5.1.1.1.6 Procedures in place to monitor and receive notifications when software changes are needed

From aptrust
Jump to: navigation, search


5.1.1.1.6 Procedures in place to monitor and receive notifications when software changes are needed
Status Ready for review
Compliance Rating Fully compliant
Responsible

The repository shall have procedures in place to monitor and receive notifications when software changes are needed.

Supporting Text

This is necessary to ensure expected, contracted, secure, and persistent levels of service

Examples for Meeting the Requirement

Audits of capacity versus actual usage; audits of observed error rates; audits of performance bottlenecks that limit ability to meet user community access requirements; documentation of technology watch assessments; documentation of software updates from vendors.

Discussion

The objective is to track when changes in service requirements by the designated communities require a corresponding change in the software technology, when changes in ingestion policies require expanded capabilities, and when changes in preservation policies require new preservation capabilities. This can be driven by security updates (vendor supplied corrections to newly identified vulnerabilities), by changes in delivery mechanisms (new software clients for displaying authentic records), and changes in the number and size of archived records (expanded database requirements). The repository should conduct or contract frequent environmental scans regarding software evolution, likely points of failure, and interoperability among the software and hardware components. The repository should also be in contact with its software vendors regarding technology updates, points of likely failure, and how new programs may affect system integration and performance.

Evidence Provided

System level (operating system) updates are semi-automatic. Security patches are applied automatically on a daily schedule. Details on APTrust's policies and procedures pertaining needed software updates is documented here: Support and Maintenance#Software updates