ISO Standards for Certifying Trustworthy Digital Repositories
NARA recently hosted a meeting of the Working Group that is developing ISO (International Organization for Standardization) standards for use in certifying trustworthy digital repositories. The two draft ISO standards are ISO/DIS 16363 – Audit and certification of trustworthy digital repositories and ISO/DIS 16919 – Requirements for bodies providing audit and certification of candidate trustworthy digital repositories.
NARA has a long history of involvement with the development of international standard related to electronic records and other digital information. For example, ISO/DIS 16363 is based in large part on Trustworthy Repositories Audit & Certification: Criteria and Checklist (aka TRAC). The TRAC document in turn was developed largely on the basis of requirements found in ISO 14721 — Open archival information system — Reference model (aka OAIS Reference Model). NARA actively participated in the development of both the TRAC document and the OAIS Reference Model.
Why is a standard such as ISO 16363 needed? Here is part of the rationale from the draft standard:
Long before it became an approved standard in 2002, many in the cultural heritage community had adopted OAIS as a model to better understand what would be needed from digital preservation systems.
Institutions began to declare themselves ‘OAIS-compliant’ to underscore the trustworthiness of their digital repositories. However, there was no established understanding of ‘OAIS-compliance’ beyond being able to apply OAIS terminology to describe their archive, despite there being a compliance section in OAIS which specifies the need to support the model of information and fulfilling the mandatory responsibilities.
Claims of trustworthiness are easy to make but are thus far difficult to justify or objectively prove. Establishing more clear criteria detailing what a trustworthy repository is and is not has become vital.
While ISO/DIS 16363 lists criteria a trustworthy digital repository should meet, ISO/DIS 16919 provides requirements for the organizations that will carry out audits and certifications of digital repositories. Once these two standards are finalized they should go a long way toward filling this gap.