SlideShare a Scribd company logo

Trust and repository audit: can repository managers assure trustworthiness?

Download as PPT, PDF
C
Chris Rusbridge

Presentation to PASIG Malta 2009. Discusses trust, audit, and repository audit approaches

TechnologyBusiness
1 of 25
because good research needs good data Trust and repository audit: can repository managers assure trustworthiness? Chris Rusbridge June 2009 Funded by: © Digital Curation Centre, 2009. Licensed under Creative Commons BY-NC-SA 2.5 Scotland: http://creativecommons.org/licenses/by-nc-sa/2.5/scotland/
because good research needs good data Outline • Trust • Audit • Repository audit approaches • Checklist-based • Enhancement-based • Preparing for audit DCC Sun PASIG Malta June 2009
because good research needs good data Trusted Digital Repositories DCC Sun PASIG Malta June 2009
because good research needs good data Trustworthy? • Trust is directed at something by others • Trustworthy could be: • Capable of being depended upon • Worthy of belief, as because of precision or faithfulness to an original • Archives, in themselves and their contents, need to be trustworthy in both ways DCC Sun PASIG Malta June 2009
because good research needs good data Trust 1 • “trust, faith, confidence, reliance, dependence. These nouns denote a feeling of certainty that a person or thing will not fail. Trust implies depth and assurance of feeling that is often based on inconclusive evidence: ‘The mayor vowed to justify the trust the electorate had placed in him’” • “Firm reliance on the integrity, ability, or character of a person or thing” •The Free Dictionary • "To trust is to willingly relinquish control, making yourself vulnerable to someone else for a certain outcome or consequence. Trust grows as a result of positive experiences accumulated over time." Ken Buist DCC Sun PASIG Malta June 2009
because good research needs good data Trust 2 • “I cannot give them my confidence; pardon me, gentlemen, confidence is a plant of slow growth in an aged bosom: youth is the season of credulity” - William Pitt The Elder •Quotationsbook.com • “There’s far too much trust in this room, and far too little paranoia” - David Rosenthal • “Trust but verify” - Ronald Reagan & old Russian proverb DCC Sun PASIG Malta June 2009
because good research needs good data Trust evolution • Trust is gained slowly, damaged easily • Even by events not directly related to aims & objectives (eg MPs expenses) • But even art library provenance fraud (eg Drewe/Myatt) substantiating forgeries doesn’t completely kill trust DCC Sun PASIG Malta June 2009
because good research needs good data Who must trust archives, and how? • Funders • That the archive will keep resources at reasonable cost • Depositors • That the archive will keep resources secure and make them appropriately available • Consumers • That the resources in the archive are discoverable, usable and authentic DCC Sun PASIG Malta June 2009
because good research needs good data Dimensions of repository trust • Your repository shall: • Keep your objects, securely • Make them findable, to appropriate consumers • Produce them, to appropriate consumers • With demonstrable authenticity • Over time • At appropriate cost DCC Sun PASIG Malta June 2009
because good research needs good data Types of (internet) trust • Access Trustor’s resources • Provision of services by Trustee • Certification of Trustee • Delegation • Infrastructure Trust •Grandison, T., & Sloman, M. (2001). • A Survey of Trust in Internet Applications. •IEEE Communications Surveys and Tutorials. DCC Sun PASIG Malta June 2009
because good research needs good data Trust and certification models • Social trust (eg selecting a builder): • Combination of de-centralised and centralised • Personal experience • Recommendations from those you trust • Holds certificate of competence • Centralised (cf X.509) • Web site certificates, verified by certificate chain • Accredited auditors approach • De-centralised (cf PGP) • Certification by a web of people, building cumulative trust • Eg eBay approach • More computational: Konfidi, Advogato, etc DCC Sun PASIG Malta June 2009
because good research needs good data Audit • Formal procedure to establish confidence (usually in the processes of an institution), according to a defined approach • Eg financial audit • Security audit • Quality audit • Eg University QAA audits “Audit … tests claims made by an institution but does not compare them against a benchmark… it doesn’t actually look at people teaching” •Attwood, THES 11 June 2009 •quoting Philip Jones DCC Sun PASIG Malta June 2009
because good research needs good data Audit • Audits rarely comprehensive • Usually samples transactions, policies etc • Should be evidence-based • ISO enhancement-based approach • ISO 9000, ISO 27000 • Plan-Do-Check-Act DCC Sun PASIG Malta June 2009
because good research needs good data Plan (establish the Information Establish ISMS policy, objectives, processes and Security Management System, procedures relevant to managing risk and ISMS) improving information security to deliver results in accordance with an organization’s overall policies and objectives. Do (implement and operate the Implement and operate the ISMS policy, controls, ISMS) processes and procedures. Check (monitor and review the Assess and, where applicable, measure process ISMS) performance against ISMS policy, objectives and practical experience and report the results to management for review. Act (maintain and improve the Take corrective and preventive actions, based on ISMS) the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS. DCC Sun PASIG Malta June 2009
because good research needs good data Repository audit approaches • Checklist-based standards • Good practice standards • Enhancement-based standards DCC Sun PASIG Malta June 2009
because good research needs good data Checklist-based • Most stem from Trusted Digital Repository work • TRAC • nestor catalogue of criteria • CCSDS RAC standardisation work • Data Seal of Approval • Simplified version DCC Sun PASIG Malta June 2009
because good research needs good data Repository Audit & Certification • Still in progress • To lead to CCSDS & ISO standard • “4.1.3 THE REPOSITORY SHALL HAVE SPECIFICATIONS ENABLING RECOGNITION AND PARSING OF THE SIPS” “4.2.1 THE REPOSITORY SHALL HAVE AN ASSOCIATED, PRINTABLE DEFINITION FOR EACH AIP OR CLASS OF AIPS PRESERVED BY THE REPOSITORY THAT IS ADEQUATE FOR PARSING THE AIP AND FIT FOR LONG-TERM PRESERVATION NEEDS” etc DCC Sun PASIG Malta June 2009
because good research needs good data IBM Haifa tool DCC Sun PASIG Malta June 2009
because good research needs good data Good practice standards • Auditing feasible but not built-in • BS 5454 “Recommendations for the storage and exhibition of archival documents” • ISO 14721 “Open archival information systems: reference model” • ISO 15489 “Records management” • PAS 197 “Code of practice for cultural collections management” DCC Sun PASIG Malta June 2009
because good research needs good data Enhancement-based • ISO 9001 “Quality management systems — Requirements” • ISO 14001 “Environmental management systems — Requirements with guidance for use” • ISO 27001 “Information security management systems — Requirements” • Information Security means “preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non- repudiation and reliability can also be involved” • DRAMBORA • Digital Repository Audit Method Based on Risk Assessment DCC Sun PASIG Malta June 2009
because good research needs good data Preparing for audit • Be trustworthy! • Do what you say you will • Be transparent • Keep proper records • Aim for good practice • Need at least to have a position re OAIS etc • Try a self-assessment • Data Seal of Approval may be a good start • DRAMBORA for more comprehensive approach DCC Sun PASIG Malta June 2009
because good research needs good data Data seal of approval • Drafted by DANS, now with independent Board • 16 guidelines • 3 for data producer • 10 for data repository, eg • “5. The data repository uses due diligence to ensure compliance with legal regulations and contracts. • 6. The data repository applies documented processes and procedures for managing data storage. • 7. The data repository has a plan for long-term preservation of its digital assets.” • 3 for data consumer • Self assessment instrument, submit to Board DCC Sun PASIG Malta June 2009
because good research needs good data DRAMBORA • Self-audit • Understand objectives • Understand staffing • Understand risks • Manage risks… DCC Sun PASIG Malta June 2009
because good research needs good data "Trust is the lubrication that makes it possible for organizations to work." - Warren Bennis But… Funded by: © Digital Curation Centre, 2009. Licensed under Creative Commons BY-NC-SA 2.5 Scotland: http://creativecommons.org/licenses/by-nc-sa/2.5/scotland/
because good research needs good data Preservation’s dirty little secret: Backup • IT departments discouraging researchers from keeping their data on the backed-up part of their systems: volume, expense… • System quota 5 GB, laptop disk 150 GB • And… 500 GB self-powered disk < £100! • Researchers use many different tools: Mac, Windows, Linux; desktop, laptop; on-site, off-site; corporate, self-managed etc • No good, standardised way to organise backup • Need standard, simple, cheap, reliable, flexible, scalable backup tools • Job for SNIA, PASIG, Sun etc? DCC Sun PASIG Malta June 2009

Recommended

Starting a Digital Preservation Program
Starting a Digital Preservation ProgramStarting a Digital Preservation Program
Starting a Digital Preservation Program
Sarah Shreeves
 
Apresentação GT - Digital Preservation
Apresentação GT - Digital PreservationApresentação GT - Digital Preservation
Apresentação GT - Digital Preservation
Roberto Beraldo Chaiben
 
Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...
JISC KeepIt project
 
Preserving repository content: practical steps for repository managers by Mig...
Preserving repository content: practical steps for repository managers by Mig...Preserving repository content: practical steps for repository managers by Mig...
Preserving repository content: practical steps for repository managers by Mig...
JISC KeepIt project
 
Trusted Repositories
Trusted RepositoriesTrusted Repositories
Trusted Repositories
DigitalPreservationEurope
 
Smithsonian Trustworthy Digital Repository Roundtable
Smithsonian Trustworthy Digital Repository RoundtableSmithsonian Trustworthy Digital Repository Roundtable
Smithsonian Trustworthy Digital Repository Roundtable
Kara Van Malssen
 
Introduction to digital curation
Introduction to digital curationIntroduction to digital curation
Introduction to digital curation
Michael Day
 
Disciplinary dimensions of digital curation: introduction and synthesis
Disciplinary dimensions of digital curation: introduction and synthesisDisciplinary dimensions of digital curation: introduction and synthesis
Disciplinary dimensions of digital curation: introduction and synthesis
Chris Rusbridge
 

Recommended

Starting a Digital Preservation Program
Starting a Digital Preservation ProgramStarting a Digital Preservation Program
Starting a Digital Preservation Program
Sarah Shreeves
 
Apresentação GT - Digital Preservation
Apresentação GT - Digital PreservationApresentação GT - Digital Preservation
Apresentação GT - Digital Preservation
Roberto Beraldo Chaiben
 
Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...Transforming repositories: from repository managers to institutional data man...
Transforming repositories: from repository managers to institutional data man...
JISC KeepIt project
 
Preserving repository content: practical steps for repository managers by Mig...
Preserving repository content: practical steps for repository managers by Mig...Preserving repository content: practical steps for repository managers by Mig...
Preserving repository content: practical steps for repository managers by Mig...
JISC KeepIt project
 
Trusted Repositories
Trusted RepositoriesTrusted Repositories
Trusted Repositories
DigitalPreservationEurope
 
Smithsonian Trustworthy Digital Repository Roundtable
Smithsonian Trustworthy Digital Repository RoundtableSmithsonian Trustworthy Digital Repository Roundtable
Smithsonian Trustworthy Digital Repository Roundtable
Kara Van Malssen
 
Introduction to digital curation
Introduction to digital curationIntroduction to digital curation
Introduction to digital curation
Michael Day
 
Disciplinary dimensions of digital curation: introduction and synthesis
Disciplinary dimensions of digital curation: introduction and synthesisDisciplinary dimensions of digital curation: introduction and synthesis
Disciplinary dimensions of digital curation: introduction and synthesis
Chris Rusbridge
 
Katharine Bagshaw Effective Documentation
Katharine Bagshaw Effective DocumentationKatharine Bagshaw Effective Documentation
Katharine Bagshaw Effective Documentation
International Federation of Accountants
 
Ensuring data quality
Ensuring data qualityEnsuring data quality
Ensuring data quality
IUPUI
 
The art of depositing social science data: maximising quality and ensuring go...
The art of depositing social science data: maximising quality and ensuring go...The art of depositing social science data: maximising quality and ensuring go...
The art of depositing social science data: maximising quality and ensuring go...
Louise Corti
 
ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation
ARDC
 
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...
Jesse Wilkins
 
IWMW 2002: QA for web sites
IWMW 2002: QA for web sitesIWMW 2002: QA for web sites
IWMW 2002: QA for web sites
IWMW
 
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...
Jesse Wilkins
 
75 libraries 4
75 libraries 475 libraries 4
75 libraries 4
Society for Scholarly Publishing
 
Grampian safe haven, research data network
Grampian safe haven, research data networkGrampian safe haven, research data network
Grampian safe haven, research data network
Jisc RDM
 
DATAD-R: Criteria for Trusted African Institutional Repositories
DATAD-R: Criteria for Trusted African Institutional RepositoriesDATAD-R: Criteria for Trusted African Institutional Repositories
DATAD-R: Criteria for Trusted African Institutional Repositories
Academy of Science of South Africa (ASSAf)
 
RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...
RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...
RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...
ASIS&T
 
Trillium Discovery for Collibra
Trillium Discovery for CollibraTrillium Discovery for Collibra
Trillium Discovery for Collibra
Precisely
 
Criteria for a trusted institutional repository
Criteria for a trusted institutional repositoryCriteria for a trusted institutional repository
Criteria for a trusted institutional repository
Ina Smith
 
Ingrid Dillo - Trustworthy repositories for open research data
Ingrid Dillo - Trustworthy repositories for open research dataIngrid Dillo - Trustworthy repositories for open research data
Ingrid Dillo - Trustworthy repositories for open research data
dri_ireland
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
Academy of Science of South Africa (ASSAf)
 
Archive service accreditation digital developments for ARA Conference 2016
Archive service accreditation digital developments for ARA Conference 2016Archive service accreditation digital developments for ARA Conference 2016
Archive service accreditation digital developments for ARA Conference 2016
Melinda Haunton
 
Ladies Be Architects - Study Group II: Data Governance
Ladies Be Architects - Study Group II: Data GovernanceLadies Be Architects - Study Group II: Data Governance
Ladies Be Architects - Study Group II: Data Governance
gemziebeth
 
Keepit Course 5: Tools for Assessing Trustworthy Repositories
Keepit Course 5: Tools for Assessing Trustworthy RepositoriesKeepit Course 5: Tools for Assessing Trustworthy Repositories
Keepit Course 5: Tools for Assessing Trustworthy Repositories
JISC KeepIt project
 
Bringing Value to the Business through CSI
Bringing Value to the Business through CSIBringing Value to the Business through CSI
Bringing Value to the Business through CSI
Cherwell Software
 
Engaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciencesEngaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciences
Louise Corti
 
The Distributed National Electronic Resource and the Electronic Libraries Pro...
The Distributed National Electronic Resource and the Electronic Libraries Pro...The Distributed National Electronic Resource and the Electronic Libraries Pro...
The Distributed National Electronic Resource and the Electronic Libraries Pro...
Chris Rusbridge
 
JISC Digital Library initiatives
JISC Digital Library initiativesJISC Digital Library initiatives
JISC Digital Library initiatives
Chris Rusbridge
 

More Related Content

Similar to Trust and repository audit: can repository managers assure trustworthiness?

Similar to Trust and repository audit: can repository managers assure trustworthiness? (20)

Katharine Bagshaw Effective Documentation
Katharine Bagshaw Effective DocumentationKatharine Bagshaw Effective Documentation
Katharine Bagshaw Effective Documentation
 
Ensuring data quality
Ensuring data qualityEnsuring data quality
Ensuring data quality
 
The art of depositing social science data: maximising quality and ensuring go...
The art of depositing social science data: maximising quality and ensuring go...The art of depositing social science data: maximising quality and ensuring go...
The art of depositing social science data: maximising quality and ensuring go...
 
ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation
 
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...
20231219 ARMA Florida Gulf Coast How to Select the Right Certifications for Y...
 
IWMW 2002: QA for web sites
IWMW 2002: QA for web sitesIWMW 2002: QA for web sites
IWMW 2002: QA for web sites
 
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...
20231005 ARMA San Diego RIM-IG Certifications and the Path to Professional De...
 
75 libraries 4
75 libraries 475 libraries 4
75 libraries 4
 
Grampian safe haven, research data network
Grampian safe haven, research data networkGrampian safe haven, research data network
Grampian safe haven, research data network
 
DATAD-R: Criteria for Trusted African Institutional Repositories
DATAD-R: Criteria for Trusted African Institutional RepositoriesDATAD-R: Criteria for Trusted African Institutional Repositories
DATAD-R: Criteria for Trusted African Institutional Repositories
 
RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...
RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...
RDAP14: Policy Recommendations for Institutions to Serve as Trustworthy Stewa...
 
Trillium Discovery for Collibra
Trillium Discovery for CollibraTrillium Discovery for Collibra
Trillium Discovery for Collibra
 
Criteria for a trusted institutional repository
Criteria for a trusted institutional repositoryCriteria for a trusted institutional repository
Criteria for a trusted institutional repository
 
Ingrid Dillo - Trustworthy repositories for open research data
Ingrid Dillo - Trustworthy repositories for open research dataIngrid Dillo - Trustworthy repositories for open research data
Ingrid Dillo - Trustworthy repositories for open research data
 
Building blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositoriesBuilding blocks for success: criteria for trusted institutional repositories
Building blocks for success: criteria for trusted institutional repositories
 
Archive service accreditation digital developments for ARA Conference 2016
Archive service accreditation digital developments for ARA Conference 2016Archive service accreditation digital developments for ARA Conference 2016
Archive service accreditation digital developments for ARA Conference 2016
 
Ladies Be Architects - Study Group II: Data Governance
Ladies Be Architects - Study Group II: Data GovernanceLadies Be Architects - Study Group II: Data Governance
Ladies Be Architects - Study Group II: Data Governance
 
Keepit Course 5: Tools for Assessing Trustworthy Repositories
Keepit Course 5: Tools for Assessing Trustworthy RepositoriesKeepit Course 5: Tools for Assessing Trustworthy Repositories
Keepit Course 5: Tools for Assessing Trustworthy Repositories
 
Bringing Value to the Business through CSI
Bringing Value to the Business through CSIBringing Value to the Business through CSI
Bringing Value to the Business through CSI
 
Engaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciencesEngaging with students and researchers: the case of the social sciences
Engaging with students and researchers: the case of the social sciences
 

More from Chris Rusbridge

Practical steps towards digital preservation at institutional levels
Practical steps towards digital preservation at institutional levelsPractical steps towards digital preservation at institutional levels
Practical steps towards digital preservation at institutional levels
Chris Rusbridge
 
LOCKSS UK, with a focus on reporting experience
LOCKSS UK, with a focus on reporting experienceLOCKSS UK, with a focus on reporting experience
LOCKSS UK, with a focus on reporting experience
Chris Rusbridge
 
Frequently-asked questions on Freedom of Information and Environmental Inform...
Frequently-asked questions on Freedom of Information and Environmental Inform...Frequently-asked questions on Freedom of Information and Environmental Inform...
Frequently-asked questions on Freedom of Information and Environmental Inform...
Chris Rusbridge
 

More from Chris Rusbridge (20)

The Distributed National Electronic Resource and the Electronic Libraries Pro...
The Distributed National Electronic Resource and the Electronic Libraries Pro...The Distributed National Electronic Resource and the Electronic Libraries Pro...
The Distributed National Electronic Resource and the Electronic Libraries Pro...
 
JISC Digital Library initiatives
JISC Digital Library initiativesJISC Digital Library initiatives
JISC Digital Library initiatives
 
Practical steps towards digital preservation at institutional levels
Practical steps towards digital preservation at institutional levelsPractical steps towards digital preservation at institutional levels
Practical steps towards digital preservation at institutional levels
 
The Licence Trap
The Licence TrapThe Licence Trap
The Licence Trap
 
Cautious Optimism: Cultivate your Garden
Cautious Optimism: Cultivate your GardenCautious Optimism: Cultivate your Garden
Cautious Optimism: Cultivate your Garden
 
Frequently-asked questions on Freedom of Information and Environmental Inform...
Frequently-asked questions on Freedom of Information and Environmental Inform...Frequently-asked questions on Freedom of Information and Environmental Inform...
Frequently-asked questions on Freedom of Information and Environmental Inform...
 
Dcc endeavour-2006
Dcc endeavour-2006Dcc endeavour-2006
Dcc endeavour-2006
 
Issues in long-term knowledge retention in engineering
Issues in long-term knowledge retention in engineeringIssues in long-term knowledge retention in engineering
Issues in long-term knowledge retention in engineering
 
Create, curate, re-use: the expanding life course of digital research data
Create, curate, re-use: the expanding life course of digital research dataCreate, curate, re-use: the expanding life course of digital research data
Create, curate, re-use: the expanding life course of digital research data
 
"Tomorrow, and tomorrow, and tomorrow": the players on the curation stage
"Tomorrow, and tomorrow, and tomorrow": the players on the curation stage"Tomorrow, and tomorrow, and tomorrow": the players on the curation stage
"Tomorrow, and tomorrow, and tomorrow": the players on the curation stage
 
Curation of scientifica data: Challenges for repositories
Curation of scientifica data: Challenges for repositoriesCuration of scientifica data: Challenges for repositories
Curation of scientifica data: Challenges for repositories
 
LOCKSS UK, with a focus on reporting experience
LOCKSS UK, with a focus on reporting experienceLOCKSS UK, with a focus on reporting experience
LOCKSS UK, with a focus on reporting experience
 
Saving private data, sharing Open Data? Role of libraries and institutional r...
Saving private data, sharing Open Data? Role of libraries and institutional r...Saving private data, sharing Open Data? Role of libraries and institutional r...
Saving private data, sharing Open Data? Role of libraries and institutional r...
 
Moving the repository upstream
Moving the repository upstreamMoving the repository upstream
Moving the repository upstream
 
Curating data for integrated science
Curating data for integrated scienceCurating data for integrated science
Curating data for integrated science
 
Dcc jsr phase 3
Dcc jsr phase 3Dcc jsr phase 3
Dcc jsr phase 3
 
The future of the DCC
The future of the DCCThe future of the DCC
The future of the DCC
 
Reference Model for Economically Sustainable Digital Curation
Reference Model for Economically Sustainable Digital CurationReference Model for Economically Sustainable Digital Curation
Reference Model for Economically Sustainable Digital Curation
 
Frequently-asked questions on Freedom of Information and Environmental Inform...
Frequently-asked questions on Freedom of Information and Environmental Inform...Frequently-asked questions on Freedom of Information and Environmental Inform...
Frequently-asked questions on Freedom of Information and Environmental Inform...
 
Blue Ribbon Task Force on Sustainable Digital Preservation
Blue Ribbon Task Force on Sustainable Digital PreservationBlue Ribbon Task Force on Sustainable Digital Preservation
Blue Ribbon Task Force on Sustainable Digital Preservation
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Trust and repository audit: can repository managers assure trustworthiness?

  • 1. because good research needs good data Trust and repository audit: can repository managers assure trustworthiness? Chris Rusbridge June 2009 Funded by: © Digital Curation Centre, 2009. Licensed under Creative Commons BY-NC-SA 2.5 Scotland: http://creativecommons.org/licenses/by-nc-sa/2.5/scotland/
  • 2. because good research needs good data Outline • Trust • Audit • Repository audit approaches • Checklist-based • Enhancement-based • Preparing for audit DCC Sun PASIG Malta June 2009
  • 3. because good research needs good data Trusted Digital Repositories DCC Sun PASIG Malta June 2009
  • 4. because good research needs good data Trustworthy? • Trust is directed at something by others • Trustworthy could be: • Capable of being depended upon • Worthy of belief, as because of precision or faithfulness to an original • Archives, in themselves and their contents, need to be trustworthy in both ways DCC Sun PASIG Malta June 2009
  • 5. because good research needs good data Trust 1 • “trust, faith, confidence, reliance, dependence. These nouns denote a feeling of certainty that a person or thing will not fail. Trust implies depth and assurance of feeling that is often based on inconclusive evidence: ‘The mayor vowed to justify the trust the electorate had placed in him’” • “Firm reliance on the integrity, ability, or character of a person or thing” •The Free Dictionary • "To trust is to willingly relinquish control, making yourself vulnerable to someone else for a certain outcome or consequence. Trust grows as a result of positive experiences accumulated over time." Ken Buist DCC Sun PASIG Malta June 2009
  • 6. because good research needs good data Trust 2 • “I cannot give them my confidence; pardon me, gentlemen, confidence is a plant of slow growth in an aged bosom: youth is the season of credulity” - William Pitt The Elder •Quotationsbook.com • “There’s far too much trust in this room, and far too little paranoia” - David Rosenthal • “Trust but verify” - Ronald Reagan & old Russian proverb DCC Sun PASIG Malta June 2009
  • 7. because good research needs good data Trust evolution • Trust is gained slowly, damaged easily • Even by events not directly related to aims & objectives (eg MPs expenses) • But even art library provenance fraud (eg Drewe/Myatt) substantiating forgeries doesn’t completely kill trust DCC Sun PASIG Malta June 2009
  • 8. because good research needs good data Who must trust archives, and how? • Funders • That the archive will keep resources at reasonable cost • Depositors • That the archive will keep resources secure and make them appropriately available • Consumers • That the resources in the archive are discoverable, usable and authentic DCC Sun PASIG Malta June 2009
  • 9. because good research needs good data Dimensions of repository trust • Your repository shall: • Keep your objects, securely • Make them findable, to appropriate consumers • Produce them, to appropriate consumers • With demonstrable authenticity • Over time • At appropriate cost DCC Sun PASIG Malta June 2009
  • 10. because good research needs good data Types of (internet) trust • Access Trustor’s resources • Provision of services by Trustee • Certification of Trustee • Delegation • Infrastructure Trust •Grandison, T., & Sloman, M. (2001). • A Survey of Trust in Internet Applications. •IEEE Communications Surveys and Tutorials. DCC Sun PASIG Malta June 2009
  • 11. because good research needs good data Trust and certification models • Social trust (eg selecting a builder): • Combination of de-centralised and centralised • Personal experience • Recommendations from those you trust • Holds certificate of competence • Centralised (cf X.509) • Web site certificates, verified by certificate chain • Accredited auditors approach • De-centralised (cf PGP) • Certification by a web of people, building cumulative trust • Eg eBay approach • More computational: Konfidi, Advogato, etc DCC Sun PASIG Malta June 2009
  • 12. because good research needs good data Audit • Formal procedure to establish confidence (usually in the processes of an institution), according to a defined approach • Eg financial audit • Security audit • Quality audit • Eg University QAA audits “Audit … tests claims made by an institution but does not compare them against a benchmark… it doesn’t actually look at people teaching” •Attwood, THES 11 June 2009 •quoting Philip Jones DCC Sun PASIG Malta June 2009
  • 13. because good research needs good data Audit • Audits rarely comprehensive • Usually samples transactions, policies etc • Should be evidence-based • ISO enhancement-based approach • ISO 9000, ISO 27000 • Plan-Do-Check-Act DCC Sun PASIG Malta June 2009
  • 14. because good research needs good data Plan (establish the Information Establish ISMS policy, objectives, processes and Security Management System, procedures relevant to managing risk and ISMS) improving information security to deliver results in accordance with an organization’s overall policies and objectives. Do (implement and operate the Implement and operate the ISMS policy, controls, ISMS) processes and procedures. Check (monitor and review the Assess and, where applicable, measure process ISMS) performance against ISMS policy, objectives and practical experience and report the results to management for review. Act (maintain and improve the Take corrective and preventive actions, based on ISMS) the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS. DCC Sun PASIG Malta June 2009
  • 15. because good research needs good data Repository audit approaches • Checklist-based standards • Good practice standards • Enhancement-based standards DCC Sun PASIG Malta June 2009
  • 16. because good research needs good data Checklist-based • Most stem from Trusted Digital Repository work • TRAC • nestor catalogue of criteria • CCSDS RAC standardisation work • Data Seal of Approval • Simplified version DCC Sun PASIG Malta June 2009
  • 17. because good research needs good data Repository Audit & Certification • Still in progress • To lead to CCSDS & ISO standard • “4.1.3 THE REPOSITORY SHALL HAVE SPECIFICATIONS ENABLING RECOGNITION AND PARSING OF THE SIPS” “4.2.1 THE REPOSITORY SHALL HAVE AN ASSOCIATED, PRINTABLE DEFINITION FOR EACH AIP OR CLASS OF AIPS PRESERVED BY THE REPOSITORY THAT IS ADEQUATE FOR PARSING THE AIP AND FIT FOR LONG-TERM PRESERVATION NEEDS” etc DCC Sun PASIG Malta June 2009
  • 18. because good research needs good data IBM Haifa tool DCC Sun PASIG Malta June 2009
  • 19. because good research needs good data Good practice standards • Auditing feasible but not built-in • BS 5454 “Recommendations for the storage and exhibition of archival documents” • ISO 14721 “Open archival information systems: reference model” • ISO 15489 “Records management” • PAS 197 “Code of practice for cultural collections management” DCC Sun PASIG Malta June 2009
  • 20. because good research needs good data Enhancement-based • ISO 9001 “Quality management systems — Requirements” • ISO 14001 “Environmental management systems — Requirements with guidance for use” • ISO 27001 “Information security management systems — Requirements” • Information Security means “preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non- repudiation and reliability can also be involved” • DRAMBORA • Digital Repository Audit Method Based on Risk Assessment DCC Sun PASIG Malta June 2009
  • 21. because good research needs good data Preparing for audit • Be trustworthy! • Do what you say you will • Be transparent • Keep proper records • Aim for good practice • Need at least to have a position re OAIS etc • Try a self-assessment • Data Seal of Approval may be a good start • DRAMBORA for more comprehensive approach DCC Sun PASIG Malta June 2009
  • 22. because good research needs good data Data seal of approval • Drafted by DANS, now with independent Board • 16 guidelines • 3 for data producer • 10 for data repository, eg • “5. The data repository uses due diligence to ensure compliance with legal regulations and contracts. • 6. The data repository applies documented processes and procedures for managing data storage. • 7. The data repository has a plan for long-term preservation of its digital assets.” • 3 for data consumer • Self assessment instrument, submit to Board DCC Sun PASIG Malta June 2009
  • 23. because good research needs good data DRAMBORA • Self-audit • Understand objectives • Understand staffing • Understand risks • Manage risks… DCC Sun PASIG Malta June 2009
  • 24. because good research needs good data "Trust is the lubrication that makes it possible for organizations to work." - Warren Bennis But… Funded by: © Digital Curation Centre, 2009. Licensed under Creative Commons BY-NC-SA 2.5 Scotland: http://creativecommons.org/licenses/by-nc-sa/2.5/scotland/
  • 25. because good research needs good data Preservation’s dirty little secret: Backup • IT departments discouraging researchers from keeping their data on the backed-up part of their systems: volume, expense… • System quota 5 GB, laptop disk 150 GB • And… 500 GB self-powered disk < £100! • Researchers use many different tools: Mac, Windows, Linux; desktop, laptop; on-site, off-site; corporate, self-managed etc • No good, standardised way to organise backup • Need standard, simple, cheap, reliable, flexible, scalable backup tools • Job for SNIA, PASIG, Sun etc? DCC Sun PASIG Malta June 2009