LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Mime-Version:	1.0 (Mac OS X Mail 8.2 \(2102\))
Sender:	Records Management Program <[log in to unmask]>
Date:	Thu, 24 Sep 2015 12:08:15 -0400
Reply-To:	Records Management Program <[log in to unmask]>
Subject:	Re: ISO Certification of Trustworthy Digital Repositories
Content-Transfer-Encoding:	quoted-printable
In-Reply-To:	<[log in to unmask]>
Content-Type:	text/plain; charset=utf-8
From:	Hugh Smith <[log in to unmask]>
Parts/Attachments:	text/plain (66 lines)

> From: Chris Halonen <[log in to unmask] <mailto:[log in to unmask]>>
> Subject: Re: ISO Certification of Trustworthy Digital Repositories
> Date: September 23, 2015 at 8:10:09 AM EDT
> 
> 
> I don't think ISO 16363 certification will be used this way, by commercial cloud providers. Some might refer to the standard, to demonstrate the extent to which they can support long-term preservation but I think the certifications will be done for public-sector repositories of research data & cultural heritage materials: repositories which own the materials they’re preserving, and serve specific communities.

I know that technology in the U.S. advances and only as an after thought do we worry about the consequences. Henry Ford developed a car but did not think about seat belts for a long time. Most school buses still don’t have seat belts.  Instead they placed that handy steel bar across the back of the seats to stop the heads of the students.  Why?  I cannot even guess?
> 
> If you look at current cloud service providers most obviously involved in long-term archival preservation — e.g., Tessella's Preservica (http://preservica.com/ <http://preservica.com/>) and Duracloud (http://www.duracloud.org/ <http://www.duracloud.org/>)  -- they don't appear to aspire to ISO-16363 certification, but instead to provide the software & storage infrastructure needed by organizations that want to establish TDRs but can't afford the necessary IT investment.

While the entire world was moving its records collection from paper to digital backups and neatly into the Cloud, no one from the records management community had the power to stop this trend. Information Governance was developed as a traffic cop to control traffic but the records already moved uncontrolled into the Wild World of the Cloud.

A perfect example of this “closing the gate after the horses are gone” was the task group meeting of the NFPA 232 Protection of Records Standard Technical Committee with the head of the NFPA 75 Standard for the Protection of Information Technology Equipment.  NFPA 75 Chair was asking the NFPA 232 Task Group to address “Electronic Records” within the NFPA 232 Protection of Records Standard.

Imagine the most powerful companies and organizations in the field of data centers & information technology equipment, along with some of the largest repositories of electronic records in the Universe asking the Protection of Records Standard to update the language to include the new technology of “Electronic Records”.

For the first time, these Standards will acknowledge Electronic Records and the need to protect them; and the driver on this is the Federal Courts with SOX, ESI, Rule 26 and other court rulings about punishing companies for spoliation.  For the first time, NFPA 232 will make reference to NFPA 75 as recognition that records do exist within the servers, silos and back up media for this electronic records producing and storage center.

Soon organizations will realize that “if” they are compelled to protect their records, then they also responsible for auditing their Cloud and proving that it is reliable and proficient as a records storage archive.


> 
> Chris
> _____________________________________
> 
> Chris Halonen
> University Records Manager
> Secretariat & Office of General Counsel
> University of Waterloo
> 519-888-4567, ext. 38284
> http://uwaterloo.ca/records-management/ <http://uwaterloo.ca/records-management/>
> 
> 
> Subject: [RM] ISO Certification of Trustworthy Digital Repositories
> 
> Do any of you have a requirement for your Cloud provider to be a “Trusted Digital Repository” and audit them?
> 
> Do you adopt ISO 16363 as a required Standard?  As I understand it this document requires a service provider or owner of the data to maintain the digital resources over time and ensure “long-lived” collections of digital content and data.  This requires users the ability to  provide longitudinal or time lapse studies which prove the integrity of the information resource or data and be able to clearly demonstrate the accuracy and integrity of the data archive.  And that such data archive is researchable over time regardless of migrations of data or changes in hardware.   

In the past; many organizations required ongoing testing of their back up tapes and media to determine if it was still viable and I think that adopting a method of testing your Cloud to see if it can produce certain records accurately.  

But this is a complex topic. Business Continuity Back Up Tapes provided a VOLSER  number.  The tape volume serial number or VOLSER is the method used to uniquely identify a tape volume. The VOLSER is specified in the tape label, which is the first set of information contained on the tape. It provided the capability to record the number of times the tape had been loaded and referenced and thus predict the remaining active life of the data recorded on the tape. But how does one determine the life in the Cloud’s servers or silos?

How does the client track when the Cloud provider migrates to new versions of the software?  Migration is the enemy of business continuity. Could the changing from LTO5 to LTO6 create issues?

The Judges never seem to punish the service provider, they punish the officers of the corporation failing to protect the records.  The fine or sanction the corporation.

NFPA 232 and NFPA 75 are recognizing that the world of information management has changed and that Judges punish the organization creating the records content. The judges do not punish the vendors who store the information assets. In a world where 99% of organizations have no idea what a Data Map looks like, now is the time to open a dialog about the Cloud and its relationship to your organization. 

After all as of 9/24/15 Electronic Records officially exist…..


Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM



List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US