Digital preservation risks

From wiki.dpconline.org
Jump to navigation Jump to search

How do you describe risk?

Relationship between risks, costs, drivers

Risk areas to think about:

Use the DRAMBORA (http://www.repositoryaudit.eu/about/) classification:

  • Physical environment
  • Personnel, Management and Admin procedures
  • Operations & Service Delivery
  • Hardware, Software of Communications Equipment and Facilities

Cross reference with the SPOT (http://www.dlib.org/dlib/september12/vermaaten/09vermaaten.print.html) model:

  • availability (long-term use...)
  • identity (referencibility...)
  • persistence
  • renderability (use and retain sig. char.)
  • understandability (interpretation of content)
  • authenticity (digital bit or rendered form is what it is supposed to be)
  • security

How do you prioritise risk?

Using a risk assessment to inform the business case

Scoring risks

Scenarios

  • Risks to consider/prioritise in a business case for a repository system
  • Risks to consider/prioritise in a business case for new DP staff
  • Risks to consider/prioritise in a business case for a digital preservation service

The following are all examples that could factor into any of the above sections...

CURATION

  • responsibility (who is actually responsible)
  • rights and licensing, use/re-use
  • IP
  • sensitivity (access control)
  • who adds value

ORGANISATION

  • capability and skills (skills gap)
  • succession planning
  • MANDATE (local, institutional, national, international)
  • usability
  • marketing/surfacing/relevance
  • value of asset, reputation of asset
  • accruing value, impact, re-use, evidence
  • measuring and metrics
  • understand the long-term vision if the data is view over a long/short-term
  • managing expectations of use
  • value of materials against strategy
  • what happens when the organization no longer values the collection?
  • flow of resources to keep activity going (sustainability)
  • respond to external factors
  • institutional sustainability
  • organization maturity (are they ready to care for these assets)
  • risk profiles (are they similar to physical or organization structure) are we making assumptions?

Communications