use this self-assessment toolkit? Our approach to asset management seeks to bring together the best elements of the expertise of records managers, librarians, data curators, repository managers and others in developing an institution-wide approach to asset management. What this means is that probably no single person can complete all the parts of the toolkit and that additional help is required. IT staff may also contribute, such as systems administrators, webmasters, and IT managers. 5. How do I use this toolkit? It's structured as a set of simple elements, each one describing an aspect of digital asset management. Each element is positioned on one of five Stages, indicating a stage of maturity or development. Stage 1 is the least developed, Stage 5 is the most developed. Each stage is outlined with a short and very general description, backed up with additional indicators and exemplars. The process is spread over three discrete areas. These three 'legs' will tell us what we need to know about your Institution's assets from an Organisational, Technology and Resources point of view. These Five Stages (Acknowledge, Act, Consolidate, Institutionalise and Externalise). and the Three Legs are based on the Cornell University maturity model, originally designed to assess an Institution's readiness for digital preservation. The AIDA project has adapted the Cornell model to apply to digital asset management. See the attached Appendix for further characterisation of the Five Stages. Along with the typical characteristics, we try to provide exemplars or indicators of practice. Using these indicators, its then up to you to evaluate your own institution, and identify your own practice. You might be well advanced in one 5
  7. 7. AIDA self-assessment toolkit - © 2008 University of London Computer Centre area, but require a lot of effort to improve practice in another. Only you know the priorities of your institution and the resources available to you. For each element, try and locate your institution at the stage which best describes the place you're working in. Please record your decisions using the assessment scorecard provided. There is space allocated on the form for any additional observations or notes you may wish to make. It would also help if you could complete the profile information on the first page of the scorecard. In particular, give us some indication of the scope of the assets, or asset collections, that have been included in your assessment. 5A: FAQs about using the toolkit Aren't these elements and descriptions a bit simplistic and general? Yes. We should add a note of caution about the tool and its elements. They are very simplified and should not be interpreted too literally. The descriptions given are intended to support communication between different groups who are encouraged to take a multi-disciplinary and systematic approach to analysis and self-assessment. What if I'm not sure where to put myself? There may not be an exact match. You may find difficulty in selecting one or the other. Don’t spend too much time hovering between a Stage 2 or Stage 3. You should be able to recognise yourself 'instantly' from one of the short descriptions or exemplar/indicators. If you can't do that, then it's not that you're in the wrong - it means that the AIDA team have failed to do the job properly. Also, don't spend any time looking for information or documentary proof. However, if you have to admit that the evidence is not available and your answer would just be based on a general 'feeling', then score yourself as a Stage 1 for that element. This exercise is taking me three days to complete. Am I doing something wrong? The process should not take too much time. The information you need to complete the exercise should be readily available to you. If it isn’t, then it may as well not exist for the purposes of this assessment exercise. We'd be very surprised if one person could do all this by themselves. Ideally, we want a mix of people who are information professionals (archivist, records manager, IPR and copyright expert, Information Manager, Knowledge Manager, Librarian) and IT professionals. What about these 'Possible supporting sources'? I haven't got any of those. Even if I had it would take me a long time to find copies. 6
  8. 8. AIDA self-assessment toolkit - © 2008 University of London Computer Centre This is not an audit. AIDA is not expecting you to produce any evidence, or official documentation, to back up your assertion that your policies are at Stage 4, for example. The 'supporting sources' are just there as prompts, to describe the sort of place where the element in question might be documented in some way. 6. What's next? At the end of this stage of the process, you'll have a completed scorecard which you should send back to the AIDA Project team for assessment. At this stage we'll also ask you for some feedback on the process: • Was it a straightforward exercise? • Could you understand what the process was trying to do? • Did we omit anything important? • Were you able to 'recognise' yourself in the indicators? • Were any of the elements not a good fit for what you are actually doing? We'll then send you a picture of where you sit on the ‘five stages’ chart, showing you institutional readiness for digital asset management, based on what you've told us about your current Organisational and Technological Infrastructure, and Resources Framework. Later project outputs will use this to provide the following information: • Recommended actions and suggestions for how you can move forward to subsequent stages in the five stages path • Reassurance about potential threats which can be ignored (because the assets involved have a short useful lifetime, for example) • A further toolkit for analysis of your assets based on simple classification, and on formats • Recommendations for digital asset management based on current use and future use, including suggestions for making decisions about retention periods and future growth patterns across the entire lifecycle 7
  9. 9. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Assessment 1: Organisation Leg Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No mission statement Digital asset A mission statement is Mission statement is Mission statement is Element 01: relating to the management is on the in development. written and fully reflects published, accessible to management / creation agenda. institutional commitment others, and externally Mission statement of digital assets. to ownership of digital recognised. assets, their management and their creation. Institution relies on Issues are discussed at Mission statement Statement is Mission statement is departments to identify senior management exists, but is not widely communicated used and copied as an and manage their own level, recognising communicated within internally. exemplar of good Indicators / digital assets. Low issues that will arise as the institution. practice nationally or exemplars awareness amongst a result of changing internationally. staff and practice. Staff are being misunderstandings consulted and options common. explored. Possible Written mission statement. supporting Legal or legislative mandate. Regulatory requirements. sources Explanatory notes We recognise that it is unlikely that your Institution will have signed up to a single stand-alone policy or mission statement on digital asset management. Any statements may be scattered across several places, and even then any guidance relating to the creation, storage or value of assets may only be implied rather than made explicit. Besides the supporting sources, other suggested sources include: records management policy; digital library principles and guidelines; IR agreements, terms of conditions of use; archivist's collection and preservation policies; webmaster's terms and conditions of website use; e- Learning Object repository policies; also any institutional or department-wide policies governing information management. 8
  10. 10. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation Policies and procedures Policies are still in Policies are written and Policies are specific to Policies are embedded Element 02: are implied or not yet development, or are implemented. the institution. They are in institutional practice. written. very project-specific. Policies support implemented and vetted Policies and Procedures support programmes for asset by senior management. procedures projects and local management. Policies and procedures pockets of activity. are integrated. Departments follow ad- Policy is being Policies are Fully developed policy See explanatory notes. hoc procedures in discussed at senior department-specific. documents and regards to asset management level. Local procedures exist procedure manuals for Indicators / management. Some Departments in defined areas. all aspects of asset exemplars may have local management. procedures, but they Evidence exists of are not centralised and senior support for these there are variances. policies. Possible Policy documents. supporting Procedure manuals. Rules, protocols, handbooks, workflows. sources Explanatory notes For this element, it's assumed that the policies and procedures could apply to any and all aspects of digital assets and their entire life cycle. Hence written policies could exist for (e.g.) creation, digitisation, storage, transfer, management, cataloguing, metadata creation, retrieval, sharing, workflow, distribution, records management, destruction, retention, archiving, deposit, and preservation. However, Institutions at Stage 5 may find that their methods for doing these things are so advanced and embedded in institutional practice that their control is not made explicit through written policies. Alternatively, the institution’s activities may be embedded in national or international ventures where policy is set at a higher level. This does not constitute a lack of policies. 9
  11. 11. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No mechanisms for Initiation of policy Policy review groups Policies are embedded Policies are reviewed in Element 03: policy review. review groups to are established and in institutional line with external comment on drafts. meeting on a regular mechanisms and so are standards (such as ISO Policy review Departments review basis. regularly renewed, 9000), or are externally their local procedures. updated and developed. managed and reviewed. Departments review Departments have Reviews take place on Cyclical processes take Institution undergoes Indicators / their practices in ad-hoc established review a sporadic basis. place on a regular regular external audits fashion, or not at all. processes, but they are basis. to ensure quality of its exemplars unstructured and policies. uncoordinated. Possible Review cycle. supporting Policy review and update records. sources 10
  12. 12. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No cohesive strategy Shared storage is Managed storage Storage is centrally Digital repository allows Element 04: exists. available and sharing is available, based on managed. sharing and reuse, and No strategy or support encouraged, but local/departmental external access. Asset for sharing. retrieval is not always needs. management and easy. sharing Individual silos of digital A leave of absence or Sharing enabled across Systems allow Systems allow Indicators / assets kept in ad-hoc illness of staff results in some boundaries. centralised centralised storage. No cross- certain assets being Asset management management of assets. management of assets. exemplars departmental unretrievable. takes place in defined Wider sharing is Wider sharing with awareness of assets. areas. possible. external stakeholders is Re-use and repurposing possible. is widespread. External re-use and repurposing is widespread. Possible Organisational charts. supporting Workflow models. sources Explanatory notes See also TECHNOLOGY 02, Appropriate technologies And RESOURCES 03, Technological resources allocation One of the hallmarks of digital asset management is sharing. It allows the systematic management of digital data, so that they can be reused and re- purposed. It aims to maximize the value of assets by facilitating easy storage and retrieval while protecting and, at times, enhancing their utility. In some Institutions, this may be happening if you have an IR project underway; see TECHNOLOGY 11. 11
  13. 13. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No evidence of Contingency plans are Departmental Formal plans exist for Risk management and Element 05: contingency planning. considered when a contingency plans, for risk management, exit strategy is in place crisis occurs. assets that require contingency planning, for all external Asset continuity continuity and and succession partnerships and protection, are in planning, where such dependencies. process of plans are suitable for consolidation. valuable assets or assets in need of protection. Asset owners cannot Loss or damage to No formal centralised Institution can Consortium or Indicators / identify appropriate assets has occurred at plan as yet, but asset demonstrate a level of partnership can successors or least once. owners can point to contingency planning demonstrate a level of exemplars arrangements should Breach of confidentiality indicators that would that is appropriate to contingency planning the need arise. has taken place at least form the basis of a plan. management of its that is appropriate to Assets very likely to be once. asset collections. management of its unprotected. asset collections. Possible Contingency plans. supporting Rick management strategies and plans. Evidence of security failures. sources Explanatory notes This element refers to the continued availability of digital assets. It is appropriate to apply this line of enquiry to those assets that require continued availability; not all assets do. For example, institutional records which are scheduled for destruction next year, forthcoming lack of support for their file format is not a concern. If the material needs to be kept for 10, 20 or 100 years, then presumably you will be thinking of some form of action. Asset continuity is about the protection and assurance of that availability, and confidentiality. We're looking for a level of planning that is appropriate to the assets. 'No plan' is acceptable, if the assets that are in scope don't need continuity. See also RESOURCES 04, Risk analysis; and TECHNOLOGY 03, 04, 05. 12
  14. 14. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation Asset creation practices Asset creation practices Departments have local Institution has a Audit activity is Element 06: are not documented. are documented in creation standards by documented history of embedded in the No audit trail of user some departments. which they are able to important stages in the Institution's workflow Audit trail of behaviour. Local audit trails of user prove certain things of operation of its asset and may be virtually activities and use activity in some use to the organisation. management life cycle. invisible. departments. Collaborative commitment to transparency and accountability. Some departments are Some departments may Audit trails of user The history can be used Policy has some legal Indicators / not transparent in their be sharpening their activity exist but are not to generate reports to (statutory and actions, or do not feel audit procedures in yet centralised. meet targets or comply contractual) exemplars they are accountable to response to a particular with certain external requirements for which others. event. requirements. audit records are used to demonstrate compliance. Evidence is accessible to external stakeholders. Possible Audit trail records. supporting Policies, procedures, and results of changes. Asset retention strategy document. sources Evidence of audit trails meshing with other policies or audits (eg for records management or archival management) Explanatory notes Assuming you are technically capable of recording and auditing your activities, this element shows how you will use that information to demonstrate certain things about your activities, and about the behaviour of users in your organisation. For AIDA, you are not required to present any evidence or reports, just the degree to which you are capable of generating such audit information. See also RESOURCES 05, which relates to financial audit and transparency. 13
  15. 15. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No mechanisms for Limited and finite Departmental Monitoring mechanisms Collaborative Element 07: relating user project to assess or programmes underway are in place to ensure mechanisms ensure experiences to asset monitor the value of to assess the value and that assets are valued that best use is being Monitoring and collections. local assets. use being made of their and used at appropriate made of the asset feedback from assets. levels. collections, both users Awareness is being internally and externally. raised. Indicators / Value of digital asset One-time audit of a Departments gaining Institution has a External user evaluation exemplars collections not known; department reveals awareness of the value coherent view of the is taking place. the necessity of large amount of of their assets. value of its assets. collecting or maintaining resource is being Some user evaluation Regular user evaluation them is not being wasted on a useless programmes are being of assets is taking verified. asset collection. set up. place. Possible Audit trails. supporting Formal or informal feedback records. sources Explanatory notes Assets are created with end users in mind. The Institution needs some mechanism whereby they relate the user experience to the actual assets. User evaluation will be an indicator here. For example, an Institution's journal subscription and purchasing policy is based on the assumption that the University is interested in acquiring regular assets on a specific researched subject area. But circumstances may change and unless you have a measurement mechanism you could be wasting time money and effort in generating and maintaining assets that are not really needed. 14
  16. 16. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation Metadata creation is not Academic staff are Cataloguing and Metadata is embedded Metadata meets Element 08: managed. empowered to create archival skills available in institutional workflow, externally recognised basic metadata. to support programmes using appropriate standards and is Metadata for metadata creation. standards. integrated across management systems. No guidance to staff for Metadata schemas are Metadata conforms to Internal and externally- Metadata management Indicators / metadata creation. being invented ad-hoc standards of acquired assets are is capable of flexibility No policy for external by individuals or lone interoperability. governed by and expanding to meet exemplars assets' metadata. departments. appropriate guidance. the requirements of all stakeholders and partnerships. Possible Written procedures and guidance for all aspects of the management of metadata. supporting Written procedures for managing the metadata of externally-acquired assets. sources Explanatory notes See also TECHNOLOGY 10. This element is about metadata creation policies and whether they are working. Institutional assets are not tagged with as much management metadata as we would like. When completing this element, consider the value of improved object or collection metadata (such as retention periods or expected use), which may help you to recognise the value of metadata which is created or applied as part of normal workflow. Take external acquisitions into account. External assets may lack metadata. Metadata may need conversion, or it may need adding to. The risk is that metadata could be lost, or duplicated, if you lack a policy for its management. External acquisitions may require a mixed policy, one which allows for the addition of new metadata and the management of existing metadata. 15
  17. 17. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No consistent mention Best practice is hard to Obligations for asset Detailed contractual Consortial agreement or Element 09: of asset management in align with actual staff management creation agreements in place for other collaborative agreements. practices. are defined. all departments. contracts in place. Contractual Some alignment with Comprehensive deposit agreements team-working and guidelines and transfer cross-departmental agreements in place. practices. Agreements aligned with team working. Room for negotiation. Staff rarely use 'Gentleman's Most staff are aware of All staff work within a All staff work within an Indicators / contracts or agreements'; too many how agreements affect comprehensive agreed collaborative agreements when implicit understandings their work. contractual framework. framework. exemplars creating digital assets. in contracts. Possible Contracts. supporting Agreements. Related guidelines. sources Deposit and transfer guidelines. 16
  18. 18. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No clarity on ownership Basic awareness of Programme of Institutional confidence Formal shared Element 10: or rights associated with departmental awareness-raising in integrity of rights agreements between digital assets. ownership, but rights across Departments is information. organisations (internal Intellectual management issues are underway. and external) to Property Rights still very implicit. establish clear and rights ownership of assets. management Assets may exist where Departments still Basic understanding of Mechanisms are in Rights management Indicators / the rights are unknown unsure of which assets ownership place for detecting works through or have expired. they are responsible for. responsibilities and expiration of rights, collaboration with exemplars Rights management not rights issues. where needed. partners. fully understood. Expiry period is not clearly understood. Possible IR deposit agreements. supporting sources Explanatory notes This element is concerned with the Institution's overall understanding of who owns the rights on its assets, and when these rights expire. Its main concern is with copyright and IPR for assets deposited in an IR, but general "ownership" issues are of interest too, if the assets are corporate records. 17
  19. 19. AIDA self-assessment toolkit - © 2008 University of London Computer Centre ORGANISATION LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Organisation No written disaster plan. Mini-disaster triggers Written disaster plan is Disaster plan is Disaster plan is shared Element 11: No business continuity awareness that a in development. embedded within with external partners. plan. disaster plan is needed. Written business institutional practice. Disaster planning continuity plan is in Business continuity plan and business development. is embedded within continuity institutional practice. Project manager for Plans are reviewed Indicators / disaster and continuity regularly. has been appointed. Plans are exemplars communicated to all staff. Plans have gained organisational acceptance. Possible ISO 17799 certification. supporting Disaster and recovery plans. Service continuity plan. sources Business continuity plan. Documentation linking roles with activities. Explanatory notes This element refers to the creation and organisational acceptance of the disaster plan and/or business continuity plan. See TECHNOLOGY 09 for implementation and testing of these plans. 18
  20. 20. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Infrastructure does not Infrastructure meets Infrastructure allows or Technological Infrastructure is Element 01: allow or encourage local/departmental encourages sharing of infrastructure is distributed and good asset needs, but it is difficult assets. adequate to sustain integrated with national Technological management. to do anything outside asset management and international infrastructure narrow institutional across the institution. elements of boundaries. Technological infrastructure. infrastructure is well- supported. Infrastructure is Gradual awareness that Infrastructure is in Infrastructure is Technical infrastructure Indicators / decentralised, or has sharing certain process of being sufficient for the is well organised and too many disparate resources is necessary assessed in terms of organisation’s needs highly integrated. Links exemplars components. for adequate operation suitability for asset and is supported using to appropriate external No formal asset list. of service. management. appropriate SLAs etc. services. Upgrades and enhancements are planned and budgeted for. Formal asset list exists. Possible Technical architecture documentation. supporting Software inventory. System documentation. sources Support contracts. Use of strongly community-supported software. Assessment 2: Technology Leg 19
  21. 21. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Technologies are Realisation that Planning and Appropriate hardware Appropriate hardware Element 02: mixed, decentralised, appropriate hardware identification of and software and software disparate, mismatched, and software appropriate technologies technologies Appropriate or non-existent. technologies need to be technologies according infrastructure for infrastructure for the technologies considered over long- to specific needs. management, storage collaborative term in relation to and access of assets management of assets. management of assets. across the entire Planning process institution. begins. Hardware and software Use of compatible Institution is re- Infrastructure Distributed and Indicators / are failing to support the software across multiple assessing its investment is planned, integrated technologies. creation and departments. technology investment to meet the institution's exemplars management of digital Definition of policy and needs. assets. requirements. infrastructure. Basic access needs are Most hardware meeting not met. individual user needs. Hardware and software is purchased ad-hoc in response to department's requests. Incompatible software and hardware in place across the organisation. Many technologies are project-driven and over- specific. Possible Technology watch. supporting Documentation of procedures. Designated community profiles. sources User needs evaluation. Hardware inventory. 20
  22. 22. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Explanatory notes See also ORGANISATION 04 and RESOURCES 03. Your response to this element may depend on the sort of assets that are in scope. If considering open-access materials, does your institution have the appropriate technologies for allowing access to these assets at any time? If some form of management of assets is required, the appropriate technologies may be those which handle long-term retention, or offer increased protection and managed access for particularly valuable assets. 21
  23. 23. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology No backup policy. Backup and copying Managed regular Backup function exists Backup functions exist Element 03: Storage of digital assets functions in place in backup is taking place for all assets. outside the allows existence of response to specific based on Backup anticipates organisation. Ensuring uncontrolled copies. threats of loss. local/departmental growth of asset Copying of assets takes availability and needs. collection. place outside the integrity Other types of asset organisation in a protection than backup distributed way. exist, more suited to Synchronisation is an long-term retention. integrated feature. Lack of coherent Backup services are Backup services are Multiple copies Multiple copies Indicators / backup policy has led to largely reactive. pro-active. managed and synched. managed and synched. inaccessible or lost Multiple copies of Institution is evolving Number and location of Number and location of exemplars assets. assets may exist but no different copying all copies is known. all copies is known. Assets cannot always evidence of copy policies for different Storage program Storage program be located precisely; synching. classes of digital includes backup and includes backup and many ambiguous Minor disaster leads to assets. offsite storage for offsite storage for locations. focus on ensuring backups. backups. Master copies not synchronisation Storage program clearly identifiable. planning. manages unchanging assets separately and recognises their existence. Possible Documentation of what is being backed up and how often. Random retrieval tests. supporting Audit log/inventory of backups. System tests. Validation of completed backups. Location register/log of digital assets. sources Disaster recovery plan. Workflows. Testing of backups. System analysis of how long it takes for copies to synchronize. Support contracts for hardware and software for backup Procedures/documentation of operating procedures related to mechanisms. updates and copy synchronization. 22
  24. 24. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Explanatory notes See also ORGANISATION 05. Ensuring the availability and the integrity of assets involves activities such as backup, synchronisation, and management of the location of copies. Note that institutions at Stage 4 may be using methods other than backup to protect their assets that require long-term retention. Copies are not just made for protection; copies can be made to optimise best use of the asset. For example where there are multiple sites with the same data, copying can be a way of managing bandwith and bringing the assets nearer to the users. Even so 'master copies' still need to be identified. There is also the possibility of making multiple copies to protect valuable data. Where multiple copies exist, are they all in synch, and do you know that they are? 23
  25. 25. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Detection processes for Processes exist for Policies and procedures Processes exist for All incidents of data Element 04: data corruption, if any, detection, avoiding and are being developed, detection, avoiding and corruption or loss, and are ineffective. repairing loss but they but not yet centralised. repairing loss. steps taken to Integrity of Storage and other fall short of what is Storage program repair/replace corrupt or information media untested. tolerated within the includes media testing lost data are reported to policy. program. the external or consortial administration. Data corruption goes Initiation of error Assessment of storage Preventative detection The institution records, Indicators / unnoticed. checking and media media is underway. checks taking pace reports, and repairs testing and planning. Detection processes regularly. where possible all exemplars becoming more pro- violations of data active. integrity. System is capable of notifying system administrators of any logged problems. Possible Documents that specify bit error detection and correction mechanisms used. supporting Risk analysis. Error reports. sources Threat analyses. Explanatory notes See also ORGANISATION 05. There is also overlap with the Obsolescence element, TECHNOLOGY 05 (next). This element is about your capability for dealing with corruption (of bitstreams, or decaying storage media). 24
  26. 26. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Institution suspects it Survey of obsolescent The institution has a Obsolescence is dealt Automated notification Element 05: may have some digital materials is underway. good understanding of with pro-actively, and systems in place. materials that cannot be the obsolescence there are contingencies Obsolescence mounted, read or issues across many / all in place for future accessed. its departments. eventualities arising from obsolescence. Institution is unaware of Loss of digital assets Awareness within the Actions are taken for File format registries Indicators / possible data losses or through obsolescence institution that dealing with obsolete and open-source that data may be held triggers awareness of hardware, software and file formats, storage software are widely exemplars on obsolete media or in the problem. media obsolescence media, storage drives, used. obsolete file formats. issues are more hardware and software. effectively dealt with before obsolescence occurs. Action being taken to mitigate the effects of obsolescence. Possible supporting sources Explanatory notes See also ORGANISATION 05. 25
  27. 27. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Processes are not Realisation of the Beginnings of Documented process to Identification of Element 06: sufficiently documented importance of documentation of notify about changes appropriate external when changed. identifying critical changes to critical and resulting actions. partners who may assist Changes to processes as well as processes and with change critical processes changes. identification of documentation. appropriate responses. No awareness of critical Changes to processes Institution manages processes. are recognised, but it is changes in processes in not known if they affect data management, Indicators / compliance with the access, archival exemplars Institution's mandatory storage, ingest, and policies. security. It is known what changes were made and when they were made. Traceability makes it possible to understand what was affected by particular changes to the systems. Possible Documentation of change management process. supporting Comparison of logs of actual system changes to processes versus associated analyses of their impact and criticality. sources 26
  28. 28. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology No systematic analysis Initial planning and Information Systematic analysis of Regular analysis Element 07: of the information analysis of the environment is being the information addresses external environment and no information examined in terms of its environment takes threats and denial of Security of security. environment. suitability for the place, to ensure service attacks. environment No access control. security of digital security. assets. Program includes access-controlled area for storage media. Institution maintains a Indicators / systematic analysis of such factors as data, exemplars systems, personnel, physical plant, and security needs. Possible ISO 17799 / 27001 certification. supporting Documentation describing analysis and risk assessments undertaken and their outputs. Logs from environmental recorders. sources Confirmation of successful staff vetting. 27
  29. 29. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Security needs are not Security needs Security mechanisms Processes are in place Security needs are well Element 08: defined. increasingly defined but are developing and to address defined defined and integrated, Networks may be not yet widely becoming more pro- security needs. taking external Security insecure. implemented. active. dependencies into mechanisms account. No firewall on internet Firewall installed, but Firewall policies are Firewall policy rules Fully configured firewall Indicators / link. with basic configuration managed but not overly force deny-all. in place. No definition of security to protect key systems restrictive. Policies are reviewed Logs are checked daily. exemplars role in job descriptions. only. regularly. System file integrity checking in place. Possible ISO 17799 / 27001 certification. supporting System control list. Risk, threat, or control analyses. sources Addition of controls based on ongoing risk detection and assessment. 28
  30. 30. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology No written disaster plan Business continuity Disaster and continuity Disaster plan is Responsibilities for Element 09: or continuity plans. needs are increasingly plans are written, but implemented and disaster recovery are defined but not yet awaiting implementation tested. shared with external Implementation of expressed as planning and testing. Processes in place for partners. disaster recovery documents. disaster and business plan Disaster impact recovery. scenarios are being defined and threat analysis is underway. Plans are tested It is possible to identify Indicators / regularly. who can assist All staff are aware of externally in event of exemplars plan. disaster. Plans are tested regularly. Possible ISO 17799 certification. supporting Disaster and recovery plans. Business continuity plan. sources Service continuity plan. Documentation linking roles with activities. Explanatory notes See also ORGANISATION 11. 29
  31. 31. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Metadata creation is not Tools for creating Most departments have Automated metadata Automated metadata Element 10: automated, nor metadata are in technological capability tools (eg metadata tools are available and integrated with assets development and being for automated metadata extraction, authoring) are fully integrated with Metadata creation at their creation stage. tested. creation, but the are available and are asset management schema are not fully integrated with cycle across the centralised. asset management Institution and its cycle across the external partnerships. Institution. Indicators / exemplars Possible supporting sources Explanatory notes See also ORGANISATION 08. This element is concerned with your Institution's technological capacity to create metadata, and the capacity to automate that process. 30
  32. 32. AIDA self-assessment toolkit - © 2008 University of London Computer Centre TECHNOLOGY LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Technology Assets are not Need for repository Repository Digital repository Consortial digital Element 11: managed in a identified. Planning for infrastructure is being arrangements for repository repository. repository infrastructure established. Managed managing asset arrangements are in Institutional started. programme is underway collections are place. Repository across the institution to established in-house. protect the integrity of its digital assets. Longevity of data could Local projects put in Institution has IR but it Assets are protected; Digital assets are Indicators / be at risk. place to assure can't accept or manage the longevity of the data secure, and retrievable Retrievability is not protection of some all known asset types, is assured. by others. exemplars made easy. departmental assets. or manage appropriate Institution has IR Institution has no IR. Institution has IR at pilot levels of restriction. capable of handling all stage. its valuable assets with appropriate security levels. Possible supporting sources Explanatory notes Not all Universities or HFEs have an Institutional Repository (IR), although the JISC are making some assumptions about their use in the HFE sector. An Institutional Repository could be managed using DSpace, Fedora or ePrints, but it could easily be any centralised or shared repository that enables sharing of resources. Some characteristics of an IR might include managed access; automated metadata creation; remote submission; preservation. Your response here will reflect the stages of availability and overall use made of the IR. Is it just a pilot? Can it take restricted materials? Can it take research data? Can it handle records and perform records management functions? If you don't have an IR at all, score yourself at Stage 1. 31
  33. 33. AIDA self-assessment toolkit - © 2008 University of London Computer Centre RESOURCES LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Resources Business plan not yet A business plan that A business plan is Processes are in place Business partnerships Element 01: written. helps sustainability of written and in process throughout the and consortial assets is on the of implementation. Institution to support agreements help to Business planning agenda. sustainability of assets. support sustainability of process assets. Very low level of Process for a business Objectives and Sustainable funding for Income is generated Indicators / financial commitment. plan is being developed strategies are being set core programme areas. through third-party with help of key staff. up and all staff notified. Income and assets are partnerships and exemplars generated through external grants. services. Distributed financial management between organisations may be possible. Possible Business plan. supporting Annual financial reports. Operating plans. sources Budgets. Financial forecasts. Assessment 3: Resources Leg 32
  34. 34. AIDA self-assessment toolkit - © 2008 University of London Computer Centre RESOURCES LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Resources No review mechanisms Initiation of business Business review groups Institutional processes Institution can Element 02: exist. review groups. established and are in place to regularly demonstrate its Departments review meeting on a regular review and adjust responses to external Review of their local business basis. business plan. audits. business plan procedures. Departments review Departments have Reviews taking place Cyclical planning Institution undergoes Indicators / their business plans in review processes, but sporadically. processes are regular external audits ad-hoc fashion, or not they are unstructured performed annually. to ensure quality of its exemplars at all. and uncoordinated. policies. Possible Business plan. supporting Audit planning records and results. Financial forecasts. sources Recent audits. 33
  35. 35. AIDA self-assessment toolkit - © 2008 University of London Computer Centre RESOURCES LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Resources Allocation of Some one-off asset Long-term planning of Policy and dedicated Dedicated resources Element 03: technological resources projects are successful resource allocation is funds available for are shared in a common does not match the when seeking allocation taking place at senior technology pool. Technological scale of the asset of resources. level. development. resources collections. allocation Policies are inflexible. Certain asset Institution is aware of Institution is fully Distributed and Indicators / It is rarely possible to collections are better disproportionate capable of assigning integrated technologies obtain an increased resourced than others; allocation and is pro- the necessary are in place. exemplars allocation of (eg ) some may suffer from actively reassessing its technological resources network capacity or inadequate resource allocation of technology to all its important and server capacity when allocation, not enough resources. valuable asset needed. storage space. collections. Technology watch is in place for emerging technologies and future needs are anticipated. Possible supporting sources Explanatory notes See also ORGANISATION 04 and TECHNOLOGY 02. This element is about having the accessible technological resources to hand when needed, for asset management. Your response could vary to reflect the degrees of severity of the problem, e.g. knowning whether more network or more disk capacity can be made available when needed. If the driving force behind technological resources is not related to the scale of the asset collection, then things could be problematic. One example is bandwith allocation always being based on the number of students who use it; an inflexible policy means you can never expand that allocation. 34
  36. 36. AIDA self-assessment toolkit - © 2008 University of London Computer Centre RESOURCES LEG Level of implementation Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Resources Risks associated with Some departmental Institution has identified Institution shows Risk analysis is based Element 04: assets not yet identified. awareness of local risks and documented some ongoing commitment to on international attached to their asset risk categories for its risk analysis. standards as well as Risk analysis management. digital assets, but All staff aware of the incorporating external balance is not risk management plan. assistance. maintained. External dependencies increase the institutional risk appetite. No formal risk analysis. Mini-crisis will trigger Risk assessment Institution can Consortium or Indicators / local efforts at becomes more demonstrate a level of partnership can assessing possible cohesive and planned, risk analysis that is demonstrate a level of exemplars localised risks. using a model for appropriate to risk analysis that is predicting and planning. management of its appropriate to asset collections. management of its asset collections. Possible Risk register. supporting Technology infrastructure investment planning documents. Cost benefit analyses. sources Financial investment documents and portfolios. Licenses and contracts. Evidence of revision based on risk. Explanatory notes See also ORGANISATION 05 and TECHNOLOGY 03, 04, 05. There may also be some overlap with ORGANISATION 11 and TECHNOLOGY 09. 35