DOC

Digital Asset Assessment Tool

By Ronald Watkins,2014-10-17 11:23
9 views 0
Digital Asset Assessment Tool

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    University of London Computer Centre Digital Asset Assessment Tool (DAAT) Project

Risk factors

    An assessment of the risk factors which may affect survival of digital assets

Version number 1.0

    Release date 29 September 2006

This report is published as a deliverable under the Digital Asset Assessment Tool (DAAT)

    project. The project was funded by the Joint Information Systems Committee (JISC) under the Supporting Digital Preservation and Asset Management in Institutions 4/04 Programme. Project website: http://www.ulcc.ac.uk/daat.html

    Programme website: http://www.jisc.ac.uk/index.cfm?name=programme_404

Project contact: Ed Pinsent, e.pinsent@ulcc.ac.uk, 0207 692 1345

? 2006 University of London Computer Centre

    20 Guilford Street

    London WC1N 1DZ

    1

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    Digital Asset Assessment Tool

    Risk factors

    This document is an assessment of the risk factors which may affect survival of digital assets

    (and hence which need to be measured by a tool).

1: Physical risks .................................................................................................................... 2

    1.1 Physical risks for media ................................................................................................... 2

    1.1.1 Condition / damage to media can't be assessed easily .............................................. 2 1.1.2 Wrong media used for preservation ........................................................................... 3 1.1.3 Media storage risks ................................................................................................... 3

    1.1.4 Media handling risks.................................................................................................. 3 1.1.5 Legacy obsolescence ................................................................................................ 4 1.2 Physical risks for digital objects ....................................................................................... 4

    1.2.1 Fixity risks ................................................................................................................. 4

    1.2.2 Bit preservation risks ................................................................................................. 4

    1.2.3 Lack of preservation metadata .................................................................................. 4 2: Format risks ...................................................................................................................... 4

    2.1 Support risks ................................................................................................................ 5

    2.2 Migration risks .............................................................................................................. 5

    2.3 File formats, software and hardware ............................................................................. 5 2.4 Conversion program risks............................................................................................. 5 2.5 Large number of formats in use .................................................................................... 6 2.6 Obsolete formats in use ............................................................................................... 6 2.7 Systems risks ............................................................................................................... 6

    3: Organisational risks ........................................................................................................... 6

    3.1 Awareness of assets .................................................................................................... 6 3.2 Inventory risks .............................................................................................................. 7

    3.3 Policy risks ................................................................................................................... 7

    3.4 Costs risks ................................................................................................................... 7

    3.5 Copyright risks ............................................................................................................. 7

    3.6 Staff/personnel risks ..................................................................................................... 7

    3.7 Financial risks .............................................................................................................. 7

    3.8 Risks associated with data users .................................................................................. 7 3.9 Ownership risks, and related support risks ................................................................... 7

1: Physical risks

    1.1 Physical risks for media

1.1.1 Condition / damage to media can't be assessed easily

    Condition of a CD, or damage to it, can‟t be assessed in a meaningful way.

    Sophisticated tools are available, such as CD media analysis tools and testers. These all

    assume that using default options (like inserting a CD into a local disk drive) won't tell you

    much at all about the condition of a CD, but this tool will - and may even be able to report on

    damage in detail. For example, the CD Speed Tool (see http://www.cdspeed2000.com/) can

    identify the manufacturer of a CD or CD-R; and can potentially identify problems across a

    batch of media, by showing unusual media deterioration patterns.

    However, the DAAT project has to assume that those being surveyed will not have access to

    such testing equipment. If the survey reveals media are held in storage conditions which don't

    2

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    conform with known standards, then D-PAS would simply score them as “at risk if not properly stored”.

    D-PAS can address the issue of damage to media at a fairly basic level: Can the media be read by the CD/DVD drive into which it is inserted? If not, does a different drive work? If the CD/DVD is not readable in the second drive then it is probably safe to assume there is a fatal media problem and not a drive problem.

    Even this simple test is not 100% risk-free. Many CDs have built-in error correction methods, using redundant space and internal circuitry to make corrections. CDs can also behave differently in different drives.

    D-PAS has also assumed that there is no such thing as „degrees of damage‟ that make any meaningful difference to the behaviour of a CD. A list of the various things that can damage a CD (such as scratches or fingerprints) are listed in the D-PAS Guidance, but only as „prompts‟

    for the user.

1.1.2 Wrong media used for preservation

    This assumes the organisation is storing some of its assets in a preservation system, but is using the wrong sort of media to do it. We consulted the TNA guidance on selecting storage 1. Use of zip disks and floppy disks, or use of cheap / poor quality media, would add to media

    an organisation‟s risk.

    While not scored in D-PAS, these aspects could be reported on through analysis of the free-text fields where users enter profiles of the media they use.

1.1.3 Media storage risks

    These risks refer to the dedicated storage provided for physical media, and include the following:

     Failure of organisation to follow any known standard for storage, for example BS

    4783

     Poor environmental conditions for media storage

     Storage of media (especially CDs) in direct sunlight

     Exposure of media to ultraviolet light

     Presence / danger of chemical pollution

     Presence of magnetic fields / electrical equipment

     Temperature fluctuations in environment

     Humidity fluctuations in environment

     Storage of media in horizontal position too long

     Frequency of checking not adequate

1.1.4 Media handling risks

    For CDs or DVDs, these include:

     Use of adhesive labels

     Use of wrong kind of marker pen

     Touching disks (fingerprints affecting readability)

     Scratches on the disk surface

     Keeping them in the wrong sort of storage cases (ie ones which emit harmful gasses)

1 Selecting Storage Media for Long-Term Preservation, UK THE NATIONAL ARCHIVES (2003)

    3

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    1.1.5 Legacy obsolescence

    This refers to assets stored on floppy disks or other outdated media which your organisation can‟t read any more. Age, rarity, obscurity and condition of these media will all add to the risk.

    It‟s closely bound to the problem of technological obsolescence, in that the data stored on these unreadable media may also be held in 20 year-old files which you can‟t open.

    1.2 Physical risks for digital objects

1.2.1 Fixity risks

    Asset's integrity may be at risk if not regularly checked and validated.

    This concerns the integrity of the bits in the preserved objects, sometimes (eg by PREMIS) called 'fixity'. (This may address the question of condition of, or damage to, digital objects.) This is largely a matter of checking checksums, which should be part of a preservation service, and ideally would be carried out automatically by the repository software at regular intervals. D-PAS especially needs to ask what action is carried out if the checksums don't match.

1.2.2 Bit preservation risks

    Asset may be less robust and harder to migrate / preserve over time, if the bitstream is not preserved.

    This refers to the preservation strategy, assuming the organisation has one. Separate preservation of the bitstreams of the original/source object is most usually regarded as an 'insurance' strategy. If you have the original bitstream it's possible to recreate the original object and then carry out different preservation actions on it, if you get it wrong the first time. It's possible to preserve the 'original' bitstream without actually preserving the object in its original format. At the National Archives of Australia (NAA), the bitstream is preserved by encoding it in base64 and then wrapping it in XML. This is not preserving the object in its original format but it's a perfectly sound and viable strategy for preserving the original bitstream unchanged, since it can be unwrapped and un-base64-ed to give back the original file in its original format.

1.2.3 Lack of preservation metadata

    The organisation may not be creating or capturing sufficient preservation metadata; even if it is, the metadata may not be stored properly, kept for long enough, or stored with the digital object. Further risks may be involved if not following an agreed model for doing it (eg PREMIS), or using an agreed standard for rendering it (eg XML).

    2: Format risks

    2D-PAS‟s understanding of format risks is for the most part informed by the OCLC document .

    According to OCLC, format risks are tied in closely to organisational matters such as management activities, budgetary constraints, needs of users, and content of the asset. Format risks should encompass both the file format of the asset, and the technology environment it's kept in. A risk is anything that affects the accessibility of the data and the

2 OCLC Digital Archive Preservation Policy and Supporting Documentation, OHIO ONLINE COMPUTER CENTER LIBRARY INC (2005)

    4

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    long-term preservation of the object. There's a timing aspect; the risks may change over time. It's appropriate to assess such risks in terms of their likelihood, rather than as a 'fixed value'.

2.1 Support risks

    Organisation may not be able to support hardware or software over time.

    This includes things like licenses and proprietary software, encrypted source code, lack of adequate documentation, version compatibility and more.

    OCLC also would like to factor in the long-term sustainability of the company that produces the software in the first place - they call this 'Associated Organisation' risks. What they mean by this is risks associated with working with software vendors and content depositors, and whether they're a monopoly or at risk of going out of business.

    Support risks will affect the ability to render the content of the asset usable and accessible, and may affect its preservation over time. And see 3.9 below.

2.2 Migration risks

    Related to a preservation action plan. Risks include unauthorised changes to the original content (or the transformed content) of assets, and loss of authenticity of assets.

2.3 File formats, software and hardware

    OCLC has a detailed description of risks for all of these. There may not be a need to detail them in this document, as they have been expressed in the D-PAS questionnaire form. Further, the similarities between the risks have been consolidated in D-PAS. The risks include: ; Royalties or license fees needed to sustain hardware and software

    ; Compatibility between old and new versions

    ; Complexity / scale / ambiguity of specifications

    ; Documentation of specifications

    ; Wide acceptance of hardware or software applications

    ; Uniqueness of specification

    ; Use of DRM schemes, encryption, watermarks etc

    ; Ability of staff to use the hardware / software

    ; Presence of embedded metadata in file formats

    ; Whether source code allows copies, extensions, contains objects in other formats, or

    uses external formatting

2.4 Conversion program risks

    Risks created by the conversion program; recurring risks in a large collection of data files; and 3) functionality of the conversion software. (See CLIR guidance

    Risks associated with the Target format. Conversion means a 'before and after' state, where the Source file is converted into a different format, ie the Target file format. Risks include differences of purpose; acceptability of target format; whether users can view or access it; whether functionality is maintained; if there is organisational and developer support for the target format. [CLIR]

3 Risk Management of Digital Information: A file format investigation, WASHINGTON DC, COUNCIL ON LIBRARY AND INFORMATION RESOURCES (June 2000)

    5

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    2.5 Large number of formats in use

    This refers to the question of numbers of formats in use across an institution. Putting it simplistically, 10 different formats in use would probably be less of a risk then 1000 different formats. The D-PAS survey will be able to generate statistical information on this, through analysing the free-text fields recording profiles of the formats.

2.6 Obsolete formats in use

    Part of the technological obsolescence problem. The risk increases based on things like age, dependencies, externalities, rarity, obscurity, and duplication. (It can be addressed by what Cornell University Library refer to as a „normalisation‟ programme).

2.7 Systems risks

    See the CLIR suggestions for systems assessment, mainly to do with the overall state of hardware and software features, any planned upgrades to OS software, and data compression methods. [CLIR]

    3: Organisational risks

3.1 Awareness of assets

    The organisation may not even know what its digital assets are, let alone where they are.

    From the recent JISC Conference in Glasgow, it was rather revealing to learn that most of the other project managers present assumed the DAAT project was only concerned with the contents of the institution's digital repository; whereas Assets could/should mean a lot more. One possible starting point for working towards a definition might be found in the work of the 4eSPIDA Project in Glasgow.

    In their February 2005 report they propose a draft Asset Questionnaire with a general definition:

    For the purpose of this questionnaire 'digital assets' can be broadly defined as research materials, teaching materials, grey literature and working papers, project records and outputs, datasets, websites, etc.

    This questionnaire goes on to probe location of assets, their relative importance, impact to the department if lost, responsibility or management, awareness of institutional policies or strategies, access issues, disposal and preservation. There may even be some overlap of this with the D-PAS questionnaire forms.

    If we can establish a link with eSPIDA, maybe it should be part of our project to direct users there as a first step - ie 'Not sure what your digital assets are - go to eSPIDA'. This project is also using a 'score card' approach as a viable tool to determine the value of a digital asset. Assets of long-term value to the institution, which ensure its survival as an organisational 'business', should also be in scope. This includes assets required for long-term decision making; and anything likely to affect the 'cultural and institutional identity' of the organisation. Within similar category: reuse of digital assets (and not just in an archival sense); one example of Assets changing over time.

    This extends to isolation of digital assets; the organisation‟s assets may not actually be held in a single place, or in the care of one department. Copies may not exist. This risk is embodied in the popular scenario of the academic who keeps all his important theses on his hard drive (or on a 10 year-old floppy).

4 See http://www.gla.ac.uk/espida

    6

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

3.2 Inventory risks

    Inventory of assets may not be meaningful. The Institution may be able to generate sets of directory listings that tell them which files are being stored and preserved. But this inventory may not indicate such RM/archival values as relative importance to the organisation, retention periods, or requirements for permanent preservation. If so, then the inventory won't be giving the information needed to manage the assets.

3.3 Policy risks

    An organisation is very much at risk if there is no Institutional policy for managing assets. Such a policy may not exist, and even if it does exist, there may not be a way of applying it (eg if they lack meaningful inventories). The D-PAS tool would give the best results to an organisation that had joined-up policies between the areas of IT, library, repository, archives, and senior management.

3.4 Costs risks

    Prohibitive costs prevent organisation taking action. Such costs will include insufficient resources for digital preservation, staffing costs, and storage costs.

3.5 Copyright risks

    The UKWAC project has shown that even in taking a 'simple' archive copy of a website, numerous copyright issues need to be negotiated. Copyright issues may prevent access in short-term and long-term; may affect chances of success with preservation.

3.6 Staff/personnel risks

    a) Staff numbers may be insufficient to manage assets over time.

    b) Existing staff may not have sufficient or adequate expertise to manage and preserve

    digital assets.

3.7 Financial risks

    James Currall of the eSPIDA project believes that digital preservation is a fixed-sum game for institutions, in that they will not receive additional funding to undertake digital preservation. This means they will have to make decisions about redirecting money from real research into preservation. This could be a significant organisational risk, especially if Currall's view is accurate and institutions do not receive additional funding for digital asset preservation.

3.8 Risks associated with data users

    A well-defined constituency of data users may not exist; data users may not be stakeholders in the assets. Migration of files to new format will affect their access; user dissatisfaction may be possible.

3.9 Ownership risks, and related support risks

    This refers to ownership of the system or systems used to manage digital assets. With the increasing reliance on bespoke software solutions and external support for these solutions, it‟s worth probing this area.

    7

    Digital Asset Assessment Tool Risk Factors -Version 1 2006-09-29

    The risk rating would be different if the organisation manages the setup themselves, or if it was developed for them by external consultants; and/or they relied on external support. It could certainly increase the risk if the third party support company disappeared.

    8

Report this document

For any questions or suggestions please email
cust-service@docsford.com