Audit and Certification of Trusted Digital Repositories

Understanding the requirements for Trusted Digital Repository status can help organizations on their path to becoming accredited and trusted repositories or organizations that are trying to build a solid foundation of good practices for their digital materials. How this status is audited and assessed shows the current priorities in digital preservation and outlines some broader goals to focus on as organizations start to develop digital preservation policies.

ISO 16919:2014 is a set of guidelines or recommended practices used to establish organizations that use the Trusted Digital Repositories standard to assess digital repositories. This can also be thought of as an accreditation standard for organizations that review digital repositories. A digital repository that is assessed as “trustworthy” can be trusted to maintain digital information over a long period of time, and to keep that information usable and readable.

This ISO standard came out of CCSDS 652.1-R-1: Requirements for Bodies Providing Audit and Certification. It follows the general recommended practices set out in ISO/IEC 17021 – Requirements for bodies providing audit and certification of management systems, but includes more specific requirements for organizations that assess digital repositories.

To receive Trusted Digital Repository (TDR) status according to these standards, digital repositories need to show impartiality, competence, responsibility, openness, confidentiality and responsiveness to complaints, all of which are defined in the more general “Requirements for bodies providing audit and certification of management systems.”

There are also specific requirements for audit teams that are reviewing digital repositories. Members of a digital repository audit team are required to have:

– knowledge of other relevant standards and normative documents (such as ISO 16363, which defines a recommended practice for assessing digital repositories’ trustworthiness)
– understanding of digital preservation
– understanding of risk assessment and risk management of digitally encoded information
– technical knowledge of the applicable digital preservation aspects
– general knowledge of regulatory requirements relevant to TDRs (Trusted Digital Repositories)
– knowledge of management systems
– understanding of the principles of auditing based on ISO 19011, which provides guidelines for auditing management systems.

This auditing team can also be advised by technical experts who are competent and experienced with a specific system used by the organization that is being audited. Each auditor must:

– be accredited
– have continual professional development to keep their knowledge and skills current
– have previously participated in at least two other certification audits
– have completed five days of audit training
– have at least four years of practical experience in data management, archives, library, or information technology