On the Subject of Trust

Posted on by

Building a Network of Trustworthy Digital Repositories
Shira here. Earlier this week Karl gave us an excellent run-down of some of the newly released 2015 National Agenda for Digital Stewardship’s principal findings. Whereas Karl’s blog post focused on two of the banner recommendations made in the “Organizational Policies and Practices” section of the report—namely, the importance of multi-institutional collaborations and the acute need to train and empower a new generation of digital stewardship professionals—my blog post today will focus on one of the “blink and you’ll miss it” points that the report makes in its final section on “Research Priorities”.

If you made it all the way to page 41 of the report (and I know you all did… right?), you may have noticed a vaguely phrased section entitled “Policy Research on Trust Frameworks”. Although this section is buried in the report under other findings and actionable recommendations, it contains what is, in my opinion, one of the most important points that the report raises. The purpose of this section is to highlight the importance of developing robust “trust frameworks” for digital repositories. If you read this last sentence and thought, “Hooray! I’m delighted to see this in the NDSA report” then you can probably skip this blog post. For those of you still wondering what a trust framework is and why they matter to digital preservation, read on.

Kara Van Malssen and Seth Anderson giving a workshop to NDSR mentors and residents on the Audit and Certification of Trustworthy Digital Repositories (ISO 16363:2012)

WTF – What’s a Trust Framework?
A trust framework is a digital preservation planning tool that clearly defines the characteristics and responsibilities of a sustainable digital repository. Trust frameworks typically lay out the organizational and technical infrastructure required for an institution to be considered trustworthy and capable of storing digital information over the long-term. Simply put, a trust framework provides organizations with a way to measure—and thereby demonstrate to potential donors, clients, or auditors—its trustworthiness as a steward of digital information. The need for trust frameworks in digital preservation has become more apparent over the past couple decades, and a number of distinct initiatives have been developed in response.

Some trust frameworks, like the Global LOCKSS Network, Meta Archive, Data Preservation Alliance for the Social Sciences (Data-PASS), and the Digital Preservation Network, work on the principle of redundancy and broad-based collaborative institutional mechanisms as a strategy for mitigating single-points-of-failure within a given institution. In this system, multiple organizations that may not be able to individually provide all the elements necessary for a sustainable, end-to-end digital repository enter into an agreement to become collaborative stewards of digital information.


Other trust frameworks, like the NESTOR Catalogue of Criteria for Trusted Digital Repositories, DRAMBORA, and the Trustworthy Repositories Audit & Certification (TRAC) criteria, take the form of auditing tools. These trust frameworks are intended to allow organizations to determine their capability, reliability, commitment, and readiness to assume long-term preservation responsibilities. While some of these tools offer organizations the possibility of performing a self-audit, others offer repositories the possibility of being evaluated and ultimately certified as a trustworthy digital repository by an outside auditor.


This post was largely inspired by a recent workshop given by Kara Van Malssen and Seth Anderson of AVPreserve on one of these tools, the Audit and Certification of Trustworthy Digital Repositories, so I thought I’d take this opportunity to talk a little bit about what it is and why it matters to digital preservation.

TDR: A Little Bit of Background
I’ll assume anyone reading this blog has more than a passing familiarity with the Reference Model for an Open Archival Information System, which defines the requirements necessary for an archive to permanently preserve digital information. (If you’re not familiar with OAIS—also known as ISO 14721:2003—stop whatever you’re doing and go read it here). While it’s pretty hard to overstate the importance of OAIS for digital preservation, one thing it lacks is any comprehensive definition or consensus on the characteristics and responsibilities of a sustainable digital repository. That’s precisely where the Audit and Certification of Trustworthy Digital Repositories comes in.

In 2003, Research Libraries Group (RLG) and the National Archives and Records Administration (NARA) embarked on a joint initiative to specifically address the creation of trust framework for digital repositories that would rely on a process of certification. The result of their effort was the Trustworthy Repositories Audit & Certification: Criteria and Checklist (TRAC), the purpose of which is to identify digital repositories capable of reliably storing, migrating, and providing access to digital collections. The TRAC criteria formed the basis of the Audit and Certification of Trustworthy Digital Repositories, which ultimately superseded it.

The Audit and Certification of Trustworthy Digital Repositories (ISO 16363:2012, or just “TDR” for short), outlines 109 distinct criteria designed to measure a repository’s trustworthiness as a steward of digital information. Intended for use in combination with the OAIS Reference Model, TDR lays out the organizational and technical infrastructure that an institution must have in order to be considered trustworthy and capable of ensuring the stewardship of digital objects over the long-term.



Aww Come On. Just Trust Me!
Why do these tools matter? Here are a few reasons:

  • In order to provide reliable, long‐term access to managed digital resources, archives must assume high-level responsibility for this material. This requires a significant amount of resources, organization, infrastructure, and planning across all levels of an organization. Attempting to steward digital material over the long-term on an ad-hoc basis or without the appropriate resources and infrastructure in place is dangerous, and will ultimately put the material they are tasked with caring for at risk. In order to do this effectively, archives must have some metric by which they can evaluate their progress. Trust frameworks like TDR provide this.
  • TDR is designed to take into account a number of criteria beyond merely an organization’s digital preservation infrastructure. These include, for example, the degree of fiscal responsibility an institution is able to demonstrate, and whether or not the institution of an appropriate succession plan, contingency plans, and/or escrow arrangements in place in case the repository ceases to operate. In spite of the fact that both of these criteria are critical to an organization’s ability to provide long‐term access to digital resources, they might be easily overlooked. Being evaluated according to set of established standards—whether vis-à-vis a self-audit or by an external auditor—can highlight holes in a repository’s operation that may not be apparent in the course of normal, day-to-day business.
  • As TDR states in its introduction, “Claims of trustworthiness are easy to make but are thus far difficult to justify or objectively prove.” On a very basic level, trust frameworks provide institutions with a metric that allows them to compare their own systems and procedures against an established, high profile standard in order to evaluate their trustworthiness. Employing a trust framework like TDR will allow archives to provide evidence to potential grantmaking bodies, donors, or board members that they are responsible and trustworthy digital stewards.

Sounds Great. Sign Me Up!
Not so fast, cowboy. While it is undeniably clear that establishing reliable trust frameworks is of the utmost importance to the field, it doesn’t mean that TDR—or any of the other trust frameworks I’ve mentioned here so far—provide the whole answer in and of themselves. As the NDSA report points out, this is still a relatively under-explored area and there is a lot of room for additional standards, models, and frameworks to be developed. Moreover, the report takes pains to point out that many of these frameworks have yet to be empirically tested and systematically measured, and that there are still a lot of questions that remain to be answered: “How reliable are certification procedures, self-evaluations, and the like at identifying good practices? How much do the implementations of such practices actually reduce risk of loss?” the report asks. “The evidence base is not yet rich enough to answer these questions”.

The report concludes with a recommendation that funding and research bodies concentrate their research efforts on exploring ways to improve the reliability and efficiency of trust frameworks for digital preservation. As with so many things in this field, there is no final solution; the journey is the destination.