18.104.22.168 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities
|22.214.171.124 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities|
|Compliance Rating||Half compliant|
The repository shall have identified and documented critical processes that affect its ability to comply with its mandatory responsibilities.
This is necessary in order to ensure that the critical processes can be monitored to ensure that they continue to meet the mandatory responsibilities and to ensure that any changes to those processes are examined and tested.
Examples for Meeting the Requirement
Traceability matrix between processes and mandatory requirements.
Examples of critical processes include data management, access, archival storage, ingest, and security processes. Traceability makes it possible to understand which repository processes are required to meet each of the mandatory responsibilities.
APTrust's mandatory requirements can be found in the following documents:
- APTrust Sustaining Member Deposit Agreement (current adopted version)
- APTrust Services and Fees List (current adopted version)
- APTrust Sustaining Member Cooperative Agreement (current adopted version)
APTrust uses of Amazon’s CloudTrail that logs all API and AWS console activities in an detailed audit log. The log includes the last 7 days of API activity for supported services. The list only includes API activity for create, modify, and delete API calls. Read-only API activity is logged in Amazon S3 bucket or CloudWatch Logs. See the Technical Documentation, specifically the section on Auditing for more detailed information on these services, and the Monitoring and Alerting page for a description of their monitoring features.
APTrust keeps a changelog with our software code that is being updated with every new release. Minor updates and changes are documented with every “commit” to the version control system (GitHub).
APTrusts system infrastructure is managed by Ansible, a system configuration management tool. All changes to the server environment is done using Ansible. Manual steps are only done if absolutely necessary. Using Ansible allows to keep exact states of all systems in a controlled manner. Changes to the configuration and hence Ansible is documented with every “commit” to the version control system (GitHub). See the Ansible section of the Support and Maintenance page for additional information.