//
you're reading...

What I've seen and heard

DASISH workshop – Trust and Certification (Day 1)

Last week I was in The Hague (as you do!) and was introduced to many new things…lots of cyclists, sprinkles on toast and of course Trust and Certification, the reason I was there!

So going to a workshop on trusted accreditation before we’ve developed a digital preservation repository may seem like we’re putting the cart before the horse, but there is method in this madness.

Full accreditation is not just a badge of honour, it demonstrates to users that the content and the processes employed to manage that content meet international standards of trustworthiness. That said I believe with that end goal in mind it is important to consider what is required to achieve certification during the planning stage of a digital preservation repository (call it time saving!).

The first day of this two day workshop began with the question “what is trust?”…and what does it mean to trust and be trusted. In relation to digital repositories an organisation or institution must place trust in its users when they’re interacting and using content and likewise users must be able to trust that what they are using is authentic and reliable. To install trust repositories must address three key risks a user faces when dealing with digital content – uncertainly (the risk that the data may not be authentic or may have been compromised), dependence (on digital content being available), and vulnerability (that if the data is not what it purports to be their own research may, as a result, be compromised).

So what is the answer? – Trustworthiness!

The workshop defined what it termed ‘building blocks’ to address the issue of ‘trustworthiness’. These were separated into two areas; ‘trustee actions and attributes’, which a repository should do/have to address its trustworthiness (such as guarantees, identification, transparency, integrity) and ‘external acknowledgement’ such as third party endorsements (ISO 16363, Data Seal of Approval (DSA).

In 2010 the Memorandum of Understanding for the EU framework for digital repositories was signed by three parties the CCSDS, the DSA and the DIN Working Group. This created a three tiered approach to accreditation starting with the Basic level, (Data Seal of Approval), then moving onto the Extended level (NESTOR, based on DIN 31644), and finally the Formal level or full ISO 16363 accreditation (although attaining this level is not possible until the certification standard for auditing bodies, ISO 16919, is approved – anticipated to be 2015).

After the break we were introduced to the Basic level, Data Seal of Approval, by Paul Trilsbeek of the Max Planck Institute for Psycholinguistics and member of the DSA Board. He introduced the DSA and its 16 guidelines, and explained that it is a self assessment accreditation, which can be carried out online, and is then assessed by peer review (normally completed within 2 months). The process for attaining the DSA is overseen by the DSA board and is awarded for a maximum of 2 years, so attainees need to reapply to continue to be certified. The first assessment was carried out in 2010 and to date a total of 36 Data Seals have been awarded with a further 34 in progress. There were two interesting points Paul noted. Firstly, whilst it is possible for an institution/organisation to outsource some of the guidelines, such as storage for example, it is not possible to outsource all of them. Secondly, an organisation/institution needs to look carefully as to where it places the DSA logo on its website. The DSA is for a repository, it’s not organisation-wide. Misplacement could mislead a user.

We were then treated to case studies of organisations/projects that had implemented the DSA standard. First up was Natascha Schumann of GESIS. She outlined the process they took to achieving the DSA on their existing repository, a multi step approach to reviewing existing workflows, identification of missing documentation, creation of new documentation such as a policy on preservation and collections, and development of a spreadsheet that listed all the required documentation by title with links to their various locations (a great way to consolidate documents and to keep yourself on track!). Natascha mentioned that eff0rt involved was collaborative, across departments in the organisation with approx 6 – 8 people being involved with differing levels of intensity.

Then Pavel Stranak of CLARIN spoke about their efforts to achieve certification. They began the road to DSA in January 2014. The process took, he explained, approx 1 weeks work spread over the course of 6 months. So its not a labour intensive process, but it does rather depend on how much gap filling an organisation needs to do with its processes and supporting documentation. And it can require several submissions before the DSA is awarded. Pavel mentioned that in one submission they were rejected because of a grammar error in one sentence! So proof-reading is a priority! Interestingly Pavel explained their way of dealing with guidelines they didn’t quite agree with. They were concerned with the guideline on recommended formats, which they felt would restrict the repository and potentially compromise the integrity of the data it held. Pavel clarified that formats of research data are unpredictable and so applying repository restrictions would be damaging. Their approach was to challenge the guideline and explain in its application why it felt it was unnecessary for them to comply with it. And that is perfectly reasonable thing to do and it certainly did stop them from getting the DSA!

Lastly, Ingrid Dillo of DANS outlined their roadmap to accreditation, which started in 2010 by achieving DSA status, along with carrying out an ISO test audit (the results from which formed their work plan for the following year), then in 2013 they renewed their DSA certification, and are currently preparing for NESTOR certification (more on that tomorrow). Along side all this work they carry out yearly DRAMBORA risk assessments. Ingrid also noted that the volume of work to apply for the DSA equated to approx 1 – 2 weeks of effort, similar to Pavel’s assessment, but is again dependant on how near or far an organisation/institution is to complying with the guidelines. However, her advice was clear getting “commitment from the top” is crucial to your success when applying for the DSA and that organisations/institutions should pace themselves when it comes to accreditation “use the [EU] framework, don’t aim to high at once”. She also raised an interesting point, which sparked some discussion, on what type of repository should go for the DSA. She considered it only worthwhile for ‘back office’, dark archive, repositories, and not particularly relevant (given the effort) for active research or ‘front office’ repositories. What do you think?

Stay tuned for Day 2…

Discussion

Trackbacks/Pingbacks

  1. […] on the blog “Bits & Pieces. Digital Preservation at Edinburgh University”: report of day 1, report of day […]

Post a Comment

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 15 other subscribers

Follow me on Twitter