We are looking at what it takes to become a trusted digital repository (TDR)
I have gone through the ISO standard and there is a lot of work and money to gain this certification
So I have a couple of questions
is it worthwhile doing the certification - some institutions who have failed the test have indicated that it is of no value - not sure if this is a case of 'sour grapes'
if we were certified would other institutions be willing to place their archives into the TDR
Your collective thoughts would be much appreciated
dwallen
The digital archive certification world a little messy right now. There are multiple acronyms (TRAC, TDR, OAIS) and ISO standards (14721, 16363, 16919) and they have very similar of names.
At this moment, no auditing body is certified to certify a repository as a TDR, also known as ISO 16363. First, we need to establish a standard for certifying the auditors. This is in draft form as ISO 16919. The current roadblock is that the standard needs to define the distribution of auditor certifying organizations. National? Regional? Supranational? It's still in debate.
In the meantime, we have the provisional auditing scheme based on OAIS/ISO 14721 known as TRAC that served as the basis for TDR/ISO 16363. Only the Center for Research Libraries (CRL) is certified to use TRAC. As far as I understand, CRL is auditing repositories using TDR/ISO 16363 since the standard has been accepted but assigning a TRAC label to them since they are not certified to give TDR certifications.
1) Is certification worth it? I would say it depends on the size of the institution. It is expensive, but having a third-party evaluate the current preservation capability of a system is essential. Certification should measure the current effectiveness of administrative, technical, and staff capabilities in a more objective manner. As organizations grow in size and budget, it becomes more difficult to keep an objective view of all of these factors. If you work through the self-auditing versions of TRAC and TDR/ISO 16363, you'll see that's it's an immense amount of work and very difficult to remain objective with every metric.
2) Would you like to position your archive as a digital repository for institutions that lack the infrastructure? Chronopolis certainly does this for research data, and it uses it's TRAC certification as a seal of approval (it's the first link in their menu structure). However, I think certification itself will not automatically attract clients. It's most effective as a feature to distinguish one repository from another.
I'm skeptical that a full-blown certification regime will ever get much traction because it's expensive, and more importantly, it's unclear that becoming certified provides much in the way of return.
The original idea behind TDR a decade ago was that data users would want hard proof that repositories were doing the right thing. Speculation was that, absent such proof, repositories would fall short of their mission to support research. Is there current evidence for this hypothesis? Are users really that worried about what repositories are doing? Are institutions reluctant to transfer data on this basis? Sure, certification is a plus, but how much of one? If it really conveyed a major advantage, wouldn't the process have moved ahead faster over the last 10 years?
There is a need for model guidance on developing and improving repository practices, and there are some good candidates for this purpose. The Data Seal of Approval, created by the Data Archiving and Networked Services (DANS) archive in The Netherlands is one (site is currently down, ironically). The "seal of approval" is granted after a repository runs through a self-assessment of 16 basic guidelines. The process is much less intensive (and expensive) than TDR certification. And it does grant third-party approval in cases where that's needed.
Another potential source of model guidance is simpler still: the Levels of Digital Preservation developed collaboratively through the National Digital Stewardship Alliance. This guidance (still in beta) offers four levels of activity, from basic to advanced, for major preservation functions, such as storage and geographic location, file fixity and file formats. This isn't the be all and end all, but it provides an excellent way for an institution to assess it's practices and chart a path toward improvement.
Efforts such as these should be extended and improved with an eye to helping institutions make cost-effective, risk-based decisions about digital preservation practices.
A few weeks ago a message on the [email protected] list announced the TDR certification of Scholars Portal.
I've found their wiki extremely useful and clear with a well documented audit progress. For example:
Source: I am the digital preservation contact for an archive that was recently certified as a TDR (Scholars Portal). (http://www.ocul.on.ca/node/1639)
In response to your preamble saying it's time intensive and expensive: It's definitely time- and resource- intensive to do a proper evaluation by TRAC/ISO16363. That said, so is the process of digital preservation. The standards can be used in a couple of ways: to improve your existing processes if you think they are not robust in their support for long-term preservation, or to demonstrate to others that you are doing a good job of these tasks if you are. The amount of resources you'll want to put into either of those tasks is proportionate to the importance of digital preservation in your organization's mission.
The argument that complying with TRAC/ISO 16363 is expensive seems a bit specious to me. Is it expensive to go through the full audit and be certified by an outside agency? It can be, but at the same time if your community or organization needs assurance, then outside certification can be an effective way to show that. Look at the organiztions who have undergone the formal audit: Portico, HathiTrust, Chronopolis, Scholars Portal. Without exception, these are organizations who accept money (sometimes in the form of subscription fees, sometimes in the form of regular funding) to "do digital preservation". Those who are paying the money likely want some assurance it's being done correctly.
So, in answer to your questions:
1) I'd say, if you need to prove to somebody that you're doing a good job of digital preservation (say because they give you money), this is a good way to do it. If you're looking for a way to evaluate your own processes, then I think the standard still has a lot of value as a tool for guided self-reflection. You can also look at other self-evaluation tools like the Data Seal of Approval (http://datasealofapproval.org/). Note that functionally, the DSA and TRAC are basically the same. I happen to like the TRAC way of breaking down the evidence a little better because it's a bit more granular. That structure is what enabled us to create the wiki where we posted all of our evidence from our TRAC audit (http://spotdocs.scholarsportal.info/display/OAIS/Home).
I'm also of the opinion that being able to post a point-by-point dissection of our preservation operations in an organized and cogent way is at least as useful as the formal certification because it lets anyone who cares see exactly what we're doing. So, in this regard, the time spent preparing for the audit was doubly useful in establishing trust.
2) No, I don't even know who you are. Any kind of validation, whether it's TRAC/ISO16363/DSA-based, and whether it's self- or external auditing is only useful to validate your processes as they fill the needs of your user community (Designated Community in OAIS parlance). TDR certification is not some kind of magic bullet that is going to make you a heavy hitter in preservation overnight. In fact, a number of the audit points depend on having a demonstrated history of service and successful preservation.
TLDR; If you're just starting out in digital preservation, TDR certification is probably not worth it, but the standard (and others like it) are useful tools to ensure you're developing services in a sound way. If you're already doing preservation and want to demonstrate to the outside world that you're doing a good job, certification can be one way to do that. So can plain old openness.
In any case, certification isn't a magic bullet to all of a sudden make you a great repository. It's all about reinforcing the trust that your community has in you and becoming more accountable. Whether that fits into your business case is up to you.
I work for the University of Michigan Library on HathiTrust, and I know that TRAC certification was indeed a lot of work for my colleagues involved in the process. The following is a quote from HathiTrust's press release in March of 2011 announcing TRAC certification.
Certification represents a major achievement for the partnership, which has defined itself by the transparency of its operations, the openness of its systems and services, and its reliance on broadly accepted standards and best practices for archiving and preserving digital content. Certification confirms HathiTrust on its trajectory to preserve and provide access to an increasingly comprehensive representation of the published record, and advances it’s strategic goal to stimulate coordinated efforts among libraries surrounding the storage and management of print collections.
HathiTrust commits to maintaining this important certification in the future, providing a reliable and valuable resoce for its institutional partners and a public good to the broader community.
The above doesn't provide a deep answer to the questions posed, but it provides a little insight into the value HathiTrust places on certification. The following are links that might be useful to organizations considering certification because they show the scope of the questions, and quality of the answers.