188.8.131.52 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities
|184.108.40.206 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities|
|Compliance Rating||Half compliant|
The repository shall have identified and documented critical processes that affect its ability to comply with its mandatory responsibilities.
This is necessary in order to ensure that the critical processes can be monitored to ensure that they continue to meet the mandatory responsibilities and to ensure that any changes to those processes are examined and tested.
Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement
Traceability matrix between processes and mandatory requirements.
Examples of critical processes include data management, access, archival storage, ingest, and security processes. Traceability makes it possible to understand which repository processes are required to meet each of the mandatory responsibilities.
APTrust uses of Amazon’s CloudTrail that logs all API and AWS console activities in an detailed audit log. The log includes the last 7 days of API activity for supported services. The list only includes API activity for create, modify, and delete API calls. Read-only API activity is logged in Amazon S3 bucket or CloudWatch Logs.
APTrust keeps a changelog with our software code that is being updated with every new release. Minor updates and changes are documented with every “commit” to the version control system (GitHub).
APTrusts system infrastructure is managed by Ansible, a system configuration management tool. All changes to the server environment is done using Ansible. Manual steps are only done if absolutely necessary. Using Ansible allows to keep exact states of all systems in a controlled manner. Changes to the configuration and hence Ansible is documented with every “commit” to the version control system (GitHub).