This is the text of a presentation I held at the combined 4C/DPC conference ‘Investing in Opportunity: Policy Practice and Planning for a Sustainable Digital Future’ in London 17-18 November 2014 at the Wellcome Trust.
A few months ago I was in Copenhagen and as I like shopping in a foreign country and take something with me to remind me of my trip , I bought a golden ring. Well, not gold, it was gold plated and after a few months of wearing is was a silver ring. Was that a disappointment? The design was still nice and the ring still fitted. But it did no longer match my other rings. And I was not expecting this to happen so soon. And if instead of silver, the next layer would have been brass or nickel or copper, I really would have been disappointed and felt betrayed. So it was gold, turned to silver and yes that did matter.
No one would appreciate a trustworthy digital archive turning from gold to silver…
What are we talking about?
The title of this presentation Is there a gold standard and does this matter? was made by William [Kilbride] when inviting me for this panel. But what we are talking about here of course is the ISO 16363 standard on Audit and Certification of trustworthy digital repositories, officially an ISO standard since 2012. Recently the accompanying standard for accreditation of auditors was officially published by ISO and now certification against this standard can start.
The ISO standard is the highest level in the European framework of certification, starting with the basic level of the Data Seal of Approval, a middle layer of the nestor/DIN standard, and the highest level of this ISO standard. We currently don’t speak about layers like bronze, silver and gold, but if you would do, the ISO is the gold level in this model, the gold standard if you wish.
History
This audit standard has a history of more than 10 years and to really value its importance, we should know a bit of its history. Already in the OAIS model, a reference is made to a systematic approach of checking the conformity of organisations to this model, a standard for accreditation of archives. The first draft of TRAC criteria is based on this OAIS model – our shared view how digital preservation should be done. Ten years ago a draft version of TRAC was tested by performing audits on different repositories, among them the KB, and based on this feedback the Checklist of TRAC was published in 2007. 5 years later, with TRAC as a starting point, the ISO standard was published, which I will call here the TDR-standard. In summary, this standard is based on preservation insights of a wide variety of organisations and people, all knowledgeable in digital preservation and with different background. We sometimes might forget who is behind this standard and I tried to create an overview of the people and organisations that were involved in TRAC 2002, 2005, 2007, ISO 16363 and ISO 16919. A wide variety of organisations, and of people, some already retired, some still going strong and others working daily with digital preservation. The standard was created really with input from the preservation community.
Is a gold standard also a perfect standard?
That need not to be the case. Although a lot of experience is woven into the standard, this standard is not a static, carved in stone, document. For the TDR standard, I think it is too early to judge. No audits did take place with this standard yet.
Let me give you an example of another “gold” standard we all share: the OAIS model ISO 14721, out there for more than 10 years. The OAIS standard has proven its value, on various areas but especially as the Esperanto of the digital preservation community. However, standards operate in a changing world and that has an influence on the value of that standard. If a standard is not adapted to developments in the changing world – and digital preservation is an evolving area – it will lose its value.
Some people think the OAIS model is outdated and does not keep up with the developments in preserving digital material. Since 2002, when the OAIS was first published, the preservation insights have changed. As an example: Emulation is now an accepted approach, migration less then 10 years ago. Quite often, in practice, the well know functional model of the OAIS is extended with a function “pre-process”. Sometimes the OAIS standard is interpreted more as a straitjacket then as a conceptual model. This will lead now and then to strong twitter opinions, like suggestions to burn OAIS, never to mention it in a presentation etc. Other people contribute in a more constructive way by blogging about specific shortcomings of OAIS or by further developing the model. Like we did in the Planets project, where Paul Wheatly and I added the Preservation Watch concept, extended in the SCAPE project. Others created a framework to apply OAIS to distributed digital preservation. These contributions will help to keep a standard alive and we, as a preservation community, should try to incorporate new insights into the standard.
That is why ISO standard has a process of reviewing the standard. Every 5 years, theoretically at least, changes can be made to the standard. The first opportunity for the OAIS model (and coincidentally for the TDR standard as well) is 2017.
The ISO process is not quite clear, but there is enough reason for the preservation community to investigate how to be involved in this process and keep the standards up to date. I’ll talk with the Dutch Standard Organisation NEN soon and ask them what is the official procedure and how we can collaboratively act. I’ll report on this at our KB research blog.
Back to the TDR standard.
The TDR standard was developed to audit trustworthy digital repositories. A big difference with the OAIS model, where the individual institute decides whether it is compliant or not, is that it is a group of auditors who are making this judgement. As currently everyone can say that his repository is conform OAIS, this will no longer be correct if we speak about the TDR standard. There an external body will make the decision whether your repositoriy is a Trustworthy Digital Repository, according to the “gold” standard and based on the information you gave the auditors. And, not less important, based on the knowledge and experience of the auditors. And this is a crucial factor in the process: who are these auditors? Sometimes the more cynical people tell me that an audit process starts with giving the auditors a good dinner, have a chat and then you’ll get the certificate. Needless to say that this is not a good auditing process. Certainly not one that is covered by the rules and regulations that are described in ISO 16919. This standard describes the qualities an auditor need to have in general, but the standard is specifically extended with qualities related to digital preservation. Despite this, how do we, as a community get to the point that we trust the auditors and that the certificate really reflects a trustworthy repository? Two elements contribute to this: transparency and the time limited validity of the certificate.
One of the measures that were taken is “transparency”: all documentation, except for really confidential material, will be publicly available after the certificate is given. There are already a few examples out there based on TRAC audit by CRL, LOCKSS, Portico, Hathi Trust, Chronopolis and Scholars Portal. This transparency will help to foster discussion in the community about the certification.
The other element is that a certificate, in contrast to the repository itself, is not for “long term” . Instead it is lasting 5 years or so. Then the repository will need to start a new audit process to get the certificate again, based on changed conditions no doubt.
Will a certified repository be a successful preservation environment?
Chances are yes, but no guarantee can be given. As a community we agreed on a approach to digital preservation by accepting the OAIS model and the derived audit standards, described and hopefully regularly discussed and updated in this golden approach so to speak. By the way, the monetary gold standard is not in use any more, but replaced by other mechanisms. Whether our gold standards will lead to success, time will tell.