This post is co-written with Claudia Engelhardt, Göttingen State and University Library. It is also published on the DHd-Blog.
On 16-17 October 2014, a workshop on the topic of trusted digital repositories took place in The Hague. The workshop was organised by DASISH, a project striving to increase the overall quality of services for data management, curation and dissemination offered in the five Social Science and Humanities (SSH) Research Infrastructures that have been on the ESFRI Roadmap: CLARIN, CESSDA, DARIAH, ESS, and SHARE.
The workshop’s focus was on the tools and standards for audit and certification comprised in the European Framework for Audit and Certification of Digital Repositories: the Data Seal of Approval (DSA), DIN 31644/nestor Seal, and ISO 16363. Workshop presentations (available on the DASISH webpage) and discussions dealt with getting to know the standards, the conditions for their implementation as well as their current use in the Social Sciences and Humanities.
The European Framework for Audit and Certification was established in 2010 with the objective of better coordinating and structuring the emerging landscape of audit and certification procedures. It defines three levels of certification:
- basic certification: equivalent to the Data Seal of Approval;
- extended certification: granted to archives / repositories which have obtained the DSA and successfully underwent an external peer-review based on DIN 31644 or ISO 16363;
- formal certification: granted to archives / repositories which have obtained the DSA and successfully completed a full external audit based on DIN 31644 or ISO 16363.
In the first part of the workshop, representatives of three European SSH infrastructures – Vigdis Kvalheim from CESSDA, Pavel Straňák from CLARIN and Henk Harmsen from DARIAH-EU – talked about the importance and use of certification standards in the respective infrastructures. In all of them, certification of member data archives and repositories plays a role, with the Data Seal of Approval being the instrument most commonly employed. In CLARIN, one of the requirements for becoming an infrastructure centre or a service providing centre is to undergo certification through the DSA or the MOIMS-RAC approach. CESSDA AS also works towards integrating the DSA into the set of obligations of service providers. In DARIAH-EU certification is one of five short-term goals. One concrete aim in this context is that the repositories that form the backbone of the DARIAH infrastructure have obtained the DSA by 2016.
The ensuing discussion focused on drivers behind the decision to undergo audit and certification:
- There was consensus in the group that audit and certification are becoming increasingly important to satisfy funder requirements. This is specifically the case for publicly funded institutions, which to receive funding are expected to prove that they are capable of offering high-quality preservation / curation services in accordance with international standards. From this perspective, acquiring certification is equivalent to creating a competitive advantage.
- However, “self-assurance” was an equally important aspect pointed out by representatives from archives that already underwent an audit / certification procedure, or are planning to do so in the near future. Thus, audits were regarded as an important instrument in determining whether the preservation / curation procedures and workflows of the archive are adequate. Accordingly, audit procedures were used to support the detection of gaps and potential risks.
- At the same time, there seemed to be consensus that in the SSH community demands from users are currently not a considerable driving force behind the decision to undergo external audit / certification. This could change in the future, especially if the different seals or “badges” are recognized as an indicator of high-quality services by users.
The workshop continued with presentations of the DSA (Paul Trilsbeek) and the nestor Seal (Dr. Christian Keitel) audit standards as well as several case studies from the different ESFRI projects (specifically, LINDAT, DANS, and GESIS). Finally, Barbara Sierman presented the current state of ISO 16363.
The subsequent discussion dealt with the question whether every data service has to be certified, ways of lowering the threshold for entrance into audit and certification, and alternative ways of creating trust – specifically with an eye to smaller data archives or repositories with very limited resources.
- There was consensus that not every data service needs to be certified. But the decision on whether certification should be pursued or not should not only depend on the available resources of a data service, but also on its nature. As an example, participants referred to the front office-back office model employed in the Netherlands. In this approach, the responsibility for the long-term preservation and availability of research outputs lies with the “back office” organisations (centres with a national scope such as DANS or 3TU.Datacentrum), whereas the “front office” institutions (located at higher education institutions, research institutes etc.) concentrate on communication with and support of data producers and users on a local level. In line with this division of responsibilities, certification is deemed necessary only for the “back office” organisations.
- In terms of the effort required, the DSA was seen as a suitable “entrance point” to certification even for smaller institutions. Among the data archives that already obtained the DSA are also one person archives, which shows that the DSA audit procedure is doable even with limited human and financial resources. It was also noted that to a certain extent the necessary time and resources are a question of scale. While bigger archives have more resources, their size also makes the process of documenting procedures and of creating required policies more time-consuming.
- The group also discussed measures for creating trust that can be undertaken independently from certification. It was deemed very important to enable users to do their own “trust checks” on object level and thereby evaluate themselves if a digital object is authentic or not. To make this possible, archives have to engage in transparent communication with their designated community. Another important point in this context is the careful consideration of the significant properties of the information objects to be preserved and their adequacy to the needs of the user community.
Overall, the discussions showed that although the preservation landscape in the SSH domain is moving towards more standardisation and greater homogeneity with regard to audit and certification, it is neither necessary nor desirable to tar all archives with the same brush. Thus tiered or multi-level approaches such as the Dutch front office-back office model or the European Framework for Audit and Certification make it possible to achieve standardisation without losing sight of scale and archive- or discipline-specific requirements.