Digital preservation risks

From wiki.dpconline.org
Revision as of 11:41, 31 July 2013 by Tjvcarter (talk | contribs)
Jump to navigation Jump to search

This section provides guidance on how to conduct a risk assessment for your digital collections and how to use this results of the assessment to support a digital preservation business case.

Process

This is the process that a practitioner should follow to build this section of the business case. This should be a numbered list!

  1. Define the focus and scope of the risk assessment.

The focus of your risk assessment may depend on the purpose of your business case: are you making a case for new staff, a new system, or a new service? Decide how comprehensive you want your risk assessment to be: will you include general risks to your organisation, or limit your assessment to your digital collections?

  1.  Decide how best to conceptualise and prioritise risks.
  2.  Select a methodology that will shape or inform the assessment.
  3.  Categorise and prioritise risks.
  4.  Decide how best to present your risks to support your business case.

Content

This should describe the contents or structure of the business case, resulting from following the Process above.

Scenarios

Thoughts on how to adapt the content of this section to particular scenarios that the business case is focused on.

Communications

Notes relevant to tailoring this section to the appropriate audience and communicating the the business case to that audience

Resources

These are external resources of relevance to this section. Links can be incorporated into the text above if that is more useful.

How do you describe risk?

Relationship between risks, costs, drivers

Risk areas to think about:

Use the DRAMBORA (http://www.repositoryaudit.eu/about/) classification:

  • Physical environment
  • Personnel, Management and Admin procedures
  • Operations & Service Delivery
  • Hardware, Software of Communications Equipment and Facilities

Cross reference with the SPOT (http://www.dlib.org/dlib/september12/vermaaten/09vermaaten.print.html) model:

  • availability (long-term use...)
  • identity (referencibility...)
  • persistence
  • renderability (use and retain sig. char.)
  • understandability (interpretation of content)
  • authenticity (digital bit or rendered form is what it is supposed to be)
  • security

How do you prioritise risk?

Using a risk assessment to inform the business case

Scoring risks

Scenarios

  • Risks to consider/prioritise in a business case for a repository system
  • Risks to consider/prioritise in a business case for new DP staff
  • Risks to consider/prioritise in a business case for a digital preservation service

The following are all examples that could factor into any of the above sections...

CURATION

  • responsibility (who is actually responsible)
  • rights and licensing, use/re-use
  • IP
  • sensitivity (access control)
  • who adds value

ORGANISATION

  • capability and skills (skills gap)
  • succession planning
  • MANDATE (local, institutional, national, international)
  • usability
  • marketing/surfacing/relevance
  • value of asset, reputation of asset
  • accruing value, impact, re-use, evidence
  • measuring and metrics
  • understand the long-term vision if the data is view over a long/short-term
  • managing expectations of use
  • value of materials against strategy
  • what happens when the organization no longer values the collection?
  • flow of resources to keep activity going (sustainability)
  • respond to external factors
  • institutional sustainability
  • organization maturity (are they ready to care for these assets)
  • risk profiles (are they similar to physical or organization structure) are we making assumptions?

Communications