18.104.22.168.6 Procedures in place to monitor and receive notifications when software changes are needed
|22.214.171.124.6 Procedures in place to monitor and receive notifications when software changes are needed|
|Status||Ready for review|
|Compliance Rating||Fully compliant|
The repository shall have procedures in place to monitor and receive notifications when software changes are needed.
This is necessary to ensure expected, contracted, secure, and persistent levels of service
Examples for Meeting the Requirement
Audits of capacity versus actual usage; audits of observed error rates; audits of performance bottlenecks that limit ability to meet user community access requirements; documentation of technology watch assessments; documentation of software updates from vendors.
The objective is to track when changes in service requirements by the designated communities require a corresponding change in the software technology, when changes in ingestion policies require expanded capabilities, and when changes in preservation policies require new preservation capabilities. This can be driven by security updates (vendor supplied corrections to newly identified vulnerabilities), by changes in delivery mechanisms (new software clients for displaying authentic records), and changes in the number and size of archived records (expanded database requirements). The repository should conduct or contract frequent environmental scans regarding software evolution, likely points of failure, and interoperability among the software and hardware components. The repository should also be in contact with its software vendors regarding technology updates, points of likely failure, and how new programs may affect system integration and performance.
System level (operating system) updates are semi-automatic. Security patches are applied automatically on a daily schedule. Details on APTrust's policies and procedures pertaining needed software updates is documented here: Support and Maintenance#Software updates