Trusted digital repositories in context: definitions, diagnoses, and directions for better practice

Thomas Jefferson was one of the founding fathers of the United States of America. He authored the country's Declaration of Independence and was the country's second President. He was an intellectual and an avid book collector and thereby an information curator.

With that framework in mind, he understood the value of trustworthiness and reliability as they pertain to information, which is but one step on the journey to wisdom. We can assert this position as T. Jefferson actually declared that, "Honesty is the first chapter of the book of wisdom"³¹.

This writer will take a moment to unpack the journey to wisdom beginning even before the point of a single datum.

Knowledge is Power(ful).

All of this begs the question: what is the point of the reliability of the information we seek or that which finds us? This writer would assert that it all eventually comes down to measuring the quality of the human experience by way of wise decision-making. W. Kerner interview response delivered via email to the Author on 20 Oct 2021 and retained in her email archives. Jefferson to Ticknor, November 25, 1817, in PTJ:RS, 12:204. Transcription available at Jefferson Quotes & Family Letters // Thomas Jefferson Encyclopedia. URL: https://www.monticello.org/site/research-and-collections/knowledge-power- quotation#footnote2_qhn0b (accessed: 25.10.2022).

If that assertion is valid, then let us work towards the ultimate goal of wisdom starting at the grain of a single datum, wisdom's first and formative building block.

Even before we consider one, singular datum, we must acknowledge the birth of an idea. Ideation is an effort of building in terms of scope and process. Synonyms for ideation include contrivance, creativity, invention, and originality!².

Data is plural for datum; they are "facts, ideas, or discrete pieces of information, especially when in the form originally collected and unanalyzed"³³. They are the raw bits of qualifiable and/or quantifiable elements. A datum is "something given or admitted especially as a basis for reasoning or inference"³⁴.

Information is data conceived within a construct or framework. SAA defines information as a "collection of data, ideas, thoughts, or memories. It is the meaningful portion of a signal, as distinguished from noise"³⁵. SAA adds more context to the definition by noting: "Information and data are near synonyms. Whereas data connotes facts or ideas in their most atomized form, information refers to more complex concepts made up of multiple data elements. Information may take many forms, including words, sounds, images, and formulas.

Information, like data, is independent of any medium in which it is captured as content. Information is intangible until it has been recorded in some medium. Recorded information may be captured in databases, spreadsheets, documents, sound recordings, or motion pictures. Even when captured in a document or other form, the information remains distinct from the medium" ³⁶.

Knowledge is information made understandable and/or applicable and/ or actionable for wise decision-making. Merriam-Webster Dictionary adds precision to this definition stating that knowledge is the condition of being aware of something; the range of one's understanding; the circumstance or of apprehending truth or fact through reasoning; the condition of being learned; and the sum of what is known; the body of truth, information, and principles acquired by humankind³⁷. Ideation // Merriam-Webster Dictionary. URL: https://www.merriam- webster.com/thesaurus/ideation (accessed: 12.10.2022). Dictionary of Archives Terminology // Society of American Archivists. URL: https://dictionary.archivists.org/entry/data.html (accessed: 12.10.2022). Datum // Merriam-Webster Dictionary. URL: https ://www.merriam- webster.com/dictionary/datum (accessed: 12.10.2022). Information // Dictionary of Archives Terminology. Society of American Archivists. URL: https://dictionary.archivists.org/entry/information.html (accessed:

12.10.2022) . Ibid. Knowledge // Merriam-Webster Dictionary. URL: https ://www.merriam- webster.com/dictionary/knowledge (accessed: 25.10.2022).

Readers will note that particular attention is paid to the notion of truth, even equating knowledge to a body of truth. This writer would postulate if what we know is false, then our knowledge is stripped of all power and value.

Let us turn our attention back to T. Jefferson. In an 1817 letter to George Ticknor, T. Jefferson equated knowledge with power; but he went further, declaring important truths as they pertain to knowledge. He states that "...knowledge is power, that knowledge is safety, and that knowledge is happiness"³⁸.

Indeed, how can a society be empowered, safe, and happy while depending on and responding to a factually false foundation? The simple answer is that no one can be empowered, safe, or happy without trustworthy information on which to make sound decisions.

But why is happiness a concern? Happiness is correlated with comfort and comfort emanates from an accurate understanding of one's environment. We can only derive a sound understanding when we trust what surrounds us. Therefore, trust is essential to society's happiness and well-being.

We finally arrive at wisdom. Wisdom is knowledge worth remembering and worth conveying to and sharing with others for a more harmonious humankind and a healthier and happier society. It is collectively human beings' ability to reach intelligent conclusions³⁹. To have wisdom implies one has a "reliable ability to judge and decide with soundness, prudence, and intelligence"⁴⁰.

One can continue on this path of logic to declare that wisdom is the product of an authority's expertise.

Once we have this knowledge worth remembering, then how do we protect it and reliably share it over time? Ultimately, archives are the repositories of a society's memory. As such, archives are or can be, by their very nature and mission, powerful entities. That power is meaningless without credibility and authenticity in terms of its holdings and practices as well as the expertise of its stewards.

Credibility and Confidence Matter.

To have confidence in a source's credibility makes a world of difference as it pertains to making wise decisions and forming a healthy, well-informed society. This matters as much for digital societies as any other segment of the human experience and can ultimately lead to information fluency.

In his chapter entitled "Information is Power" Sora Park stated that: "The core element that drives the digital society is digitalised information. Information is the key to how the digital society adds value and redistributes The Thomas Jefferson Foundation // Thomas Jefferson Encyclopedia. URL: https://www.monticello.org/site/research-and-collections/knowledge-power- quotation#footnote2_qhn0bl5 (accessed: 25.10.2022) Wisdom // Merriam-Webster Dictionary. URL: https://www.merriam- webster.com/dictionary/wisdom (accessed: 25.10.2022) Ibid. power. In a connected world, information gains power through permanent storage and wide distribution. The same information that existed in the analogue world can exponentially increase in power once shared on digital networks. Digital information is intangible. Yet once recorded, it can exist forever. This new way of existing and sharing creates gaps between those who can use information as a resource and those who cannot. The ability to locate data, convert it into information, and apply it in the offline context is the key to information fluency"⁴¹.

T. Hajtnik echoes S. Park's sentiments as she asserts that "...our main goal in the long-term storage of digital documents is to maintain their accessibility, usability, integrity and authenticity" ⁴². She continues in that to have full confidence in documents' contents, ".they [must be] accessible and authentic throughout their storage, which in other words means that we need to preserve the essential characteristics of original documents"⁴³. Those characteristics involve more than documents' contents; it must also involve their context!⁴, structure!¹⁵, as well as their look and feel⁴⁶.

Standards.

T. Hajtnik declared that information content must be "accessible, useful and authentic" not just for today's needs, but for all time. "In order to achieve this, we need to implement both technological and organizational measures"⁴⁷. Organizational measures would include but not be limited to ".evaluating, selecting, identificating [sic] and validating format, integrity and authenticity" while also "validating, managing metadata, normalizing and converting between database formats."!¹⁸.

As archivists and information professionals otherwise, we obtain sound guidance for achieving these demanding goals from the International Organization of Standardization or the ISOr⁹. The products, i.e. standards, of the ISO "set out criteria, methods and best practices and provide an important basis for the planning, maintenance, use and protection of e-repositories" ⁵⁰.

In its own words, the ISO offers guidance "that describes the best way of doing something. It could be about making a product, managing a process, Park S. Information is Power // Digital Capital. Palgrave Macmillan. 2017. URL: https://doi.org/10.1057/978-1-137-59332-0_8 (accessed: 25.10.2022). Hajtnik T. Electronic Archiving and Information Infrastructure Lecture part 1, Slide 2 of 57 // Alma Mater Europaea-ECM. 2021. Ibid. Slide 8 of 57. Ibid. Slide 20 of 57. Ibid. Slide 22 of 57. Ibid. Slide 23 of 57. Ibid. Slide 40 of 57. Ibid. Slide 45 of 57. International Organization for Standardization (ISO). URL: https://www. iso.org/home.html (accessed: 15.02.2023). Hajtnik T. Electronic Archiving and Information Infrastructure Lecture part 2, Slide 2 of 61 // Alma Mater Europaea-ECM. 2021. delivering a service or supplying materials - standards cover a huge range of activities"Standards // International Organization for Standardization (ISO). URL: https://www.iso.org/standards.html (accessed: 10.02.2023)..

Returning to the concept of wisdom, the ISO declares that "standards are the distilled wisdom of people with expertise in their subject matter and who know the needs of the organizations they represent"25Ibid..

A collection of applicable ISO standards for our purposes of ensuring the trustworthiness of digital content follows.

From the auspices of the ISO archives and records management technical subcommittee, ISO 15489-1:2016 "defines the concepts and principles from which approaches to the creation, capture and management of records are developed" ISO 15489-1:2016 Information and documentation - Records management - Part 1: Concepts and principles // International Organization for Standardization (ISO). https://www.iso.org/standard/62542.html (accessed: 25.10.2022).. This standard addresses macro-level records concerns including:

a) records, metadata for records and records systems;

b) policies, assigned responsibilities, monitoring and training supporting the effective management of records;

c) recurrent analysis of business context and the identification of records requirements;

d) records controls; and

e) processes for creating, capturing and managing records Ibid..

This standard applies broadly to the "creation, capture and management of records regardless of structure or form, in all types of business and technological environments, over time"!Ibid..

According to T. Hajtnik, "every organization, all size, sector and country, which creates records and needs to control them is a potential user of [the] ISO 30300 [standards] family"Hajtnik T. Electronic Archiving and Information Infrastructure Lecture part 1a, Slide 8 of 31 // Alma Mater Europaea-ECM. 2021....

The ISO sets this particular standard in context:

It is important for organizations to keep records of their decision making processes and maintain a documented trail of actions taken. This is good practice which can aid efficiency, help to manage risk and nurture repeat business. Also, when faced with litigation or investigations, it allows organizations to retrieve information so they can ascertain which decisions and actions were taken and why. As the transition from paper to digital format becomes inevitable for most organizations, it is more important than ever for them to implement a management system for records (MSR).

The ISO 30300 series constitutes a reference point for information management and for the creation and control of documents, establishing requirements for: policy and procedures; definitions of roles and responsibilities; design and implementation of the MSR; evaluation of performance and how to improve!⁷.

We now address the area of W. Kerner's focus and expertise vis-a-vis standards. The "ISO 27001 standard describes how to manage information security in an organization"ISO 30300 series briefing note // International Organization for Standardization (ISO). URL: https://www.iso.org/files/live/sites/isoorg/files/archive/ pdf/en/30300_briefing-note.pdf (accessed: 25.10.2022). Hajtnik T. Electronic Archiving and Information Infrastructure Lecture part 1a, Slide 16 of 31 // Alma Mater Europaea-ECM. 2021.... T. Hajtnik plainly states that "the basic logic of ISO 27001 is to try to prevent [security] incidents"!Ibid. Slide 19..

ISO broadens this standard's fuller context; it explains that it is "widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/ IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties"International Organization for Standardization (ISO). URL: https://www. iso.org/isoiec-27001-information-security.html (accessed: 25.10.2022)..

Of this standard family, and of particular interest to W. Kerner and other CISOs, would be ISO 27002. This standard "gives guidelines for the selection, implementation and management of controls taking into consideration the organization's information security risk assessment" Hajtnik T. Electronic Archiving and Information Infrastructure Lecture part 1a, Slide 20 of 31 // Alma Mater Europaea-ECM. 2021. Ibid. Slide 24 of 31..

If we consider J. Anderson's vantage point and role, and SPARC's use of Archivematica, then standard ISO 13008 applies as it "provides guidance for the conversion of records from one format to another and the migration of records from one hardware or software configuration to another. [It] also specifies the planning issues, requirements and procedures for the conversion and/or migration of digital records (which includes digital objects plus metadata) in order to preserve the authenticity, reliability, integrity and usability of such records as evidence of business transactions"!}⁵².

Considering S. Levin's role in SPARC and her distinct concerns, "Standard ISO 13028 establishes best practice guidelines for digitization to ensure the trustworthiness and reliability of records, where the original paper, or other non- digital source record, has been copied by digitizing" Ibid. Slide 26 of 31..

S. Levin, and any Curator of (archival) Digital Assets, would also benefit from Standard ISO 14721 [as it] "defines the reference model for an OAIS... [it] provides detailed models of both archival functions and archival information. [and] represents a framework for the understanding and awareness of the archival concepts needed for long-term preservation and access to establish a system for archiving records, both digitalized and physical, with an organizational scheme composed of people who accept the responsibility to preserve digital records and make it available to all interested users"Ibid. Slide 28 of 31. Ibid. Slide 31 of 31..

Lastly, this writer presents an extremely important element that seems to be lacking, at least on the surface, in the FIT model of practice, operations, and infrastructure; it is the standard related to audit and certification as they apply to TDRs. Unlike the other standards discussed so far in this paper, ISO 16363 was created under the auspices of the ISO technical subcommittee of space data and information transfer systems. This standard details all recommendations for auditing and certifying digital repositories as truly trustworthy. The standard is based on the OAIS model and uses the same terminology as found in the OAIS reference model. It is very detailed and presents over 100 criteria for trusted institutional repositories and this set of criteria is divided into 3 main sections:

1. Organizational Infrastructure.

2. Digital Object Management.

3. Security Risk Management!⁵⁵.

In partial compliance with this standard, FIT/SPARC does have, as part of its organizational infrastructure, a mission statement; a preservation strategic plan; and a collections policy. Also, it engages knowledgeable and experienced professionals to support various unit functions and services.

However, in matters such as information integrity measures, selfassessment, and external certification, FIT falls short of its responsibilities.

As part of its meeting its digital object management responsibilities, FIT maintains "contemporaneous records of actions and administration processes that are relevant to content acquisition"ISO 16363:2012 Space data and information transfer systems - Audit and certification of trustworthy digital repositories // International Organization for Standardization (ISO). URL: https://www.iso.org/standard/56510.html (accessed:

01.02.2023) .. As such, it executes an official Deed of Gift for every deposit and/or contribution made to the unit's holdings, analog or digital.

However, regarding audit matters, such as an independent mechanism for verifying the integrity of the repository collection/content, again, FIT's DR needs improvement.

The health of FIT's DR security risk management is mixed. While S. Rando and W. Kerner provided confidence-building information (confirmation of backups and a business continuity plan as part of a larger recovery plan), this writer still wanted more assurance regarding FIT's checking the integrity of digital assets (hash/checksum) perhaps by way of an audit trailHajtnik T. Electronic Archiving and Information Infrastructure Lecture part 2, Slide 42 of 61 // Alma Mater Europaea-ECM. 2021..

Reaching back to the concepts of expertise and confidence, "...experts have recognized the need for mechanisms or tools for auditing and the certification process of e-repositories to create a general climate of confidence in the ability of the systems to meet their requirements"Ibid. Slide 9 of 61..

Conclusions