Co-funded by the European Union under FP7-ICT-2009-6
Audit & Certification with ISO standards
Barbara Sierman, KB National Library of the
Netherlands
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
Audit & Certification: why
• Part of preservation policies in many organisations (SCAPE
project findings)
–
–
–
–
Independent view on archives activities
Benchmarking
Requirement of funding organisations
Quality assurance of scientific e-infrastructure
• Verify the claim: Are the repositories “trustworthy”?
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
The history
2002
• OAIS ISO 14721 published (updated 2012)
• Par. 1.5: standard(s) for accreditation of archives.
2005
• Checklist for Certification of Trusted Digital Repositories
(RLG/NARA)
• Testaudits performed by RLG
2007
2012-
• DRAMBORA (2007), NESTOR (2006)
• Trusted:Repositories
Audit
and Certification
final report.
Infrastructure and
Security
Risk Management
• (Input for Repositories Audit and Certification Working Group
(RAC-WG)
• ISO 16363 Audit and Certification of Trustworthy Digital
Repositories (RAC-WG)
• Draft ISO 16919 Requirements for bodies providing Audit and
Certification for candidate trustworthy repositories (RACWG)
• Primary Trustworthy Digital Repository Authorisation Body
(PTAB)
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
The standard 16363
• ISO 16363- 2012 Audit and Certification of Trustworthy
Digital Repositories
Organisational
Infrastructure
Digital Objects
Management
Infrastructure and
Security Risk Mgmt.
: Infrastructure and Security Risk Management
Metrics
• Statement of requirement
• Supporting text
• Examples: repository demonstrates it is
meeting this requirement
• Discussion
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
The standard 16363
• ISO 16363- 2012 Audit and Certification of Trustworthy
Digital Repositories
• Guidance for auditors
• Other standards also applicable (security)
• Dependent on auditors experience
Consistency!
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
The standard 16919
• ISO has a range of standards of good auditing practices (ISO 17000:2004)
• ISO 16919 Requirements for bodies providing Audit and
Certification for candidate trustworthy repositories
• Defines a process for accreditation of auditors.
CASCO: Committee on
Conformity Assesment:
advice
National standards bodies
ISO
IAF: International
Accreditation Forum
Monitoring &
Approving
Assessors,
Training/Accreditation Group
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
The standard 16919
As long as ISO 16919 is not an approved standard:
no formal ISO 16363 audit possible yet!
no formal ISO 16363 certification possible yet
Expected to be ready soon (2014)
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN
Co-funded by the European Union under FP7-ICT-2009-6
More …
EU Proposal CTRUST in Horizon 2020
http://www.iso16363.org/



news from the PTAB Group (training)
References to ISO16363
Self-Assessment Template
http://www.iso16363.org/preparing-for-an-audit/
Barbara Sierman, KB-NL
4th RDA Meeting, Amsterdam 23-09-2014
aparsen.eu
#APARSEN