5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure
|5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure|
|Status||Ready for review|
|Compliance Rating||Fully compliant|
Requirement: The repository shall identify and manage the risks to its preservation operations and goals associated with system infrastructure.APTrust infrastructure is exclusively hosted in Amazon Web Services (AWS). APTrust and AWS (like any other organization utilizing AWS) have shared control and responsibility over their environment:
“AWS’ part in this shared responsibility includes providing its services on a highly secure and controlled platform and providing a wide array of security features customers can use. The customers’ responsibility includes configuring their IT environments in a secure and controlled manner for their purposes.”Therefore APTrust assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.
Despite being hosted on Amazon Web Services the system is engineered in such a way that the infrastructure is independent of integrated cloud services (like Cloud Watch, Elastic Beanstalk, etc). This avoids a vendor lock-in and enables APTrust to move to a different vendor if necessary.
A more comprehensive list of risks and management thereof can be found here: Risk Management, Threats, and Mitigations
- Amazon RIsk and Compliance Whitepaper https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf Last accessed: 04/27/18