1 / 11

Audit & Certification: an auditors perspective

Audit & Certification: an auditors perspective Barbara Sierman, KB National Library of the Netherlands. The history . : Infrastructure and Security Risk Management. : Infrastructure and Security Risk Management. The standard 16363.

anakin
Download Presentation

Audit & Certification: an auditors perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit & Certification: an auditors perspective Barbara Sierman, KB National Library of the Netherlands

  2. The history : Infrastructure and Security Risk Management : Infrastructure and Security Risk Management

  3. The standard 16363 • ISO 16363- 2012 Audit and Certification of Trustworthy Digital Repositories OrganisationalInfrastructure Digital Objects Management Infrastructureand Security Risk Mgmt. : Infrastructure and Security Risk Management : Infrastructure and Security Risk Management

  4. Comparison • TRAC 2005 • TRAC 2007 • ISO 16363

  5. European Framework European Framework for Audit andCertification of ThrustworthyRepositorieshttp://trusteddigitalrepository.eu/ Three levels of certification: • Basic certification : Data Seal of Approval • Extended certification Self – assesmentagainst DIN 31644 or ISO 16363 • Formalcertification Formal audit against ISO 16363 or DIN 31644

  6. The APARSEN test audits • ISO 16363 and DIN 31644 (developed by German Nestor Group) • (in-) formal audit via ISO 16363 • Testing of practical use of (draft) standards • Metrics understandable and usable • Consistency in evaluation of the evidence • How much effort and time is needed for a repository • Is the standards applicable on different kind of repositories?

  7. Who was involved? Europe • Data ArchivingandNetworkedServices(DANS), • UK Data Archive (UKDA), • Centre Informatique National de l’Enseignement Supérieur: DépartementArchivage et Diffusion (CINES-DAD) • German National Library (DIN 31644 standard) United States • Socioeconomic Data and Applications Center (SEDAC), • National Space Science Data Center (NSSDC) • Kentucky Department for Libraries and Archives (KDLA). International Group of Auditors • Members of the RAC-WG

  8. Audit procedure • Two Stages: • 1. Repositories completed a Self-Audit template (Checklist based on 16363) • Checklist plus documentation returned to audit team to prepare audit • 2. Site visit (2 days) • Verbal feedback with first impressions • Detailed report: areas for improvement

  9. Feedback fromorganisations • Preparationtook more time thanexpected • Test audit was veryuseful • Gave insights in strenghtsandweaknesses • Audit procedure neededtobeimproved • How is conformancymeasured • Wouldliketosee a “yard stick” • In general: hughelyrewardingprocessforallparticipants

  10. The standard 16919 • ISO has a range of standards related to good auditing practices • ISO 16919 Requirements for bodies providing Audit and Certification for candidate trustworthy repositories • Defines a process for accreditation of auditors. • Will be an official standard very soon!

  11. More information APARSEN website D33.1B Report on peer review of digital repositories, http://www.alliancepermanentaccess.org/wp-content/uploads/downloads/2012/04/APARSEN-REP- D33_1B-01-1_1.pdf http://www.iso16363.org/ • News about the status of the ISO standard • References to ISO16363 • Self-Assessment Template http://www.iso16363.org/preparing-for-an-audit/

More Related