Now and again, a topic emerges that reflects a critical mass of recent developments and that is particularly relevant to either digitization or digital preservation, our core areas of interest. Such topics often require more in-depth coverage than a single feature article and we devote an entire issue to it. This special issue on the certification of digital repositories includes three feature articles:

• Seamus Ross and Andrew McHugh present an introduction to audit and certification of digital repositories, as well as some relevant initiatives in which the Digital Curation Centre of the UK will engage
• Robin Dale discusses the development of certification methodology through the work of the RLG-NARA Digital Repository Certification Task Force, its recently released Audit Checklist for Certifying Digital Repositories, and the Center for Research Libraries Audit and Certification of Digital Archives project, funded by the Andrew W. Mellon Foundation
• Susanne Dobratz and Astrid Schoger provide an overview of two certification-related initiatives in Germany: the Deutsche Initiative für Netzwerkinformation (DINI) Certificate for Document and Publication Repositories and the Working Group on Trusted Repository Certification of the Network of Expertise in Long-term STOrage of Digital Resources (nestor)

You will see that a number of themes run through these articles including: the need to define, measure, and monitor the trustworthiness of digital repositories; the role of local, national, and international standards and best practice in evolving a digital repository certification program; the importance of incorporating both organizational and technological aspects into audit and certification approaches; and the significance and value of institutional self-assessment within the move towards full certification. We hope these articles will be useful to institutions in understanding the current state of developments pertaining to this core digital preservation topic and in determining the potential internal implications of these national and international developments. We also hope that compiling these reviews at a relatively early stage in the development of audit and certification processes will contribute to the cohesion of these initiatives in forging a unified, standardized, international approach.

Introduction to the problem

With the increasing volume of digital information being created across contemporary  organisations, businesses, and academic institutions, it is inevitable that the need for reliable digital storage and management services has experienced commensurate growth. [1] Digital information, by its very nature, is prone to change, and the ease with which digital information can be manipulated and altered is cited in many contexts as one of its great strengths. But its flexibility can be just as straightforwardly interpreted as a vulnerability, and the passage of time presents challenges to the maintenance of its usability, authenticity, integrity, and reliability. These issues prompted the Task Force on Archiving of Digital Information to assert in 1996 that “a critical component of digital archiving infrastructure is the existence of a sufficient number of trusted organizations capable of storing, migrating, and providing access to digital collections.”[2] Fundamental to the value of digital repositories is their trustworthiness and ability to accommodate (possibly a wide range of) digital information, ensure its security, guarantee its authenticity, and facilitate its accessibility and usability. Several classes of trust relationships are involved in the numerous interactions that surround any digital repository.  Trusted Digital Repositories: Attributes and Responsibilities (Research Libraries Group and the Online Computer Library Center (2002)) describes a minimum of three levels: how information holders earn the trust of their designated communities, how information holders trust third-party service providers, and how users trust digital assets provided to them by a repository. [3] If digital repositories are to remain viable, trust and the closely related issue of quality assurance must both be tackled as overarching priorities. Every step towards this end must gracefully fit within an existing context that includes standards for quality assurance (ISO 9000 series) [4], information security (ISO 17799:2005) [5], institutional records management (ISO 15489:2001) [6], and the Open Archival Information Systems Reference Model (OAIS, ISO 14721). [7]

What must a repository be able to do?

A range of trust-related issues surrounds digital repositories. Expectations of users and depositors, aspirations of service providers, and management concerns all must be addressed. Many characteristics can be identified as necessary for most, if not all, digital repositories. Security must be watertight. Controls must exist to protect and provide a guarantee for the authenticity and integrity of stored materials; accessibility must be maintained; and documentation, metadata, and assets must all be self-contained and maintained in-house or in other trusted repositories. The repository must be clear about the data types and formats it can handle. Disaster recovery measures should be incorporated from the beginning and exit strategies conceived at the time the organisation is established.  In many ways, digital curation and preservation is a risk management activity at all stages of the longevity pathway. With the temporal dimension implicit in the remit of digital repositories, it is vital that repositories are equipped to deal with the inevitable changes that will occur over time. The passage of time is manifested in the need to refresh storage technologies, maintain verification systems, define comprehensive and flexible workflows, and adopt a reactive and flexible approach to service provision.  Other key areas of risk include management and, especially, management continuity, preservation policies, organisational structures, and approaches to sustainability. Furthermore, long-term repositories must accommodate the outcomes and effects of preservation actions such as migration and emulation and accommodate the use of newer approaches as they emerge. If the repository claims to be preserving information, rather than just bit streams, then the understandability and usability of its holdings must also be sustained.

A digital repository must be able to ensure that the information it holds and makes accessible is what it purports to be–that is, any subsequent instantiation of a digital record or asset needs to share the same content, functionality, and behaviour as the initial instantiation.  Authenticity can be assured only with the application of strict ingest controls and the documentation and the preservation of any significant properties throughout any subsequent migrations or application of other preservation actions. [8] Additionally, a successful archive must also be able to offer assurances of information integrity. Distinct from authenticity this means ensuring that the digital entity is intelligible, understandable, and/or usable by the associated designated community. Security measures are one mechanism a repository can use to mitigate problems associated with maintaining information integrity.  Security is a challenge; even in traditional repositories it has posed difficulties.  We are reminded of John Myatt, a prolific forger whose success lay not in his painting but in the ability of his colleague John Drewe to create provenance for his forgeries, including works of Braque, Matisse, Giacometti, Chagall, and Le Corbusier.  The forgeries were good, but it was the fabricated provenances for them that made it possible for the works to be sold by respected art dealers in London and New York and auction houses including Christie’s and Sotheby’s.  John Drewe  “systematically infiltrated some of the most security-conscious art archives in the world, altering the provenances of genuine paintings to establish a lineage making way for Myatt's mostly unexceptional forgeries.” [9] Trusted national repositories in the UK, such as the Victoria and Albert's National Art Library, the Institute of Contemporary Art in London, and the Tate Library’s archives, all provided him with unrestricted access to their holdings.  Peter Landesman reported that  “Drewe changed and fabricated so many records at both the Victoria and Albert and the Tate, and with so many different artists, that the directors of both museums admit that they may never know how much of their collection has been corrupted.” [10]  Ensuring security in the digital repository is not merely a technological problem, but just as in the traditional archival environment security, it is a cultural, political, and social challenge that organisations must meet. 

What conditions must be satisfied to attain trusted status?

There is a range of ways in which digital repositories must engender, establish, and maintain trusted status. In some circumstances, information holders or service providers may already be regarded, by experience or reputation, as trustworthy. In many more cases, information holders are unable to refer to a long history of success in the handling of digital resources and must adopt new ways to demonstrate their competence and reliability. Some institutions, such as national libraries and archives, already have achieved trusted status in the traditional paper environment and there is a general expectation that they “will develop and continue to fulfil this role in the digital environment.” [11]  Compared to institutions and organisations in other sectors they certainly do have an enviable track record in managing heritage assets.  The contrast is highlighted when we reflect on Reed-Elsevier’s decision to delete from its digital store some articles that it had published; of course, this raises concerns and it left at least one academic wondering:   “What guarantors other than libraries do we realistically have?” [12]  But why on earth should we implicitly trust public sector organisations such as national libraries or archives to perform functions that are new, untested, and in a territory that is organisationally and culturally uncharted? The new environment will require all players to establish their “trusted” status.  How can this be done?  In reality there are several questions that can be posed relating to the establishment and maintenance of trusted status. How is trust initially established? What is required in order to sustain it? Can it be secured and, if so, how? In the event that  trust is lost can it be re-acquired? Perhaps most importantly, how can trust be verified and a repository assert its own status as “trusted”? Most issues of trust stem from procedural effectiveness.
 
Attributes and Responsibilities describes attributes that a repository must have in order to claim trusted status. These include Open Archival Information System (OAIS)[13] compliance, administrative responsibility, organisational viability, financial sustainability, technological and procedural suitability, and system security and procedural accountability. Acceptable performance in all these areas will be achieved by (among other things) establishing transparent and executable policies and procedures, meeting standards for all aspects of security (including disaster recovery), defining a mission statement that makes explicit a commitment to the long term, promoting transparent business practice(s), adhering to a sound business plan, adopting appropriate and open technological solutions (e.g., hardware and software), and recording and justifying all preservation actions undertaken. Similarly, types of relationships with depositors, analyses of user needs, application of appropriate metadata processes, and mechanisms to manage and benchmark the quality of service also play a crucial role in repository effectiveness. 

The RLG-NARA Digital Repository Certification Task Force has published a draft checklist for certifiable elements of a digital archive, and this represents an excellent starting point for considering what characteristics are fundamental.[14] However, other approaches have been suggested as well. For instance, can a non-OAIS compliant repository model ever be regarded as trusted?[15] Perhaps the answer will depend upon the nature of such frameworks and what the repository is being trusted to do. The RLG-NARA checklist is very broadly applicable.

The German Initiative for Networked Information (DINI) [16] and the Network of Expertise in Long-term STOrage of Digital Resources (nestor) [17] in Germany have both had considerable success determining certification criteria for document repositories (see companion article in this issue). In addition, The Committee of Sponsoring Organizations of the Treadway Commission (COSO) [18], Control Objectives for Information and Related Technologies (COBIT) [19], and IT Infrastructure Library (ITIL) [20] provide useful, albeit perhaps more generically IT-based, alternatives to the RLG-NARA approach. The first of these, COSO, supports the delivery of mechanisms to enhance the quality of financial reporting through business ethics, effective internal controls, and corporate governance. The second is an open standard IT Control framework for improving the delivery and management of information and associated technologies built on the COSO framework.  The use and functionality of the COBIT framework is complemented by use of the IT Infrastructure Library.  It should be noted that none of the above claim to certify the long-term preservation of information, however, each of these addresses one or more of the many aspects relevant to such preservation.

A crucial step in ensuring the take-up of trust-validating mechanisms is defining and agreeing on the benefits of and motivations for achieving a trusted status.  Potential depositors, funders of content creation, and future users, whether these are persons or machines, all will expect that mechanisms will be in place that will enable them to determine whether they can trust a repository and then what level of trust they can accord it and in what contexts (e.g., for what data types).  For their part, organisations may be motivated to use independent mechanisms for demonstrating their trusted status where: 1) having an indicator of trusted status is relevant to the organisation’s mission and goals; 2) it helps them to achieve their business objective; 3) the balance between the costs of acquiring trusted status and the benefits accrued from such investment can be justified; or 4) a specific business case can be made (e.g., a potential high-value depositor or user requires such externally awarded markers of trust before being prepared to place digital objects in the repository).   

How can a repository formalise its trusted status?

With an understanding of what constitutes a trusted repository infrastructure, the next logical step is to identify how organisations can establish and convey their trustworthiness. Among the most favoured solutions is the introduction of a certification infrastructure for digital repositories. In their 1996 declaration in favour of the establishment of trusted archives, the Task Force on Archiving of Digital Information added that a trusted status could not simply be self-conferred, and that “a process of certification for digital archives is needed to create an overall climate of trust about the prospects of preserving digital information.”[21] This ultimately necessitates the conception of some kind of auditing infrastructure consisting of 1) organisations to perform the assessment and confer appropriate certification and 2) a system for accreditation of such organisation. Such auditing activities present a number of challenges and raise several questions. The first concerns what an audit should seek to achieve. By undergoing an examination of their processes, infrastructure, and information-management competence, institutions, information holders, and service providers can obtain a trusted, certified status that provides a sense of reassurance to their various stakeholders. Conversely, where practices are of insufficient quality, audits can highlight this.  Publishing the outcomes at least internally can be used to promote higher standards or to alert potential users to shortcomings.  As Hans Hofman of the Dutch National Archives commented, public release of the external audit reports would itself be a powerful mechanism, especially where it exposed weakness in particular repositories.

A less immediately obvious question is to ask what exactly should be audited, and the RLG-NARA draft audit checklist attempts to address this. Even where it is possible to identify the auditable aspects within a single repository, questions arise about which service providers or information holders should be audited or at least eligible to request such a service. Some organisations that might be likely to seek certification include national and major research libraries, archives and record management centres, data centres, and commercial service providers. Since very few organisations or projects have guaranteed funding for the indefinite future, we clearly would expect repositories, which are themselves ephemeral, but which are seen as part of a chain of preservation, to seek certification. The incentives and disincentives influencing an organisation’s decision to undergo audit are likely to vary, though if relevant or integral to the missions or goals of the organisation, then audit and subsequent certification is likely to be desirable. Similarly, if customers identify certification as a persuasive factor in choosing a service provider it may be a necessary procedure from a business point of view. It is possible that certification may become a legal obligation for some institutions in order for them to continue to operate in particular regulatory environments. Of course, if the procedures that are introduced prove too costly or complex then these are likely to act as a disincentive. Ultimately, assuming that most organisations will not face obligatory audits, decisions will be based on a subjective cost-versus-benefit projection.

It is likely that audit services will be available at different levels of rigour and this hierarchy may be reflected in classes of certification that might be conferred. Self-audit is the obvious “entry-level” class. This could be a useful internal process, and products like the RLG-NARA draft audit checklist can be used or extended to facilitate it. Self-audit may be a worthwhile way for an institution to prepare for a subsequent and more onerous external audit, or for some low-volume or low-risk repositories, it may be a sufficient benchmark. Effective use of self-audits could reduce the costs of external audits, for example, raising awareness of the kinds of documentation needed. Furthermore, the auditability of an individual institution is likely to be a significant factor in its perceived trustworthiness: self-examination based on pre-defined criteria is a useful way to enable institutions to adopt a best-practice mindset that will better equip them to face more intense scrutiny. The most in-depth external audits are likely to cover every aspect of a repository’s business, including systems, finances, personnel, and procedures. It is unlikely that every repository will need to acquire formal certification if they are to achieve trusted status

The time frame of auditing should also be considered. It seems impossible that certification from a single audit should persist indefinitely. As with any other certification, one would expect regular re-certification audits, driven not least by the fundamental difference of this type of certification from all others–namely the “long-term” preservation that is required. Predefined events or quantitative performance triggers may also compel re-certification. Further decisions will have to be made to determine whether depositors or users will have the power to demand “surprise audits.” Of course, this will depend on the means of the agency or agencies responsible for performing the audits and conferring certification or accreditation. Auditors will be expected to be both multi-disciplinary and independent (over a very long-term period) and command recognition from the communities they seek to serve. To make this work, an accreditation system would be expected to be in place, underpinned by international standards and consensus. Given the time scales involved, change will be a feature of the accreditation, certification, and audit processes.

A further question that remains is that of the logistics of the audits themselves. How in practice will these be conducted? Inevitably, a great deal of information will need to be made available to auditors in order for them to establish a useful understanding. As we have already noted, initial self-audits will enable institutions to ensure that their information infrastructures are sufficiently robust and suitably tailored to suit the rigours of external assessment. Policies, workflows, custody chain documentation, financial and human resource records, and systems data will be among the types of information sought by auditors. Objective conclusions will only be possible following the definition of measurable attributes, and, where currently unavailable, attempts will have to be made to define some kind of quantifiable targets. Relationships between the various communities involved will be analysed. Analysis of the needs of classes of users including producers and consumers will offer some insights into the success with which repositories have met their own remits. In addition, relationships between people and aspects of the system functionality will likely come under scrutiny. For instance, one of several checks will be to establish the robustness of ingest mechanisms and the subsequent ability of the repository to sustain information authenticity and understandability.

Gaining an audit and certification mandate

What organisation or organisations can achieve a mandate to manage audit processes and to oversee the awarding of certified status?  In the UK we hope that the Digital Curation Centre, working with national, European, and international bodies, can earn this mandate.  The Digital Curation Centre has been funded for three years by the UK Joint Information Systems Committee (JISC) and the UK e-Science Core Programme of the Engineering and Physical Sciences Research Council (EPSRC),working in collaboration with professionals and organisations in the area of digital curation. [22] The DCC, led by a consortium of four institutions, each bringing diverse experience, [23]  is the national focus for digital curation research and promotes expertise and good practice, both nationally and internationally, in the management of all research outputs in digital format. The Digital Curation Centre, through its organisation, emphasis, and practical activities, closely reflects these ideals and it aims to catalyse action in innovative research, development, service delivery, and outreach.  The DCC promotes an understanding of the need for digital curation among the communities of scientists and scholars, it provides services to facilitate digital curation, it shares knowledge of digital curation among data creating and using disciplines, it develops technology in support of digital curation, and it leads innovative research in digital curation. Given the broadness and pervasiveness of the digital curation challenge, the core partners recognise that a sustainable contribution can only be made if widespread activity can be leveraged. To ensure that this happens the partners are working to develop a diverse network of associates, including individuals and organisations.

The Digital Curation Centre has established audit and certification as a key priority within both its research and service provision commitments. This is manifesting itself in a wide range of activities: raising awareness of the needs and processes involved in audit; contributing to the validation of audit checklists; developing audit procedures and self-audit tools; participating in the debates surrounding audit controls and certification guidelines; and building accreditation consensus. We still have not come to terms with the costs: how much it will cost the DCC to conduct audits, what the cost implications for organisations wishing to undergo audit might be, and what tools we might use to determine the cost benefit relationships.  As with other audit and certification processes, it is likely that external costs can be contained through having effective internal procedures in place.

Audit and certification fit alongside our already expansive array of training commitments. The DCC will support its implementation of audit and certification services through training events, targeted at information holders and service providers and aimed at offering insights into a range of activities and documentation needed to prepare for audit. Some examples include training on how to design repository infrastructures with certification in mind, on conducting internal self-audits, and on preparing for a fuller external audit. Eventually these training packages will be distributed online as virtual tutorials via the DCC’s Web portal. In addition, the DCC will be publishing a tool to enable institutions to perform their own internal audits.  Successful completion will result in eligibility for bronze level certification and provide an indication of institutional preparedness for higher-levels of certification. This tool will take the form of a series of assessable attributes, which can be identified and scored by institutions within their own repository infrastructures. Further services will see the DCC itself assume the role of auditor in the first instance to the UK’s Higher and Further Education community and members of the DCC’s own Network of Associates. Successful completion of these audits (which will be of varying intensity) will result in the award of silver and gold certification.

To help lay the foundation for these activities, the DCC is contributing to pilot audit studies that will begin over the coming months in the US and Europe.  In parallel and in collaboration with RLG, the DCC will conduct two audits of scientific data repositories to test the RLG-NARA Checklist and as a capacity building exercise.  These investigations have been designed to validate not just the appropriateness of the checklist, but to provide us with an understanding of the process and costs of its use as an audit tool.  One problem is that we do not really know what skills an auditor must have and which ones they should have in this context.  There is though an expectation that the ideal auditor would be independent, multi-disciplined (for example professional auditor and knowledgeable in ICT, law, workflow, and project management), and perhaps not a single individual but a team. 

The DCC anticipates that the need is for a multi-tiered audit and certification programme (bronze, silver, and gold certificates), which is acknowledged by the major cultural and scientific heritage community in Europe to be the standard for assessing such services. This will be supported by publicly and freely accessible tools (both online and paper-based) to enable repositories and other data holding organisations to conduct self-audits.  This approach will be combined with an effort to encourage the development by commercial and not-for-profit organisations of audit services in the arena of trusted repositories.  The foundation of a consortium of repositories with certification at Gold and Silver that can act as a safety-net for repositories affected by changes in their status, mission, or funding environment whose collections may then be at risk, will also play an essential role in the eventual trust placed in any certification scheme.  The possibility of constructing a network of trusted repositories may be viable in the UK as the JISC has recently funded twenty-five projects to a total of £3.2 million to “ensure the maximum degree of coordination in the development of digital repositories, in terms of their technical and social (including business) aspects.”[24]

Underpinning all DCC services in this area is an ongoing commitment to research the issues within the scope of audit and certification that remain unresolved, ambiguous, or unclear (e.g., relevance of the RLG-NARA Checklist, mechanisms for establishing an internationally recognised audit and certification approach). Promotion of the merits of certification for all the involved parties including depositors, end users, repository managers, and third-party service providers is another key work area. By cooperating with those already experienced in the field and developing its own expertise and products, it is hoped that the DCC can make a significant contribution to the establishment of a more trustworthy digital repository landscape within the UK.

The prospect of the emergence of audit, certification, and accreditation mechanisms should not leave institutions like startled rabbits captivated by the glare of the headlights of the oncoming juggernaut. It is possible to act positively to lay a foundation of policies, practices, and services that will provide institutions with a level of preparedness for the eventual implementation of audit and certification mechanisms by the community.  Prior to the wide availability of these services digital repositories can take a variety of preparatory steps.  Examples include: defining and documenting the objectives and aims of the repository itself and of any services being provided; defining, documenting, and applying policies and procedures; developing management steering roles and responsibilities; maintaining risk registers, status reports, and minutes from meetings; and defining, implementing, and monitoring disaster recovery plans. Many of these steps will have already been undertaken in the ordinary course of business, but by refining these into a shape that is more easily auditable (in terms of the work that has already been done in the area) difficulties can be avoided in the future. Put simply, if repositories document what they say or do, have the capability to demonstrate that they can do what they say, and can show that they do do what they say, then they are likely to be performing effectively.  In these cases audit should be welcomed.

Acknowledgements
The authors wish to thank their colleagues in the DCC and, on this occasion particularly, to acknowledge Adam Rusbridge and Yunhyong Kim for their advice. David Giaretta, also of the DCC, provided essential guidance and comments, although we did not reflect all his suggestions in the final version.  We would like to thank Hans Hofman, of the Dutch National Archives, for his suggestions.  Any errors that remain are, of course, our own.

Citations:
[1] S. Anderson and R. Heery, 2005, Digital Repositories Review.

[2] Commission on Preservation and Access and the Research Libraries Group, 1996. Preserving Digital Information, Report of the Task Force on Archiving of Digital Information, page 40 (last accessed, 10 Oct 2005).

[3] RLG/OCLC Working Group on Digital Archive Attributes, 2002, Trusted Digital Repositories: Attributes and Responsibilities. (last accessed, 10 Oct 2005).

[4] ISO Management Systems

[5] ISO/IEC 17799:2005: Information technology - Security techniques - Code of practice for information security management

[6] ISO 15489-1:2001 Information and documentation - Records management - Part 1: General, ISO/TR 15489-2:2001 Information and documentation - Records management -Part 2: Guidelines

[7] Reference Model for an Open Archival Information System (OAIS) – ISO 14721, 2002).   (last accessed, 10 Oct 2005). 

[8] Integrity and Authenticity of Digital Cultural Heritage Objects, 2002, DigiCULT Thematic Issue 1, and The Long-term Preservation of Authentic Electronic Records: Findings of the InterPARES Project, 2004,see the report of the “Authenticity Task Force”,

[9] On the case see for example: “Art fraudster jailed”, Monday, February 15, 1999 or P. Landesman, 1999, “ A 20th-Century Master Scam”, 18/07/1999,

[10] Landesman, 1999.

[11] S. Ross 2003, Digital Library Development Review, National Library of New Zealand, (Wellington), ISBN: 0-477-02797-0. ,

[12] J. O'Donnell in a posting to Liblicense-L on 29 January 2003 (Subject “Re: vanishing act” ) (last access, 10 Oct 2005)

[13] Reference Model for an Open Archival Information System (OAIS) – ISO 14721, 2002).  (last accessed, 10 Oct 2005).  Although the authors would argue that any certification scheme will need to allow for other underlying models as they emerge.
 
[14] RLG-NARA Task Force on Digital Repository Certification: Audit Checklist for Certifying Digital Repositories,   (last accessed, 10 Oct 2005).  See article by Robin Dale in this issue.

[15] Further investigation may be needed to decide whether or not any audit, certification, and accreditation programme will need to be flexible enough to be responsive to future preservation models that may emerge.  See for instance, D. S. H. Rosenthal, T. S. Robertson, T. Lipkis, V. Reich, and S. Morabito, 2005, “Requirements for Digital Preservation Systems: A Bottom-Up Approach”

[16] DINI, Deutsche Initiative für Netzwerkinformation eV

[17] NESTOR, Network of Expertise in Long-Term Storage of Digital Resources

[18] http://www.coso.org

[19] http://www.isaca.org/cobit

[20] http://www.ogc.gov.uk/index.asp?id=2261

[21] Commission on Preservation and Access and the Research Libraries Group, 1996. Preserving Digital Information, Report of the Task Force on Archiving of Digital Information, page 40, (last accessed, 10 Oct 2005).

[22] http://www.dcc.ac.uk  For a more detailed description of the DCC and its work see C. Rusbridge, P. Burnhill, S. Ross, P. Buneman, D. Giaretta, L. Lyon, M. Atkinson, 2005, “The Digital Curation Centre: A Vision for Digital Curation”, In Proceedings IEEE”s Mass Storage and Systems Technology Committee Conference on From Local to Global: Data Interoperability--Challenges and Technologies, an online version is at: http://eprints.erpanet.org/archive/00000082/01/DCC_Vision.pdf

[23] It brings together organisations across three Universities and a research council. Led by the University of Edinburgh [], which hosts the School of Informatics, the National eScience Centre (NeSC), the EDINA national data centre, the DCC consortium includes HATII [22] at the University of Glasgow Humanities Advanced Technology and Information Institute (HATII), UKOLN at the University of Bath, and the Council for the Central Laboratory of the Research Councils (CCLRC).

[24] JISC Digital Repositories Programme

Introduction
The concept of certifying repositories of important digital cultural heritage resources has existed for at least ten years.  Advanced as a recommendation from the seminal collaborative work, Preserving Digital Information [1], certification was one of the more contentious issues set forth by that report.  There was a reluctance to enforce potentially rigid constraints on the evolving digital repository landscape.  Still, the electronic publishing paradigm shift was underway and task force members recognized that preserving digital resources would require greater commitment, skills, and resources than their analog counterparts.  Absent engrained trust formed by decades of experience, it was agreed that it would not be credible enough for an organization to assert that it could preserve digital resources.  Born digital materials raised the stakes.  Organizations were going to have to prove capable stewardship of digital materials through certification of their digital archives and repositories.

Fast forward to the present. Though certification was controversial in 1995 because we lacked the digital repositories to which it would apply, the picture in 2005 is quite different.  Publishers have shifted to a new model of publishing where access to electronic publications is leased from them. The security of and long-term access to that digital information is confronted by technical challenges, as well as organizational ones related to infrastructure, investment, and the “long tail” of profit envisioned by publishers and aggregators alike.  Institutional repositories have blossomed across academia, but the systems underpinning these repositories were built to support access and most lack critical components that would enable preservation of the files stored within them.  Finally, organizations both known and unknown to the community are offering “digital preservation” and “digital archiving” services, though if hard pressed, few would be able to perform the kind of long-term management and stewardship identified by the RLG-CPA task force in Preserving Digital Information. 

With a varied landscape of repositories, it is and will be important to distinguish repositories and archives with not only a mandate (mission) to preserve digital information over the long-term, but the capability to do so.  Audit and certification are tools that can be used to document and test repositories’ organizational and technical capabilities.  These tools and a process for certification have been under development through the RLG-National Archives and Records Administration (NARA) Digital Repository Certification Task Force [2] and the Center for Research Libraries (CRL) Audit and Certification of Digital Archives [3] project.  For the first time in the ten years since the publication of Preserving Digital Information, the community is very close to having not only audit criteria, but a methodology to carry out the certification process.

The RLG-NARA Digital Repository Certification Task Force
For the last two years, the RLG-NARA Digital Repository Certification Task Force has been developing audit criteria for digital repositories and archives.  Formed to follow-up on recommendations of both Preserving Digital Information and the 2002 Trusted Digital Repositories: Attributes and Responsibilities [4] report, the expert task force was charged with producing certification requirements for establishing and identifying trustworthy, reliable digital repositories.

The course of work proved to be an interesting one.  Anxious to avoid recreating existing criteria that might be applicable, the task force investigated the range of existing information technology standards including CoBIT [5], the ISO 9000 family [6] of standards, information security standards from governmental agencies such as the National Institute of Standards and Technology (NIST) [7], ISO standards such as ISO/IEC 17799:2005 [8], and others.  Though related standards and guidelines existed, only one came close to addressing the range of digital preservation information and infrastructure needs: the Open Archival Information System (OAIS) Reference Model (ISO 14721:2002) [9]. Already enjoying widespread adoption within the digital preservation community, the OAIS Reference Model was an obvious starting point for the certification work.  As an ISO standard, it also provided the standards base required for any audit and certification process. It did, however, lack criteria pertaining to the organization context underpinning any digital repository. By combining the OAIS and the Trusted Digital Repositories report, as well as leveraging pertinent information from existing information technology standards, the task force had a strong foundation from which to build the audit checklist.

Developing Criteria: Tackling Difficult Questions
Scoping audit and certification criteria was impossible without asking certain questions: 

• Who will seek certification and what are the incentives?
• What other repositories should be subject to certification?
• Is it appropriate to have levels of certification? 
• Should there be different kinds of certification for the different types of digital repositories that exist?
• Should a more uniform approach – one set of criteria for all repositories – be taken? 

These questions had to be addressed before any methodology could be developed, yet answering the questions proved to be difficult.  The broad cross-section of repositories represented on the task force led to different viewpoints based upon the perspective each brought to the table. Differences in opinion emerged around the issues of data curation responsibilities and the  responsibilities each repository assumed. The criteria would need to measure professional proficiency in digital preservation, information technology, and security, but also take into account an institution’s data curation policies and responsibilities. 

Purism or Pragmatism?
The task force believed that a single, comprehensive list of audit criteria would best measure capabilities.  But practicality had to be considered as well.  Would the comprehensive criteria envisioned by the task force be too burdensome to implement?  Regardless of the actual audit cost, the costs of preparation, self evaluation, systems testing, etc., are all potential real costs of preparing to meet audit and certification requirements. What were the incentives to undergo a potentially costly process?  Though this task force was far from developing the eventual certification process, economics of implementation had to be considered.

As a component of the nestor project [10], colleagues in Germany are envisioning and developing a “lighter” certification program with fewer initial criteria. [See next article.] This lighter certification would encourage institutions to undergo certification now, early in their developmental stages.  Certification criteria would continue to develop and grow more rigorous, and certain institutions would be expected to meet the newer (hard certification) requirements over time. This model is certainly of interest, especially for developing academic repositories, and we continue to consult with our nestor colleagues as both certification efforts move forward.  At the same time, the RLG-NARA task force had been tasked to develop criteria capable of evaluating a broader range of repositories, including third-party repositories. This meant the RLG-NARA criteria had to be stringent and detailed from the outset, able to determine the current state of any repository’s technical, organizational, and digital preservation competencies.

The RLG-NARA Audit Checklist
In the end, the task force developed a comprehensive list of criteria that could be used to audit large scale repositories that assumed a variety of data curation responsibilities. Five different frameworks were utilized to conceptualize the nature of the required criteria or audit metrics.[11]  Each presented a different perspective, allowing the task force to identify and fill gaps.  The OAIS and Trusted Digital Repositories attributes played prominent roles in criteria development and early frameworks, though to enable the criteria to be used to evaluate all types of repositories and data archives, rigid adherence was avoided.  The resulting framework reflects four overarching categories of criteria: organizational infrastructure; repository functions, processes, and procedures; designated community and the intended uses of information; and technology and technical infrastructure.

At the end of August 2005, the task force released its audit checklist as a draft for public comment.  An Audit Checklist for the Certification of Trusted Digital Repositories [12] will be available for public comment through 15 January 2006. Eliciting expert comments from the community is one key part of evaluating the efficacy of the current criteria before version 1.0 of the audit criteria is finalized. The RLG-NARA task force hopes institutions will review the report and checklist, potentially using it as a component of self evaluation.  The second key component of validating the audit criteria will be through the CRL project described below.  The audit checklist is being leveraged by the CRL project and together, these efforts will yield a usable methodology for discerning trustworthy digital repositories.

The CRL Audit and Certification of Digital Archives Project
In early 2005, the Center for Research Libraries [13] was awarded a grant from The Andrew W. Mellon Foundation [14] to develop the processes and activities required to audit and certify digital archives. Over 18 months, the CRL project will refine, test, and deliver specifications for the auditing processes, develop a plan for certification, and will outline a business model for the certifying agency or entity best suited to carry out those processes on a continuing basis.

Driving this project is concern about the growing extent to which the research community must rely upon other organizations to maintain valuable digital resources such as electronic journals, news, and other scholarly content.  The responsibility and rights to preserve the information often belong to publishers, their designees, or others who produce and/or aggregate the content.  Lacking local control over the information, universities, libraries, publishers, consortia, and others need the means to assess and thus manage the level of risk they incur in developing and securing access to knowledge and cultural resources in digital form. The certification process may prove to be a means to that end.

Developing Certification Methodology
The CRL project is being tackled through three work phases.  Phase one involved designing the audit process and refining the audit criteria and terminology to be used. This phase was particularly assisted by leveraging the RLG-NARA audit checklist.  Phase two will help us model the audit process through test audits of three digital archives: the e-Depot at the Koninklijke Bibliotheek [15], Portico [16], a new service to archive scholarly electronic journals incubated by Ithaka Harbors [17], and the data archive at the Inter-university Consortium for Political and Social Research (ICPSR) [18] at the University of Michigan.  The LOCKSS [19] distributed archiving system developed by Stanford University will also be evaluated in phase two. The final phase of the project, phase three, will specify the economic and service models appropriate to undertake those processes on a continuing basis.

What Do We Want From the Certification Process?
The RLG-NARA certification criteria were developed by a “top-down” view of repositories by experts who work in digital repositories and are knowledgeable about the technical issues.  That valuable technical perspective contributed greatly to understanding the technical processes and procedures that should be expected of a trustworthy digital repository. This insider’s view is one perspective necessary to determine what outcomes are needed from the certification process. 

The CRL project complements the earlier approach, balancing the view from the “inside” with that of the “users.”  An advisory group provides a unique perspective on certification.  With one exception, project advisors represent the “user” or “consumer” side of the equation – not only as users of information, but also prospective users of certification outputs.  This viewpoint contributes much to the development process.  Representing the perspective of those with fiduciary and management responsibility for acquired digital content, and keeping the attendant value and competency factors in mind, the project advisors were able to specify the kinds of useful information that must be produced by an audit and certification process.

• What information would be most valuable to a university provost?
• What kind of data would enable administrators such as university librarians and e-resource licensing specialists to evaluate and make informed decisions about  whether purchased resources will be available for the long-term?
• If asked for input, what information would the chief information officer or preservation expert need to know to render an opinion about the long-term security and accessibility of digital resources within a given digital repository?

The valuable advice provided by the CRL project advisors will lead to the development of stronger, more focused audit criteria, as well as audit documentation and reports (including digital archives profiles) that yield the elusive transparency of information about repository operations, procedures, and commitment.  This information will be helpful to the range of people and perspectives likely to have input in the evaluation of information services, information longevity, and the trustworthiness of the archives.

Who will be the Certifiers?
Certainly a frequently asked question is “who will be the certifiers?”  The third phase of the CRL project will tackle this question, working in consultation with colleagues from the nestor Working Group on Trusted Repository Certification [20] and the Digital Curation Centre (DCC) [21] in the UK.  Colleagues from both groups have expressed an interest – and are stakeholders – in shaping and managing any certification process that will affect repositories within their respective countries. 

Although certification is often associated with “a certifying agency,” it is highly likely that the eventual audit and certification process will take place in a distributed, but coordinated manner, perhaps through an umbrella organization.  There are many factors that contribute to this, including:

• differing national laws and regulations pertaining to digital information
• language of available documentation
• specialization of repository types
• established local stakeholders such as nestor and the DCC
• laws governing the indemnification of any certifying agency or the umbrella organization in the event of information loss at any particular archives.

Certainly the key factor to conclude the development of a certification methodology is to make sure it has a self-sustainable organization to permit it to move forward. Phase three of the CRL project will involve work to analyze the costs of the key auditing and certification processes and the requisite organizational structures on the basis of the subject archives audits.  Existing models for certifying and rating organizations in the for-profit and non-profit fields will be examined; their respective funding systems, organizational structures, and forms of governance analyzed.  A goal of the project is to be able to provide a detailed prospectus for the establishment of a self-sustaining certifying entity that is accountable to the research libraries community.

The Way Forward
Over the next 13 months, the CRL project will move forward to complete and establish a methodology for auditing digital archives and repositories.  Through closer collaboration with our nestor and DCC colleagues we hope to make certification real by building the infrastructure necessary to evaluate and measure repository trustworthiness.

1. Thoughts about Certification

Certification can be interpreted and implemented in different ways. Much depends on the overall goal to be reached through the certification and auditing process. For example, in order to support the development of certain standards, it may be more important to encourage repositories to use Persistent Identifiers (e.g., DOI or URN) than to demand Persistent Identifier use, thereby excluding many by defining a criteria that only a minority of repositories could fulfill. This kind of certification supports a coaching concept, and we regard this as Soft Certification. However, a certificate that has the primary objective of ensuring the highest level of trust would exclude the majority of repositories, only admitting those that follow very strict rules. We regard this kind as Hard Certification.

Within this article we present two approaches from Germany. First, the DINIⁱ Certificate for Document and Publication Repositories [1] aims to network document and publication repositories by pushing the use of standards and promoting interoperability. And second, is the work being carried out by nestor, the Network of Expertise in Long-term STOrage of Digital Resources - A Digital Preservation Initiative for Germany.ⁱⁱ The nestor Working Group on Trusted Repository Certification, established in December 2004, investigates the standards and methodologies that will ultimately lead to trustworthy digital repositories.

Both certificates will ensure quality and raise trustworthiness by guaranteeing that publication servers and repositories are set up and operated according to certain standards and best practices. This further enables interoperability for collaborative publication tasks and long-term preservation.

For DINI the primary objective of the guidelines and criteria was to: 1) improve interoperability and cooperation between German higher education institutions that run digital repositories; and 2) to provide an instrument for the repository operators that could be used to raise the visibility, recognition, and importance of the digital repository within the university. The DINI certificate distinguishes the repository from common institutional web servers and assures potential users and authors of digital documents that a certain level of quality in repository operation is warranted. In addition, DINI sees its certificate as an instrument to support the Open Access concept. It can be viewed as a “soft certificate,” where the coaching idea prevails, and works on the basis of self disclosure by the repositories.

The nestor certificate, by contrast, aims to document the trustworthinessⁱⁱⁱ of digital repositories, data producers, and service providers not only in higher education institutions but also in national and state libraries and archives, museums, and data centers. Trustworthiness is important to potential customers, who are the producers of digital information on the one hand and the readers of the deposited information on the other hand. Additionally, cooperating partners and an organization's own management have to be able to rely on the repositories’ trustworthiness. As Jantz and Giarlo [2] state: “For repositories of scholarly materials, trust can become a significant long-term barrier and considerably increase the complexity of the digital preservation task.”

The concept of trust applies not only to technological issues, but also to organizational and cultural aspects. The RLG/OCLC Working Group and the RLG-NARA Task Force expressed this idea in their reports in 2002  [3] [7] and in the criteria catalogue in September 2005  [4]. Trustworthy digital repositories as defined by nestor can assure producers of all kinds of digital objects that their content is secured and preserved in a manner that ensures their authenticity and data integrity. It also provides a certain security to the end user that the information will be accessible over time and that what she or he receives from the digital repository is trustworthy in terms of the authenticity of the object, the producer, and publication time and place. For the institution itself and its cooperating partners, the certificate guarantees the reliability of the digital archive services, which is a prerequisite for its integration into the overall mission of the institution and for collaboration on a national or international level.

Therefore, nestor goes farther than DINI and aims to establish a three-stage process. This starts with giving orientation for the planning and implementation phase by providing checklists with recommendations, standards, and best practices. In the second step, nestor enables qualification by means of self-evaluation and self-representation, improving transparency. The last step is a “hard certificate” attesting to a high level of trust, in which a digital repository is subject to a certification process by external certification experts, normally based on an internationally standardized criteria catalogue.

Figure  1: Types of Certification

Since long-term preservation of digital objects is, globally speaking, in its infancy and because little experience has been amassed to date, certification is not intended to “… give a declaration of guarantee for five or fifty years, but to enable institutions to develop strategies in order to cope with the continuous change of information technology in a responsible way.“ [5] [9]

2. The DINI Certificate for Document and Publication Repositories

2.1 About DINI: The German Initiative for Networked Information

DINI is a coalition of German infrastructure or service institutions: the libraries, computing centers, media centers, and scientists, which are represented by the Information and Communication Initiative of their Learned Societies. DINI is an institution that is committed to initiating and intensifying the regional, nationwide, and international collaboration between the infrastructure facilities at universities and to creating recommendations for efficient information services and communication networks in and between universities. A comparable initiative is CNI, the Coalition of Networked Information in the USA, which is a cooperating partner of DINI.

DINI operates several working groups, one of which is the Working Group on Electronic Publishing.

2.2 Short Description of the DINI Certificate

Installing and institutionalizing document and publication repositories at universities allows them to offer and to archive scholarly publications that have been produced at the respective universities for a worldwide audience. This new service by a library and computing center infrastructure helps disseminate the concept of electronic publishing as a new tool for academic work.

“DINI supports this development in order to reach a higher level of scientific and scholarly communication nationwide and internationally and highlights the necessity to network document and publication repositories. Such a network of local publications would complement the dominant (commercial) publications through publishing houses and may therefore also function as a regulating body against the monopolistic tendencies in scholarly publishing. The German Science Council and the Conference of University Rectors in Germany call for the installation of document and publication repositories, and funding institutions such as the Ministry for Science and Technology^iv and the German Research Foundation^v support and fund this. It is deemed important to develop this according to international standards and to use proven technology.” [1]

Since 1997, we have been developing digital repositories in Germany, mostly funded by the German Research Foundation or the German Ministry for Education and Research. In 2003, DINI carried out a survey of German university repositories and received responses from 47 universities. The kinds of documents stored in these repositories included theses and dissertations, monographs, journals, preprints, papers, teaching materials, and historical digitalized materials. From this survey, DINI learned that only 40% are working toward any kind of policy development. Furthermore, survey responses reflected a very disappointing use of standards for metadata, interfaces, cataloguing, subject cataloguing, or organizational regulations.

In light of these findings, the DINI working group decided to issue a certificate in order to motivate operators of institutional repositories to use appropriate technology and methods. The certificate program was launched in 2003 and introduced quality control for servers for the first time. A set of minimum requirements for repositories and their operators, which are regarded as mandatory for modern scholarly communication, was developed, as well as recommendations highlighting foreseeable developments that might turn into future requirements. A DINI logo was also created for distribution to certified servers.

2.2.1 Criteria

The DINI criteria are split into two sections. The first section specifies minimum standards and requirements that must be met by the document and publication repositories or their operators in order to be awarded the certificate. And because DINI anticipates continuous adaptation to ensure that the certificate retains its validity in an ever changing environment, the second section lists recommendations that, from today’s point of view, are likely to become future requirements for the certificate.

The requirements and recommendations cover the following topics:

• Server Policy / Guidelines
• Author support
• Legal issues
• Authenticity and integrity
• Cataloguing
• Access statistics
• Long-term availability

2.2.2 Auditing

A working group^vi within DINI audits the criteria for the DINI certificate against international standards and developments and updates them accordingly. For this reason the certificate is issued with a year-of-award stamp. The DINI office or an authorized working group is responsible for awarding the DINI Certificate—the document that acknowledges that the certified repository meets the minimum standards of a DINI-Certified Document and Publication Repository. A small fee (50 - 250 Euro) is charged for issuing the DINI certificate.

2.3 Experience with the Certification Process

So far, 14 university repositories^vii have been awarded (or have applied for) the DINI certificate. Through discussions, colleges report that the certification procedure has caused local authorities to reflect more deeply about the repository service itself and to start thinking about their repositories' mission and philosophy. The certification recommendations and guidelines proved to be a good orientation for bringing the local repository up to a certain level and in bringing this to the attention of the institution’s directorate.

Figure  3: German Repositories with DINI Certificate

3. Certification within nestor

3.1 About  nestor: Network of Expertise in Long-term STOrage of Digital Resources - A Digital Preservation Initiative for Germany

The goal of nestor is to create a network of expertise in the long-term storage of digital resources for Germany, comparable to initiatives like the Digital Preservation Coalition in the UK. As the perspective of current and future archive users is vital to the project, the emphasis is put on the long-term accessibility of digital resources rather than on pure preservation aspects. nestor wants to strengthen the awareness of this important and urgent topic among the general public and experts by launching a discourse about "Information Life Cycle Management." The project also makes distributed expertise visible and accessible, provides information, and encourages communication between all players involved in long-term preservation in Germany. To this end, nestor has initiated expert reports on different topics (see [9][10],[11]) and has set up a web portal on digital long-term preservation for Germany, including a subject gateway and an experts' database. nestor operates several working groups; one of these is the working group on Trusted Repositories Certification. Others include groups on multimedia archiving and preservation policies.

3.2 The nestor Working group on Trusted Repositories Certification

The nestor working group^viii wants to encourage the implementation of reliable digital object repositories. It aims to standardize and to enable cooperation between repositories by providing a criteria catalogue and suggested metrics for evaluation, taking into account the special German conditions in preparing for the certification process.

The working group consists of selected representatives of various interest groups with a stake in digital long-term archiving: producers and users of digital information, operators of digital long-term archives, memory organizations, and technical experts. To ensure that the work attracts the cooperation of as wide an audience as possible, the group organizes workshops and round table discussions.

Figure  4: Homepage of the nestor Working Group on Trusted Repository Certification

The intention is not to reinvent the wheel. It is likely that a catalogue containing the same criteria will result from joint discussions with the RLG-NARA Group. The criteria can be organized under different views and undergo specified auditing processes. Important components for evaluation include local requirements and the different political, legal, and financial landscapes in Germany, Europe, and the USA for archives, museums, libraries, data centers, etc. Accordingly, there is undoubtedly a need for different evaluation schemata taking these special contexts into account.

We are currently discussing several views, and our preference at the moment is for the “users” view of such a criteria catalogue. The prime argument for this decision is that the criteria catalogue should function as a guideline for planning, organizing, and implementing the requested functionalities. As the realization of the functionalities lies in different hands, it is necessary to give the repository manager a different view, whereas the systems engineer or the security officer or even the financial manager will be interested in a checklist. Furthermore, the catalogue criteria may be used for self-evaluation. As the transparency increases, producers and end users in particular become interested. Thus we defined four groups:

Organizational Issues:
1. Internal Organization
2. Organization of Cooperation with Producers and End Users
Technological Issues:
3. Technical System Management
4. Technical Object Management

Table  1: nestor Criteria Catalogue

We show here only examples of the main requirements, not the whole criteria catalogue (current working version). A different view could be one based on the RLG/OCLC attributes.

3.3 Survey and Workshop

In order to achieve an evaluation protocol that conforms to current technological and organizational standards, the nestor working group performed a survey with representative partners from different sectors: libraries, museums, archives, research institutions, data centers, publishing houses, enterprises, broadcasting stations, and a meteorological service. The survey investigated common practices for storing and preserving digital objects. Some results were rather disappointing and showed that a lot of informative work and persuasion has to be done to make the demand for reliable digital objects repositories visible.

As a result, at a workshop in June 2005, the nestor Working Group on Trusted Repositories discussed the important criteria of trusted long-term archives with a wide range of specialist “users,” in order to test their applicability and to ensure the relevance of the assessments.

The final discussion revealed that reliability could be achieved in various ways. First, during planning and implementation, a long-term digital archive can follow recommendations, standards, and best practices. It can then become qualified by means of self-representation and improve its transparency to users, producers, cooperating partners, and its own management. Further, a long-term digital archive can gain a certificate  and, by means of a formal procedure based on strict criteria, establish a high level of trust.

3.4 nestor’s evaluation schema for the criteria/metrics

For the survey and the workshop we supplemented the criteria catalogue with examples of typical values, known standards, and best practices in order to make the questions as precise as possible and to make the answers easier to formulate.
At the workshop we discussed four main criteria:

• Are there more typical values, best practice examples, standards?
• Is there a consistent set of minimum requirements or ongoing recommendations for these questions?
• How can the degree of performance be measured? Is it a yes/no question or is a differentiated rating scale needed?
• How is this requirement weighted within the overall assessment?

From the results of the survey and the workshop discussion, we will elaborate a catalogue of criteria, enhanced with metrics for the evaluation. We hope this will be an instrument to provide orientation and  self-evaluation, and it will formally and stringently lay the groundwork for certification. The evaluation schema is scheduled to be presented and discussed in depth at a round table session in the spring of 2006.

4. Conclusion

We are applying our experience with the DINI Certification of Document and Publication Repositories and the work done in the nestor working group to the international discussion with the RLG-NARA Repository Certification Task Force^ix, the Digital Curation Centre^x, DELOS Network of Excellence on Digital Libraries,^xi and other international activities in order to contribute to the ongoing work on standardization of certification criteria and the certification process.

Citations:

[1] Deutsche Initiative für Netzwerkinformation (DINI) Working Group Electronic Publishing: DINI-Certificate Document and Publication Repositories, November 2003, DINI-Schriften 3-en, urn:nbn:de:kobv:11-10046073.

[2]Ronald Jantz and Michael J. Giarlo: Digital Preservation – Architecture and Technology for Trusted Digital Repositories, D-Lib Magazine Vol. 11 No. 6, June 2005, doi:10.1045/june2005-jantz.

[3] RLG/OCLC Working Group on Digital Archive Attributes: Trusted Digital Repositories: Attributes and Responsibilities: An RLG-OCLC Report / Mountain View, CA : RLG, 2002. URL: http://www.rlg.org/en/pdfs/repositories.pdf . (last viewed 28.04.2005)

[4] RLG-NARA Task Force on Digital Repository Certification: Audit Checklist for Certifying Digital Repositories. URL: http://www.rlg.org/en/pdfs/rlgnara-repositorieschecklist.pdf  (last viewed 23.09.2005)

[5] Ute Schwens, Hans Liegmann; Die digitale Welt – eine ständige Herausforderung: Rainer Kuhlen, Thomas Seeger und Dietmar Strauch (Eds) In: Grundlagen der praktischen Information und Dokumentation: Volume 1. Preprint, 5th edition. München, Saur, 2004. URL:http://www.langzeitarchivierung.de/downloads/digitalewelt.pdf

[6] Dobratz, Susanne; Neuroth, Heike: nestor : Network of Expertise in Long-term Storage of Digital Resources –A Digital Preservation Initiative for Germany http://www.dlib.org/dlib/april04/dobratz/04dobratz.html, DOI:10.1045/april2004-dobratz

[7] Dobratz, Susanne; Neuroth, Heike; Schoger, Astrid; Strathmann, Stefan: nestor – Entwicklungsstand des Kompetenznetzwerks zur Langzeitarchivierung digitaler Ressourcen in Deutschland. Zeitschrift für Bibliothekswesen und Bibliographie, 52 (2005) 3-4 p. 151-162 (see http://www.klostermann.de/)

[8] Henry Gladney: Perspectives on Trustworthy Information, In Digital Document Quarterly (DDQ), Volume 1, Number 2, 1Q2002. URL: http://home.pacbell.net/hgladney/ddq_1_2.htm

[9] Dirk Witthaut unter Mitarbeit von Andrea Zierer, Arno Dettmers, Stefan Rohde-Enslin: Digitalisierung und Erhalt von Digitalisaten in deutschen Museen: nestor Materialien 2: Frankfurt am Main , nestor c/o Die Deutsche Bibliothek, 2005 urn:nbn:de:0008-20041223022.

[10] Uwe M. Borghoff u. Mitarb.: Vergleich bestehender Archivierungssysteme: Nestor Materialien 3: Frankfurt am Main , nestor c/o Die Deutsche Bibliothek und Univ. d. Bundeswehr München Fak. f. Informatik, Inst. f. Softwaretechnologie., 2005 urn:nbn:de:0008-20050117016.

[11] Rechtsanwälte Goebel und Scheller (Bad Homburg v.d.H.): Digitale Langzeitarchivierung und Recht: nestor Materialien 1: Frankfurt am Main , nestor c/o Die Deutsche Bibliothek, 2004 urn:nbn:de:0008-20040916022.

i. DINI: Deutsche Initiative für Netzwerkinformation = German Initiative for Networked Information. For more information see http://www.dini.de/.

ii. For more information on nestor see http://www.longtermpreservation.de or [6],[7].

iii. We use trustworthiness (Vertrauenswürdigkeit) here instead of trusted, because this term is more precise, see Discussion in [8].

iv. Bundesministerium für Forschung und Bildung

v. Deutsche Forschungsgemeinschaft

vi. Members are listed at http://www.dini.de/dini/mitgliedschaft/mitgliedschaft.php

vii. A complete list of certified servers can be found at http://www.dini.de/dini/wisspub/wisspub.php

viii. For more information on the nestor WG on Trusted Repositories Certification see http://nestor.cms.hu-berlin.de/tiki/tiki-index.php?
page=Working+Group+on+Trusted+Repositories+Certification+ %28nestor%29

ix. see: http://www.rlg.org/en/page.php?Page_ID=367

x. see http://www.dcc.ac.uk/

xi.see http://www.delos.info/

The Center for Research Libraries: Certification of Digital Archives

The Center for Research Libraries hosts the website for information dissemination about The Andrew W. Mellon Foundation funded project to develop an auditing and certification process for digital archives. As described in the second feature article of this RLG DigiNews, this project will be working in three phases over the next year to establish a methodology for auditing digital archives and repositories. Watch the site for further developments about this important project, and check it out now for more information about the project:

• Background
• Personnel
• Timetable
• Metrics and Terminology
• Participating Archives
• Project Outputs
• Digital Archives Profiles

Preserving Digital Heritage
November 4 – 5, 2005
The Hague, the Netherlands

Sponsored by the Koninklijke Bibliotheek (National Library of the Netherlands) and as a part of UNESCO’s 'Charter on the Preservation of the Digital Heritage, this conference will highlight high level management exemplars from a variety of institutions concerned with digital preservation. Plenary sessions will focus on two areas: materials selection for preservation and the roles and responsibilities across institutions for preservation purposes.

Ensuring Long-term Preservation and Adding Value to Scientific and Technical Data (PV 2005)
November 21 – 23, 2005
Edinburgh, UK

The third of a series, this conference plans to examine digital preservation issues in light of the characteristics and requirements of scientific and technical data.

AMIA (Association of Moving Image Archivists) 2005 Conference
November 30 – December 3, 2005
Austin, Texas

Workshops, film screenings, special interest groups, poster sessions, and vendor exhibitions will make up the fourteenth annual AMIA conference.

Electronic Imaging 2006
January 15 – 19, 2006
San Jose, California

Co-sponsored by Society for Imaging Science and Technology and the Society of Photo-Optical Instrumentation Engineers, this annual meeting will feature symposia, continuing education sessions, and technical exhibits.

Targeted topics include:

• 3D Imaging, Interaction, and Measurement
• Imaging, Visualization, and Perception
• Image Processing
• Digital Imaging Sensors and Applications
• Multimedia Processing and Applications
• Visual Communications and Image Processing
• Optical Security and Anti-Counterfeiting

Academic Library and Information Services: New Paradigms for the Digital Age
February 7 – 9, 2006
Bielefeld, Germany

The Bielefeld University Library will host this conference as a part of the International Bielefeld Conference series. This forum, offered every two years, promises to provide a venue for library managers to share experiences and expertise in digital library topics.

IASSIST 2006 Call for Papers
May 23-26, 2006
Ann Arbor, Michigan

The International Association for Social Science Information Service and Technology / Association Internationale pour les Services et Techniques d'Information en Sciences Sociales (IASSIST) is inviting submissions for its 32nd annual conference entitled Data in a World of Networked Knowledge. Proposal abstracts for papers, sessions, and posters should be submitted by January 16, 2006. IASSIST will bring together an international audience of professionals working with information technology and data services and seeks presentations on topics that “address the full range of digital data life cycle issues, including those that focus on access, documentation, dissemination, preservation, data use and current empirical research activity.”

ELPUB 2006: Digital Spectrum: Integrating Technology and Culture
June 14 – 16, 2006
Bansko, Bulgaria

Plan ahead for ELPUB 2006, the 10th International Conference on Electronic Publishing. This conference aims to facilitate active exchange and learning about broad aspects of electronic publishing, including submissions of the most recent work covering both general and technical tracks.

New Digital Curation Manual Installment: Open Source for Digital Curation

The Digital Curation Centre has released the latest installment of their Digital Curation Manual, that explores the implications of open source software applications for managing and planning for the life cycle of digital materials.

Report Released: Digitizing Historic Newspapers: A Practical Approach

The presentations and a summary report from the Digitizing Historic Newspapers: A Practical Approach conference held July 18, 2005 in Denver, Colorado are now available online. The conference covered newspaper digitization projects in-depth, including planning, funding, technical, and copyright considerations.

“Open Access Webliography”

A new annotated webliography has been released online. Written by Adrian K. Ho and Charles W. Bailey, Jr., this preprint pulls together a broad range of electronic resources related to the open access movement.

BASE (Bielefeld Academic Search Engine) Updated

BASE has been updated to include access to over 2 million documents from 160 online Open Archives Initiative (OAI) resources, including many scholarly full text archives and other repositories.

DPC Technology Watch Report: Preservation Metadata

The latest Technology Watch report, authored by Brian Lavoie and Richard Gartner, has been made available from the DPC website. The report “provides a comprehensive but highly readable update on developments in preservation metadata and METS.”

A Kaleidoscope of Digital American Literature

The Council on Library and Information Resources (CLIR) has released this report that describes digital resources, projects, priorities, and concern of scholars in American Literature who are embracing digital technologies. Topics covered are: quality-controlled subject gateways, author studies, e-book collections and alternative publishing models, reference resources and full-text collections, collections built around a particular area of interest, and teaching applications.

NDIIPP to Sponsor Portico

The Library of Congress’ National Digital Information Infrastructure and Preservation Program (NDIIPP) has announced a $3 million grant award for the development of Portico, an initiative sponsored by JSTOR, Ithaka, The Library of Congress, and The Andrew W. Mellon Foundation. Portico’s mission is to preserve and provide long-term access to scholarly literature published in electronic form.

Ingest Guide for University Electronic Records Released

Tufts University’s Digital Collections and Archives and Yale University Library’s Manuscripts and Archives is seeking public input and comment on their newly completed Ingest Guide for University Electronic Records (pdf). This report was built with the Reference Model for an Open Archival Information System (OAIS) and the Producer-Archive Interface Methodology Abstract Standard in mind and deals with issues of ingest beyond just to the actual transfer of digital records.

RLG DigiNews (ISSN 1093-5371) is a Web-based newsletter conceived by the RLG preservation community and developed to serve a broad readership around the world. It is produced by staff in the Department of Research, Cornell University Library, in consultation with RLG and is published six times a year at www.rlg.org.

Materials in RLG DigiNews are subject to copyright and other proprietary rights. Permission is hereby given to use material found here for research purposes or private study. When citing RLG DigiNews, include the article title and author referenced plus "RLG DigiNews." Any uses other than for research or private study require written permission from RLG and/or the author of the article. To receive this, and prior to using RLG DigiNews contents in any presentations or materials you share with others, please contact Jennifer Hartzell (jlh@notes.rlg.org), RLG Corporate Communications.

Please send comments and questions about this or other issues to the RLG DigiNews editors.

Co-Editors: Anne R. Kenney and Nancy Y. McGovern; Associate Editor: Robin Dale (RLG); FAQ Editor: Richard Entlich; Contributor & Copy Editor: Ellie Buckley; Production: Jenn Colt-Demaree, Carla DeMello; Advisor: Peter Hirtle.

All links in this issue were confirmed accurate as of October 14, 2005.