Trusted Digital Repositories (ISO 16363)

Formerly referred to as “TRAC,”  Trusted Repositories Audit & Certification, Trusted Digital Repositories is a guideline for assessing an organization’s ability to preserve digital collections and make them widely available. It provides a way for organizations to measure their level of compliance with the OAIS model of digital preservation, and includes checks for three areas of preservation.


Organizational Infrastructure

  • Governance and Organizational Viability
    • Regardless of the size, scope, or nature of the digital preservation program, a trusted repository must demonstrate an explicit, tangible, and long-term commitment to compliance with prevailing standards, policies, and practices.
  • Organizational Structure and Staffing
    • A repository must have designated staff with requisite skills and training and must provide ongoing development. The repository should be able to document efforts to define and maintain requisite skills, roles, job descriptions, and development plans.
  • Procedural Accountability and Policy Framework
    • A repository must provide clear and explicit documentation of its requirements, decisions, development, and actions to ensure long-term preservation and access to digital content in its care. This documentation assures consumers, management, producers, and certifiers that the repository is meeting its requirements and fully performing its role as a trusted digital repository. Certification, the clearest indicator of a repository’s sound and standards-based practice, is facilitated by procedural accountability that results in comprehensive and current policies, procedures, and practice.
  • Financial Sustainability
    • A trusted digital repository should be able to prove its financial sustainability. Overall, a trusted repository adheres to all good business practices and should have a sustainable business plan—a general set of documents that reflect the past, present, and future of the repository and its activities. A business plan incorporates management plans and financial implications related to development and normal production activities, and may note the strategies and/or risks that would affect operations.
  • Contracts, Licenses, and Liabilities
    • A repository’s contracts, licenses, and liabilities should be explicit. They should define clear and measurable terms; delineate roles, responsibilities, timeframes, and conditions; and be either readily accessible or available to stakeholders on demand. Contracts include those between the repository and content owners (depositors, publishers, etc) and those between the repository and its own service providers (system service/maintenance contracts), with system developers, etc. Regardless of the relationship, these contracts and licenses must be available for audits so that liabilities and risks can be evaluated.

Digital Object Management

  • Ingest: Acquisition of Content
    • Acquisition involves a crucial interaction between repository and depositor. Success in this phase of ingest indicates the repository’s ability to gain sufficient control over the content.
  • Ingest: Creation of the Archival Package
    • Digital repositories must take actions to preserve the ingested information, and the things they disseminate to end users must be strongly linked to the original objects that were deposited. To paraphrase the OAIS, these requirements are meant to ensure that information (digital objects and all appropriate metadata) received and verified from each producer is put into the archival form (AIP) and is stored in archival storage for long-term preservation. More specifically, the repository must actually complete the ingest process, creating some appropriate form—identifiable as archival storage—in which to store the information. This includes addressing the linkage of appropriate metadata to meet the levels of understanding expected, the association of unique identifiers to be able to reference the digital content, the mapping from the submitted content to the AIP storage forms, and auditable provenance information ensuring no loss or corruption of content in developing the AIPs.
  • Preservation Planning
    • A repository or archiving system must have current, sound, and documented preservation strategies in place and demonstrably implemented. It is not enough simply to preserve information. A repository must do so in accordance with predefined, documented, preservation policies and procedures, and it must have identified mechanisms to update those policies and procedures in response to changing technologies. Without such documentation, a repository cannot pass an audit even if its work is otherwise exemplary.
  • Archival Storage and Preservation/Maintenance of Archival Information Packages
    • There is a minimal set of conditions for performing long-term preservation of AIPs. The system infrastructure (discussed in C1) must provide suitable services to allow higher-level repository (object management) functions operating on AIPs to perform their tasks reliably. But if the higher-level functions do not use these services, or do not use them properly, then preservation is not assured. The preservation of AIPs must follow the documented preservation strategies, typically including such topics as the use of migration, transformations, checksums, multiple copies, distributed storage, and tracking of processing history that might affect preservation confidence.
  • Information Management
    • A critical component of any repository is its information management functionality. Regardless of technical composition and regardless of whether it is considered a “light” repository or a “dark” one— holding material for access by future generations—the system needs to be able to store, track and use metadata which supports the core functionality of the digital repository. The OAIS (2002) describes this functionality within Data Management, but, practically, this information is critical to and is generated within other digital repository functions such as ingest, archival storage, preservation planning, and access. For that reason, this section, Information Management, addresses the remaining needs associated with descriptive metadata.
  • Access Management
    • It must be understood that the capabilities and sophistication of the access system will vary depending on the repository’s designated community(ies) and the access mandates of the repository. Because of the variety of repositories, archives, and access mandates, these criteria may be subject to questions about applicability and interpretation at a local level.

Technologies, Technical Infrastructure, Security

  • System Infrastructure
    • Without a secure and trusted infrastructure, the functions carried out on AIPs cannot be trusted—they are built on a house of cards. Actions specified here are general enough to apply to systems other than repositories and archives.
  • Appropriate Technologies
    • A repository should use strategies and standards relevant to its designated community(ies) and its digital technologies.
  • Security
    • “System” here refers to more than IT systems, such as servers, firewalls, or routers. Fire protection and flood detection systems are also significant, as are systems that involve actions by people. The first two requirements here are general and the third addresses internal security, while the remainder address disaster recovery.
Trustworthy Repositories Audit & Certification: Criteria and Checklist, February 2007

Space data and information transfer systems — Audit and certification of trustworthy digital repositories, February 2012