//
you're reading...

What I've seen and heard

DASISH workshop – Trust and Certification (Day 2)

“The coolest thing to be done with your data will be thought of by someone else” Ingrid Dillo

An earlier start today for the second and last day of the workshop. After morning coffee and a biscuit we settled down to hear all about the NESTOR Seal from Christian Keitel of the Landesarchiv Baden-Wuerttemberg and Chair of the NESTOR working group.

Christian began by explaining how NESTOR sits within the European Framework for Audit and Certification of Digital Repositories. It’s comparatively heavier in its list of criteria than the DSA, requiring the applicant to satisfy 34 criteria, but substantially lighter than ISO 16363, with its 109 criteria. The NESTOR working group was founded in 2010 and its extended certification began in 2013, so it is relatively new in the arena of accreditation with no current recipients of the seal. Like the DSA it is self-assessed by the applicant, and then reviewed twice before a decision is given. There is a charge of 500 Euro to apply and if successful documentation must be made available publicly (however Nestor will hold any documentation considered by the applicant too sensitive to publish). Unlike the DSA there is no expiry date to the Nestor seal. It is possible to reapply but that should be determined by the archive. If there has been a significant change to process/workflow/structure then it may be prudent to reapply.

We heard next from Marjan Grootveld of DANS who explained about the preparations they are currently making before submitting an application for the Nestor Seal. They have approximately 20 staff involved (with varying degrees of intensity) across numerous departments: legal, IT, information managers, the archive, as well as involving senior management in the process. Initially they began by analysing the criteria of the seal, then created a visualisation of the criteria using a spreadsheet to apportion responsibility for the criteria, then they produced a matrix of documentation relating to the criteria (detailing its title and location on their servers), then carried out a SWOT analysis of the project. They hope to submit in 2014, and I wish them luck.

Finally, we heard (after more coffee and cake!) about the much anticipated ISO 16363 standard – the grand daddy of them all and the Formal accreditation level in the framework. Barbara Sierman of the Koninklijke Bibliotheek in the Netherlands and member of ISO-PTAB (Primary Trustworthy Digital Repository Authorisation Body) began by giving a bit of history of this standard, which started after the publication of the Open Archival Information Systems model (ISO 14721) in 2002. In 2005 the TRAC checklist was published by the Research Libraries Group (RLG) and the National Archives and Records Association (NARA). In 2007 development of the full ISO 16363 standard began and was approved in 2012. At that point a draft of the auditor standard, ISO 16919, was written for those who will potentially audit repositories for ISO 16363 certification (and which has yet to be approved, but estimated to be 2015) and the PTAB group was established. Barbara explained that there are slight differences between the TRAC and the full ISO standard. Apparently the US seems to favour TRAC but she recommended using the ISO standard to benchmark compliance (there is a really interesting set of blog posts from David Rosenthal, in August 2014, on the very subject of TRAC and ISO 16363, which I urge anyone interested in accreditation to read).

So the situation at the moment is that until the auditor standard (ISO 16919) is approved there can be no formal assessments of digital repositories. That said it doesn’t stop organisation/institutions from making preparations to their repositories in advance. Barbara pointed out that it is important to look at other relevant standards that are applicable to running digital repositories such as the security standard ISO 27000 (although it is not a requirement that repositories achieve full ISO 27000 status in order to be awarded the ISO 16363) and conducting test audits. The PTAB website has a great page dedicated to preparing for an audit, outlining all the stages and even providing a downloadable self assessment template.

Barbara explained that test audits can take between 1.5 and 3 months, with most of that time taken (as covered by every other speaker) on discussion, writing up missing documents, collecting other documentation and improving existing documentation.

She then left us with a few resources to consult online that were relevant to anyone interesting or intending to carry out some level of self assessment or accreditation on their repository and I’ve posted those resources here:

APARSEN report on Peer Review of Digital Repositories
4C Project – Quality and trustworthiness as economic determinants in digital curation

Discussion

6 Responses to “DASISH workshop – Trust and Certification (Day 2)”

  1. Thanks Lee. More coming soon!

    Posted by bitsandpieces | October 23, 2014, 2:33 pm
  2. Excellent new Astrid. Thanks for the heads up. I’ll look out for that.

    Posted by bitsandpieces | October 23, 2014, 2:33 pm
  3. Thanks for the write up Kirsty, the useful pointers and the preservation blog you’ve set up. Keep it going!

    Posted by Lee Hibberd | October 23, 2014, 2:10 pm
  4. Thank you for this nice workshop coverage! We are also planning to publish our notes from the discussions and hopefully will also be able to make the presentation slides available as well. Will tweet about this from @CESSDAtraining.

    Posted by Astrid | October 23, 2014, 2:09 pm
  5. Thanks Barbara. It was great to hear you at the workshop. I’m a big fan of the Atlas of Digital Damages and the Catalogue of Policy Elements. Really helpful resources.

    Posted by bitsandpieces | October 23, 2014, 8:12 am
  6. Nice post!
    You can find a reference to my slides at the above mentioned website

    Posted by Barbara Sierman | October 23, 2014, 7:49 am

Post a Comment

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16 other subscribers

Follow me on Twitter