The Role of Evidence in Establishing Trust in Repositories
http://www.dlib.org/dlib/july06/ross/07ross.html
reasons why independently measuring and validating the trustworthiness of repositories is
essential have been the focus of earlier discussions [5, 9, 10]. For the purposes of this study
we have taken as axiomatic that certification is one marker that helps users to establish the
level of trust that they might reasonably have in a particular digital repository. Audit is a
critical step in establishing whether certification of a particular repository should be granted.
Here we aim to open the debate on the types of evidence needed if digital repositories are to
be effectively and transparently audited.
Funded jointly by the Joint Information Systems Committee (JISC)2 and the core e-Science
Programme, the Digital Curation Centre (DCC) aims to support and promote continuing
improvement in the quality of data curation and digital preservation, within the United
Kingdom. The four partners, the University of Edinburgh,3 HATII4 at the University of
Glasgow,5 UKOLN6 at the University of Bath7 and the Council for the Central Laboratory
of the Research Councils (CCLRC)8 have collaborated to build the DCC on the international
expertise and renown of the partners in research, development, service, and training delivery
[11]. The DCC has four fundamental priorities: to establish a vibrant research programme, to
build and foster strong community relationships, to explore innovative development activities
that lead to tangible heavily used services, and to achieve a virtuous circle whereby every
aspect of our own outputs and community input feeds into and informs our existing activities
and shapes emerging ones.
Since it is anticipated that the successful development of accreditation, audit, and
certification will depend on international consensus, the DCC has developed relationships
with the leading audit and certification efforts in this area [10]. Much of the effort to date
appears to have concentrated on defining the characteristics of a 'trusted digital repository';
considerably less effort has been committed to establishing a context in which these
characteristics can be shown to be present and, if they are present, how their qualities can be
measured and evaluated. Although here we focus on approaches to audit and certification
within the archives and library community and how they might be enhanced, we have
recognised elsewhere [10] that this work must not be conducted in isolation and that there is
much to be gained from building on the work of other audit and certification organisations
and their methods and approaches (e.g., ISACA,9 Information Systems Audit and Control
Association). As we argued earlier, ' digital curation and preservation is a risk management
activity at all stages of the longevity pathway' [10]. Many other communities have developed
strategies for identifying, monitoring, and managing classes of risk that are directly relevant
to our work.10
2. Defining Activities
The generally accepted starting point for much of this work is the 2002 Research Libraries
Group (RLG)11 and Online Computer Library Centre (OCLC)12 Working Group paper,
Trusted Digital Repositories: Attributes and Responsibilities [9]. Subsequently, the RLG and
13
US National Archives and Records Administration (NARA) Digital Repository
Certification Task Force published in late 2005 a draft Audit Checklistfor Certifying Digital
Repositories [8], comprising just under ninety criteria for determining whether a digital
repository should be trusted. These criteria are organised into four categories: organisation;
functions, processes and procedures; the designated community and information usability;
and, technologies and technical infrastructure. The principles, terminology, and functional
characteristics outlined in the Reference Modelfor an Open Archival Information System
(OAIS) [7], published by the Consultative Committee for Space Data Systems (CCSDS) and
subsequently galvanised as international standard ISO14721, form the bedrock on which the
checklist, at least in its draft form, is built. Together, these three documents have provided a
foundation for activities that are being undertaken within the Center for Research Libraries'
2 of 13
01/08/2006 17:25