PTAB Test Audit Report for. National Space Science Data Center (NSSDC) Prepared by



Similar documents
Assessing a Scientific Data Center as a Trustworthy Digital Repository

Interagency Science Working Group. National Archives and Records Administration

Digital Curation at the National Space Science Data Center

The challenges of becoming a Trusted Digital Repository

Digital Preservation. OAIS Reference Model

Achieving a Step Change in Digital Preservation Capability

Ex Libris Rosetta: A Digital Preservation System Product Description

North Carolina Digital Preservation Policy. April 2014

Feet On The Ground: A Practical Approach To The Cloud Nine Things To Consider When Assessing Cloud Storage

USGS Guidelines for the Preservation of Digital Scientific Data

Florida Digital Archive (FDA) Policy and Procedures Guide

Review of Document Imaging Railroad Unemployment Insurance Act Programs Report No , November 17, 2000

Best Practices for Long-Term Retention & Preservation. Michael Peterson, Strategic Research Corp. Gary Zasman, Network Appliance

Information Migration

NASCIO EA Development Tool-Kit Solution Architecture. Version 3.0

Florida Digital Archive (FDA) Policy and Procedures Guide

How To Use A Court Record Electronically In Idaho

INTEGRATING RECORDS MANAGEMENT

Harvard Library Preparing for a Trustworthy Repository Certification of Harvard Library s DRS.

Standards-based science data archiving at NASA's National Space Science Data Center

Why archiving erecords influences the creation of erecords. Martin Stürzlinger scopepartner Vienna, Austria

NASA SPACE SCIENCE DATA COORDINATED ARCHIVE ARCHIVE PLAN FOR

A federated data infrastructure: the Dutch way forward

State Records Office Guideline. Management of Digital Records

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

How To Check If Nasa Can Protect Itself From Hackers

IPL Service Definition - Master Data Management for Cloud Related Services

Implementing a Data Governance Initiative

OCLC Digital Archive Preservation Policy and Supporting Documentation Last Revised: 8 August 2006

Certified Information Professional 2016 Update Outline

The Key Elements of Digital Asset Management

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

Best Archiving Practice Guidance

Digital preservation policy

NORTH CAROLINA STATE ARCHIVES. Preservation Storage in Real Life

2009 ikeep Ltd, Morgenstrasse 129, CH-3018 Bern, Switzerland (

IT Service Continuity Management PinkVERIFY

Project Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January PPM Project Type Custom Development

Archiving Systems. Uwe M. Borghoff Universität der Bundeswehr München Fakultät für Informatik Institut für Softwaretechnologie.

Migrating NASA Archives to Disk: Challenges and Opportunities. NASA Langley Research Center Chris Harris June 2, 2015

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES MODEL GUIDELINES FOR ELECTRONIC RECORDS

Levels of Archival Stewardship at the NOAA National Oceanographic Data Center: A Conceptual Model 1

Guidelines for Development of a DATA MANAGEMENT PLAN (DMP) Earth Science Division NASA Science Mission Directorate

A Selection of Questions from the. Stewardship of Digital Assets Workshop Questionnaire

DIGITAL PRESERVATION AT THE U.S. GOVERNMENT PRINTING OFFICE: WHITE PAPER. Version July 2008 UNITED STATES GOVERNMENT PRINTING OFFICE

15 Organisation/ICT/02/01/15 Back- up

Why Plan B DR? Benefits of Plan B Disaster Recovery Service:

Establishing a Mechanism for Maintaining File Integrity within the Data Archive

Creating a Catalog for ILM Services. Bob Mister Rogers, Application Matrix Paul Field, Independent Consultant Terry Yoshii, Intel

What s New Guide: Version 5.6

Applying the OAIS standard to CCLRC s British Atmospheric Data Centre and the Atlas Petabyte Storage Service

Best Practices in Disaster Recovery Planning and Testing

Archival of Digital Assets.

AHDS Digital Preservation Glossary

The Australian War Memorial s Digital Asset Management System

Technology Watch Report

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

A Maturity Model for Information Governance

EMC Backup Storage Solutions: The Value of EMC Disk Library with TSM

Models for Action: Developing Practical Approaches to Electronic Records Management and Preservation

AARNet submission to the Australian Computer Society Cloud Protocol Discussion Paper. James Sankar, Alex Reid August 2013

CACI Cloud Consulting Services

Document Storage Tips: Inside the Vault

Request for Records Disposition Authority

Records Management Policy

Cost Model for Digital Preservation. Ulla Bøgvad Kejser, Preservation Specialist, PhD The Royal Library, Denmark

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Information Management Advice 18 - Managing records in business systems Part 1: Checklist for decommissioning business systems

Audit of the Data Center Consolidation Initiative at NARA. OIG Draft Audit Report No May 10, 2012

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

2011 FileTek, Inc. All rights reserved. 1 QUESTION

Long-term archiving and preservation planning

Summary Table of Contents

Demographics QUESTIONS COMMENTS

PROJECT INITIATION DOCUMENT

D78850GC10. Oracle Database 12c Backup and Recovery Workshop. Summary. Introduction. Prerequisites

Enterprise Content Management. Image from José Borbinha

Labor Category For MOBIS SIN 874-1:

Data Governance Maturity Model Guiding Questions for each Component-Dimension

RECORDKEEPING MATURITY MODEL

Assignment 1 Briefing Paper on the Pratt Archives Digitization Projects

AUDIT REPORT. The Energy Information Administration s Information Technology Program

ECM Migration Without Disrupting Your Business: Seven Steps to Effectively Move Your Documents

Disaster Recovery Design Through Collaboration and Creative Data Management

STATE OF NEBRASKA STATE RECORDS ADMINISTRATOR DURABLE MEDIUM WRITTEN BEST PRACTICES & PROCEDURES (ELECTRONIC RECORDS GUIDELINES) OCTOBER 2009

AXF Archive exchange Format: Interchange & Interoperability for Operational Storage and Long-Term Preservation

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Glendale Community College Microsoft Office SharePoint Server 2007 Initiative Vision/Scope Document. Version 1.0

TAHOE REGIONAL PLANNING AGENCY REQUEST FOR PROPOSAL FOR SOFTWARE CONSULTANT

Long term archiving (LTA) of digital product data which are not based on technical drawings. Part 4: Certification

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

ERMS Solution BUILT ON SHAREPOINT 2013

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Cloud Service Contracts: An Issue of Trust

Scotland s Commissioner for Children and Young People Records Management Policy

UNCLASSIFIED. Message Archiver Service Description

DELAWARE PUBLIC ARCHIVES POLICY STATEMENT AND GUIDELINES ELECTRONIC MAIL

Migration Scenario: Migrating Backend Processing Pipeline to the AWS Cloud

DASISH. WP4 Data Archiving

Transcription:

PTAB for National Space Science Data Center () Prepared by Primary Authorisation Body (PTAB) 2012-01-23

TABLE OF CONTENTS 1 Introduction... 3 2 Site Summary... 4 2.1 Site History and Background... 4 2.2 Types of Data and Data Storage Media... 4 2.3 Specific Areas To Be Audited... 4 2.4 Exclusions... 4 2.5 Designated Communities... 4 3 Self Audit Review... 5 3.1 Organizational Infrastructure... 5 3.2 Digital Object Management... 5 3.3 Infrastructure and Security Risk Management... 5 4 Site Visit Results... 6 4.1 General Observations... 6 4.2 PTAB Audit Team Findings... 6 4.2.1 Issues from ISO 16363 Metrics... 6 4.2.2 Miscellaneous Additional Observations... 8 4.3 Feedback from Staff... 8 2 of 9

1 Introduction In the first half of, while in the last stages of preparation of the ISO/DIS 16363 Space data and information transfer systems Requirements for Audit and Certification of Trustworthy Digital Repositories (also known as CCSDS 652.0-M-1) and ISO/DIS 16919 Space data and information transfer systems - Requirements for bodies providing audit and certification of candidate trustworthy digital repositories (also known as CCSDS 652.1-M-1), the Primary Authorisation Body (PTAB) conducted test audits for six repository sites. At the culmination of this activity in June/July, PTAB representatives constituting Test Audit Teams visited three sites in Europe and three sites in the USA. Seven reports were written: one for each of the visited repositories, and a general background document. The test audits were designed to help refine the audit process and not to produce actual certification of the repositories. Although the aim was to follow proper audit procedures, this was not always possible due to time and resource constraints for the test audits. Correspondence about any of these reports should be addressed to the PTAB Secretariat ptabsecretariat@iso16363.org). 3 of 9

2 Site Summary This report describes the results of the initial PTAB study and the PTAB Test Audit Team visit to the National Space Science Data Center (), located at the NASA Goddard Space Flight Center in Greenbelt, Maryland, on 23-24 June. 2.1 Site History and Background The National Space Science Data Center is NASA's permanent archive for space science mission data. Almost all data of interest to now originates from electronic (i.e. digital) sources such as telemetry or space mission payloads. Consequently, the operates on this data as a digital repository in the sense intended by ISO 16363. also maintains a significant legacy archive of non-digital materials. The non-digital portions of the Archives are generally supported by a digital metadata system. 2.2 Types of Data and Data Storage Media is the long-term archive for Space Science data, stored on a wide range of storage media that have been used over the past 40 years. Permanent digital data is stored on everything from 7 and 9 track tapes, to optical platters, through current technology disks and data cartridges. 2.3 Specific Areas To Be Audited All departments of the Organization participated in the PTAB review, but most of the time was spent reviewing current digital processes. 2.4 Exclusions There are a significant number of analogue legacy data holdings within. These however, were not deemed relevant to the ISO/DIS 16363 based review. Some analogue data does represent PDI (metadata) for digital materials and it is managed as part of the digital repository holdings. 2.5 Designated Communities Generally each data collection is managed as a data resource for scientists or upper level college students concerned with the scientific domain covered by that collection. In most cases the data are also available to the general public, although that public is not seen by as the target audience for most collections. Documentation is intended to be adequate for the target scientist, but may not be so for the general public. 4 of 9

3 Self Audit Review In advance of the site visit, the PTAB, operating as a committee of the whole, reviewed the self-audit spreadsheet submitted by. That review resulted in a list of topics which are summarized below as candidate subjects for the discussions during the ensuing site visit. 3.1 Organizational Infrastructure 1) While we were provided with some documents in advance, we had no opportunity to follow the document tree because we were not able to access the primary documentation repository: Calypso. 2) There is no permanent endowment to ensure continuous funding of the archives and the intention is to hand over to NARA. In the event funding for the program is permanently discontinued, may intend to transfer the collections to NARA. 3.2 Digital Object Management 1) frequently referred to maintaining usability of the archived contents, but we were unable to identify where usability was defined. 2) The process for converting SIPs to AIPs and the corollary mapping history between them was unclear. To clarify the ingestion process, the PTAB Test Audit Team felt that they needed to see what actions are recorded and what are not. 3) The components of archive objects (particularly, SIPs and AIPs) seem to be scattered among several storage subsystems, and it was not clear that all of the information relevant to an AIP could be easily or accurately brought together if the need arose to hand on responsibility. 3.3 Infrastructure and Security Risk Management 1) There was a need to understand how organizational, technological, preservation and financial risks are identified and characterized, and how they are managed or mitigated. 2) The policy of moving AIPs to media independent format might risk loss of representation information. It was unclear that this activity improved or enhanced preservation of the AIP. Such risks should be documented and acknowledged in the migration histories together with the mitigation options available. 3) There were several documents that we felt might significantly ease the evidentiary burden required of for an actual audit. These included but were not limited to the Operations SOP, the Disaster Recovery Plan, Strategic Plan, and one or more Technology reports. 5 of 9

4 Site Visit Results The Test Audit was completed in mid-june,. At the end of the two-day visit to, the PTAB Test Audit Team met with leadership and staff and presented the PTAB Test Audit Team's findings and initial conclusions about the readiness of to be audited and certified as a Trustworthy Digital Repository. Those findings, with some augmenting comments are reproduced here. The PTAB Test Audit Team reviewed the documentary evidence submitted by and, coupled with the information gained from our interviews with employees and contractors, reached the following broad conclusions. With minor revisions, these are as presented at the end of the Site Visit. 4.1 General Observations has a dedicated, knowledgeable staff is a world leader in the development and use of digital preservation standards, including in particular, those ISO standards that are most germane to these Test Audits. Application of these standards at is somewhat uneven, but that situation is understandable, given the youth of the standards. Staff displays a strong desire and a commitment to improving and automating operating procedures The overall architecture and procedures of the are well thought out and competently executed. The is well-positioned to gain future accreditation as a trustworthy digital repository. 4.2 PTAB Audit Team Findings The Test Audit revealed that the repository was well-positioned to undergo an actual ISO 16363 Audit at such time as that document has itself become a full international standard, and when the requisite audit machinery is in place to perform full inspections and award certificates of ISO 16363 compliance. Findings shown below are the results of post-visit analysis of the full body of data collected. These findings were not presented in this form at the final meeting. They directly relate specific metrics of ISO 16363 to information collected during the Test Audit. 4.2.1 Issues from ISO 16363 Metrics Metric 3.3.1 THE REPOSITORY SHALL HAVE DEFINED ITS DESIGNATED COMMUNITY AND ASSOCIATED KNOWLEDGE BASE(S) AND SHALL HAVE THESE DEFINITIONS APPROPRIATELY ACCESSIBLE. The PTAB Test Audit Team interpretation of this metric during the Test Audit was that it required evidence that there was a defined Designated Community for each AIP. The metric was not satisfied. There were no records or documentary evidence presented to describe any Designated Community, nor any AIP associations with any Designated Community. Metric 3.3.2 THE REPOSITORY SHALL HAVE PRESERVATION POLICIES IN PLACE TO ENSURE ITS PRESERVATION STRATEGIC PLAN WILL BE MET. The metric was not satisfied. Documentation of Preservation Policy, associated workflows and operating procedures was incomplete and out of date. 6 of 9

Metric 4.1.6 THE REPOSITORY SHALL OBTAIN SUFFICIENT CONTROL OVER THE DIGITAL OBJECTS TO PRESERVE THEM. This metric was not satisfied. Particularly as regards the Planetary Data System (PDS) holdings, there was no clearly documented policy or agreement to show that was managing the holdings with a view toward long term preservation and usage. It is quite possible that the PDS holdings were not intended to be managed in accordance with ISO 16363. If that is so, then their separate status should be clearly delineated and their fonds excluded from formal ISO 16363 audits. Metric 4.1.7 THE REPOSITORY SHALL PROVIDE THE PRODUCER/DEPOSITOR WITH APPROPRIATE RESPONSES AT AGREED POINTS DURING THE INGEST PROCESSES. This metric was not satisfied. The ingest process as described did not clearly show at what point a submitter was told: has completed the ingest and has assumed full stewardship of the data submitted. Metric 4.2.5.2 THE REPOSITORY SHALL HAVE TOOLS OR METHODS TO DETERMINE WHAT REPRESENTATION INFORMATION IS NECESSARY TO MAKE EACH DATA OBJECT UNDERSTANDABLE TO THE DESIGNATED COMMUNITY. This metric was not satisfied. In our discussions, we perceived that s view of their designated communities was ambiguous. Consequently, there were few indications that representation information was being organized to support the long term use and understanding of the AIPs. While a great deal of representation information, and indeed, metadata in general is being collected, there appear to be few opportunities within for explicit review of those ancillary data in light of changes in long-term preservation needs of one or more Designated Communities. METRIC 4.3.2 THE REPOSITORY SHALL HAVE MECHANISMS IN PLACE FOR MONITORING ITS PRESERVATION ENVIRONMENT. METRIC 4.3.2.1 THE REPOSITORY SHALL HAVE MECHANISMS IN PLACE FOR MONITORING AND NOTIFICATION WHEN REPRESENTATION INFORMATION IS INADEQUATE FOR THE DESIGNATED COMMUNITY TO UNDERSTAND THE DATA HOLDINGS. o This metric was not satisfied. The has a great deal of data that is dependent on obsolete technology to access that data. Metric 5.1.1 THE REPOSITORY SHALL IDENTIFY AND MANAGE THE RISKS TO ITS PRESERVATION OPERATIONS AND GOALS ASSOCIATED WITH SYSTEM INFRASTRUCTURE. This metric was not satisfied. No evidence was presented or described to indicate that had a Risk Management plan or associated Risk register or mitigation tracking procedures. 7 of 9

Metric 5.2.4 THE REPOSITORY SHALL HAVE SUITABLE WRITTEN DISASTER PREPAREDNESS AND RECOVERY PLAN(S), INCLUDING AT LEAST ONE OFF-SITE BACKUP OF ALL PRESERVED INFORMATION TOGETHER WITH AN OFFSITE COPY OF THE RECOVERY PLAN(S). This metric was not satisfied. While there was clear evidence of an implemented backup procedure for the computer systems and their data content, we were not presented evidence that a recovery plan was in place or tested. Moreover, we found no evidence that there were any practical measures available to recover any complete AIP, including all relevant provenance, representation and usability data, as a single conceptual entity. Without such a capability, the actual validity of a recovered archival object (which includes all relevant metadata) would be clouded in the uncertainty introduced by an ad hoc procedure. 4.2.2 Miscellaneous Additional Observations In keeping with the spirit and intent of ISO 17021 and ISO 16919, this report makes no recommendations as to how might address the enumerated findings in the preceding section. However, in advance of an 'official' Audit, the PTAB offers the following suggestions to help better prepare for a full formal audit. Although staff were some of the developers of OAIS, nevertheless other staff should become more familiar with the terminology of ISO 16363 and underlying ISO 14721 (OAIS) standards. should improve on and cultivate mutual awareness of their Designated Communities. Aspects of this might include providing a process to ensure that the Representation Information is adequate for the Designated Communities, and instituting regular reviews of the Data Description Packages (DDPs) and the Representation Info Networks to ensure that they continue to be adequate for the Designated Communit(y/ies) should create and explicitly codify their preservation policy, and complete a fully documented Preservation Plan including, for example, details of migration, verification of Representation Information, and strategy for Technology Watch and related impact analyses. should ensure that there is adequate documentation to allow the transfer of the complete AIPs e.g. the tar files plus the referenced Representation Information and PDI as part of the Disaster Recovery procedures. The should complete the Disaster Recovery Plan in a form adequate for an outside agency to perform a recovery without the assistance of incumbent personnel. The Disaster Recovery Plan must itself be readily available to any person or organization authorized to perform the recovery. The should consider instituting an Organizational policy governing risk management, including a Risk management plan and an Organizational Risk Register with mitigation schedules and tracking. 4.3 Feedback from Staff Additionally, we received some feedback from about the conduct of the Test Audit and the comportment of the PTAB Test Audit Team itself. The process was of value to in that it helped to identify focus areas for improvements in current procedures. 8 of 9

The initial findings and conclusions from Day 2 of the site visit were accepted for immediate follow up at. The expressed concern that some of the members of the visiting team were not completely neutral, insofar as they themselves were closely associated with or affiliated with other archiving and space science related organizations, including some which had cooperating arrangements with itself. was aware of those conflicts and did agree to their participation since this was only a test audit and provided training for the audit team. Of course in a real audit the selection of the audit team would take these factors into account. 9 of 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information