Digital preservation risks: Difference between revisions

From wiki.dpconline.org
Jump to navigation Jump to search
No edit summary
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[File:StepByStep.png|right|Archiving your files securely in a repository]]
[[File:Risks octopus web.png|right|It's the Octopus of Digital Preservation Risks! Run for your lives/bits!]]
Completing a preliminary digital preservation risk assessment will help you to clarify the recommendations you intend to make in your business case. It will also enable you to justify these recommendations by demonstrating their relevance and urgency. This section provides guidance on how to conduct a risk assessment for your digital collections. It also includes suggestions as to how best to make use of the results of your risk assessment in order to support your digital preservation business case.
Completing a preliminary digital preservation risk assessment will help you to clarify the recommendations you intend to make in your business case. It will also enable you to justify these recommendations by demonstrating their relevance and urgency. This section provides guidance on how to conduct a risk assessment for your digital collections. It also includes suggestions as to how best to make use of the results of your risk assessment in order to support your digital preservation business case.


== Process ==
=Process=
<!-- ''This is the process that a practitioner should follow to build this section of the business case. This should be a numbered list!'' -->
<!-- ''This is the process that a practitioner should follow to build this section of the business case. This should be a numbered list!'' -->


Line 24: Line 24:
#* Consider placing more emphasis on risks that your audience are likely to consider particularly significant.
#* Consider placing more emphasis on risks that your audience are likely to consider particularly significant.


== Content ==
=Content=
<!-- ''This should describe the contents or structure of the business case, resulting from following the Process above.'' -->
<!-- ''This should describe the contents or structure of the business case, resulting from following the Process above.'' -->


=== Risk domains and specific risks ===
===Risk domains and specific risks===
<!-- There might be a better title for this! -->
<!-- There might be a better title for this! -->


Line 62: Line 62:
|}
|}


=== Presenting risks ===
===Presenting risks===


How you present the risks you have identified will vary depending on the purpose of your business case. The following are some general suggestions for presenting risks in a digital preservation business case:
How you present the risks you have identified will vary depending on the purpose of your business case. The following are some general suggestions for presenting risks in a digital preservation business case:
Line 71: Line 71:
* Risks should have owners. Show what is the responsibility of various people in your [[Stakeholder_analysis]]. Some of these may be people you are making the case to, while others may be people involved in the implementation.
* Risks should have owners. Show what is the responsibility of various people in your [[Stakeholder_analysis]]. Some of these may be people you are making the case to, while others may be people involved in the implementation.


== Scenarios ==
=Scenarios=
<!-- ''Thoughts on how to adapt the content of this section to particular scenarios that the business case is focused on.'' -->
<!-- ''Thoughts on how to adapt the content of this section to particular scenarios that the business case is focused on.'' -->


Line 84: Line 84:
-->
-->


== Resources ==
=SCAPE Project business case examples=
''Use this to see how digital preservation risks can be articulated within a particular organisational context.''
 
This section provides example text from [http://www.scape-project.eu/ SCAPE Project] case studies along with explanatory discussion notes.
{{:JpylyzerRisks}}
 
''See the full business case example for more information: [[A business case for Jpylyzer]]''
 
=Resources=
<!-- ''These are external resources of relevance to this section. Links can be incorporated into the text above if that is more useful.'' -->
<!-- ''These are external resources of relevance to this section. Links can be incorporated into the text above if that is more useful.'' -->
 
===Risk Assessment Methodologies===
=== Risk Assessment Methodologies ===
We have found the following self-assessment risk analysis tools to be particularly useful:
We have found the following self-assessment risk analysis tools to be particularly useful:


==== DRAMBORA ====
====DRAMBORA====
 
[http://www.repositoryaudit.eu/ DRAMBORA] (Digital Repository Audit Method Based on Risk Assessment) is a complete online toolkit for a digital repository audit. The toolkit guides users through the audit process, from defining the purpose and scope of the audit to identifying and addressing risks to the repository. Completing a full audit based on the DRAMBORA model may be beyond the scope of your business case. However, DRAMBORA does provide a list of over 80 examples of potential risks to digital repositories, framed in terms of possible consequences. These examples may help you to build up a list of potential specific risks to our collections.
[http://www.repositoryaudit.eu/ DRAMBORA] (Digital Repository Audit Method Based on Risk Assessment) is a complete online toolkit for a digital repository audit. The toolkit guides users through the audit process, from defining the purpose and scope of the audit to identifying and addressing risks to the repository. Completing a full audit based on the DRAMBORA model may be beyond the scope of your business case. However, DRAMBORA does provide a list of over 80 examples of potential risks to digital repositories, framed in terms of possible consequences. These examples may help you to build up a list of potential specific risks to our collections.


==== SPOT ====
====SPOT====
 
The [http://www.dlib.org/dlib/september12/vermaaten/09vermaaten.html SPOT] (Simple Property-Oriented Threat) model aims to provide a simple model for risk assessment, focused on safeguarding against threats to six properties of digital objects that the authors consider fundamental to their preservation: availability, identity, persistence, renderability, understandability, and authenticity. The model discusses threats in terms of their potential impacts on these properties, providing several example outcomes for each. The authors have also included a useful comparison of other digital preservation threat models. SPOT may help you to determine the different categories of risks that you will need to consider.
The [http://www.dlib.org/dlib/september12/vermaaten/09vermaaten.html SPOT] (Simple Property-Oriented Threat) model aims to provide a simple model for risk assessment, focused on safeguarding against threats to six properties of digital objects that the authors consider fundamental to their preservation: availability, identity, persistence, renderability, understandability, and authenticity. The model discusses threats in terms of their potential impacts on these properties, providing several example outcomes for each. The authors have also included a useful comparison of other digital preservation threat models. SPOT may help you to determine the different categories of risks that you will need to consider.


=== Other Useful Resources ===
===Other Useful Resources===
 
The following presentations introduce the concept of risk management in digital preservation and suggest methods for assessing and prioritising risks:
The following presentations introduce the concept of risk management in digital preservation and suggest methods for assessing and prioritising risks:
* Caroline Peach, [http://www.bl.uk/blpac/pdf/gettingstarted_april2013_peach_risks.pdf Risk Management and Digital Preservation]
* Caroline Peach, [http://www.bl.uk/blpac/pdf/gettingstarted_april2013_peach_risks.pdf Risk Management and Digital Preservation]

Latest revision as of 20:12, 24 April 2014

It's the Octopus of Digital Preservation Risks! Run for your lives/bits!

Completing a preliminary digital preservation risk assessment will help you to clarify the recommendations you intend to make in your business case. It will also enable you to justify these recommendations by demonstrating their relevance and urgency. This section provides guidance on how to conduct a risk assessment for your digital collections. It also includes suggestions as to how best to make use of the results of your risk assessment in order to support your digital preservation business case.

Process

The exact process followed for your risk assessment will depend on its depth and scope. The following steps are intended to provide a basic framework to help you get started:

  1. Define the focus and scope of your risk assessment.
    • The focus of your risk assessment will depend on the purpose of your business case: are you making a case for new staff, a new system, or a new service? Are there certain risks that are specific to these circumstances?
    • Decide how comprehensive you want your risk assessment to be: will you include general risks to your organisation, or limit your assessment to your digital collections?
  2. Assemble any information that might help you to better understand the collection, e.g. data gathered as part of a digital collections audit.
  3. Use risk assessment methodologies to guide or inform your assessment, and to help identify risk domains and specific risks.
    • DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) is a complete toolkit for a digital repository audit, which includes a list of over 80 examples of potential risks to digital repositories.
    • The SPOT (Simple Property-Oriented Threat) model aims to provide a simple model for risk assessment, focused on safeguarding against threats to six essential properties of digital objects.
  4. Decide how best to describe and conceptualise risks.
    • Describing risks in terms of the consequences for your users or institution (e.g. resources not discoverable) may enable you to make a more dramatic case for digital preservation; focusing on causes of risks (e.g. inadequate metadata), however, may help you to shape your business case recommendations and make a strong case for them to be implemented.
  5.  Categorise and prioritise the risks you have identified.
    • Group risks according to common categories e.g. staffing, storage arrangements.
    • Prioritise risks by scoring them according to their likelihood and impact.
    • Think about the level of detail that you need to make your case. E.g. do you need to describe 10 different risks to your storage media, or one risk which is storage and describes the implications of the 10 more detailed risks?
  6.  Considering your audience, decide how best to present your risks to support your business case.
    • Describe risks using terms that will be accessible to your audience.
    • Consider placing more emphasis on risks that your audience are likely to consider particularly significant.

Content

Risk domains and specific risks

Both DRAMBORA and the SPOT model provide examples of risk domains and specific risks, which may help you to identify risks to include in your business case.

DRAMBORA describes risks to different areas of an organisation's operations: SPOT describes risks to essential properties of digital objects:
  • Physical environment
  • Personnel, Management and Admin procedures
  • Operations & Service Delivery
  • Hardware, Software of Communications Equipment and Facilities
  • availability
  • identity
  • persistence
  • renderability
  • understandability
  • authenticity
Examples of specific risks which DRAMBORA suggests for these domains include: Examples of specific risks which SPOT suggests for these properties include:
  • Loss of key member(s) of staff
  • Legal liability for IPR infringement
  • Hardware failure or incompatibility
  • Sufficient metadata is not captured or maintained
  • Object characteristics important to stakeholders are incorrectly identified and therefore not preserved
  • Inadvertent damage to medium and/or bit sequences via hardware, software or operator error

Presenting risks

How you present the risks you have identified will vary depending on the purpose of your business case. The following are some general suggestions for presenting risks in a digital preservation business case:

  • Group risks under sensible headings, and describe them using terms accessible to your audience.
  • Prioritise risks to give more weight to those that most strongly support your case.
  • For each risk, clearly describe the threat, and explain why it is a problem and what the consequences are likely to be if it is left unaddressed.
  • Where possible, phrase risks so that there are clear links with the recommendations you are making in your business case.
  • Risks should have owners. Show what is the responsibility of various people in your Stakeholder_analysis. Some of these may be people you are making the case to, while others may be people involved in the implementation.

Scenarios

The focus of your risk assessment, and how you prioritise and present risks, will vary depending on the purpose of your business case, as in the following scenarios:

  • A business case for new digital preservation staff
Focus on the risks that result from your current staffing deficit, including, for example, a lack of expertise required to manage your collections.
  • A business case for a new digital repository system
Take a holistic approach to assessing the risks to your collections, considering all of the requirements for your service, including staffing, storage and metadata.

SCAPE Project business case examples

Use this to see how digital preservation risks can be articulated within a particular organisational context.

This section provides example text from SCAPE Project case studies along with explanatory discussion notes.

Jpylyzer digital preservation risks

An example of digital preservation risks relevant to a specific business case.

A number of a digital preservation risks associated with the JP2 format were identified by early adopters of this technology. Without the application of suitable mitigation there is considerable concern for the longevity of material stored in this format. Software applications that generate JP2's have shown some degree of unreliability. Processing large volumes of data can push generating software (and other workflow processes) to the edge. Results can be invalid or badly formed JP2 files, or possibly even truncated files. The JP2 format presents a vast array of options for the design of a particular JP2 file. JP2's can be optimised for delivery and access in a variety of ways and the type and level of lossy compression is crucial in ensuring appropriate file size and quality levels. These policy choices are defined in the organisational JP2 profile. If JP2's are generated that do not meet this profile, management of and access to the files may become problematic.

This image, courtesy of the British Library provides an example of an arbitrarily truncated JP2, created by a faulty workflow process at the British Library. This example was one of many used to test developments in Jpylyzer.

Discussion

Discussion notes explaining the approach in developing the Digital Preservation Risks example, above.

  • A strong business case results from the use of references to real examples of relevant preservation risks.
  • The use of images can be a powerful communication tool.
  • There should be a clear link from the Business activity to the risks outlined in this section, in this case the focus is on JP2, the format that Jpylyzer (which forms a central part of the business activity) validates.

See the full business case example for more information: A business case for Jpylyzer

Resources

Risk Assessment Methodologies

We have found the following self-assessment risk analysis tools to be particularly useful:

DRAMBORA

DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) is a complete online toolkit for a digital repository audit. The toolkit guides users through the audit process, from defining the purpose and scope of the audit to identifying and addressing risks to the repository. Completing a full audit based on the DRAMBORA model may be beyond the scope of your business case. However, DRAMBORA does provide a list of over 80 examples of potential risks to digital repositories, framed in terms of possible consequences. These examples may help you to build up a list of potential specific risks to our collections.

SPOT

The SPOT (Simple Property-Oriented Threat) model aims to provide a simple model for risk assessment, focused on safeguarding against threats to six properties of digital objects that the authors consider fundamental to their preservation: availability, identity, persistence, renderability, understandability, and authenticity. The model discusses threats in terms of their potential impacts on these properties, providing several example outcomes for each. The authors have also included a useful comparison of other digital preservation threat models. SPOT may help you to determine the different categories of risks that you will need to consider.

Other Useful Resources

The following presentations introduce the concept of risk management in digital preservation and suggest methods for assessing and prioritising risks: