5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure

From aptrust
Jump to: navigation, search


5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure
Status Ready for review
Compliance Rating Fully compliant
Responsible

The repository shall identify and manage the risks to its preservation operations and goals associated with system infrastructure.

Supporting Text

This is necessary to ensure a secure and trustworthy infrastructure.

Examples for Meeting the Requirement

Infrastructure inventory of system components; periodic technology assessments; estimates of system component lifetime; export of authentic records to an independent system; use of strongly community supported software e.g., Apache, iRODS, Fedora); re-creation of archives from backups.

Discussion

The repository should conduct or contract assessments of the risks related to hardware and software infrastructure, and operational procedures. The repository should provide mechanisms that minimize risk from dependencies on proprietary or obsolete system infrastructure and from operational error. The degree of support required relates to the criticality of the subsystem(s) involved in long-term preservation. The repository should maintain a system that is scalable (e.g., able to handle anticipated future volumes of both bytes and files) without a major disruption of the system. The repository should maintain a system that is evolvable. That is, the system should be designed in such a way that major components of the system can be replaced with newer technologies without major disruption of the system as a whole. The repository system should be extensible. That is, the system should be designed to accommodate future formats (media and files) without major disruption of the system as a whole. The repository should be able to export its holdings to a future custodian. The repository should be able to re-create the archives after an operational error that overwrites or deletes digital holdings.

Evidence Provided

APTrust infrastructure is exclusively hosted in Amazon Web Services (AWS). APTrust and AWS (like any other organization utilizing AWS) have shared control and responsibility over their environment:
“AWS’ part in this shared responsibility includes providing its services on a highly secure and controlled platform and providing a wide array of security features customers can use. The customers’ responsibility includes configuring their IT environments in a secure and controlled manner for their purposes.”[1]
Therefore APTrust assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.

Despite being hosted on Amazon Web Services the system is engineered in such a way that the infrastructure is independent of integrated cloud services (like Cloud Watch, Elastic Beanstalk, etc). This avoids a vendor lock-in and enables APTrust to move to a different vendor if necessary.

A more comprehensive list of risks and management thereof can be found here: Risk Management, Threats, and Mitigations

  1. Amazon RIsk and Compliance Whitepaper https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf Last accessed: 08/27/18