Digital preservation has become an essential area of responsibility for archivists. To date, the practice of digital preservation has been guided by one key standard: ISO 14721, or the Open Archival Information System (OAIS). OAIS outlines the language and framework for describing long-term preservation systems and delineates the roles and responsibilities of system participants, but it does not provide any metrics by which to evaluate preservation repositories in terms of their trustworthiness. Appraisals of trustworthiness must necessarily extend beyond a technical evaluation to include an assessment of the entire ecosystem in which the repository resides, including organizational factors such as staffing and funding, and appropriate risk management practices. In this broader assessment, frameworks for evaluating trusted digital repositories play a vital role. These frameworks have blossomed over the last fifteen years; some have progressed from guidelines to international or national standards. For example, the Data Seal of Approval is quite popular in Europe, and DIN 31644, originally developed as a catalog of criteria from the nestor project, is now a German national standard.1 The oldest and perhaps best known of these frameworks (at least in the United States) is ISO 16363, which was originally published in 2007 as the Trustworthy Repositories Audit & Certification: Criteria and Checklist, or as it is more commonly known, TRAC.2 Given the long history and recognition of ISO 16363 and TRAC, it is not surprising that Module 8: Becoming a Trusted Digital Repository focuses solely on that particular standard. However, it misses an opportunity to introduce readers to the other frameworks and to speak more abstractly of the commonalities between them, extracting from them the essentials of a trusted digital repository. This absence of international perspectives on trustworthy digital repositories, as well as a lack of discussion on the procedural aspects of the audit process (promised in the title of the module, but never delivered), mar what is otherwise an excellent treatise on ISO 16363.
Becoming a Trusted Digital Repository is the eighth module of the Trends in Archives Practice series, designed to fill gaps in the archival literature with brief treatments of discrete topics. The editors of this series have done a commendable job in selecting relevant and timely topics not represented heavily in the literature, especially the archival literature, and this module is no different. Indeed, one might say the module is even a bit premature, given that as of February 2017 no certifying bodies have actually been assessed to conduct ISO 16363 audits, and, thus, no repositories have undergone an audit. However, the Center for Research Libraries (CRL) has conducted a number of completed and ongoing TRAC audits, managed outside of the ISO realm.3 The author of this module, Steve Marks, a digital preservation librarian at the University of Toronto, previously served as the coordinator of a successful TRAC audit at the Scholar's Portal (a Canadian repository) in 2012, and he is well qualified to discuss this topic. Marks is highly adept in relating the standard to archives and archival work, which is especially evident in the multitude of archives-based examples he provides when discussing each ISO 16363 metric.
The module begins with an editor's note from Michael Shallcross, the assistant director for curation at the Bentley Historical Library at the University of Michigan, who presents the topic at hand and delineates three main principles that inform the ISO 16363 criteria: follow best practices and standards, respond to user needs, and promote transparency and accountability through documented policies and procedures (p. ix). Next, Bruce Ambacher, one of the initial developers of OAIS, provides an introduction to the module describing the history of “trustworthiness”—the development of the ISO 16363 standard as well as its current and future directions. In this introduction, the absence of mention of other trusted digital repository frameworks becomes apparent. Ambacher discusses the direct and indirect costs of ISO 16363 certification and how they may be burdensome to some organizations, but fails to mention that an alternative assessment framework—i.e., the Data Seal of Approval—is designed to require less resource expenditure and may be more suitable for some repositories.4 He finishes the introduction by addressing possible sanctions for digital repositories that do not undergo the ISO 16363 certification process. While he suggests self-assessment and peer assessments as potentially acceptable to certification, the absence of any mention of the other international frameworks implicitly posits ISO 16363 as the only method by which to measure trustworthiness.
The module officially begins with a brief exposition on the background of ISO 16363, the purpose and intended audience of the module, a breakdown of the structure of the standard and terminology used, and the significance of the standard for archives. ISO 16363 is broken down into five sections, the first two of which provide background information. The module delves into the heart of the standard starting with section 3, “Organizational Infrastructure,” then follows through section 4, “Digital Object Management,” and section 5, “Infrastructure and Security Risk Management.” Each section of the module mirrors the structure of the standard, which is categorized by numbered criteria, known as metrics. The sections end with a discussion that further defines the metric, relates it to archival practices, and outlines how it can be satisfied. This structure allows the reader to easily cross-reference between the standard and the module, which is very handy. Here, the real value of the work becomes apparent, and it achieves its stated goal to “unpack the dense presentation of the standard and tie it to current archival practice, making it more relevant to everyday work” (p. 3). The generalized and decontextualized language of the standard, though necessary to ensure its applicability in a wide variety of environments, often obfuscates the intended meaning; Marks does a nice job of clarifying what each of the tersely written metrics means and relating them to traditional archival practices. For example, metric 4.2.6 reads: “The repository shall have documented processes for acquiring Preservation Description Information (PDI) for its associated Content Information and acquire PDI in accordance with the documented processes.” To the uninitiated, this criterion means very little. Marks's description and explanation of this criterion, however, is very comforting. After a brief explanation of what it means, he points out that much of the needed information should have already been accumulated during transfer, accession, and ingest procedures. In addition to providing an easy path between the module and the standard, Marks provides helpful footnotes pointing to further clarification from OAIS and indicates when certain metrics are related to each other. ISO 16363 metrics are often satisfied by the appropriate documentation of repository activities, and that documentation may serve to satisfy metrics that appear in different areas of the standard. Marks ties these areas together by noting when one type of documentation can satisfy multiple roles.
The module includes two appendixes: Appendix A is a case study and Appendix B is a list of additional resources. The case study appears to be a self-evaluation of a university archives using this module itself as the guiding document, not ISO 16363. Why this perspective was solicited is unclear; CRL has successfully audited six repositories, and countless others have conducted full-blown self-audits using TRAC and/or ISO 16363. It would have been more useful to the reader if additional case studies from a variety of institutions, including one of these TRAC-certified repositories, had been included to provide examples of the audit process in different environments. The main text of the module leaves many procedural questions about “becoming a trusted digital repository” unanswered, and case studies are a prime means for providing answers through examples. For instance: How long does it take to prepare for an audit? What methods are recommended for organizing the associated documentation? How have others defined their “Designated Communities”? What does the audit process actually entail? This last one is especially important for those institutions interested in undergoing certification. ISO certification is standardized; auditors approved to conduct certifications for ISO 16363 will follow the same process they do when conducting audits for other ISO standard certifications. The TRAC certification process offered by CRL should also be consistent across audits. It would be extremely valuable to have information regarding the procedural aspects of either (or ideally both) of these audits so that institutions can understand what the actual process of becoming a trusted digital repository is and decide if they are interested in investing the resources necessary to do so.
Module 8: Becoming a Trusted Digital Repository succeeds in its stated goal of unpacking the ISO 16363 standard and making it relevant to archival work. For readers interested in using ISO 16363 for self-evaluation or formal evaluation purposes, the module is a valuable companion to the standard itself; it assists in clarifying its sometimes opaque metrics and provides numerous examples of how they can be satisfied, as well as linking different areas of the standard together. However, the module does not deliver on the promise of its title. By implicitly positing ISO 16363 as the standard by which trustworthiness is judged, it misses an opportunity to compare and contrast ISO 16363 to other frameworks like the Data Seal of Approval and to discuss how institutions without the resources for a full audit can work toward satisfying requirements for trustworthiness.
Notes
1 Data Seal of Approval, http://www.datasealofapproval.org/en/; “DIN 31644 Information and documentation—Criteria for trustworthy digital archives,” DIN Standards Committee Information and Documentation, http://www.din.de/en/getting-involved/standards-committees/nid/standards/wdc-beuth:din21:147058907.
2 CRL, Center for Research Libraries and OCLC Online Computer Library Center, Inc., Trustworthy Repositories Audit & Certification: Criteria and Checklist (2007), www.crl.edu/sites/default/files/d6/attachments/pages/trac_0.pdf.
3 “Certification and Assessment of Digital Repositories,” Center for Research Libraries, www.crl.edu/archiving-preservation/digital-archives/certification-assessment.
4 “The objectives of the Data Seal of Approval are to safeguard data, to ensure high quality and to guide reliable management of data for the future without requiring the implementation of new standards, regulations or high costs.” Data Seal of Approval, “About,” http://www.datasealofapproval.org/en/information/about/.