Trustworthy Repositories Audit & Certification

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Trustworthy Repositories Audit & Certification (TRAC) is a document describing the metrics of an OAIS-compliant digital repository that developed from work done by the OCLC/RLG Programs and National Archives and Records Administration (NARA) task force initiative.[1]

The TRAC checklist is an Auditing tool to assess the reliability, commitment and readiness of institutions to assume long-term preservation responsibilities. Currently the repository is under the care of the CRL who are utilizing it in several independent projects. The TRAC checklist was superseded in 2012 by the ISO 16363, known as the Trusted Digital Repository (TDR) Checklist.


A diagram of the development of digital repository standards
A diagram of the development of digital repository standards

In 1996 the Consultative Committee for Space Data Systems established a task force that developed OAIS, a high-level model for the operation of archives. OAIS was accepted as ISO 14721 in 2002. The original task force stated that an independent auditing method was necessary to certify OAIS-compliance and thus engender trust. However, despite the lack of certified auditors and auditing metrics, repositories were already implementing OAIS concepts and labeling themselves OAIS-compliant.[2]

Development of OAIS auditing metrics began in 2003. A joint task force of OCLC/RLG and NARA built upon a previous OCLC/RLG project, Trusted Digital Repositories: Attributes and Responsibilities,[3] and wrote the metrics collectively known as Trustworthy Repositories Audit & Certification (TRAC). After the publication of TRAC in 2007, CRL was given the responsibility to carry out test audits using the metrics.

TRAC is the basis of the Trusted Digital Repository (TDR) document that was accepted as ISO 16363 in 2012.[4]


The TRAC metrics are split into three subject groups:

  • Organizational Infrastructure - the repository's administrative, staffing, financial, and legal functions
  • Digital Object Management - the handling of digital objects from ingest to access
  • Technology, Technical Infrastructure, and Security - the technology used to handle ingested objects

A TRAC audit consists of a repository completing the TRAC checklist by citing they fulfill each metric. Metrics can be fulfilled by citing relevant documentation, typical practice, or a combination of both. The TRAC auditors then examine this self-audit. After an on-site visit to discuss any concerns with the provided evidence, the auditors grade the repository on a scale of 1 to 5 for each of the three subject groups.

To retain certification, repositories meet with the auditors within 18 to 24 months for a consultation. After 4 years, the certification expires and the repository must begin a new audit.

See also[edit]


  1. ^ Giaretta, David (2011). Advanced Digital Preservation. ISBN 9783642168086. 
  2. ^ "NARAtions". Retrieved June 21, 2011. 
  3. ^ "Trusted Digital Repositories: Attributes and Responsibilities" (PDF). Retrieved August 1, 2012. 
  4. ^ "September 2011 Magenta Draft of ISO 16363" (PDF). Retrieved August 1, 2012. 

External links[edit]