Skip to content

Instantly share code, notes, and snippets.

@ross-spencer

ross-spencer/2021-07-14-nestor-checklist.md

Created July 14, 2021 09:37
Show Gist options
  • Save ross-spencer/d0f1f589e45fdce998d647a96c6b2c2f to your computer and use it in GitHub Desktop.
Save ross-spencer/d0f1f589e45fdce998d647a96c6b2c2f to your computer and use it in GitHub Desktop.
Download ZIP
Nestor audit/checklist in markdown
Raw
2021-07-14-nestor-checklist.md

Explanation of the nestor seal for trustworthy digital long-term archives

Version 2.1

nestor working group on certification

URL: Original document

This document is largely translated automatically, with some manual intervention. The existence of incorrect line-wrapping in the source PDF affects the ability for the translation tool to understand sentences in their entireity.

k1. Selection of the information objects and their representations

  • Selection of the information objects and their representations.

Criteria for the selection of information objects and their representations for the digital long-term archives are specified. The framework is given by legal specifications, the overall order of the institution or the company, own targets.

  • Ask:
    • What criteria for the selection of information objects and their representations have been established?
    • How are these criteria justified?
    • How are the criteria accessible internally and externally?

k2. Responsibility for preservation

  • Responsibility for preservation.

The digital long-term archive takes responsibility for long-term archiving of the information objects due to legal regulations or own targets. Long-term archiving is the long-term preservation of the usability and ability to understand the information depicted in the representations.

  • Ask:
    • How is the responsibility for maintenance justified?
    • Which archiving tasks can be derived from this (evidence, storage, preservation of availability, access, ...)?
    • For how long does the archive assume this responsibility?

k3. Target groups

  • Target groups.

The digital long-term archive has defined its target group(s). This includes the knowledge of the specific requirements of the target audience(s) who are choosing the services to be offered. If the target group(s) or their The digital long-term archive reacts accordingly to requirements over time through adaptation.

  • Ask:
    • Which target group(s) for the digital long-term archive were in which way they are defined?
    • Which specific requirements of the target group(s) have been identified?
    • How are the services to be offered to meet the requirements of the target group(s) matched?
    • What method of monitoring changes in the target groups are used ("Community Watch")?
    • Is the adaptation of the digital long-term archive to changed target groups and /or changed tasks ensured?

k4. Access

  • Access.

The digital long-term archive ensures that authorized users from the target groups get access to the representations. This includes appropriate research opportunities. The digital long-term archive knows its terms of use and any costs incurred for access in advance, and breaks them down in a transparent way.

  • Ask:
    • What is the access to the digital long-term archive for authorized users?
    • How is it ensured?
    • What research options are there?
    • What are the terms of use?

k5. Interpretability

  • Interpretability.

The digital long-term archive has defined measures for the long-term to ensure the interpretability of at least one of the representations, and has thus created a basic requirement for appropriate use in the future. This includes the interpretability of the content and metadata. The digital Long-term archive takes into account the needs of its target group(s). Have changes the technical environment or the target group(s) influenced the interpretability. The digital long-term archive is therefore also regularly checked using a suitable procedure, whether the interpretability by the target group(s) is still given.

  • Ask:
    • How is the interpretability of at least one representation of content and Metadata secured in the long term?
    • How are the usage goals and target group needs taken into account?
    • Which procedures are available and carried out to regularly check the interpretability by the target groups?

k6. Legal and contractual basis

  • Legal and contractual basis.

The digital long-term archive is based on legal or contractual regulations the producers with regard to takeover, archiving and use. The type and scope of the delivery is managed, as well as the obligation of the digital long-term archive for archiving, the terms of use and, if applicable, the costs.

  • Ask:
    • What are the deliverables, the obligations of the digital long-term archive, the terms of use and the costs with the producers or Producers and how are they regulated?

k7. Legal compliance

  • Legal compliance.

The digital long-term archive monitors compliance with the rights concerned at the Acquisition, archiving and use of digital objects and documents this. To include: data protection, protection of the rights of data subjects, confidentiality regulations, Copyright and exploitation rights, internal and external compliance.

  • Ask:
    • How is compliance with data protection, protection of rights Affected party, confidentiality regulations, copyrights and exploitation rights as well internal and external compliance monitored and documented?

k8. Financing

  • Financing.

There is a current and long-term budget plan digital long-term archive.

  • Ask:
    • What does the cost model look like?
    • Which budget planning documents are available?
    • Which possible long-term financing concept for the digital Long-term archive exists?

k9. Staff

  • Staff.

The digital long-term archive has staff with appropriate qualifications with sufficient scope available. Current job descriptions exist in which describe the necessary qualifications of the long-term archive staff, as well as a position plan and / or a personnel development concept suitable for the Tasks and goals of the digital long-term archive

  • Ask:
    • How many staff are currently available, broken down according to qualifications and roles, available and what are the plans?
    • How can the tasks of the long-term archive be fulfilled with the plan?

k10. Organization and processes

  • Organization and processes.

For the organizational structure are the goals, tasks and processes of the digital Long-term archive appropriate. A structure and process organization is defined. The Responsibilities are defined. The digital long-term archive is in a suitable place listed in the business allocation plan.

  • Ask:
    • What organizational structure (organizational structure and process organization) does the digital long-term archive have?
    • Which responsibilities are defined?
    • How can the tasks of the archive be covered with this structure

k11. Conservation measures

  • Conservation measures.

The digital long-term archive operates a strategic planning for the preservation of the digital objects entrusted to it, in which the upcoming or expected tasks and the times of their realization are named. The basis for long-term planning observes the legal and social framework conditions, the requirements and expectations of the target groups, the changes in technology that are relevant for the long-term preservation and appropriate use of the information objects depicted by the representations. Possible effects on the fulfillment of tasks are evaluated. There are suitable structures and procedures for this.

  • Ask:
    • How are the framework conditions, the changes in technology and the Target groups observed?
    • What does the strategic planning of conservation measures look like?
    • Which conditions imply which measures?
    • How are the planning tasks with the general objectives and the other framework conditions of the archive correlated?

k12. Crisis / succession planning

  • Crisis / succession planning.

The digital long-term archive has a plan, just like the specified tasks the existence of the digital long-term archive must also be ensured. The digital long-term archive has also made provisions for a crisis. The continuation of the tasks in such a case must take place in a different organizational framework, that the specified tasks can be performed in full. For what won't be possible, the restrictions are documented. The digital long-term archive makes provision that a transition process is defined, planned and timely can be implemented

  • Ask:
    • To what extent has the digital long-term archive ensured that the Information objects can be preserved beyond its existence?
    • What counts as a crisis situation that requires the handover of tasks to third parties power, and how is it determined?
    • What is planned in the event of a crisis?

k13. Significant properties

  • Significant properties.

The digital long-term archive identifies which properties of the Representations for the preservation of the information objects are significant and documents this. When deciding on the scope of the to be preserved properties it is against the background of your own goals between the technical Possibilities as well as the effort for long-term archiving on the one hand and the Weighing up the needs of the target group(s) on the other hand.

  • Ask:
    • What does the digital long-term archive understand by significant properties and how are you dealing with them?
    • How were the goals of the digital long-term archive taken into account?
    • How was the difference between the effort and the performance of the Systems on the one hand and the interests of customers weighed on the other side?
    • How were the significant properties of information objects in the System architecture, data model and workflow anchored?

k14. Integrity: recording interface

  • Integrity: recording interface.

The digital long-term archive has an interface for recording the integrity of representations. The interface includes all of those functions and processes that occur over the transfer packages from the producers who transform them into archive packages and guaranteed inclusion in the digital long-term archive. The interface enables the producers and the administration of the digital long-term archive to check and receive information about the integrity of the representations.

  • Ask:
    • Which functions are provided in the system architecture to ensure the integrity and to ensure the security of data in the ingest process (e.g. virus check, Checking the data integrity using hash values ​​for content data, metadata and Transfer packages as a whole)
    • How are these tests implemented/discovered both at the takeover and at the Transformation of the transfer packages into archive packages?
    • In the form of what processes are these functions in the system specifications flowed in?
    • What organizational and technical measures have been taken implemented?
    • How does the archive deal with errors found in the integrity check?

k15. Integrity: Functions of the archival storage

  • Integrity: Functions of the archival storage.

It is necessary the archival storage offers functions for checking and maintaining the integrity of the representations by the administration of the digital long-term archive. The functions include the mapping of the archive packages on storage media, the long-term storage, recovery of the archive packages as well as all changes to the archive packages.

  • Ask:
    • Which functions and processes are provided by the system to ensure completeness and integrity of the archive packages in the course of the Storage process (e.g. choice of suitable storage media, redundancy, Refreshing, media migration)?
    • Which mechanisms check the integrity of archived packages stored insuitable intervals for damage?
    • Which mechanisms are implemented or provided in the system in order to restore damaged archive packages?
    • How are checking routines and recoveries kept traceable?

k16. Integrity: user interface

  • Integrity: user interface.

The digital long-term archive has an interface that allows the user and the Administration of the digital long-term archive to review and maintenan the integrity of representations. This completes the transformation of archive packages to usage packages.

  • Ask:
    • What measures are envisaged to assist in the conversion of the Archive packages in usage packages ensure the integrity and completeness of the ensure requested information?
    • What happens in the case that the integrity been violated? • [ ] What options does the user have to improve the integrity of the archived information from the time of transfer to the digital long-term archive to the Understand usage?

k17. Authenticity: recording

  • Authenticity: recording.

The digital long-term archive uses procedures that assess the authenticity of the representations at their reception as well as the assessment and securing of the transfer packages during the admission procedure (takeover, transformation of the transfer packages in archive packages and storage) to enable authenticity.

  • Ask:
    • How is authenticity recognizable throughout (detatchment from the data carrier, normalization).
    • Which processes are specified for the digital long-term archive that ensure the authenticity of the adopted or to be adopted information objects.
    • How is the preservation of the significant properties checked?
    • What is done if the authenticity is compromised?

k18. Authenticity: Conservation Measures

  • Authenticity: Conservation Measures.

The digital long-term archive uses procedures that are used in the implementation of the Long-term preservation measures that ensure the authenticity of the objects, or document the degree of authenticity,

  • Ask:
    • Which procedures have been specified that ensure the authenticity of digital information objects in the course of maintenance measures?
    • How is the preservation of significant properties in the migration process ensured when implementing new emulation environments?
    • How is this is monitored (automatically / manually, for all representations / randomly)?
    • How does the long term archive proceed, if individual significant properties are not or only can be partially preserved?

k19. Authenticity: Use

  • Authenticity: Use.

The digital long-term archive enables the user and the administration of the digital long-term archives to check and maintain the authenticity of the representations. This includes the transformation of archive packages into usage packages.

  • Ask:
    • How is the authenticity of the transformation of the archive packages into usage packages guaranteed?
    • How are the significant properties preserved?
    • What options does the user have to understand the ensurance of the authenticity of the archived information from the time it was transferred to the digital long-term archive.

k20. Technical sovereignity

  • Technical sovereignity.

The digital long-term archive receives the technical sovereignty over those representations to be taken over to enable the transformation into archive packages and, if necessary, to be able to carry out long-term maintenance measures. After the takeover you can perform all necessary measures without technical restrictions.

  • Ask:
    • Which processes are planned in the run-up to the data transfer in order to ensure data sovereignty of the digital long-term archive - legally, organizationally, technically sustainable?
    • How does the digital long-term archive practically ensure that all technical restrictions on the use of the representations transferred are recorded and can be resolved?
    • How is, for example, encryption, printing and copying blocks and time restrictions for legibility bypassed?
    • How does the digital long-term archive, if necessary, establish technical sovereignty, if representations with restrictions have been accepted?

k21. Transfer packages

  • Transfer packages.

The digital long-term archive has specified its transfer packages. The digital long-term archive agrees with the producers which transfer packages (content data and metadata). The transfer packages are checked on the basis of the specification.

  • Ask:
    • What specification of transfer packages does the digital long-term archive?
    • Which Content data is accepted?
    • Which metadata are required?
    • Are there special regulations and processes for the formation of transfer packages?
    • Which measures are planned, the compliance of Validate transfer packages?
    • Are faulty transfer packages rejected or carried out before they are accepted a correction within a defined work area in the digital long-term archive?

k22. Transformation of the transfer packages into archive packages

  • Transformation of the transfer packages into archive packages.

The digital long-term archive converts transfer packages into archive packages.

  • Ask:
    • How are the transformation processes of the digital long-term archive specified?
    • Which conversion and structuring measures are required?
    • What quality assurance measures are planned?

k23. Archive packages

  • Archive packages.

The digital long-term archive has specified its archive packages. The digital long-term archive defines which archive packages (content data and metadata) can be filed and in which. The archive packages are checked on the basis of the specification.

  • Ask:
    • How are the components and the structure of the archive package sufficient? specified?
    • How is the quality of the archive packages checked?

k24. Interpretability of the archive packages

  • Interpretability of the archive packages.

To ensure that the archive packages can be interpreted in the event of a migration strategy, technical conservation measures are carried out:

  • Ask:
    • How will migration become more obsolete?
    • File formats initiated and carried out? Which measures of quality assurance are provided?
    • In the case of an emulation strategy: How is the selection made more suitable Emulators by the digital long-term archive, by users or automatically Procedure?
    • What further interpretation aids are given?

k25. Transformation of the archive packages into usage packages

  • Transformation of the archive packages into usage packages.

The digital long-term archive converts archive packages into usage packages.

  • Ask:
    • What is the transformation process of the archive packages into usage packages? How is it specified?
    • What intended changes have been made to the content and metadata?
    • What quality assurance measures are planned?

k26. Usage packages

  • Usage packages.

The digital long-term archive specifies the usage packages based on the requirements of the target groups.

  • Ask:
    • To what extent are the requirements of the target group(s) taken into account?
    • Are the possible components and the structures of the usage package sufficiently and clearly specified for the user?

k27. Identification

  • Identification.

A digital long-term archive uses IDs internally to manage the information objects and their representations and, if applicable, their parts and relationships to one another (parts / assemblies, different variants, versions, etc.). In particular for the clear assignment of the content data to the metadata. The use of externally visible, standardized, permanent identifiers represents the reliable findability of the information objects and their representations and therefore secure access.

  • Ask:
    • Which identifiers does the digital long-term archive use?
    • According to what procedure do all information objects, representations, and whose parts, all content and metadata are given unique identifiers?
    • How is the assignment implemented using identifiers?
    • How is the durability of the identifiers guaranteed?
    • How are the IDs made available to external parties?

k28. Descriptive metadata

  • Descriptive metadata.

The scope, structure and content of the descriptive metadata are defined. Depending on the goals of the digital long-term archive, on the target groups of the digital long-term archive and the object types.

  • Ask:
    • Which rules are used to record the descriptive metadatathe digital long-term archive?
    • Which standards are taken into account?
    • To what extent is the collection of descriptive metadata taken into account?
    • To what extent are target groups and object types taken into account?
    • How does the digital long-term archive try to ensure that the Collection guidelines are adhered to?

k29. Structural metadata

  • Structural metadata.

The structure of the representations must be described in such a way that the depicted information objects can be reconstructed and used.

  • Ask:
    • Which structural metadata does the digital long-term archive use?
    • To what extent does it take different object types into account?
    • What standards will considered?
    • What measures does the digital long-term archive use to ensure that the structural metadata for restoring the authentic structure different representations exists and can be used?

k30. Technical metadata

  • Technical metadata.

The technical metadata are defined in order to guarantee interpretability, safeguarding the integrity as well as authenticity and the control of the long-term preservation measures.

  • Ask:
    • Which technical metadata is collected?
    • What standards will be considered?
    • Which processes (e.g. migration, provision) and statuses (e.g. integrity, authenticity) are supported or documented by which metadata?

k31. Logging of long-term maintenance measures

  • Logging of long-term maintenance measures.

The digital long-term archive records long-term preservation measures and changes to the representations.

  • Ask:
    • Which measures and changes are logged?
    • How are measures and changes logged (e.g. automatically, manually)?
    • Are the actors of the changes also documented?
    • Which standards are taken into account?
    • How is it guaranteed that the log entries will still be legible in the future, are traceable and evaluable?

k32. Administrative metadata

  • Administrative metadata.

The digital long-term archive has defined its administrative metadata for the management and use of the information objects and their representations to be able to understood. The use of the representations can be disabled for legal or contractual reasons.

  • Ask:
    • Which administrative metadata is collected? What regulations and Standards are taken into account for this?
    • What is the relationship between the administrative metadata and the informationK6 and K7?

k33. IT infrastructure

  • IT infrastructure.

The IT infrastructure implements the requirements for handling information objects and representations in technical and safety-related terms.

  • Ask:
    • What IT infrastructure is available?
    • How are specific structural decisions related to other professional and technical settings (cf. K13-26)?
    • Which norms, guidelines and standards were implemented?
    • What measures are planned to keep the IT infrastructure up to date?

k34. Security

  • Security.

The organization and the infrastructure guarantee the protection of the digital long-term archive as well as its information objects to be archived and their representations.

  • Ask:
    • Which areas of the digital long-term archive are to which extent in need of conservation?
    • Which is malicious or due to human or technical error you consider possible damage scenarios to be particularly dangerous for the Preservation of the information objects and representations?
    • How high are they probability of occurrence of the claims?
    • How high is the severity of damage?
    • What residual risk is still accepted?
    • What measures are taken to counter the threats?
    • How were the risk analysis and the planned countermeasures in one Security concept transferred?
    • What norms, guidelines and standardswere considered?
    • Which measures to check the security concept and its Further developments planned?
@ross-spencer
Copy link
Author

Connected to: TDR checklist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment