3.3.5 Information integrity measurements
The repository shall define, collect, track, and appropriately provide its information integrity measurements.
This is necessary in order to provide documentation that it has developed or adapted appropriate measures for ensuring the integrity of its holding.
Examples for Meeting the Requirement
Written definition or specification of the repository’s integrity measures (for example, computed checksum or hash value); documentation of the procedures and mechanisms for monitoring integrity measurements and for responding to results of integrity measurements that indicate digital content is at risk; an audit process for collecting, tracking, and presenting integrity measurements; Preservation Policy and workflow documentation.
The mechanisms to measure integrity will evolve as technology evolves. The repository may provide documentation that it has developed or adapted appropriate measures for ensuring the integrity of its holdings. If protocols, rules and mechanisms are embedded in the repository software, there should be some way to demonstrate the implementation of integrity measures.
Generally acceptable documentation, with two recommendations made in the section 3.3 notes document. Jordon's earlier question of: "Will APT do more than the commodity cloud services already do? Should we just reference their documentation?" may still serve as a useful thought exercise as the existing documentation is reviewed.
This information, particularly specifics on fixity checking, exists in the Preservation and Storage section of the technical wiki. As stated above, this document in general, and this requirement in particular, would benefit from a statement on how the evolution of these measurements will be implemented over time. Similarly, the document may benefit from a clearer articulation of what processes are automated as part of the repository software, and which are performed manually.
According to Bradley, some of this type of activity is happening now (for example, checksum specifications), but not all possible information integrity measures are being created.
Address how these measurements will evolve over time.
Would recommend creating a small group to list what measurements APTrust wishes to track, if and how we are tracking those, and which ones we need to track and how we will go about implementing those measurements.