SiermanISO16363-4thRDAPlenary

Co-funded by the European Union under FP7-ICT-2009-6

Audit & Certification with ISO standards

Barbara Sierman, KB National Library of the Netherlands

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

Audit & Certification: why • Part of preservation policies in many organisations (SCAPE project findings) – – – –

Independent view on archives activities Benchmarking Requirement of funding organisations Quality assurance of scientific e-infrastructure

• Verify the claim: Are the repositories “trustworthy”?

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

The history 2002

• OAIS ISO 14721 published (updated 2012) • Par. 1.5: standard(s) for accreditation of archives.

2005

• Checklist for Certification of Trusted Digital Repositories (RLG/NARA) • Testaudits performed by RLG

2007

2012-

• DRAMBORA (2007), NESTOR (2006) • Trusted:Repositories Audit and Certification final report. Infrastructure and Security Risk Management • (Input for Repositories Audit and Certification Working Group (RAC-WG) • ISO 16363 Audit and Certification of Trustworthy Digital Repositories (RAC-WG) • Draft ISO 16919 Requirements for bodies providing Audit and Certification for candidate trustworthy repositories (RACWG) • Primary Trustworthy Digital Repository Authorisation Body (PTAB)

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

The standard 16363 • ISO 16363- 2012 Audit and Certification of Trustworthy Digital Repositories Organisational Infrastructure

Digital Objects Management

Infrastructure and Security Risk Mgmt.

: Infrastructure and Security Risk Management

Metrics

• Statement of requirement • Supporting text • Examples: repository demonstrates it is meeting this requirement • Discussion

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

The standard 16363 • ISO 16363- 2012 Audit and Certification of Trustworthy Digital Repositories • Guidance for auditors • Other standards also applicable (security) • Dependent on auditors experience

Consistency!

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

The standard 16919 • ISO has a range of standards of good auditing practices (ISO 17000:2004) • ISO 16919 Requirements for bodies providing Audit and Certification for candidate trustworthy repositories • Defines a process for accreditation of auditors. CASCO: Committee on Conformity Assesment: advice National standards bodies ISO IAF: International Accreditation Forum

Monitoring & Approving

Assessors, Training/Accreditation Group

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

The standard 16919 As long as ISO 16919 is not an approved standard: no formal ISO 16363 audit possible yet! no formal ISO 16363 certification possible yet Expected to be ready soon (2014)

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN

Co-funded by the European Union under FP7-ICT-2009-6

More … EU Proposal CTRUST in Horizon 2020

http://www.iso16363.org/   

news from the PTAB Group (training) References to ISO16363 Self-Assessment Template http://www.iso16363.org/preparing-for-an-audit/

Barbara Sierman, KB-NL 4th RDA Meeting, Amsterdam 23-09-2014

aparsen.eu

#APARSEN