Attending iPres 2016 has been a great experience and resource for the DPOC project as we begin to approach repository self-auditing activities at the University of Cambridge and Oxford. The following blog is by Policy and Planning Fellow Edith (Oxford).
It is clear from the discussions at iPres that self-auditing and certification is still a dividing issue within the community. I choose here to paraphrase another participant who likened the discussion to “a burning bush” best not touched. While hoping to not get myself too burnt in the process, I will attempt to summarise some of the themes and common experiences which emerged this week from talks, posters and informal discussions.
- Is OAIS certification recommendations agnostic? This concern came out of the OAIS panel session from several directions – including NESTOR and the Dutch Collation on Digital Preservation. In the current manifestation of OAIS (ISO 14721:2012) the only certification standard referenced is ISO 16363. There are many ways to work towards OAIS conformance, but will this bias skew uptake of a particular path? Hearing these concerns, I tend to agree that the next OAIS version should strive to be more agnostic in its reference to certification.
- How do we interpret (intentional) gaps in audit and certification criteria?Certification criteria should be sufficiently general to stand the test of the time and to be applicable to a variety of organisations who care for digital content. However, this results in the need to tease out what the criteria mean in our particular context before beginning auditing activities. Some interesting questions were posed by Devan Ray Donaldson from Indiana University talking about the slippery concept of “security” in current Trusted Repository Criteria. Devan’s research is very much at a planning stage – but DPOC will make sure to look out for future updates from Indiana. [Link]
- Certification processes are by nature open to variation. It has been eye opening to hear about the challenges that colleagues who have previously worked on behalf of certifying bodies, have had in assessing organisations in a consistent manner. I look forward to hearing more about the experience of those newly trained in ISO 16919 (Requirements for Bodies Providing Audit and certification of candidate trustworthy digital repositories) over the next couple of years. How will this experience change as a result? (Perhaps a talk for iPres 2017 in Kyoto?)
- Certification and auditing tends to result in A LOT OF documentation – you may love it or hate it. Regardless of the value that attendees put on audit and/or certification, the experience and challenges of creating extensive documentation was shared pretty much across the board. However, even among the staunchest critics of auditing and certification, there was a general consensus that documenting procedures is good for consistency and self-reflection. For me this shows that more ‘selective’ self-auditing activities continue to have strong merits as an alternative to certification.
That is me for iPres 2016. I hope to add more items to this list in a few months’ time, reflecting back on our own experiences of self-auditing at the University of Cambridge and Oxford.