Risk in trustworthy digital repository audit and certifcation
Philosophische Fakultät
Risk is a foundational concept in digital preservation. While it has been examined
from technical, economic, and organizational perspectives, I argue that it is also a
social phenomenon. In this study I report on the results from 42 interviews with
stakeholders in the Trustworthy Repositories Audit & Certifcation (TRAC) system,
and analysis of documents relating to the ISO 16363 standard in order to examine
how standard developers, auditors, and repository staf members understand the
concept of risk for digital repositories. The results of this research demonstrate that
members of these three stakeholder groups identifed risk in the TRAC audit and
certifcation process in terms of specifc potential threats or sources of risk, which
I have organized into fve main categories: fnance, legal, organizational governance, repository processes, and technical infrastructure. While standard developers, auditors, and repository staf generally shared an understanding of the major
sources of potential risk that face digital repositories, they disagreed about whether
and how these risks can be mitigated and how mitigation can be proven. Individuals
who were more removed from the day-to-day work of the repositories undergoing an
audit were more likely to accept well-documented risk identifcation and mitigation
strategies as sufcient evidence of trustworthiness, while repository staf were skeptical that documentation was sufcient evidence of risk assessment and mitigation
and thus questioned whether this would translate to actual trustworthiness for longterm digital preservation.
Files in this item
Notes