Something that stuck me right away in Sheldonâ€™s â€œAnalysis of Current Digital Preservation Policiesâ€ was the often extreme difference in elements included in policies of Europe and of North America. The greatest that Sheldon found gap was in Security Management:
â€œSecurity Management: Risk assessment, disaster planning, and/or security proceduresâ€
I decided to delve deeper into this deviation by examining several digital preservation policies from both European and North American (mostly US) institutions.
As I explored the institutionsâ€™ digital preservation policies as they stand now, I found that the policies did not exactly reflect what Sheldon found in 2013. This most likely means that these institutions have updated their policies in the last few years (which is not surprising at all, considering the great increase in concern for digital preservation in the field combined with the size and resources of the institutions I was looking at). Those policies that Sheldon had found that did not include the element of Security Management now almost all did, if only sporting a vague mention.
These changes aside, I began to think that the element of Security Management should in fact be split up into two different elements:
- Risk Assessment planning
- Disaster Planning
To me, these elements refer to separate but equally important aspects of successful digital preservation.
Note: â€œSecurity Measuresâ€ could refer to the security of the integrity of the digital materials, which would therefore be covered by risk assessment and disaster planning. For a digital preservation policy, this makes sense, and I therefore wonâ€™t go into more detail about all of the other security-related elements digital repositories have to deal with and should talk about in their policies.
Most policies mentioned associated risks or â€œchallengesâ€, avoiding risks, and assessment/audit of the policy. Assessment, while it seems like it could denote risk assessment (because auditing a policy with a goal of risk aversion is essentially assessing how well the institution is meeting and avoiding these risks), is already covered in another of Sheldonâ€™s elements: Policy/Strategy Review â€“ Periodic review of policy/strategy.
Many policies listed risks or challenges associated with digital preservation, although many tended to be quite vague, especially those from North America. The policies of UNC Chapel Hillâ€™s Howard W. Odum Institute for Social Science and the University of South Carolina do not address risk assessment of materials at all.
In contrast, The British Library included an entire Strategic Priority about risk assessment and management. They promise to â€œIntegrate digital preservation risk management into our collection management and risk management strategies, so that digital risks are treated comparably with those facing analogue content and regular preservation risk assessments are undertaken.â€ They continue to go into more detail about their strategic plan to manage risks, including a pledge to conduct 24 local risk assessment exercises per year, minimum. A comprehensive risk assessment policy should describe specific risks and responses in preservation strategy to those specific risks. The British Library includes an entire chart noting â€œthe key risks to delivering the Libraryâ€™s digital preservation strategy.â€ These risks â€œwill be monitored and updated on a quarterly basis by the Head of Digital Preservation.”
Disaster planning is critical to making sure that your materials will stand the test of time. An institution can assess the risks of various file formats and storage mediums, but if you are not prepared for an earthquake or flood or fire or server crash or whatever other natural or man-made disaster your materials are exposed to, all of that other preparation and policy could be in vain. While many institutions mentioned multiple copies, and several mentioned multiple storage locations (which is a form of disaster planning), few dictated detailed disaster plansâ€¦
Purdue University Research Repository stated that they would â€œEstablish adequate and secure backup and disaster recovery safeguards.â€ Vague. Boston University Libraries and Dartmouth College Library at least point to the use of LOCKSS to provide multiple copies (but nothing further). In sharp contrast, Hampshire Council outlines a specific, step-by-step â€œEmergency Planâ€ for disaster prevention and preparedness.
Several institutions, such as UNC Chapel Hill and Purdue, stated that they were either striving to become or were already certified as a â€œTrusted Digital Repositoryâ€ (TDR). According to the RLG/OCLCÂ Working Group on Digital Archives Attributes, â€œA trusted digital repository is one whose mission is to provide reliable, long-term access to managed digital resources to its designated community, now and in the futureâ€ (2002, i). In this report, disaster preparedness is mentioned as a responsibility four times. System security has its own entire section. This report led to ISO 16363 standard (Audit and Certification of Trustworthy Digital Repositories). While pointing to standards, such as ISO 16363, does effectively address many of the elements of digital preservation, it seems to be a bit of an easy out for the institution writing the policy.
Many institutions that referenced ISO 16363 do not mention anything about disaster preparedness in their policy. Even a brief mention with a reference to ISO 16363 would at least alert staff and other stakeholders to the institutionâ€™s commitment to a disaster preparedness plan. However, stakeholders are unlikely to go searching through external resources to find out more about their institutionâ€™s digital preservation policy. An institution would, I believe, create a stronger environment of commitment to digital preservation if their own policy outlined all of the elements and policies they work with, rather than pointing to other resources. These other resources are great to show that they as an institution are committed to collaboration and standards, but not great for educating their stakeholders.
Boston University Libraries: Digital Initiatives & Open Access â€“ Digital Preservation Policy
British Library â€“ Digital Preservation Strategy
Dartmouth College Library â€“ Digital Preservation Policy
Hampshire County Council Archives â€“ Digital Preservation Policy http://www3.hants.gov.uk/archives/hro-policies/hro-digital-preservation-policy.htm
Purdue University Research Repository (PURR) â€“ PURR Digital Preservation Policy https://purr.purdue.edu/legal/digitalpreservation
RLG/OCLC Working Group on Digital Archives Attributes (2002). Trusted Digital Repositories: Attributes and Responsibilities. http://www.oclc.org/content/dam/research/activities/trustedrep/repositories.pdf
Sheldon, M. (2013). Analysis of Current Digital Preservation Policies: Archives, Libraries and Museums. The Library of Congress. http://www.digitalpreservation.gov/documents/Analysis%20of%20Current%20Digital%20Preservation%20Policies.pdf
University of North Carolina at Chapel Hill: The Howard W. Odum Institute for Social Science â€“ Digital Preservation Polices http://www.irss.unc.edu/odum/contentSubpage.jsp?nodeid=629
University of South Carolina Libraries â€“ USCL Digital Preservation Policy FrameworkÂ http://library.sc.edu/digital/USC_Libraries_Digital_Preserva.pdf