PD:CCSDS 652.0-M-1 audit template

REMOVE THIS HEADER

''This is an empty template to do an audit according to CCSDS 652.0-M-1 the chapter structure is identical to the original so chapter numbering is consistent. Each title in this template is linked to the according title in the original text, to have fast access to the relevant information needed to answer the criterions.''

Date of audit report:  

Version of audit report: 1.0

This audit was done according to the recommended practice 652.0-M-1 AUDIT AND CERTIFICATION OF TRUSTWORTHY DIGITAL REPOSITORIES from 2011 published by the Consultative Committee for Space Data Systems (CCSDS). The same committee that published the Reference Model for an Open Archival Information System (OAIS).

 

This audit documentation is structured in a similar way as the CCSDS 652.0-M-1 Recommended Practice document:


 * introduction
 * overview of audit and certification criteria
 * conclusion
 * catalog of requirements

A TRUSTWORTHY DIGITAL REPOSITORY
Definition of a trustworthy digital repository as given in the CCSDS 652.0-M-1 Recommended Practice document:

''A trustworthy digital repository will understand threats to and risks within its systems. Constant monitoring, planning, and maintenance, as well as conscious actions and strategy implementation will be required of repositories to carry out their mission of digital preservation. All of these present an expensive, complex undertaking that depositors, stakeholders, funders, the Designated Community, and other digital repositories will need to rely on in the greater collaborative digital preservation environment that is required to preserve the vast amounts of digital information generated now and into the future.''

DEFINITIONS
Each requirement is marked with a color, to show its status of fulfillment:


 * Requirements fulfilled
 * Minor requirements are not fulfilled
 * Essential requirements not fulfilled

These definitions from the original audit document all apply to this internal audit:
 * TERMINOLOGY
 * Glossary
 * CONVENTIONS

For a better understanding some paragraphs of the CCSDS 652.0-M-1 Recommended Practice are reproduced here.

CONFORMANCE
Original text: An archive that conforms to this Recommended Practice shall have satisfied the auditor on each of the requirements.

EVIDENCE
Each metric in the Recommended Practice has associated with it informative text under the heading Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement providing examples of the evidence which might be examined to test whether the repository satisfies the metric. These examples are illustrative rather than prescriptive, and the lists of possible evidence are not exhaustive.

NOMENCLATURE
The following conventions apply for the normative specifications in this Recommended Practice:
 * a) the words ‘shall’ and ‘must’ imply a binding and verifiable specification;
 * b) the word ‘should’ implies an optional, but desirable, specification;
 * c) the word ‘may’ implies an optional specification;
 * d) the words ‘is’, ‘are’, and ‘will’ imply statements of fact.

OVERVIEW
Of the 108 normative metrics the final status is the following:

Metrics with all requirements fulfilled: XX Metrics where Some requirements are not fulfilled: XX Metrics with essential requirements not fulfilled: XX

ORGANIZATIONAL INFRASTRUCTURE
With this chapter the catalog of requirements starts. Every requirement is explained in the CCSDS 652.0-M-1 document, this explanation can be reached directly by clicking on the heading of the requirement.

GOVERNANCE AND ORGANIZATIONAL VIABILITY
==== The repository shall have a mission statement that reflects a commitment to the preservation of, long term retention of, management of, and access to digital information. ====

==== The repository shall have a Preservation Strategic Plan that defines the approach the repository will take in the long-term support of its mission. ====

=
The repository shall have an appropriate succession plan, contingency plans, and/or escrow arrangements in place in case the repository ceases to operate or the governing or funding institution substantially changes its scope. =====

=
The repository shall monitor its organizational environment to determine when to execute its succession plan, contingency plans, and/or escrow arrangements. =====

==== The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage, and provide access to. ====

ORGANIZATIONAL STRUCTURE AND STAFFING
==== The repository shall have identified and established the duties that it needs to perform and shall have appointed staff with adequate skills and experience to fulfill these duties. ====

=
The repository shall have identified and established the duties that it needs to perform. =====

=
The repository shall have the appropriate number of staff to support all functions and services. =====

=
The repository shall have in place an active professional development program that provides staff with skills and expertise development opportunities. =====

PROCEDURAL ACCOUNTABILITY AND PRESERVATION POLICY FRAMEWORK
==== The repository shall have defined its Designated Community and associated knowledge base(s) and shall have these definitions appropriately accessible. ====

==== The repository shall have Preservation Policies in place to ensure its Preservation Strategic Plan will be met. ====

=
The repository shall have mechanisms for review, update, and ongoing development of its Preservation Policies as the repository grows and as technology and community practice evolve. =====

The repository shall have a documented history of the changes to its operations,
==== The repository shall commit to transparency and accountability in all actions supporting the operation and management of the repository that affect the preservation of digital content over time. ====

==== The repository shall define, collect, track, and appropriately provide its information integrity measurements. ====

==== The repository shall commit to a regular schedule of self-assessment and external certification. ====

FINANCIAL SUSTAINABILITY
==== The repository shall have short- and long-term business planning processes in place to sustain the repository over time. ====

==== The repository shall have financial practices and procedures which are transparent, compliant with relevant accounting standards and practices, and audited by third parties in accordance with territorial legal requirements. ====

==== The repository shall have an ongoing commitment to analyze and report on financial risk, benefit, investment, and expenditure (including assets, licenses, and liabilities). ====

CONTRACTS, LICENSES, AND LIABILITIES
==== The repository shall have and maintain appropriate contracts or deposit agreements for digital materials that it manages, preserves, and/or to which it provides access. ====

=
The repository shall have contracts or deposit agreements which specify and transfer all necessary preservation rights, and those rights transferred shall be documented. =====

=
The repository shall have specified all appropriate aspects of acquisition, maintenance, access, and withdrawal in written agreements with depositors and other relevant parties. =====

=
The repository shall have written policies that indicate when it accepts preservation responsibility for contents of each set of submitted data objects. =====

=
The repository shall have policies in place to address liability and challenges to ownership/rights. =====

==== The repository shall track and manage intellectual property rights and restrictions on use of repository content as required by deposit agreement, contract, or license. ====

INGEST: ACQUISITION OF CONTENT
==== The repository shall identify the Content Information and the Information Properties that the repository will preserve. ====

=
The repository shall have a procedure(s) for identifying those Information Properties that it will preserve. =====

=
The repository shall have a record of the Content Information and the Information Properties that it will preserve. =====

==== The repository shall clearly specify the information that needs to be associated with specific Content Information at the time of its deposit. ====

==== The repository shall have adequate specifications enabling recognition and parsing of the SIPs. ====

==== The repository shall have mechanisms to appropriately verify the identity of the Producer of all materials. ====

==== The repository shall have an ingest process which verifies each SIP for completeness and correctness. ====

==== The repository shall obtain sufficient control over the Digital Objects to preserve them. ====

==== The repository shall provide the producer/depositor with appropriate responses at agreed points during the ingest processes. ====

==== The repository shall have contemporaneous records of actions and administration processes that are relevant to content acquisition. ====

INGEST: CREATION OF THE AIP
==== The repository shall have for each AIP or class of AIPs preserved by the repository an associated definition that is adequate for parsing the AIP and fit for long- term preservation needs. ====

=
The repository shall have a definition of each AIP that is adequate for long- term preservation, enabling the identification and parsing of all the required components within that AIP. =====

The repository shall have a description of how AIPs are constructed from SIPs.
==== The repository shall document the final disposition of all SIPs. In particular the following aspect must be checked. ====

=
The repository shall follow documented procedures if a SIP is not incorporated into an AIP or discarded and shall indicate why the SIP was not incorporated or discarded. =====

==== The repository shall have and use a convention that generates persistent, unique identifiers for all AIPs. ====

=
The repository shall assign and maintain persistent identifiers of the AIP and its components so as to be unique within the context of the repository. ======

=
The repository shall be able to provide a complete list of all such identifiers and do spot checks for duplications. ======

=
The system of identifiers shall be adequate to fit the repository's current and foreseeable future requirements such as numbers of objects. ======

=
The repository shall have a system of reliable linking/resolution services in order to find the uniquely identified object, regardless of its physical location. =====

==== The repository shall have access to necessary tools and resources to provide authoritative Representation Information for all of the digital objects it contains. In particular the following aspects must be checked. ====

=
The repository shall have tools or methods to identify the file type of all submitted Data Objects. =====

=
The repository shall have tools or methods to determine what Representation Information is necessary to make each Data Object understandable to the Designated Community. =====

=
The repository shall have tools or methods to ensure that the requisite Representation Information is persistently associated with the relevant Data Objects. =====

==== The repository shall have documented processes for acquiring Preservation Description Information (PDI) for its associated Content Information and acquire PDI in accordance with the documented processes. In particular the following aspects must be checked. ====

=
The repository shall ensure that the PDI is persistently associated with the relevant Content Information. =====

==== The repository shall ensure that the Content Information of the AIPs is understandable for their Designated Community at the time of creation of the AIP. In particular the following aspects must be checked. ====

=
Repository shall have a documented process for testing understandability for their Designated Communities of the Content Information of the AIPs at their creation. =====

=
The repository shall execute the testing process for each class of Content Information of the AIPs. =====

=
The repository shall bring the Content Information of the AIP up to the required level of understandability if it fails the understandability testing. =====

==== The repository shall verify each AIP for completeness and correctness at the point it is created. ====

==== The repository shall provide an independent mechanism for verifying the integrity of the repository collection/content. ====

==== The repository shall have contemporaneous records of actions and administration processes that are relevant to AIP creation. ====

The repository shall have documented preservation strategies relevant to its holdings.
==== The repository shall have mechanisms in place for monitoring its preservation environment. ====

=
The repository shall have mechanisms in place for monitoring and notification when Representation Information is inadequate for the Designated Community to understand the data holdings. =====

==== The repository shall have mechanisms to change its preservation plans as a result of its monitoring activities. ====

=
The repository shall have mechanisms for creating, identifying or gathering any extra Representation Information required. =====

==== The repository shall provide evidence of the effectiveness of its preservation activities. ====

AIP PRESERVATION
==== The repository shall have specifications for how the AIPs are stored down to the bit level. ====

The repository shall actively monitor the integrity of AIPs.
==== The repository shall have contemporaneous records of actions and administration processes that are relevant to storage and preservation of the AIPs. ====

=
The repository shall be able to demonstrate that any actions taken on AIPs were compliant with the specification of those actions. =====

INFORMATION MANAGEMENT
==== The repository shall specify minimum information requirements to enable the Designated Community to discover and identify material of interest. ====

==== The repository shall capture or create minimum descriptive information and ensure that it is associated with the AIP. ====

==== The repository shall maintain bi-directional linkage between each AIP and its descriptive information. ====

=
The repository shall maintain the associations between its AIPs and their descriptive information over time. =====

The repository shall log and review all access management failures and anomalies.
==== The repository shall follow policies and procedures that enable the dissemination of digital objects that are traceable to the originals, with evidence supporting their authenticity. ====

=
The repository shall record and act upon problem reports about errors in data or responses from users. =====

TECHNICAL INFRASTRUCTURE RISK MANAGEMENT
==== The repository shall identify and manage the risks to its preservation operations and goals associated with system infrastructure. ====

=
The repository shall employ technology watches or other technology monitoring notification systems. =====

=
The repository shall have hardware technologies appropriate to the services it provides to its designated communities. ======

=
The repository shall have procedures in place to monitor and receive notifications when hardware technology changes are needed. ======

=
The repository shall have procedures in place to evaluate when changes are needed to current hardware. ======

=
The repository shall have procedures, commitment and funding to replace hardware when evaluation indicates the need to do so. ======

=
The repository shall have software technologies appropriate to the services it provides to its designated communities. ======

=
The repository shall have procedures in place to monitor and receive notifications when software changes are needed. ======

=
The repository shall have procedures in place to evaluate when changes are needed to current software. ======

=
The repository shall have procedures, commitment, and funding to replace software when evaluation indicates the need to do so. ======

=
The repository shall have adequate hardware and software support for backup functionality sufficient for preserving the repository content and tracking repository functions. =====

=
The repository shall record and report to its administration all incidents of data corruption or loss, and steps shall be taken to repair/replace corrupt or lost data. ======

=
The repository shall have a process to record and react to the availability of new security updates based on a risk-benefit assessment. =====

=
The repository shall have defined processes for storage media and/or hardware change (e.g., refreshing, migration). =====

=
The repository shall have identified and documented critical processes that affect its ability to comply with its mandatory responsibilities. =====

=
The repository shall have a documented change management process that identifies changes to critical processes that potentially affect the repository's ability to comply with its mandatory responsibilities. ======

=
The repository shall have a process for testing and evaluating the effect of changes to the repository's critical processes. ======

=
The repository shall have mechanisms in place to ensure any/multiple copies of digital objects are synchronized. =====

SECURITY RISK MANAGEMENT
==== The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant. ====

==== The repository shall have implemented controls to adequately address each of the defined security risks. ====

==== The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system. ====

==== The repository shall have suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s). ====