Page tree
Skip to end of metadata
Go to start of metadata

Trustworthy Digital Repositories Documentation

What is a Trustworthy Digital Repository?

It is extremely important that local infrastructure support the goal of long-term stewardship of important digital objects and information. Trustworthy Digital Repository (TDR) specifications were developed as a standardized means of assuring the readiness of an organization to undertake long-term digital preservation. It looks at all aspects of an institution's infrastructure, in order to anticipate the repository's level of preservation readiness.

The documentation below provides information about the Indiana University Libraries repository infrastructure, organized based on the TDR specification.

Guiding Documents:

ISO 16363: Audit and Certification of Trustworthy Digital Repositories: Recommended Practices

Indiana University Libraries ESS Repository TRAC Documentation

3. Organizational Infrastructure


3.1.1 The repository shall have a mission statement that reflects a commitment to the preservation of, long term retention of, management of, and access to digital information.

*3.1.2 The repository shall have a Preservation Strategic Plan that defines the approach the repository will take in the long-term support of its mission.

3.1.3 The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage and provide access to.


3.2.1 The repository shall have identified and established the duties that it needs to perform and shall have appointed staff with adequate skills and experience to fulfill these duties.


3.3.1 The repository shall have defined its Designated Community and associated knowledge base(s) and shall have these definitions appropriately accessible.

3.3.2 The repository shall have Preservation Policies in place to ensure its Preservation Strategic Plan will be met.

*3.3.3 The repository shall have a documented history of the changes to its operations, procedures, software, and hardware.

*3.3.4 The repository shall commit to transparency and accountability in all actions supporting the operation and management of the repository that affect the preservation of digital content over time.

*3.3.5 The repository shall define, collect, track, and appropriately provide its information integrity measurements.

*3.3.6 The repository shall commit to a regular schedule of self-assessment and external certification.


*3.4.1 The repository shall have short- and long-term business planning processes in place to sustain the repository over time.

*3.4.2 The repository shall have financial practices and procedures which are transparent, compliant with relevant accounting standards and practices, and audited by third parties in accordance with territorial legal requirements.

*3.4.3 The repository shall have an ongoing commitment to analyze and report on financial risk, benefit, investment, and expenditure (including assets, licenses, and liabilities).


*3.5.1 The repository shall have and maintain appropriate contracts or deposit agreements for digital materials that it manages, preserves, and/or to which it provides access.

*3.5.2 The repository shall track and manage intellectual property rights and restrictions on use of repository content as required by deposit agreement, contract, or license.

4. Digital Object Management


*4.1.1 The repository shall identify the Content Information and the Information Properties that the repository will preserve.

*4.1.2 The repository shall clearly specify the information that needs to be associated with specific Content Information at the time of its deposit.

*4.1.3 The repository shall have adequate specifications enabling recognition and parsing of the SIPs.

*4.1.4 The repository shall have mechanisms to appropriately verify the identity of the Producer of all materials.

*4.1.5 The repository shall have an ingest process which verifies each SIP for completeness and correctness.

*4.1.6 The repository shall obtain sufficient control over the Digital Objects to preserve them.

*4.1.7 The repository shall provide the producer/depositor with appropriate responses at agreed points during the ingest processes.

*4.1.8 The repository shall have contemporaneous records of actions and administration processes that are relevant to content acquisition.


*4.2.1 The repository shall have for each AIP or class of AIPs preserved by the repository an associated definition that is adequate for parsing the AIP and fit for long-term preservation needs.

*4.2.2 The repository shall have a description of how AIPs are constructed from SIPs.

*4.2.3 The repository shall document the final disposition of all SIPs.

*4.2.4 The repository shall have and use a convention that generates persistent, unique identifiers for all AIPs.

*4.2.5 The repository shall have access to necessary tools and resources to provide authoritative Representation Information for all of the digital objects it contains.

*4.2.6 The repository shall have documented processes for acquiring Preservation Description Information (PDI) for its associated Content Information and acquire PDI in accordance with the documented processes.

*4.2.7 The repository shall ensure that the Content Information of the AIPs is understandable for their Designated Community at the time of creation of the AIP.

*4.2.8 The repository shall verify each AIP for completeness and correctness at the point it is created.

*4.2.9 The repository shall provide an independent mechanism for verifying the integrity of the repository collection/content.

*4.2.10 The repository shall have contemporaneous records of actions and administration processes that are relevant to AIP creation.


*4.3.1 The repository shall have documented preservation strategies relevant to its holdings.

*4.3.2 The repository shall have mechanisms in place for monitoring its preservation environment.

*4.3.3 The repository shall have mechanisms to change its preservation plans as a result of its monitoring activities.

*4.3.4 The repository shall provide evidence of the effectiveness of its preservation activities.


*4.4.1 The repository shall have specifications for how the AIPs are stored down to the bit level.

*4.4.2 The repository shall have contemporaneous records of actions and administration processes that are relevant to storage and preservation of the AIPs.


*4.5.1 The repository shall specify minimum information requirements to enable the Designated Community to discover and identify material of interest.

*4.5.2 The repository shall capture or create minimum descriptive information and ensure that it is associated with the AIP.

*4.5.3 The repository shall maintain bi-directional linkage between each AIP and its descriptive information.


*4.6.1 The repository shall comply with Access Policies.

*4.6.2 The repository shall follow policies and procedures that enable the dissemination of digital objects that are traceable to the originals, with evidence supporting their authenticity.

5 Infrastructure and Security Risk Management


*5.1.1 The repository shall identify and manage the risks to its preservation operations and goals associated with system infrastructure.

* The repository shall employ technology watches or other technology monitoring notification systems.

* The repository shall have adequate hardware and software support for backup functionality sufficient for preserving the repository content and tracking repository functions.

* The repository shall have effective mechanisms to detect bit corruption or loss.

* The repository shall have a process to record and react to the availability of new security updates based on a risk-benefit assessment.

* The repository shall have defined processes for storage media and/or hardware change (e.g., refreshing, migration).

* The repository shall have identified and documented critical processes that affect its ability to comply with its mandatory responsibilities.

*5.1.2 The repository shall manage the number and location of copies of all digital objects.


*5.2.1 The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.

*5.2.2 The repository shall have implemented controls to adequately address each of the defined security risks.

*5.2.3 The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system.

*5.2.4 The repository shall have suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).

Referenced Examples:

University of Minnesota Digital Preservation Framework

University of Toronto Scholar's Portal ISO16363 Documentation

CLOCKSS TRAC Documentation

  • No labels