5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure

From aptrust
Jump to: navigation, search


5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure
Status Ready for review
Compliance Rating Fully compliant
Responsible

Requirement: The repository shall identify and manage the risks to its preservation operations and goals associated with system infrastructure.

APTrust infrastructure is exclusively hosted in Amazon Web Services (AWS). APTrust and AWS (like any other organization utilizing AWS) have shared control and responsibility over their environment:
“AWS’ part in this shared responsibility includes providing its services on a highly secure and controlled platform and providing a wide array of security features customers can use. The customers’ responsibility includes configuring their IT environments in a secure and controlled manner for their purposes.”[1]
Therefore APTrust assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.

Despite being hosted on Amazon Web Services the system is engineered in such a way that the infrastructure is independent of integrated cloud services (like Cloud Watch, Elastic Beanstalk, etc). This avoids a vendor lock-in and enables APTrust to move to a different vendor if necessary.

A more comprehensive list of risks and management thereof can be found here: Risk Management, Threats, and Mitigations

  1. Amazon RIsk and Compliance Whitepaper https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf Last accessed: 04/27/18