The Trustworthy Repository Audit and Certification (TRAC) Checklist
based upon ISO 16363
\[from _Audit and Certification of Trustworthy Digital Repositories_, The Consultative Committee for Space Data Systems, September 2011, p. 2-1\]
2.1 A TRUSTWORTHY DIGITAL REPOSITORY At the very basic level, the definition of a trustworthy digital repository must start with ‘a mission to provide reliable, long-term access to managed digital resources to its Designated Community, now and into the future’ (reference \[B2\]). Expanding the definition has caused great discussion both within and across various groups, from the broad digital preservation community to the data archives or institutional repository communities.
A trustworthy digital repository will understand threats to and risks within its systems. Constant monitoring, planning, and maintenance, as well as conscious actions and strategy implementation will be required of repositories to carry out their mission of digital preservation. All of these present an expensive, complex undertaking that depositors, stakeholders, funders, the Designated Community, and other digital repositories will need to rely on in the greater collaborative digital preservation environment that is required to preserve the vast amounts of digital information generated now and into the future. Communicating audit results to the public---transparency---will engender more trust, and additional objective audits, potentially leading towards certification, will promote further trust in the repository and the system that supports it. Finally, attaining trustworthy status is not a one-time accomplishment, achieved and forgotten. To retain trustworthy status, a repository will need to undertake a regular cycle of audit and/or certification.
As noted in 1.5.4 each metric has associated with it informative text under the heading
Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement: providing examples of the evidence which might be examined to test whether the repository satisfies the metric. These examples are illustrative rather than prescriptive, and the lists of possible evidence are not exhaustiveis a tool by which repositories measure their ability to fulfill their responsibilities to their clients and stakeholders. Based on the Open Archival Information System (OAIS) reference model, TRAC provides a comprehensive list of policies, processes and practices needed by a trustworthy repository to operate. The documentation that makes up a TRAC report serves as the basis for transparent communication with stakeholders of the repository's policies, practices and processes.
UC3 will be developing and providing documentation from the TRAC Checklist:
- 3. Organizational Infrastructure
- 4. Digital Object Management
- 5. Infrastructure and Security Risk Management
The category numbers correspond to the chapters in the Audit and Certification of Trustworthy Digital Repositories (The Consultative Committee for Space Data Systems, September 2011).