Preservation and Trust: the DSA certification process
Author: Peter Tiernan
At the Digital Repository of Ireland, the development of the Repository has been based on the implementation of best practices in preservation, and the trust of our depositors. Our depositors must feel assured that the digital content in the Repository will be safeguarded and preserved into the future. But how does the DRI achieve this level of trust and assurance?
Our aim is to become a 'trusted digital repository'. What is this, you ask? Well, as defined in the RLG-OCLC report “Trusted Digital Repositories: Attributes and Responsibilities”, a trusted digital repository is:
"one whose mission is to provide reliable, long-term access to managed digital resources to its designated community, now and in the future."
It does go further into it but keeps it intentionally vague. Other definitions include:
"hav[ing] an organizational system that supports [the] long-term viability of the repository" and "design[ing] its system(s) in accordance with commonly accepted conventions and standards"
All pretty high-level stuff! While some of these definitions seem a little daunting, using existing TDR audits and certifications can help with the process.
TDR audits and certifications provide the dual function of providing specific, actionable guidelines as well as certification to show the world that one has thought about the issues and implemented the solutions into their infrastructure and organisation. We identified two relevant audits and certifications for the Repository: The Data Seal of Approval and ISO16363.
ISO16363 certification is externally audited and therefore gives the strongest guarantee of trust. We are currently following these guideines and will effectively become compliant. When it becomes possible to be audited externally we will be ready. ISO16363 is based on the Trusted Digital Repositories and Audit Checklist “TRAC” standard which we initially consulted.
By comparison, the Data Seal of Approval is self audited. This does not project the same level of trust as an external audit but helps us to think about the issues and areas we need to work on and provides an important learning experience. This path of completing the DSA first, then moving onto ISO16363 is recommended by the European Framework for Audit and Certification of Digital Repositories.
When applying for the DSA certification, we worked through the DSA guidelines and documentation which encourage clear communication of all preservation processes and procedures. Indeed, this is an important aspect when applying for certification.
For example Guideline 6 asks: “Does the repository have a preservation policy?”
Our Preservation Policy document is in development separately but is referenced extensively throughout the DSA. The development of this policy is in itself a significant undertaking and one which has made us think and rethink our processes. It will be an important document that will be read and analysed by our users and stakeholders so great care is being taken with putting it together.
Two of the DSA guidelines in particular caused us to think more deeply about aspects of our policies. DSA Guideline 6 asks “Are data recovery provisions in place? What are they?”, while Guideline 9 asks: “Does the repository have a crisis management plan?”
We had been developing our data recovery procedures from a disaster recovery viewpoint and were including these in a disaster recovery document. But through these two separate questions, the DSA has caused us to change our approach and view data recovery as distinct from disaster/crisis management. The documents referenced in reply to these questions are now being developed separately.
Some of the guidelines are open to interpretation. For example Guideline 12 asks: “Does the repository maintain links to metadata and to other datasets, and if so, how?”
The Finnish Social Science Data Archive answers this as follows:
“Linking between the metadata and data are maintained in the operational database, and FSD metadata includes links to other datasets. In addition, the metadata includes links to publications based on the data.”
While the UCD Digital Library gives this answer:
“Links to metadata are provided through the Digital Library web interface and are expressed as menu links when descriptive records are displayed. The Digital Library Web API also exposes metadata via content negotiation in a range of formats (DC, MODS, various RDF serialisations of descriptive metadata); RDF serialisations of metadata include links to external datasets (as Linked Data references).”
The first repository interprets the guideline as referring to links between metadata and data in storage while the second interprets it as web hyperlinks to view metadata. This is not to say either answer is incorrect, but that the question is vague and that a degree of interpretation is required by the repository. Extra explanation or ancillary documentation would be useful especially considering that developing repositories might not have a high level of domain specific knowledge and expertise. (All repositories that complete the DSA and receive certification are available to read on the DSA website.)
Self-auditing for the DSA can be a long process, but it is important to engage with it as a first step to becoming a TDR. The time we spent going through the guidelines ended up being time well spent – on 1 July, just a few days after launching DRI, we were delighted to hear that we had been granted the Data Seal of Approval!
We will continue to work on our policies and procedures in line with DSA guidelines and are looking ahead to eventual approval by the ISO16363 certification board. Watch this space.
To read more entries in the DRI blog, please visit the Blog Page.