… because good research needs good data DRAMBORA: Risk and Trust and Data Management Martin Donnelly DCC, University of Edinburgh martin. donnelly@ed. ac. uk (and Andrew Mc. Hugh, Sarah Jones, Joy Davidson, Seamus Ross, Raivo Ruusalepp, Perla Innocenti…) Funded by: This work is licensed under the Creative Commons Attribution-Non. Commercial-Share. Alike 2. 5 UK: Scotland License. To view a copy of this license, visit http: //creativecommons. org/licenses/by-ncsa/2. 5/scotland/ ; or, (b) send a letter to Creative Commons, 543 Howard Street, 5 th Floor, San Francisco, California, 94105, USA. Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Order of Play • Part I: Risk and Trust in Digital Repositories • Part II: The DRAMBORA Methodology • How it was arrived at • Where it can take you • Part III: Risk Management Exercise • Part IV: DRAMBORA Interactive • An introductory overview • Preview of v 2. 0 • Part V: DRAMBORA and DAF within the preservation lifecycle • Future systems integration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Order of Play • Part I: Risk and Trust in Digital Repositories • Part II: The DRAMBORA Methodology • How it was arrived at • Where it can take you • Part III: Risk Management Exercise • Part IV: DRAMBORA Interactive • An introductory overview • Preview of v 2. 0 • Part V: DRAMBORA and DAF within the preservation lifecycle • Future systems integration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA The Digital Repository Audit Method Based On Risk Assessment (DRAMBORA) was developed by the Digital Curation Centre (DCC) and Digital. Preservation. Europe (DPE) to assist repository management and staff to identify, assess, manage, and mitigate risks. • Definition: risks describe challenges or threats that impede the achievement of repository objectives, obstruct activities, and prejudice the continued availability of essential assets. • In DRAMBORA, risks have several attributes: probability, impact, severity (a derived value, p*i), owner(s), and management strategies. Risks may also link to other risks. (See ‘Anatomy of a Risk’ below…) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA covers: • information assets (analogue/digital materials, databases, data files, contracts, agreements, documentation, policies and procedures); • software assets; • physical assets; • services and utilities; • business processes; • people (staffing and skills); • intangibles, such as reputation. www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Definition of a repository We propose that a digital repository is differentiated from other digital collections by the following characteristics: • • content is deposited in a repository, whether by the content creator, owner or third party; the repository architecture manages content as well as metadata; the repository offers a minimum set of basic services e. g. put, get, search, access control; the repository must be sustainable and trusted, well-supported and well-managed. Heery and Anderson (2005) ‘Digital Repositories Review’ http: //www. jisc. ac. uk/uploaded_documents/digital-repositories-review-2005. pdf • For DRAMBORA, ‘repository’ is a broad term encompassing many different types of resource and collection • (N. B. despite its acronym, the DRAMBORA methodology and system may be used for analogue collections as well as digital content!) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 10 Characteristics of Digital Repositories • An intellectual context for the work: Commitment to digital object maintenance Organisational fitness Legal & regulatory legitimacy Effective & efficient policies Acquisition & ingest criteria Integrity, authenticity & usability Provenance Dissemination Preservation planning & action Adequate technical infrastructure © HATII Uof. Glasgow, 2007 • • • (CRL/OCLC/NESTOR/DCC/DPE meeting, January 2007) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Trustworthiness and Archival Stewardship • Trustworthiness is an increasingly sought after commodity • Decentralisation part of a normal progression (see UK AHDS) • Trustworthiness has wide reaching implications • external (financiers, depositors, creators, consumers) • internal (management, strategic planning) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data The Challenge of Building Trust There is work going on now to define certification methodologies and processes for trusted digital repositories, but formal certification is still some way off. The DCC view is that the most effective way to build trust amongst stakeholder communities at this time is not necessarily through formal certification, but rather by the ability to: • illustrate that you know what risks threaten your ability to meet your mandate • provide evidence that you have considered these risks, understand them, and have appropriate measures in place to manage and mitigate them over time www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Trustworthy Repositories Audit & Certification (TRAC) Criteria and Checklist • RLG/NARA assembled an International Task Force to address the issue of repository certification • TRAC is a set of criteria applicable to a range of digital repositories and archives, from academic institutional preservation repositories to large data archives and from national libraries to third-party digital archiving services • Provides tools for the audit, assessment, and potential certification of digital repositories • Establishes audit documentation requirements required • Delineates a process for certification • Establishes appropriate methodologies for determining the soundness and sustainability of digital repositories www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk and Repositories www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Types of preservation risk • • • Technological Physical Organisational Socio-cultural Legal • • • Economic Financial Political Contractual Environmental www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Standard Risk Management Model www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Management and Digital Preservation • Lack of literature for risk-assessment in LIS compared with Computer Science • Differences in definitions used by different disciplines • Quantifying risk is problematic • The greatest challenge is the interpretation of the risk, i. e. to determine when a risk is acceptable • To manage this we create a risk register www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data The nestor Catalogue of Criteria The nestor working group developed a Catalogue of Criteria for Trusted Digital Repositories… • Aimed at German memory organisations and institutions, service providers devising, planning and implementing digital repositories • Provides guidance, tools for self-checking, and potentially certification • Abstract criteria, applicable for a range of digital repositories, and valid over a longer period, • Basic principle: Adequacy. Evaluation is always based on the objectives and tasks of the individual digital repository concerned www. digitalpreservation. de www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Top down approach: tried and tested • Many auditable domains benefit from objective criteria • Information and IT security • Financial regulation • But disregards diversity evident across preservation discipline • funding, scale, legislative responsibilities and restrictions, content types, technology and policy vary • Generic criteria are difficult to conceive www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data The Risks of Objectivism • Difficulties associated with a generalisation of optimal repository characteristics • Do all repositories share singularity of purpose / uniform priorities? • Documenting a set of ‘blue sky’ aspirational repository qualities is useful – nestor and TRAC make compelling reference materials • But both check-lists are necessarily vague www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Order of Play • Part I: Risk and Trust in Digital Repositories • Part II: The DRAMBORA Methodology • How it was arrived at • Where it can take you • Part III: Risk Management Exercise • Part IV: DRAMBORA Interactive • An introductory overview • Preview of v 2. 0 • Part V: DRAMBORA and DAF within the preservation lifecycle • Future systems integration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data The Evolution of an Audit Methodology • Pilot Audits Aiming to: • • Develop Validate Refine Deploy • A methodology for repository audit www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA Method • Discrete phases of (self-)assessment, reflecting the realities of audit • Preservation is fundamentally a risk management process: • • Define Scope Document Context and Classifiers Formalise Organisation Identify and Assess Risks • Builds audit into internal repository management procedures www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data What does this mean in practice? 1. 2. 3. 4. 5. Establish organisational profile Develop contextual understanding Identify and classify repository activities and assets Derive registry of pertinent risks Undertake assessment of risks (and existing management means) 6. Commit to management strategies www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data The Risks of Subjectivity • DRAMBORA is fundamentally ‘bottom-up’ • Comparability and reproducibility of results are compromised • Improvement in self-assessment is limited by one’s own horizons (no external view) • How can repositories comment on unanticipated risks when they are unaware of available opportunities? www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Finding Islands of Objectivity • 80 or so sample risks included in methodology to prompt thinking. . . but many more were needed! • DRAMBORA Interactive may enable repositories to align their objectives, activities, strengths and shortcomings with other peer repositories’ responses • Ambition to collate these as a series of repository profiles, encapsulating key roles, responsibilities, functions and risks www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data * Discussion Break * • Who cares about repository audit? • Who will pay for it? • Who are the beneficiaries? • Should submitting to audit be compulsory? • Carrot versus stick? • Is auditing worthwhile? • What are the drawbacks of self-assessment? www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data The Audit Process in a bit more detail www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 key questions ahead of the audit 1. 2. 3. 4. 5. 6. Why is the audit being done? What exactly is to be audited? Who will conduct the audit? Where will the audit take place? When will the audit take place? How will the work be carried out? www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 questions for auditing: #1 Why? • • • Identify and manage risks Verify compliance Check effectiveness Identify opportunities for improvements Engender trust in stakeholder communities www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 questions for auditing: #2 What? • Digital repositories, digital libraries, digital archives… • Information collections • Those that purport to be OAIS ‘compliant’? • Ongoing projects vs. projects not yet started www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 questions for auditing: #3 Who? • Organisations, research • Auditor(s): internal centres, data centres, or external libraries, museums…. • Members of staff • National and AND with specific roles international remits and responsibilities within the repository • Public and private sector www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 questions for auditing: #4 Where? • Comfortable environment with Internet connection • Close to where the activity takes place • Where demonstrations are feasible • Where staff can discuss without interruption www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 questions for auditing: #5 When? • Plan well in advance • Schedule with consideration for the status of project and/or repository being audited • Schedule onsite activities over consecutive days, but with time allocated before and after for additional analysis and conclusion www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data 6 questions for auditing: #6 How? • Familiarity with DRAMBORA (inc. the online system) and other complementary methodologies • Aggregate, accumulate and create appropriate documentation • Online and onsite • Communication is critical www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Impact, Risk Management and DRAMBORA www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Impact in the repository context • Impact can be considered in terms of: • impact on repository staff or public well-being • impact of damage to or loss of assets • impact of statutory or regulatory breach • damage to reputation • damage to financial viability • deterioration of product or service quality • environmental damage • loss of ability to ensure digital object authenticity and understandability is ultimate expression of impact www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Management and DRAMBORA • The toolkit refrains from prescribing specific management policies • Instead, auditors should: • • choose and describe risk management strategy assign responsibility for adopted measures define performance and timescale targets reassess success iteratively www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA Workflow Preliminary collecting and analysis of repository documentation Risk registry finalisation Organise appointments and onsite visits with repository staff (managers, curators, IT, legal experts…) Impact on individuals and organisations Audit report finalisation www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA Sample Audits (i) • Sample audits carried out at… • The Michigan-Google Digitization Project and MBooks at the University of Michigan Library • Gallica at the Bibliothèque nationale de France • the Digital Library of the National Library of Sweden • CERN’s Document Server Ross, S. , Mc. Hugh, A. , Innocenti, P. , Ruusalepp, R. : Investigation of the potential application of the DRAMBORA toolkit in the context of digital libraries to support the assessment of the repository aspects of digital libraries (Glasgow: DELOS No. E, August 2008) (ISBN: 2 -912335 -41 -8) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA Sample Audits (ii) • Key conclusions • Identified areas for future improvement in the DRAMBORA methodology • Clarified key roles in the audit process • Positive feedback received on direct and subsidiary benefits of carrying out audits • Genesis of DRAMBORA Interactive… Ross, S. , Mc. Hugh, A. , Innocenti, P. , Ruusalepp, R. : Investigation of the potential application of the DRAMBORA toolkit in the context of digital libraries to support the assessment of the repository aspects of digital libraries (Glasgow: DELOS No. E, August 2008) (ISBN: 2 -912335 -41 -8) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Order of Play • Part I: Risk and Trust in Digital Repositories • Part II: The DRAMBORA Methodology • How it was arrived at • Where it can take you • Part III: Risk Management Exercise • Part IV: DRAMBORA Interactive • An introductory overview • Preview of v 2. 0 • Part V: DRAMBORA and DAF within the preservation lifecycle • Future systems integration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA stages in brief • Establish organisational profile; • Develop contextual understanding; • Identify and classify repository activities and assets; • Derive registry of pertinent risks; • Undertake assessment of risks (and existing management means); • Commit to management strategies. www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Defining and identifying risks • Definition: risks describe challenges or threats that impede the achievement of repository objectives, obstruct activities, and prejudice the continued availability of essential assets. • In DRAMBORA, risks have several attributes: probability, impact, severity (derived, p*i), area of expression, owner(s), and management strategies. Risks may also link to other risks. • With DRAMBORA, you can choose to: • Recycle existing risks (a number of ‘off-the-shelf’ risks are available for you to select and modify); or • Develop new risks from scratch. www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Anatomy of a risk Risk Identifier: Risk Name: Risk Description: Example Risk Manifestation(s): Date of Risk Identification: Nature of Risk: A text string provided by the repository to uniquely identify this risk and facilitate references to it within risk relationship expressions A short text string describing the risk A longer text string offering a fuller description of this risk Example circumstances within which risk will or may execute Date that risk was first identified Physical environment Personnel, management and administration procedures Operations and service delivery Hardware, software or communications equipment and facilities Owner: Escalation Owner: Name of risk owner - usually the same as owner of corresponding activity The name of the individual who assumes ultimate responsibility for the risk in the event of the stated risk owner relinquishing control www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Anatomy of a risk Stakeholders: Risk Relationships: Parties with an investment or assets threatened by the risk's execution, or with responsibility for its management A description of each of the risks with which this risk has relationships Risk Probability: This indicates the perceived likelihood of the execution of this particular risk Risk Potential Impact: This indicates the perceived impact of the execution of this risk in terms of loss of digital objects' understandability and authenticity Risk Severity: Risk Management Strategy(ies): A derived value, representing the product of probability and potential impact scores Description of policies and procedures to be pursued in order to manage (avoid and/or treat) risk Risk Management Activity(ies): Practical activities deriving from defined policies and procedures Risk Management Activity Owner: Individual(s) responsible for performance of risk management activities Risk Management Activity Target: A targetted risk-severity rating plus risk reassessment date www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Relationships Risk Relationship Definition of Risk Relationship Explosive where the simultaneous execution of n risks has an impact in excess of the sum of each risk occurring in isolation Contagious where a single risk’s execution will increase the likelihood of another’s Complementry where avoidance or treatment mechanisms associated with one risk also benefit the management of another Domino where avoidance or treatment associated with a single risk renders the avoidance or treatment of another less effective Atomic where risks exist in isolation, with no relationships with other risks www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Scenario for the Exercise You work in an archive that has recently expanded its mandate to include the stewardship of digital materials… • How do you determine your ability to safeguard the data you accept? • How can you prove your trustworthiness to those depositing data and reusing the resources over time? www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Part I – Identify a risk (30 minutes) Each group should identify one risk (based on your own experiences wherever possible), and complete the DRAMBORA worksheet. Groups should complete: • • • name and description of the risk; example manifestations of the risk; nature of the risk; risk owner(s); stakeholders who would be affected; if possible, relationships with other risks. www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Part II – Mitigate the risk (30 minutes) Now identify what steps your archive might take to manage and mitigate the identified risk over time… Each group should complete: • Risk management strategy/-ies; • Risk management activity owner(s). www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Benefits of Risk Assessment Exercise • Firmly established organisational mandate • Understanding of legal and regulatory framework within which you are working • Development and maintenance of a realistic risk register • Identification and collation of relevant policies and strategies • Identification of staff skills and gaps • Identification of strengths and weaknesses in operations • Pre-cursor to self-audit or external audit www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Order of Play • Part I: Risk and Trust in Digital Repositories • Part II: The DRAMBORA Methodology • How it was arrived at • Where it can take you • Part III: Risk Management Exercise • Part IV: DRAMBORA Interactive • An introductory overview • Preview of v 2. 0 • Part V: DRAMBORA and DAF within the preservation lifecycle • Future systems integration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA Interactive www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data DRAMBORA Interactive • System was developed as a labour-saving device following feedback on the initial paper-based DRAMBORA audit methodology • Essentially a means of guiding users through the audit process, and recording information • Reporting functionality built in, with other bells and whistles which make it more flexible and userfriendly than the paper-based process www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Step-by-Step • Create a new repository • complete name, institution and as many additional details as you wish • Create a corresponding user • this will enable you to log into the system; the initial user has coordinator status to oversee the audit • Create a staff member association • this describes the relationship between the user and the created repository www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Repository Registration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Login • You will be sent a confirmation email – follow the link to finalise your registration • Now you can click on the ‘Home’ link to begin the audit process • The first step is to set up some more details about your repository, and about the audit itself www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Before the audit can start… • The most important initial steps are to: • • Refine the repository characteristics Make explicit the audit scope and purpose Determine the structure for the audit Define staff and allocate roles accordingly • These details can be updated at any time, but it’s worth spending time getting a reasonably full set of responses www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Repository Administration • Numerous fields are available to describe the repository • No two repositories are identical; diversity manifests itself in various ways • Repository profiling can help identify commonalities between repositories, and facilitate the exchange of experiences and ideas www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Repository Administration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define the Audit Scope • Auditors must make explicit the scope of the audit – no repository exists in a vacuum, and it is vital that a perimeter is introduced to determine that which is internal and external to the assessment • Also, the audit must be defined in terms of its chronological relationship with the repository. Does it precede the repository, or does it take a retrospective look at efforts already underway? www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Repository Scope www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Functional classes • Functional classes are a means of categorising audit information to facilitate the process and make reports more meaningful • You must select at least one functional class at this stage, and it is recommended that you spend some time here to ensure your choice is comprehensive • If you feel that available functional classes are insufficient you may define your own additional ones, although a default set of ten is provided (and recommended) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Functional Classes www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Repository Staff • Staff are the real people that occupy the various roles in your repository • You can choose to associate individual staff members with DRAMBORA Interactive user accounts, but this is not necessary • Staff will need user accounts to log into the DRAMBORA tool themselves • As with all repository administration activities, only coordinators can create and edit staff members www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Add/Edit Repository Staff www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Repository Roles • Within DRAMBORA, roles are characterised by their function (e. g. , Ingest, Dissemination, Financial Management, Preservation Planning…) • Their relationship to staff members is m to n. This means that many staff members can perform a single role, and a given staff member may perform multiple roles. • Roles are used to associate activities, risks and risk management responsibilities with specific individuals or sets of individuals www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Add, Edit & Assign Roles www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data User Administration • While logged in, a user can update his/her own details at any time • Coordinators can also limit the IP addresses that users may log in from, for security purposes; this supports wild cards • *. * for example permits access from any IP • 130. 209. *. * permits access from anywhere on the 130. 209. x. x network • You may wish to restrict access to only your own IP or local network range www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data User Administration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Beginning the Audit • Once the preparatory stages are complete, we visit the Assessment Centre to begin the audit • This corresponds closely with the DRAMBORA methodology; the first step is to define the repository’s mandate • DRAMBORA is an iterative process, and each stage can be returned to at any time www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Repository Mandate • The repository’s mandate is the first detail that we record • This describes the repository’s raison d’être • A repository may have multiple mandates, each associated with different contextual organisational levels www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Mandate www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Constraints • We then move on to record any constraints that the repository is subject to or influenced by • This should include any relevant factor that influences or informs the repository’s objectives or activities (e. g. policy, laws, technical constraints, or even less tangible cultural considerations such as lack of financial confidence) • External files can be linked to offer further information www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Constraints www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Objectives • At this stage we define each of the repository’s objectives • These can be associated with the constraints defined in the previous stage • Again, these are structured according to the repository’s functional classes • See the DPE Platter report for more information about SMART objectives www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Objectives www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Activities, Assets, Owners • This stage requires you to describe the specific activities undertaken within your organisation to complete individual objectives • An asset is anything that is required to facilitate the achievement of particular objectives, tangible or otherwise • You can also add details of required or related assets for each activity, and an owner (or role) that has responsibility for each activity www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Define Activities etc. www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Identify Risks • We now continue to identify risks • Users can choose to: a) Recycle existing risks (a number of ‘off-the-shelf’ risks are presented to choose and modify) b) Create a new risk from scratch • Search functionality is planned for the next software release www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Identify Risks • For each risk you must define a name and description, as well as details of its owner and the corresponding functional class • You can also describe • • the nature of the risk, in simple terms ways in which the risk might manifest itself associated vulnerabilities worth noting relationships with other risks www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Identify Risks www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Assess Risks • Once you have identified risks, the next step is to undertake risk assessment in order to determine their severity • Risk assessment can be done on a whole selection of risks at a time, either by functional class, or by a custom user-defined grouping www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Assess Risks • Three items of information are recorded in the process of assessing each risk • impact: the potential impact that the risk would have if it should occur • impact expression: the way in which negative effects of the risk’s occurrence manifest themselves • probability: the likelihood of the risk occurring www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Assessment www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Manage Risks • The final stage of the audit is to define appropriate management measures and targets for each risk • You can record details of treatment or avoidance measures, as well as anticipated outcomes, and a future date at which point the risk might be reassessed www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Risk Relationships Risk Relationship Explosive Definition of Risk Relationship where the simultaneous execution of n risks has an impact in excess of the sum of each risk occurring in isolation Contagious where a single risk’s execution will increase the likelihood of another’s where avoidance or treatment mechanisms associated with one risk also benefit the management of another Complementry Domino where avoidance or treatment associated with a single risk renders the avoidance or treatment of another less effective Atomic risks exists in isolation, with no relationships with other risks www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Manage Risks www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Reporting Audit Results • Users can export their risk register to HTML or to PDF, and a report customising tool is also available • DRAMBORA v 2. 0 will have more sophisticated reporting capabilities • We’re interested in hearing the reporting mechanisms that would be of particular interest to users… www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Audit Reporting www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Audit Snapshots • This feature allows users to record the state of their repository at any given time • Facilitates comparison at a later date: can be used to track improvements (or deterioration!) over time • A read-only view of the saved responses facilitates analysis of inter-relationships between repository information: a useful reporting tool in itself www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Snapshot View www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Ongoing and future developments • Supporting JISC’s Research Data programme • DRAMBORA v 2. 0 • Software currently being redesigned and recoded from scratch, linked to Integrated Data Management Planning (IDMP) work • Improved and more user-friendly graphical interface • More sophisticated reporting functionality • Better combinability to enable integration with DCC and thirdparty tools, such as DAF • Repository profiling (perhaps later…) www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Order of Play • Part I: Risk and Trust in Digital Repositories • Part II: The DRAMBORA Methodology • How it was arrived at • Where it can take you • Part III: Risk Management Exercise • Part IV: DRAMBORA Interactive • An introductory overview • Preview of v 2. 0 • Part V: DRAMBORA and DAF within the preservation lifecycle • Future systems integration www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Digital Curation Lifecycle Model • The curation lifecycle model provides a common means of describing the range of curation actions and roles. • The use of the model will help to contextualise project outputs and identify practical workflows for new and existing tools and resources. DRAMBORA and DAF talk, EDINA, 27 th October 2009
… because good research needs good data What is DAF? A set of methods to: • find out what data assets are being created and held; • explore how they’re stored, managed, shared and reused; • identify any risks e. g. misuse, data loss or irretrievability; • learn about researchers’ attitudes towards data; • suggest ways to improve ongoing data management. www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Overlaps and Differences self-management - Researcher focus tools to assess the effectiveness of - Data emphasis approach to data - Lifecycle: management or Creation phase preservation - Repository focus - Process emphasis - Lifecycle: Preservation phase www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data What is collected in DAF? • Register of data assets • Roles and responsibilities e. g. who manages data, research or IT support available • Data management strategies / context e. g. funder requirements, resources / support, standards used, awareness of best practice in curation… • Risks / recommendations www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Mappings to DRAMBORA • DATA ASSET REGISTER • RISKS AND RECOMMENDATIONS • ROLES AND RESPONSIBILITIES • STRATEGIES, REQUIREMENTS, STANDARDS, BEST PRACTICE DRAMBORA and DAF talk, EDINA, 27 th October 2009
… because good research needs good data coming soon… AIDA http: //aida. jiscinvolve. org Integrated Data Management Planning tool http: //www. life. ac. uk/ http: //www. data-audit. eu/ www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
… because good research needs good data Contacts To learn more about DRAMBORA, to request support, or to join the DRAMBORA user community, visit www. repositoryaudit. eu For further information on DAF, see http: //www. data-audit. eu/ THANK YOU www. repositoryaudit. eu Keep. It #5: University of Northampton, 30 March 2010
Скачать презентацию because good research needs good data DRAMBORA
b451230dc4019b3a3186a092054230f5.ppt