Revision as of 15:49, 20 December 2016 by Hlhours (talk | contribs) (Considering OAIS and ISO16363 conformance/compliance)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Conformance/Compliance with the OAIS is a recurrent issue, not least for software vendors.

Conformance requires than the OAIS “fulfil the [mandatory] responsibilities” and support the model of information: data object, representation information and information object, alongside content information, packaging information and PDI across the information package variants (SIP, DIP and AIP).

The OAIS shall: – Negotiate for and accept appropriate information from information Producers. – Obtain sufficient control of the information provided to the level needed to ensure Long Term Preservation. – Determine, either by itself or in conjunction with other parties, which communities should become the Designated Community and, therefore, should be able to understand the information provided, thereby defining its Knowledge Base. – Ensure that the information to be preserved is Independently Understandable to the Designated Community. In particular, the Designated Community should be able to understand the information without needing special resources such as the assistance of the experts who produced the information. – Follow documented policies and procedures which ensure that the information is preserved against all reasonable contingencies, including the demise of the Archive, ensuring that it is never deleted unless allowed as part of an approved strategy. There should be no ad-hoc deletions. – Make the preserved information available to the Designated Community and enable the information to be disseminated as copies of, or as traceable to, the original submitted Data Objects with evidence supporting its Authenticity.

From the above it seems clear that software vendors may be able to conform to the information model (especially given “actual implementations may group or break out functionality differently”) but not to the mandatory responsibilities as these are instantiated within the functioning OAIS system, not the software.

This section is followed by the statement:

“A separate standard, as noted in 1.5, has been produced on which accreditation and certification processes can be built.”

But this does no clarify any relationship to the concept of conformance nor explain whether successful certification against the associated standard (ISO16363) implies ‘accreditation’ as an OAIS or as some separate type of entity.

ISO16363 states:

“Institutions began to declare themselves ‘OAIS-compliant’ to underscore the trustworthiness of their digital repositories. However, there was no established understanding of ‘OAIScompliance’ beyond being able to apply OAIS terminology to describe their archive, despite there being a compliance section in OAIS which specifies the need to support the model of information and fulfilling the mandatory responsibilities.”

But “the need to support the model of information and fulfilling the mandatory responsibilities” (above) does seem to go beyond “being able to apply OAIS terminology to describe their archive”.

There isn’t a ‘compliance’ section in OAIS, or indeed any use of the term compliance, it’s described as ‘conformance’. Perhaps clarifying the intended meaning and purpose across OAIS/16363 would help?

ISO16363 notes its RLG/NARA heritage as:

“the TRAC (reference [B3]) document which combined ideas from OAIS (reference [1]) and Trusted Digital Repositories: Attributes and Responsibilities (TDR—reference [B2]).”

When discussing metrics ISO16363 states:

“Metrics are empirically derived and consistent measures of effectiveness. When evaluated together, metrics can be used to judge the overall suitability of a repository to be trusted to provide a preservation environment that is consistent with the goals of the OAIS.” 

Leaving aside whether each part of ISO16363 is truly empirically derived and consistently measurable, this is another case of mentioning both OAIS and ISO16363 without truly explaining their association.

The authors of OAIS said ‘there should be a trust standard’ and the authors of ISO16363 mention that ‘OAIS said there should be a trust standard’ but beyond “consistent with the goals”, I’m not left with a feeling of two standards working seamlessly together to some clear purpose.

Hervé L'Hours