4.4.2.2 Compliance with specification

From aptrust
Jump to: navigation, search


4.4.2.2 Compliance with specification
Status Ready for review
Compliance Rating Fully compliant
Responsible


The repository shall be able to demonstrate that any actions taken on AIPs were compliant with the specification of those actions.

Supporting Text

This is necessary in order to ensure that any actions performed against an AIP do not alter the AIP information in a manner unacceptable to its Designated Communities.

Examples for Meeting the Requirement

Preservation metadata logged, stored, and linked to pertinent digital objects and documentation of that action; procedural audits of the repository showing that all actions conform to the documented processes.

Discussion

Successful preservation of information in the archive is strongly linked to following established and documented procedures to complete any actions that affect the repository data. The more often ‘special handling’ of repository data occurs and the more often this ‘special handling’ is not overseen in a consistent manner, the more likely that the data held by the repository will be compromised. When procedures are regularly followed, any deviation from procedures that would be likely to cause an alteration in the data will more likely be noticed or, if not noticed, may more likely be able to be corrected, or the timing and likely change could be identified in the future.

Evidence Provided

See 4.4.2.

APTrust runs automatic fixity checks on all files every 90 days. The system records PREMIS events describing when the fixity check occurred, what software performed the action, and what the outcome was.

APTrust permits restoration of objects through its Web UI and REST APIApplication Programming Interface. The restoration process is described in section 4.4.2.1. APTrust does not currently record PREMIS events when an object is restored. The system does record a Work Item record showing when the request was initiated, when it was completed, whether it completed successfully or not, and where the restored item was placed for download. (Items go into an S3 bucket that only users at the depositing institution can access.) APTrust does not record who requested the restoration, whether the restored item was ever downloaded, or who may have downloaded it from the restoration area.

APTrust permits deletion of files and objects through its Web UI. Deletion is a two-step process which requires 1) a deletion request from an authorized, authenticated user, and 2) a deletion approval from an administrative user of the depositing institution. (This is described in detail in section 4.4.2.1.) Upon deletion, the system records a PREMIS event describing when the item was deleted and at whose request.

APTrust depositors who are also DPN members may push items from APTrust into DPN by clicking a button in the APTrust Web UI. The initial request to move an item to DPN creates a Work Item record in APTrust. The depositor can monitor the state of the Work Item as it moves through several phases. When the item is ingested into DPN, APTrust creates a PREMIS event record describing when the item was copied into DPN. The PREMIS record also includes the item's DPN identifier. Pushing an item to DPN does not alter the state of the item in APTrust's preservation storage.

Additional references:

Compliance Rating

Fully compliant

Status

In Progress