Download (PDF, 9MB, Not barrier-free file.) - Nestor

Attributes and Responsibilities (2002), and the Audit Checklist for the Certification ofTrusted Digital Repositories developed by RLG-NARA Digital Repository Certification TaskForce (founded in 2003). After some revisions the latter resulted in TrustworthyRepositories Audit & Certification: Criteria and Checklist (TRAC) published by the Centerfor Research Libraries (CRL) and OCLC in 2007. In the European context, similarinitiatives and task forces were established by Digital Preservation Europe, nestor, and theDigital Curation Centre, resulting in tools and documents such as DCC's Data AuditFramework and the Digital Repository Audit Method Based on Risk Assessment(DRAMBORA co-developed with DPE, 2007), nestor's Catalog of Criteria for TrustedDigital Repositories (version 1 was published in 2006, version 2 – currently available onlyin German – in 2008 19 ) as well as DPE's Planning Tool for Trusted Electronic Repositories(PLATTER). 20As a result of these efforts, a number of definitions of what it means for a repositoryor archive to be trustworthy exist, often emphasizing different aspects, ranging from theIT-concepts of integrity and authenticity, over administrative and procedural accountability,to financial and organizational sustainability (cf. RLG-OCLC 2002, 13). While the 1996CPA/RLG report highlights, for example, that “[f]or assuring the longevity of information,perhaps the most important role in the operation of a digital archive is managing theidentity, integrity and quality of the archives itself [...]” (23; also qtd. in RLG-OCLC 2002,8), the nestor catalog mentions IT-security as one core element of trustworthiness whendefining the latter as follows:Vertrauenswürdigkeit […] wird als Eigenschaft eines Systems angesehen, gemäß seinen Zielenund Spezifikationen zu operieren (d.h. es tut genau das, was es zu tun vorgibt). Aus Sicht derIT-Sicherheit stellen Integrität, Authentizität, Vertraulichkeit und Verfügbarkeit Grundwerte dar.IT-Sicherheit ist somit ein wichtiger Baustein für vertrauenswürdige digitale Langzeitarchive.(2008, 5)Suggesting a somewhat more comprehensive – and more detailed – definition oftrustworthiness, the authors of TRAC remind us that[i]n determining trustworthiness, one must look at the entire system in which the digitalinformation is managed, including the organization running the repository: its governance;organizational structure and staffing; policies and procedures; financial fitness andsustainability; the contracts, licenses, and liabilities under which it must operate; and trustedinheritors of data, as applicable. Additionally, the digital object management practices,technological infrastructure, and data security in place must be reasonable and adequate tofulfill the mission and commitments of the repository. 21But although these definitions – each taken from the introductory section of the citeddocuments – highlight different aspects, a closer look at the actual requirements on andresponsibilities of trustworthy digital repositories outlined by the respective authors shows19 Please note that hereafter the German catalog will be used and quoted as it is the most current version.20 According to the DPE website, PLATTER “provides a basis for a digital repository to plan the developmentof its goals, objectives and performance targets over the course of its lifetime in a manner which willcontribute to the repository establishing trusted status amongst its stakeholders. PLATTER is not in itselfan audit or certification tool but is rather designed to complement existing audit and certification tools byproviding a framework which will allow new repositories to incorporate the goal of achieving trust into theirplanning from an early stage” (http://www.digitalpreservationeurope.eu/platter/ – 30.10.2009).21 CRL and OCLC 2007, 3. Hereafter cited as TRAC 2007 and page or criterion number.11