5.1.1.6 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities

From aptrust
Jump to: navigation, search


5.1.1.6 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities
Status In Progress
Compliance Rating Half compliant
Responsible

The repository shall have identified and documented critical processes that affect its ability to comply with its mandatory responsibilities.

Supporting Text

This is necessary in order to ensure that the critical processes can be monitored to ensure that they continue to meet the mandatory responsibilities and to ensure that any changes to those processes are examined and tested.

Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement

Traceability matrix between processes and mandatory requirements.

Discussion

Examples of critical processes include data management, access, archival storage, ingest, and security processes. Traceability makes it possible to understand which repository processes are required to meet each of the mandatory responsibilities.

Evidence Provided

APTrust uses of Amazon’s CloudTrail that logs all API and AWS console activities in an detailed audit log. The log includes the last 7 days of API activity for supported services. The list only includes API activity for create, modify, and delete API calls. Read-only API activity is logged in Amazon S3 bucket or CloudWatch Logs.

APTrust keeps a changelog with our software code that is being updated with every new release. Minor updates and changes are documented with every “commit” to the version control system (GitHub).

APTrusts system infrastructure is managed by Ansible, a system configuration management tool. All changes to the server environment is done using Ansible. Manual steps are only done if absolutely necessary. Using Ansible allows to keep exact states of all systems in a controlled manner. Changes to the configuration and hence Ansible is documented with every “commit” to the version control system (GitHub).

Compliance Rating

Half compliant

Status

In progress