GPO staff and the NDSR cohort participating in the ISO-PTAB High Level ISO 16363 Training Course led by David Giaretta and John Garrett at GPO on November 2-6, 2015
I have dedicated six months at the U.S. Government Publishing Office (GPO) assisting the agency to prepare for becoming the first Federal agency to be certified under ISO 16363, the Trusted Digital Repository Checklist (TDR). To learn more about how others are approaching ISO 16363, I recently completed a survey with all six of the currently TRAC-certified repositories, as well as six additional repositories dedicated to government, research data, and academia. From this outreach, I realized repositories are sincerely concerned about how to certify trustworthiness and are eager to see what the future of ISO 16363 holds. The “Requirements for Bodies Providing Audit and Certification of Candidate Trustworthy Digital Repositories” (ISO 16919) was released in 2014. As of yet, no organization has been declared as meeting those requirements in order to be able to certify repositories against ISO 16363. Currently, no repository has been able to become certified against ISO 16363 and there are many questions within the community of what this process will look like.
I have yet to complete my survey analysis, but I would like to present a trajectory of where ISO 16363 certification is likely to develop more utility and significance in the very near future. I see ISO 16363 playing a more fundamental role in digital stewardship specifically for the FIA Priorities of “InfoTransfer” and “Collaboration. As expertise in digital object management technologies has increased, repository stakeholders and staff have not always been able to utilize consistent language for all of these digital developments at the same speed at which they were occur. Additionally, trying to create new organizational management systems, implementing new technologies, and creating accompanying documentation (including workflows also poses a challenge.
I see repositories of all shapes and sizes both defining and achieving trustworthiness as we all wait for ISO 16363 certification to take off:
Transparency: Making all (non-confidential) policies and procedures regarding the lifecycle of all digital assets managed in the repository publicly available (e.g., Collection development plans, Significant Properties of digital content, example Service-Level Agreements, Digitization and Metadata requirements)
Identity: Externally and internally creating an identity aligned with the priorities of ISO 16363 to develop robust change management processes and detailed roles and responsibilities charts to establish “trustworthiness” not as a conceptual value or commitment, but a project-based program with communicable evidence of sustainable practices
Collaboration: Establishing or participating in a peer-feedback network with other repositories to share and review documentation, technical implementation, and infrastructure solutions and through association, gaining the credibility to carry the “trustworthy” identity (See example from Academic Preservation Trust’s website)
Academic Preservation Trust’s wiki for sharing repository documentation among members: https://sites.google.com/a/aptrust.org/aptrust-wiki/
As I anticipate more repositories will prioritize these responsibilities either instead of, or in addition to full ISO 16363 certification, I believe the notion of “trustworthiness” will ultimately have the ability to shift from less of a top-down mandate to more of a bottom-up approach of trust through the vetting of documentation-as-evidence by the digital preservation community at large. My hope is that, as this develops, the digital stewardship community will also suggest which institutions need to become fully ISO certified – Should all government entities have the certification? Repositories with a certain quantity of assets? Repositories serving a certain number of users? Should one repository per “trust network” require certification– that is still to be determined.