Policy
layers/types
p
e
r
m
i
r s
i s
g i
h o
t n
o
b
l
i
g
a
t
i
o
n
c
o
n
s
t
r
a
i
n
t
Right = relational claim assigned to a right-bearer with
respect to an implicit or explicit other, the counterparty (who
has an obligation) [O. O’Neill; Cambridge University Press,
2002]; constraints that permit or forbid some action
Obligations = event triggered condition-action rules for
policy-based management (i.e. the set of conditions,
requirements and expectations that must be fulfilled by the
system, e.g. for privacy or fair use regulations; constraints that
require some action to be performed, or else serve to waive
such a requirement.
e
v
e
n
t
d
s
p
a s
c r
e b
Constraint = condition that must be met during a state
change based on measurable constructs (e.g. true/false, less
than ten, equal to, etc.)
Event = change of state in a system that triggers further
changes (e.g. disposal of an item on a predefined date)
rule
state info (result of rule application)
Policy: A persistent
declarative specification,
derived from management
goals, of a rule defining
choices in the behavior of a
system* (from PONDER)
1
Enterprise-level
1.1
Regulatory requirements
*systems can include people and workflows in
addition to computer applications
X
X
X
Flag for which compliance reg.
is needed
Flag for existence of ERM
policy
1.2
e-Records Management
X
X
X
1.3
Accessibility
X
X
X
Flag for whether ADA is
required
2
Archive-level
X
Names of governing institution,
source of funding, lifetime of
funding
2.1
Business case
definition notes
X
X
Policies apply at the highest level to which they
apply and inherit downwards
Policies apply to entire organization and all
systems under its control
Does the organization have obligations to
comply with HIPAA, FIRPA, Sarbanes-Oxley, or
other federal regulations that apply to archived
material?
Does the organization have documented rules
for electronic records retention and destruction
of different types of electronic records? If so,
they will be defined at the collection-level
Does the organization require ADA compliance
for system user interfaces (e.g. W3C Web
Content Accessibility Guidelines)
Policies apply to the particular archive and may
differ from other archives within the enterprise
Business goals for archive and plan for
sustainability
2.2
Management framework
X
X
X X
2.3
Security
X
X
2.4
Monitoring
X
X
X
2.5
Business systems
contingency
X
X
X X
2.6
Business process reengineering
2.7
X
X
2.8
Reporting
System quality
management
2.9
Federation
X
2.10
Archive system (software)
copyright
2.11
General security/access
control (i.e. right to use)
2.12
Selection criteria (collection
development)
List of management roles
(collection creation, metadata
update, write file, superuser,
group administrator, security
level, etc.) and of individuals
with permissions for each role
Flags for client-based
encryption (all data stored in
encrypted form), firewall
existence, whether all accesses
are audited, whether system log
files are audited.
X
X
X
X
X
Check
frequency
Check
frequency;
Send reports
X
X
X
X
X
X
X
X
X
X
Check roles;
flags on
access and
deletion
General system security (i.e. is archive
classified? is there a network firewall? are
security audits performed? etc.)
Flag for turning on SRB
monitoring log file
Flag for whether collections are
replicated at another enterprise,
Name of alternate enterprise.
(corresponds to zone in SRB
federation)
What overall system metrics (e.g. storage
usage, network usage) are tracked
Flag for frequency of
architecture review; list of
members of review committee
Flag for summary report
generation frequency; list of
persons receiving reports
How often should the system requirements and
architecture be reviewed and with what
procedure?
Flag for whether ISO compliant
TDR compliance, ISO 9000
Identity management across sites (e.g.
Shibboleth)
X
X X
How is the system managed, by whom, with
what skills and/or credentials?
Flag for existence of copy of
source; location of sources;
type of license
Roles for access controls; lists
of persons with permissions for
each role; flag for holding data,
whether held data can be
deleted
Flag for allowed data genres,
sources, formats, or other rules
for deposit. Accession template
specifying amount of data
Disaster recovery plan
Who is notified of success, problems, and how?
What usage reports are available?
If the system software is copyrighted, is there
an open source license?
Which users are eligible for access? Is the
system classified?
Scope eligibility, including both high-level
criteria for inclusion as well as case-by-case
decisions – can also be applied at collection
level
2.13
Content usage policies
2.14
Persistent identifiers
2.15
X
X
X
Storage
X
2.16
Access time
X
2.17
X
2.19
Authenticity (provenance)
Preservation standards
compliance
Media migration/refreshing
frequency
2.20
Export formats supported
2.18
X
X
X
X
X
X
X
X
Validate
usage
constraint and
X
enforce roles
Create handle
on data
X X insertion
Support data
staging of
heavily used
data to
achieve
required
X response time
Validate
access log
files for
compliance
X X with metric
X X
Flag for type of AIP required
Flag for frequency of media
migration
Check
X frequency
X
Search/browse
X
X
X
2.22
Metadata harvesting
X
X
X
2.23
Open systems environment
X
Flag for response time metrics
(average delay versus longest
delay)
List of events and roles that will
be monitored
2.21
X
Flag for staging data; list of
storage types, average
response time per storage type
Generate
X X history events
X
X
Roles created for each type of
usage constraint
List of types of GUID. lists of
locations of handle systems for
creating GUIDs
X
2.24
Deposit license
X
X
X
2.25
User privacy
X
X
X
Flag for type of DIP
Check for
required
indexes
Check
metadata
access role
Check format
flag
Check if
required
license
provided
List of required indexes
Object level requirement?
Flag for formats allowed
Flag for deposit license
Constraints on content usage (i.e. rights
management). e.g. CC license allowing
derivative works, holds, litigation, MOUs, gift
agreements, etc.
Which type are assigned and to what? Are
multiple identifiers for an item supported?
E.g. HSM, disk or tape, access time vs cost,
access fulfillment requirements that drive tape
migrations, etc. Can vary by collection, format
type
SLA for mean time to access a given archived
item
What life cycle events are tracked (defined as
Digiprov or History system metadata) e.g.
include user events like file reads? Metadata
updates? Can vary by collection
e.g. PERM and ISO9015.2; compare to DTR
checklist
How often is storage media updated?
e.g. METS, MPEG21 or IMS-CP; items,
collections, or entire archive
Are there standard indexes that will be
available for search/browse (e.g. DC title,
author, keywords, pub date)?
Is metadata publicly available or accessrestricted? What formats can be harvested?
e.g. MA state policy on OpenDoc formatted
documents
Is copyright transfer or another license
(standardized or customizable ala CC) required
for deposit?
Is end-user usage data publicly available?
Used internally for data mining? Locked down?
With what technical mechanism?
Examples:
2.26
Customer service
3
Collection-level
X
X
X
3.1
Deposit
X
X
X
3.2
Organization
X
X
X
3.3
Metadata
X
X
X
3.4
Retention schedule(s)
X
X
-- sanitize or destroy usage data after some
defined period of time
-- procedure for employees responding to HSA
requests for usage data
Is there a defined procedure for providing user
support? e.g. defined turnaround time for
trouble tickets?
Policies with apply uniformly to every item in a
given collection within the archive
Check
collection
update role
Check roles
List of registered persons who
may exercise collection role
Schema for
collection/subcollection
hierarchy
List of persons with metadata
editing rights; List of persons
with annotation rights. Flag for
METS profile.
Date to apply
X X disposition
Flag for type of retention
(delete, archive, migrate to
another enterprise
3.5
Disposition
3.6
Destruction
3.7
Withdrawal
3.8
Physical location
4
Item-level
4.1
Risk management
X
X
X
X
X
X
X X
X
Enforce
overwrites on
X X delete
Check each
access/
deletion for
whether
person has
X X required role
X
Check
X location data
Flag for allowed storage
locations
X
Whether
access can be
X to master or
Flag for master copy
X
Flag for number of overwrites of
deleted data if media reused, or
flag for destruction of media
Roles for read access. Flag for
deletion ability
Who can deposit items into the collection
How is the collection organized (i.e. order of
submission, owner-specified order, grouped by
like formats, etc.)
What metadata is required, allowed? Who can
supply (e.g. user annotations)? What is the
system of record? Is all metadata kept
indefinitely?
How long are records kept, e.g. for records
management, Sarb-Ox compliance, nondestruction holds during litigation, etc.
Local policies for records retention, if any. what
can a curator specify as the outcome once the
record's retention period expires -- e.g.
destruction or permanent archiving
How and to what degree? With what
assurance?
Can collections or individual items be
withdrawn or suppressed from access
Where is the data allowed to sit physically? Any
restrictions e.g. only in this state, only in this
country, etc.
Individual unit of preservation, e.g. an electronic
record or complete digital object. Can be
composed of multiple files or bitstreams with
any level of complexity
Level of concern (e.g. is this file the archival
master or a delivery copy?)
must be to a
replica
4.2
Format
4.4
Version
4.5
Dissemination
4.6
4.7
4.8
Protection
Preservation
Replication
X
X
X
X
X
X
X
X
X
X
X
X
X
4.9
Service replication
X
4.10
Integrity (provenance)
X
4.11
Audit Frequency
X
List of supported formats and
flag for SLA support level for
each
X
X
X
X
Which version
event is being
created
List of retained version events
X
Place data in
staging area
rather than
X X collection
Check for
format
obsolescence,
migrate
deprecated
format to next
supported
X X format
Create
required
copies on
X ingest
Try
alternative(s)
in order if
original is not
X
available
Whether file format is accepted, preservation
SLA for each accepted format; Also any
requirements for quality within format (e.g.
compliance with TIFF 6.0 acceptance specs)
Number of versions retained (e.g. first, last,
intermediates). Versions relates to different
editions (FRBR manifestations) rather than
different file formats of identical intellectual
content (e.g. PDF and Word)
Are there constraints or obligations for
“rendered” content? e.g. must provide a
bitstream disseminator in addition to
specialized viewing tools
Flag for whether data must be
staged
E.g. virus checking of new submissions.
Related to risk management; encoding formatdependent
List of supported formats,
deprecated formats; For each
forma, flag for whether to
preserve across format
obsolescence
If archive plans to preserve contents, detect
preservation event (e.g. via GDFR) and apply
preservation methodology;
Can vary at the collection-level (i.e. do not
preserve an entire collection for some business
reason)
Flag for number of copies
required; list of replica locations
Number of copies to be made, and which
specific location(s), business rules, preferences
for order of replication use
Report
X discrepancies
Flag for checking integrity
Fail-over rules for system unavailability (i.e. is
there another copy somewhere else? In what
order of preference?)
Defined as no unintended changes to the
contents of the archive (i.e. checksum
checking)
Check
X frequency
Flag for frequency of auditing
How often does the integrity audit run
List of service instances,
duplicate service providers