200 likes | 429 Views
Auditing a Dark Archive: Digital Safe. Alex Kinnaman University of Illinois at Urbana-Champaign. Intro to Digital Safe. Problem: Management records are constantly increasing for University
E N D
Auditing a Dark Archive: Digital Safe Alex Kinnaman University of Illinois at Urbana-Champaign
Intro to Digital Safe • Problem: • Management records are constantly increasing for University • Student records, financial records, personally identifiable information in patient records, non-anonymized data, etc. • No service provided by University of Oxford for long-term storage of high-security materials • No universal technology, infrastructure, or methodology across University Solution: Digital Safe service
Intro to Digital Safe • Goal: “To deliver a secure, long-term records archiving service for the University and Colleges operating on a cost recovery basis” (PID 3) • Originally the Electronic Archive Pilot Project (EAPP), now Digital Safe • Timeline: • Phase 1, 2012-2013 : Determining scope – is there a need for a central digital preservation services for records at University of Oxford YES • Phase 2, 2013-2014: Developing a digital preservation model Completed • Phase 3, On hold: Deploy first year of service to early-adopters In progress
Results of Phase 2 Primary Users Technology decision Investigated ORA-Data infrastructure not built for security measures Building new infrastructure not cost or time-efficient Solution: Outsource technologies Manage locally • College Archivists • University Archive • Central Administrative Records Management • Departmental Research Records Management • Personal material held by BEAM • *Not exclusive to records management, but to all high-security data (Phase 3 PID)
Digital Safe Technologies • “Long-term, large-scale managed data storage” • High-security and strict accessibility • Audit trails available • ISO 27001 certified (Information security management) • Contingency plan • Current clients include MoMA, University of Westminster • Open-source digital preservation workflow tool • Developed by Artefactual • Integrated into Arkivum platform • Workflow customizable by client • Optional use by client
Phase 2 Mockup Locally managed Simple interface Drag n’ Drop upload Small customizations for Colleges (e.g. logos) University web space reviewed and updated by IT Services Image courtesy of David Tomkins
Arkivum: Key Stages of Archiving 6 Stages Upload into Arkivum Encryption Copy to Data Center 1 Data Center 1 copies to Data Center 2 (Only Arkivum/100) Data Center 1 creates tape for Escrow Annual data integrity checks begin Image courtesy of Arkivum: Technical Overview
Archivematica Dashboard Micro-Services Submission Information Package Archival Information Package Dissemination Information Package Normalization Add or generate metadata Color and text to indicate success or failure Image courtesy of Archivematica
Structure of Digital Safe Service Archivematica: Digital Preservation Activities (Optional) SIP Normalize Arkivum: Storage Platform Transfer AIP DIP Upload Digital Safe: Interface Upload User Retrieve
Phase 3 Plan • Funding to: • Develop contract with Arkivum • Design business and service model with IT • Cover start-up and training costs for Arkivum • Build service into IT Services • Train early-adopters (e.g. Keble and Magdalen) • Track user feedback and service function for first year • Benefits • Cost recovery model • Paying one Archivematica license fee instead of 40+ • Discount from large number of clients • Universal tech & infrastructure • Customizable by client • Training built in • Outsourcing tech + local management = cost and time compromise
OIDLPP Goals: Informal Audit Assist in promoting Phase 3 • Informally audit project approach and technologies • Using PIDs from each phase, technology documentation, and interviewing project members • Highlight strengths of project • Locate areas of development Deliverables • Audit results with ratings • Audit report and result interpretations • Any requested text from the project team to be added to website
Project Limitations • Informal audit meant for guidance and organization, not publication • Work time of ~3.5 weeks • Less time to understand project • Fewer interviews with project team and stakeholders • Service does not yet exist • No content to evaluate • Limited user feedback • No real metric for evaluating a project approach • No real metric for evaluating a dark archive
Methodology: TRAC • Trustworthy Repositories Audit & Certification (OCLC, 2007) • 84 questions, 3 primary sections • Chosen for universal use and thoroughness • TRAC Review tool scale implemented: 0-4 range • 0 = not compliant, 4 = fully compliant • Tool developed by Nancy McGovern, MIT Libraries • Acted as guidelines rather than strict metrics • Issue of the word “repository” Auditing a dark archive • Different content & business model • Different security & access levels
TRAC Limitations • Constructed to audit repositories • Issue of measuring an approach no content • Repository vs Archive • Accessibility • Transparency of policies and funding • Content authentication and permissions • Limit to one repository • Each college will have secure archive 40+ archives with different permissions, workflows, and additional policies • Digital Safe, Arkivum, and Archivematica all have policies that may overlap or not apply • Therefore TRAC is a guideline for structure and comprehensiveness
Results: Governance & Infrastructure • Audit Rating Average: 1.46/4 • Most in need of development • Business and service model still in development with IT • Training options need to be decided • Staffing not yet determined • Review and update responsibility • Policies not yet developed • General policies will be provided • Clients will add their own • Legal permissions contracts not fully developed • Financial sustainability not yet secured in process of funding Phase 3
Results: Digital Object Management • Audit Rating Average: 3.5/4 • Most completed • Collection and ingest is the responsibility of client (Colleges, Universities, etc.) • Rely on Arkivum for storage and security needs • Product and length of time decided by client • Rely on Archivematica for any digital preservation activities • Client’s responsibility to decide and set up (DS will help advise on best practices) • Both technologies have extensive documentation • Still aspects that will be determined by contract between Oxford and Arkivum • Costs, training materials
Results: Technologies & Security • Audit Rating: 3.1/4 • Almost complete • Rely on outsourced technologies to maintain ISO27001 certification • Prevention of technology obsolescence • Regular data integrity checks and migration • Automatic detection of task failures or corruption • Security at physical locations • Escrow copies provide contingency plan • Arkivum permissions are strict – access only to those with Active Directory, which is set up by client and is triggered by an encryption key
Next Steps for Digital Safe • Funding! • Develop cost & service models with IT • Complete Arkivum contract specifics • Deploy service to early adopters • Develop website • Develop best practice recommendations for technologies • Initiate a permanent Steering Committee or other governance committee with policies • Review TRAC audit and update for next phase https://digitalsafe.wordpress.com/ Image courtesy of David Tomkins
Selected References • Archivematica. Program documentation. Archivematica Documentation. Vers. 1.5. Artefactual Systems, Inc., 2015. Web. <https://www.archivematica.org/en/docs/archivematica-1.5/>. • Arkivum. Program documentation. Frequently Asked Questions – Arkivum. Vers. 2.2. Arkivum Limited, 27 Feb. 2014. Web. <http://arkivum.com/wp-content/uploads/2014/04/Arkivum-Frequently-Asked-Questions.pdf>. • "Digital Preservation Metrics." Center for Research Libraries. Enriching Research. Expanding Possibilities. Since 1949. Center for Research Libraries, n.d. Web. 25 July 2016. <https://www.crl.edu/archiving-preservation/digital-archives/metrics>. • Jefferies, Neil. "Background on Digital Safe." Personal interview. 19 July 2016. • Jefferies, Neil, Brian Hicks, and Sam Rendell. Digital Safe: Project Initiation Documentation. Rep. Vol. 0.7. N.p.: n.p., 2016. Print. • Jefferies, Neil, and David Tomkins. Digital Safe: Archiving Digital Records for the Long Term. Bodleian Digital Library, 10 July 2014. Web. <https://digitalsafe.wordpress.com/2014/08/18/digital-safe-presented-at-the-ictf-conference-10-july-2014/>. • Tomkins, David. "An Electronic Archive Pilot Project at the University of Oxford." Web log post. Digital Safe. Wordpress, 2013. Web. <https://digitalsafe.wordpress.com/>. • Trusted Repository Archiving Checklist (TRAC). Documentation. Vers. 1.0. The Center for Research Libraries, 2007. Web. <https://www.crl.edu/sites/default/files/d6/attachments/pages/trac_0.pdf>. • Various EAPP documents provided by David Tomkins
Thank You! • Oxford-Illinois Digital Library Placement Program • Bodleian Libraries • Bodleian Digital Libraries Systems & Services • Oxford e-Research Center • University of Illinois at Urbana-Champaign • iSchool at Illinois • Michael Popham • Neil Jefferies • David Tomkins • Susan Thomas • Pip Willcox • David Weigl • Kevin Page • David De Roure • Catherine Blauvelt