Auditing Digital Archival Repositories: Risks Assessment with DRAMBORA
Presented by Perla Innocenti
Several international efforts have sought to identify core characteristics that must be demonstrable by successful digital archives, expressed in the form of check-list documents, intended to support the processes of digital archive accreditation and certification. However, viewed in isolation, the available guidelines lack practical applicability; confusion over evidential requirements and difficulties associated with the diversity that exists among archives (in terms of mandate, available resources, supported content and legal context) are particularly problematic. A gap exists between the available criteria and the ways and extent to which conformance can be demonstrated. The Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)1 is a methodology for undertaking repository self assessment, developed jointly by the Digital Curation Centre (DCC) and Digital Preservation Europe (DPE). It utilises a bottom-up approach that takes risk and risk management as its principle means for determining digital archives’ success and for charting their improvement. DRAMBORA requires archives to expose their organization, policies and infrastructures to rigorous scrutiny through a series of highly structured exercises, enabling them to build a comprehensive registry of their most pertinent risks, arranged into a structure that facilitates effective management. This approach represents an acknowledgement that digital archives are a manifestation of complex organizational, financial, legal, technological, procedural, and political interrelationships, each accompanied by numerous innate uncertainties; the implicit complexity is further exacerbated by the relative immaturity of understanding that is prevalent within the digital archiving domain. It draws on experiences accumulated throughout 18 evaluative pilot assessments undertaken in an internationally diverse selection of archives, as well as numerous digital libraries and data centres (including institutions and services such as the National Archives of both the Netherlands and Scotland, Gallica of the National Library of France, CERN Document Server and the Netarkivet). Other organizations, such as the British Library and the US Geological Survey, have been using sections of DRAMBORA within their own risk assessment procedures.
This presentation describes the DRAMBORA methodology and introduces the DRAMBORA Interactive online tool which greatly facilitates the completion of its six principle stages. Its coverage includes a description of experiences accumulated and lessons learned from the series of pilot assessment programmes that have made possible the development, validation and evolution of the methodology. From its initial document-only release, DRAMBORA has developed in a number of ways. The most immediate improvement has been in terms of the form within which the toolkit is distributed and used. In early 2008 DRAMBORA 2.0 was released as an interactive online tool, offering an intuitive form based interface, peercomparison features, configurable reporting mechanisms and maturity tracking. By requiring users to describe the characteristics of their own repositories the interactive tool is going to present ‘comparable organisations’ with insights into the kinds of risks that are faced by their peers, in order to help ensure the comprehensiveness of their own coverage. This information forms the basis for a series of repository profiles, which provide a vehicle within which to present core roles, responsibilities, functions and risks for a variety of repository types. The availability of these profiles is expected to facilitate and further legitimise repository assessment and development.
Additionally, and reflecting other audit contexts, DRAMBORA’s authors have conceived and formalised a number of key lines of enquiry, detailed question sets that can inform and regularise the assessment process. Associated with individual repository profiles these are capable of empowering repository practitioners to pursue, as an external auditor would, the most important issues within their own environment, and instil greater confidence in the results.
