ipres2011 - tu wien
TRANSCRIPT
A Capability Model for Digital Preservation
Analyzing Concerns, Drivers, Constraints, Capabilities and Maturities
Christoph BeckerVienna University of Technology
Vienna, [email protected]
Gonçalo Antunes, José Barateiro,Ricardo Vieira
INESC-ID Information Systems Group, Lisbon,Portugal
{goncalo.antunes,jose.barateiro,rjcv}@ist.utl.pt
ABSTRACTThe last decade has seen a number of reference models andcompliance criteria for Digital Preservation (DP) emerging.However, there is a lack of coherence and integration withstandards and frameworks in related fields such as Infor-mation Systems; Governance, Risk and Compliance (GRC);and Organizational Engineering. DP needs to take a holis-tic viewpoint to acommodate the concerns of informationlongevity in the increasingly diverse scenarios in which DPneeds to be addressed. In addition to compliance criteria,maturity models are needed to support focused assessmentand targeted process improvement efforts in organizations.To enable this holistic perspective, this article discusses thequestion of capability maturity and presents a capabilitymodel for DP. We further demonstrate how such an architec-tural approach can be used as a basis to analyze the impactof criteria and metrics from the ISO Repository Audit andCertification standard on stakeholders, concerns, drivers,goals, and capabilities. The analysis presented here shallcontribute to advance the understanding of cross-cuttingconcerns and the dicussion on maturity models in DP.
Categories and Subject DescriptorsH.1 [Information Systems]: Models and Principles; J.1Administrative Data Processing Government; K.6.4 Man-agement of computing and Information Systems
General TermsManagement, Documentation, Design, Standardization
KeywordsOAIS Model, Repository Audit and Certification, Trust,Digital Preservation, Reference Architecture, Standards
1. INTRODUCTIONThe last decade has seen considerable progress in clarify-
ing the boundaries, goals and reference frameworks of DP.
Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee. iPRES2011, Nov. 1–4, 2011, Singapore.Copyright 2011 National Library Board Singapore & NanyangTechnological University
However, the relationships with related key disciplines suchas Information Systems and Information Technology Man-agement are still unclear. DP was originally driven stronglyby the cultural heritage sector. Yet today, it is relevant fororganizations in increasingly diverse business domains, rang-ing from the pharmaceutical sector to eScience and poten-tially any domain where information plays a key role. DP inan information-centric scenario is a cross-cutting capabilityorthogonal to the value chain. It has been increasingly foundof fundamental importance for enabling the actual value de-livery of organizations outside the traditional memory sec-tor. DP operations are support functions to organizationsthat manage information and often intersect with informa-tion, services and technology across entire enterprises.
In the domain of DP, reference models for archival systemsand corresponding compliance criteria have been developed.However, the general perspectives of fields such as Enter-prise Architecture, Information Systems, and Governance,Risk and Compliance have not yet been fully considered.This poses a substantial barrier to increasing the recognitionof DP in the mainstream fields of Information Systems andInformation Technology. Furthermore, it has the effect thatresearch in DP is often neglecting the conceptual modelsand powerful design techniques in fields such as Organiza-tional Engineering, Software Engineering, and InformationSystems.
The ISO 16363 standard is refining compliance criteria forrepositories based on the OAIS Reference Model. The riskassessment method DRAMBORA1 provides a catalogue oftypical risks in DP environments [22]. These standards weredeveloped specifically for traditional DP scenarios. Their fo-cus on providing a system to address the DP problem as awhole makes it difficult to apply them in non-traditional DPsettings. They deliver some guidance on compliance criteriato be met, but do not provide effective mechanisms for gov-ernance and control, or clear guidance on how to improvethe processes of an organization with particular considera-tion of DP concerns. However, DP is becoming increasinglya concern in non-traditional environments, where the orga-nizational environment may not be well suited for employinga DP system such as an OAIS-based approach, but insteadrequires an incorporation of DP abilities into the organiza-tional and technological system, alongside existing processesand capabilities.
In this paper, we present a capability model for digitalpreservation that is based on established architectural prin-ciples and frameworks. We analyze this capability model
1http://www.repositoryaudit.eu/
1
from two perspectives. First, we discuss a capability ma-turity model based on CMMI and a method of assessingcapability maturity for operational preservation. Second,we discuss the impact that criteria for trustworthy reposi-tories as defined in ISO 16363 have on specific capabilities.The analysis presented shall be contributing to a clarificationof maturity models in the field as well as an improved un-derstanding in the implications that regulatory constraints,business drivers, and organizational goals have on organiza-tional processes in the domain of DP.
This paper is structured as follows. Section 2 outlines re-lated approaches and standards in the areas of DP, GRC,and Enterprise Architecture. Section 3 presents a capabilitymodel relating stakeholders and their concerns to drivers andconstraints, goals, and capabilities. Section 4 discusses a ma-turity model for preservation operations. Section 5 relatesthe capability model to criteria for trustworthy repositoriesand illustrates the possibilities for analysis in organizationalenvironments on a case study. Finally, Section 6 draws con-clusions and gives an outlook on current and future work.
2. RELATED WORKDigital preservation is a problem with many facets. It
essentially surfaces in any organization that has to man-age information over time. However, initiatives on digitalpreservation have been strongly driven by memory insti-tutions and the cultural heritage sector [31]. The OAISReference Model [16] describes an information model anda conceptual model of key functional entities. It includes ahigh-level contextual view of an archival organization and itskey stakeholders, and has provided a common language forthe domain. However, it is difficult to reconcile these viewswith scenarios where different systems are in place, where re-lated concerns may overlap with DP concerns and processes.This may for example occur in organizations where an Elec-tronic Records Management System or an Enterprise Con-tent Management System is in place. Key models in RecordsManagement are the ”Model Requirements for Records Sys-tems’ (MoReq2010) [12] and ISO 15489 [17]. Moreq2010specifies functional requirements for an Electronic RecordsManagement System and covers wide spectrum of aspectsin hundreds of requirements statements. The PreservationMetadata Implementation Strategies (PREMIS) working groupmaintains a data dictionary for DP that contains intellectualentities, objects, rights, events, and agents [26] in a techni-cally neutral model.
The ‘Trusted Digital Repositories: Attributes and Re-sponsibilities’ report [27] (TDR) was a key milestone to-wards the standardization of criteria catalogs for trustwor-thy repositories. With the goal of providing audit and cer-tification facilities, the Repositories Audit and CertificationCriteria (RAC) are currently undergoing ISO standardiza-tion. They describe criteria for trustworthiness in the ar-eas of Organizational Infrastructure; Digital Object Man-agement; and Technologies, Technical Infrastructure, andSecurity [10, 19].
While these reference models deliver some guidance oncompliance criteria to be met, they do not describe effectivemechanisms for governance and control nor guidelines onimplementation and improvement. However, they describetypical stakeholders and their goals and interests; recurringregulatory drivers and constraints; contractual structures,roles, and interaction patterns; solution practices and build-
ing blocks; and value propositions. As such, they are invalu-able sources of domain knowledge.
DP problems, systems, and organizational concerns re-quire a holistic, integrated view that combines aspects of or-ganizational processes, contextual concerns, regulatory com-pliance and IT with systemic approaches for governance andcontrol. These viewpoints are a stronghold of Enterprise Ar-chitecture (EA). The discipline of EA models the role of in-formation systems and technology on organizations in a sys-tem architecture approach [15] in order to align enterprise-wide concepts, business processes and information with in-formation technology and information systems. The coredriver is planning for change and providing self-awarenessto the organization in a holistic way [29]. The Zachmanframework is a very influential early EA approach [32]. Itdescribes the elements of an enterprise’s systems architec-ture in a table where each cell is related to the set of mod-els, principles, services and standards needed to address aspecific concern of a specific stakeholder. The leading EAframeworks today are The Open Group Architecture Frame-work (TOGAF) [29] and the Department of Defense Archi-tecture Framework (DODAF) [11].
IT Governance focuses on “the leadership, organisationalstructures and processes that ensure that the enterprise’s ITsustains and extends the organisation’s strategies and ob-jectives” [8]. A widely known framework is COBIT: ControlObjectives for IT. It provides a thoroughly defined processmodel linking resources, activities, processes and goals. Oneof the core concepts in Governance and Process Improve-ment is the idea of process maturity. It has been demon-strated that formal maturity models such as the Capabil-ity Maturity Model Integration (CMMI) are powerful toolsfor targeted improvement of processes based on quantitativeassessment [14]. COBIT states that ”... maturity model-ing enables gaps in capabilities to be identified and demon-strated to management. Action plans can then be developedto bring these processes up to the desired capability targetlevel” [8]. These target levels are defined in correspondenceto the Software Engineering Institute’s CMMI [7, 14] as (0)Non-existent, (1) Initial/Ad-Hoc, (2) Repeatable but Intu-itive, (3) Defined, (4) Managed and Measurable, and (5)Optimized [8]. The maturity of processes is analyzed in thecapability dimension, but not in the coverage and control di-mensions. However, COBIT provides powerful controls formeasuring processes both internally and externally throughprocess and activity metrics and goal fulfillment. These con-cepts can be leveraged for preservation processes [3].
A recent analysis in the DP domain applied IBM’s Compo-nent Business Model approach to relate DP-related businesscomponents to business areas with common objectives andevaluated the alignment of organizational structures withchanging requirements of collections management and digi-tal preservation [30]. The first SHAMAN Reference Archi-tecture (SHAMAN-RA) presented in [2] has strong founda-tions in EA. However, it does not explicitly take existingdomain knowledge and reference models into account in adegree sufficient to enable their transparent convergence.Based on these observations, recent work accommodatedand explicitly expressed DP domain knowledge in the frame-work of an established Enterprise Architecture approach [1]and integrated DP capabilities with IT Governance [3]. Thework presented here advances this by introducing a detailedcapability model for preservation capabilities, specifying ca-
2
Figure 1: Using TOGAF to blend Reference Models into the SHAMAN Reference Architecture.
pability maturities for operative preservation, and analyzingthe relationships between compliance criteria, drivers, stake-holders’ concerns, and capabilities.
3. DIGITAL PRESERVATION CAPABILITIESThe main goal of a Reference Architecture is to provide
a process from which concrete architecture artifacts can bederived [2]. The architecture described in [1, 3] is stronglybased on TOGAF and combines it with key concepts of theBusiness Motivation Model (BMM) [24]. It is centered onthe concept of capabilities. Note that a capability is fun-damentally different from a system function or a process.It is instead viewed as a goal-oriented concept. A capabil-ity in TOGAF is an ‘ability that an organization, person,or system possesses. Capabilities are typically expressed ingeneral and high-level terms and typically require a combi-
nation of organization, people, processes, and technology toachieve’ [29].
A successful architecture has to correctly reflect the con-cerns of the stakeholders of the system, from end users todevelopers, providing answers to whatever pertinent ques-tions they might have. Typical digital preservation concernsinclude diverse aspects such as system end-usage, manage-ment, compliance, operations, and solutions.
A capability model for DP needs to be inherently indepen-dent of the business domain and, in particular, independentof the organizational scenario in which DP is deployed. Itshould be applicable equally to a traditional archival orga-nization as to a business organization that is adding DP asa support capability to its primary business capabilities. Itshould further support organizations in answering criticalquestions such as ‘What is the impact of a certain regula-tory constraint? How can it be addressed?’ and ‘How can
3
we assess our processes and abilities against best practices?How can we develop targeted strategies for improvement?’.
The TOGAF Architecture Development Method (ADM)is the core component of TOGAF. It provides a systematicframework for developing an enterprise architecture. It iscentered around requirements management and provides acontinuous process for addressing contextual concerns andchanging requirements to ensure the organization’s businessand IT needs are met.
We leverage the ADM to accommodate domain-specificconcerns represented in DP knowledge bases and referencemodels. Following the ADM’s first two phases, Preliminaryand Architecture Vision, this requires a number of analyticalsteps to consolidate DP reference models, contextualize aDP architecture, model DP capabilities, and create a DParchitecture vision [1].
Figure 1 illustrates the key elements of the Reference Ar-chitecture. The cyclic ADM workflow picture in the topcenter serves as the catalysator process into which DP do-main knowledge and reference models are fed. These providethe architecture context [1], guided by standards and bestpractices in areas such as Information Systems; GRC; Orga-nizational Engineering; Enterprise Architecture; and Soft-ware Engineering. Additional sources were considered, butspace constraints prevents a full discussion of domain knowl-edge sources and their representation on the diagram. Theresult of our analysis is a capability-based Reference Archi-tecture for DP that relates stakeholders and their concernsto the relevant drivers and constraints, and connects this todesired goals and required capabilities. The core conceptsand their definitions and relationships are given in the bot-tom of Figure 1. The Reference Architecture can be usedto derive concrete architectures in diverse scenarios whereDP is of concern. For any concrete instantiation, additionalsituation-specific concerns are integrated and reconciled toproduce a specific architecture by relying on the ADM pro-cess model. While previous discussions of this model focusedon the high-level relations between the capabilities and theirintegration within an organization [1, 3, 4], we will focus hereon the detailed component capabilities of preservation andspecify a maturity model for preservation operations. Wefurther outline performance measures that can be used toassess the maturity and performance of organizational ca-pabilities along a number of dimensions.
From the analysis of the DP references, several stakehold-ers were identified. Stakeholders with end-usage concerns in-clude the Producer/ Depositor and the Consumer stakehold-ers, which are identical in definition to the OAIS Producerand Consumer roles. The Producer/ Depositor stakeholderis the entity responsible for the ingestion of the objects tobe preserved. Typically, its concerns include: the deposit ofobjects along with whatever additional data required, in ac-cordance with negotiated agreements/contracts; assuranceof access rights to the objects; assurance of the authenticityof provenance of the deposited objects; and preservation ofthe objects and associated rights beyond the lifetime of therepository. The Consumer stakeholder represents users ac-cessing the preserved objects, with a potential interest in itsreuse and a certain background in terms of knowledge andtechnical environment. Its concerns include the access tothe preserved objects in accordance with negotiated agree-ments/contracts, and the correspondence of the retrievedcontent to its needs in terms of understandability and au-
thenticity. Other identified stakeholders include Manage-ment, a generalization of all management stakeholders con-cerned with ends and means. Specializations of the Manage-ment stakeholder include the Executive Management, Repos-itory Manager, Technology Manager, and Operational Man-ager. Stakeholders with compliance concerns include theRegulator and the Auditor. Operational concerns are sharedbetween the Repository Operator and Technology Operator.Finally, stakeholders with solutions-related concerns includethe System Architect and the Solution Provider.
The analysis of stakeholders’ concerns, typical compliancerequirements, domain models and other sources of knowl-edge enables an analysis of the main influencers that havean impact on the setting of organizational goals in digitalpreservation. Such influencers can be either drivers or con-straints. The key distinction made between these influencersis between internal and external influencers. These influ-encers in turn drive and constrain an organization’s defi-nition of high-level goals, i.e. the desired results that anorganization wants to achieve. Such goals strongly relate tostakeholders’ concerns such as the user community’s percep-tion of content’s authenticity, and require certain abilities in-side the organization to achieve corresponding outcomes. Adetailed discussion and categorization of DP drivers, an as-sessment of possible constraints (through external drivers),and an analysis of exemplary DP goals and their associatedKey Performance Indicators is described in [1].
The organization’s stakeholders, concerns, and goals inturn drive the clarification of its value chain definition and,finally, the specification of the abilities that it needs to achieveits stated goals. Figure 2 shows the high-level capabilitymodel. Capabilities are grouped into governance capabili-ties, business capabilities and support capabilities. In gen-eral, governance capabilities control business and supportcapabilities; business and support capabilities inform gover-nance capabilities; and business capabilities depend on sup-port capabilities. These high-level capabilities are describedin [4]. The core business capability of DP in this modelis Preserve Contents – the ‘ability to maintain contentauthentic and understandable to the defined user commu-nity over time and assure its provenance’ [1]. This is at theheart of DP, it addresses the core requirement of authentic-ity, understandability and provenance. This core capabilityis composed of two capabilities: Preservation Planning andPreservation Operation. Preservation Planning is ‘theability to monitor, steer and control the preservation opera-tion of content so that the goals of accessibility, authenticity,usability and understandability are met with minimal oper-ational costs and maximal (expected) content value. Thisincludes managing obsolescence threats at the logical levelas the core risk affecting content’s authenticity, usability andunderstandability’[3].
Preservation Planning consists (at a minimum) of the ca-pabilitiesPlanning Operational Preservation andMon-itoring. Planning Operational Preservation is the ability tomake drivers and goals operational, i.e. define objectives andconstraints represented by decision criteria, and assess op-tions against these criteria to deliver efficient decisions andoperational plans. It is composed of a number of componentcapabilities:
1. Influencers and Decision Making : The ability to makedrivers and goals operational, i.e. define objectivesand constraints represented by decision criteria, and
4
Figure 2: Capability Relations for Preserve Contents. Relations can be inform, control, include, depend on.
assess options against these criteria to deliver efficientdecisions and operational plans.
2. Options diagnosis: The ability to gather informationabout available options, i.e. measures correspondingto a set of criteria.
3. Specification and Delivery : The ability to specify ac-tions and directives in an understandable form anddeliver it to operations (to prepare the deployment ofplans).
The second planning capability, Monitoring, is the abilityto monitor operations (in particular the execution of plans)and the environment, i.e. the ability to monitor all influ-encers having a potential impact on plans to ensure confor-mance of results to expected outcomes and notify the deci-sion making capability (Planning Operational Preservation)of a change that requires assessment. It is composed of
1. Internal Monitoring : The ability to monitor opera-tions for certain properties of interest, which includeoperations specified by plans and operational attributesof the system, i.e. internal influencers. Internal in-fluencers of interest include (but are not necessarilylimited to) operational statistics about the executionof delivered plans, operational statistics about contentdissemination, and user feedback about satisfactionwith respect to user access requirements.
2. External Monitoring : The ability to monitor externalinfluencers of interest through the corresponding gov-ernance capabilities. External influencers include (butare not necessarily limited to): Technological opportu-nities for improving achievement of goals (through ITGovernance); Technology correspondence (as an indi-cator of impending obsolescence, misalignment to useraccess requirements) (through IT Governance, Dissem-inate Content, Acquire Content); User community shifts(through Community Relations); Access requirements(through Disseminate Content); and Regulations (throughMandate Negotiation, Compliance).
Preservation Operation is ‘the ability to control the de-ployment and execution of preservation plans. This includesanalysing content, executing preservation actions and ensureadequate levels of provenance, handling preservation meta-data, conducting Quality Assurance, and providing reportsand statistics, all according to preservation plans. Preserva-tion Actions are concrete actions (usually implemented bya software tool) performed on content in order to achievepreservation goals. For example, a migration of content to a
different format using a certain tool in a certain configura-tion and environment’[3]. Preservation Operation is in turncomposed of six component capabilities:
1. Analysis: The ability to measure properties of rele-vance in the content and document them in under-standable form.
2. Action: The ability to execute preservation actions inorder to actively preserve content according to preser-vation plans
3. Quality Assurance: The ability to deliver accurate mea-sures that quantify the equivalence of performances(renderings) of preserved content by measuring prop-erties of renderings/performances and comparing themto each other to measure their equivalence correspond-ing to requirements.
4. Preservation Metadata: The ability to read, under-stand and write appropriate preservation metadata cor-responding to chosen standards.
5. Plan Deployment : The ability to receive plans fromPlanning and deploy them to an operational environ-ment.2
6. Reporting and Statistics: The ability to produce docu-mentation of activities in an adequate and understand-able form (for monitoring and auditing).
Each of these component capabilities can be measuredalong a number of metrics. Options Diagnosis, for instance,can be measured along the following dimensions:
• Completeness: Measures are delivered for all optionsand each criterion.
• Correctness: All measures are correct.
• Timeliness: All measures are delivered in a certaintime frame.
Similarly, the Monitoring capabilities can be tracked forcompleteness, correctness, timeliness and currentness.
On the operations side, performance indicators for Actionswill include
• Completeness: Successful execution of all actions de-ployed as part of a plan.
2Technically, this may result in a set of operations poten-tially combining analysis, actions, QA, metadata, and re-porting, all of which may be specified by the plan. Exe-cution of the plan may require a combination of services,orchestration, and processes involving human intervention.
5
• Provenance: Delivery of complete audit trails to ensureprovenance for every action executed.
• Results documentation: Delivery of complete informa-tion about the correspondence of action results to ex-pected results.
• Operations documentation: Delivery of complete in-formation about the state of operations at any pointin time.
Metrics for Reporting and Statistics will generally includethe following.
• Timeliness: Reports and statistics are delivered withina certain time frame after requested.
• Currentness: Reports and statistics always show up-to-date information, i.e. delay is below certain thresh-old.
• Completeness: Reports and statistics contain all rele-vant information about all operations.
• Relevance: Reports and statistics contain minimumunnecessary information.
• Correctness: Information reported is correct.
• Understandability: Reports and statistics are under-standable by all consuming entities.
Clearly, the exact metrics that are available and mean-ingful in a concrete environment will depend on the orga-nizational processes and tools available. Furthermore, themetrics described above are oriented towards an internalmeasurement of capabilities, and as such need to be comple-mented by external measures related to goal achievement.For example, the core goal of delivering authentic, under-standable, and usable content to the user community canbe associated with a KPI such as ‘Percentage of transforma-tional object properties preserved by actions as denoted byuser feedback and/or QA measures in comparison to guar-antees provided by specified SLAs’ [1]. A specification of therelationships between these process metrics and the associ-ated outcomes of capabilities measured in KPIs is neededto achieve full control over preservation processes. However,apart from goal achievement and process metrics, capabili-ties can also be analyzed on a more abstract level for theirmaturity.
4. A MATURITY MODEL FOR PRESERVA-TION OPERATIONS
Focusing on strategic process and capability improvementrather than formal certification of processes, COBIT pro-vides maturity level specifications for each process along anumber of dimensions similar to [18]. We can thus assess thematurity of the Preservation Operation capability on the di-mensions (1) Awareness and Communication, (2) Policies,Plans and Procedures, (3) Tools and Automation, (4) Skillsand Expertise, (5) Responsibility and Accountability, and (6)Goal Setting and Measurement.
Table 1 defines criteria for the Preservation Operationcapability for each maturity level and dimension. Similarcriteria have been specified for Preservation Planning else-where [3]. As an illustrative example, consider an organiza-tion with the following diagnosis on their preservation op-erations: Management is aware of the role of operations forauthenticity and provenance, and there is a defined process
for operations. This process includes all activities (actions,analysis, Quality Assurance, Metadata, and Reporting), andit relies on standardized plans. These plans are generallydeployed according to specifications, but the deployment andoperation is a mostly manual process of initiating operationsas far as they are concretely specified by these plans. QAand metadata management is not driven by plans, and itdoes not seem to be aligned with business goals. There areguidelines about statistics and reporting procedures, but nointegrated system exists for tracking the state of operationsand the results of actions, and no formal metrics have beendefined. Several automated tools are employed in differentprocesses. However, the processes and rules used are de-fined by the availability of components and services and thelevel of skills of the people running these processes. A for-mal training plan has been developed that defines roles andskills for the different sets of operations, but all training is infact still based on individual initiatives and not continuouslymanaged.
Assessing the organization’s capability along the dimen-sions outlined above, it can be considered to be on the De-fined level for all dimensions. Considering the skills andexpertise set in the example above, we can verify that staffhas operational skills and a formal training plan was devel-oped. The absence of formal responsibility and accountabil-ity plans, however, increases the organization’s dependencyon specific people, which increases the severity of losing keystaff trained on individual initiatives and not continuouslymanaged. Notice that in reality, processes will generallybe on different maturity levels for varying dimensions [3].Awareness and Communication, for example, often precedesautomation and tool support.
This type of capability assessment provides an internalbenchmarking of the quality of processes in several dimen-sions. The analysis provides organizations with a decisionsupport mechanism to prioritize actions to improve the qual-ity of their capabilities (what and how can be improved). Onthe other hand, we must recognize the existence of depen-dencies between distinct capabilities, as shown in Figure 2.For instance, Preservation Operation informs PreservationPlanning, but depends on other capabilities. Thus, to sys-tematically improve the performance and maturity level ofspecific capabilities, we also need to consider the quality ofrelated capabilities and understand the dependencies andthe relations between internal process metrics and externaloutcome indicators.
5. ANALYZING CONSTRAINTS, GOALS ANDCAPABILITIES
When an organization intends to analyze the impact ofpolicies, external influencers and regulatory compliance con-straints, it is often unclear which areas are concerned, andhow to represent the impact (and measure the fulfillment)of certain influencers. In particular the interplay betweendrivers and constraints and their accumulated impact on re-quired processes and functions is difficult to assess.
A core strength of an EA-based approach is the clear def-inition and separation of concerns and the traceability thatit provides for impact assessment of changes. Arising con-straints and drivers can be assessed with respect to the ef-fects that they cause on concerns, goals and capabilities.Relying on the conceptual model outlined above, these canthus be addressed along the following dimensions.
6
Awareness and Commu-nication
Policies, Plans and Proce-dures
Tools and Automa-tion
Skills and Expertise Responsibilityand Accoun-tability
Goal Setting andMeasurement
1 Management recognizesthe need for preservationoperations. There is in-consistent and sporadiccommunication.
Some operations are carriedout, but they are not con-trolled. No useful documen-tation is produced about pro-cedures and actions.
Some tools may beemployed by individu-als in an unsystematicad-hoc manner.
There is no commonawareness of whichskills and expertiseare required for whichtasks.
There is no com-mon awareness ofresponsibilities.
There is no clearawareness of goals;operations solelyreact to incidents andare not tracked.
2 Management is aware ofthe role of operationsfor authenticity andprovenance. No formal re-porting process exists, butthere is some documenta-tion about process results.Reports are delivered byindividuals.
Some operational proceduresemerge, but they are infor-mal and intuitive. Opera-tions rely on individuals; dif-ferent procedures are followedwithin the organization. QAis recognized as a process, butmostly carried out ad-hoc andmanual.
Automated tools arebeginning to be em-ployed by individu-als based on arisingneeds and availability.Their usage is unsys-tematic and incoher-ent.
Staff obtain their oper-ational skills throughhands-on experience,repeated application oftechniques and informaltraining by their peers.
Responsibilityfor operationsemerges, but isnot documented.Accountability isnot defined.
There is individualawareness of short-term goals to achievein operations, but noconsistent goal defini-tion or measurement.
3 Management understandsthe role of operationsfor authenticity andprovenance. There areguidelines about statisticsand reporting proce-dures, but they are notconsistently enforced.
There is a defined processfor all operations that re-lies on standardized plans.The processes and rules usedare defined by available com-ponents, services and skills.QA and metadata manage-ment are not driven by busi-ness goals.
Plans are deployedaccording to spec-ifications, but theprocess of initiat-ing operations ismostly manual. Nointegrated systemexists for tracking thestate and results ofoperations.
A formal training planhas been developed thatdefines roles and skillsfor the different setsof operations, but for-malized training is stillbased on individual ini-tiatives.
Responsibilityfor operationsis assigned, butaccountability isnot provided forall operations.
Operational goalsare specified, but noformal metrics aredefined. Measure-ments take place, butare not aligned togoals. Assessmentof goal achievementis subjective andinconsistent.
4 Management fully under-stands the role of opera-tions for authenticity andprovenance and how theyrelate to business goalsin the organization. Re-porting processes are fullyspecified and adhered to.
Plans are fully deployed asoperational activities, andthe compliance of all opera-tions to goals and constraintsspecified in plans is fullymonitored. All Operationsare actively monitoring stateof operations.
An automated systemexists to controlautomated opera-tions, and automatedcomponents arewidespread, yet notfully integrated.
Required skills and ex-pertise are defined forall roles, and formaltraining is in place.
Responsibilityand account-ability for alloperations isclearly definedand enforced.
A measurement sys-tem is in place andmetrics are alignedwith goals. Com-pliance monitoring issupported and com-pliance enforced in alloperations.
5 Operations are continu-ously improving. An inte-grated communication andreporting system is fullytransparent and operatesin real time.
Extensive use is being madeof industry good practicesin plan deployment, analysis,actions, metadata, QA, andreporting.
All operations arefully integrated,status is constantlyavailable in real-time.
Operators have theexpertise, skills andmeans to conduct alloperations. Continuousskills and expertiseassessment ensures sys-tematic improvement.
A formal respon-sibility and ac-countability planis fully traceableto all operations.
Compliance is con-stantly measured au-tomatically on all lev-els. Continuous as-sessment drives theoptimization of mea-surement techniques.
Levels: 1: Initial/Ad-Hoc, 2: Repeatable but Intuitive, 3: Defined, 4: Managed and Measurable, 5: Optimized [8]
Table 1: Maturity Levels for the capability Preservation Operation
• Stakeholders concerned : Which are the stakeholderswhose interests and viewpoints are affected by the in-fluencer? How will it change their view of the world?
• Concerns addressed : Which concerns will need to con-sider the exact implications of the influencer? Do theKey Questions accurately reflect these considerations?Is it possible to model the influencer and its impact inthe defined viewpoints and perspectives that representthe concerns?
• Drivers involved : Which organizational drivers are in-volved? What is the combined effect of a regulatoryconstraint and a business driver on the organizationalgoals?
• Goals impacted : Which organizational goals may beaffected by an influencer, and how?
• Capabilities affected : Which capabilities will need toconsider the effect of the influencer in order to be suc-cessfully achieving their stated goals? How can theyaccommodate this influencer?
• Metrics applicable: Which Key Performance Indica-tors need to be tracked to detect the exact effect of aninfluencer on the organization’s achievement of goals?Which metrics can be used to assess capabilities? Howmature are our capabilities?
Consider the case of RAC 4.1.1, The repository shall iden-tify the Content Information and the Information Propertiesthat the repository will preserve. This is part of 4.1 Ingest:Acquisition of Content. Based on the capability-centeredReference Architecture, it becomes possible to analyze theimpact of a regulatory or organizational constraint along thelines outlined above:
• Stakeholders concerned : The primary stakeholders con-cerned include Producer/ Depositor; Consumer; and
Management. However, the Repository Operator andthe Solution Provider may be involved, depending onthe organization’s process model and the decisions takenby Management.
• Concerns addressed : Focusing on the OAIS-relatedstakeholders, the concerns addressed include (Key Ques-tions in brackets):
1. Producer/Depositor: Authenticity and Provenance.Content provided is authentic and has completeprovenance. (What kinds of guarantees will therepository provide to assure me the authenticityand understandability of my objects? Will com-plete provenance information be provided withthe disseminated content, so that the providedobjects be traceable to the original?)
2. Consumer: Content. The information retrievedis authentic, understandable and corresponds tomy needs. (Will the domain knowledge that Ihave be sufficient to access and understand thecontent? Will the objects be corresponding tomy queries, authentic, compatible to my technicalenvironment, and understandable?)
3. Management: Mandate, Mission, Policies and Com-pliance. The governance of the mandate, the com-mitment of the organization to digital preserva-tion, may it be for business needs, legal, or leg-islative reasons; and corresponding compliance.This includes certification and succession plan-ning. (Is the mandate adequate, well-specifiedand appropriately accessible? Is the organizationable to fulfill the mandate? Does the organizationpossess all the required contracts regarding suc-cession planning and escrow agreements? Is theorganization compliant to external regulations?
7
Figure 3: Business drivers and compliance to ISO RAC and MoReq2010: Content Acquisition at the CML.
Does the organization possess necessary certifi-cations?)
• Drivers involved : The external drivers and constraintsinvolved include (at least) access contracts; depositcontracts; supplier contracts; and the user commu-nity’s knowledge, technology, and demand satisfaction.The internal drivers include organizational capabili-ties, resources (staff expertise and qualifications, ex-isting software and costs) and the business vision.
• Goals impacted : The combined impact of these on thegoals depends on the business vision, but will have atleast an impact on the targeted level of fulfillment interms of authenticity.
• Capabilities affected : Correspondingly, a number of ca-pabilities will be affected: For example, the capabilityCommunity Relations may be required to consult andnegotiate with communities about levels of informationproperties preserved. Similarly, Preservation Planningwill need an understanding of the information proper-ties to preserve, a reliable method for assessing thefulfillment of the goals derived from these, a methodfor evaluating potential ways of preserving all prop-erties, and the ability to specify them for operationalpurposes. Preservation Operation, in turn, will needappropriate means for Analysis, Actions, and QualityAssurance that are aligned with the content that thearchive has to deal with.
• Metrics applicable: Finally, the metrics that can betracked can be deduced from the component capabili-ties affected. For example, they will include the met-rics mentioned in Section 3, such as completeness andcorrectness of Options Diagnosis. Furthermore, exter-nal KPIs can be used to measure outcomes, and capa-bilities can be assessed for their maturity levels. All ofthese metrics can be used to assess compliance to theoriginal regulatory constraint as specified in RAC, andused as targets to improve organizational capabilities.
As a simplified visual illustration, Figure 3 shows a real-world case where RAC 4.1.1 intersects with a business driver.The municipality of Lisbon (CML) is in the process of in-tegrating the software Documentum3 with a set of businessworkflows for a wide range of organizational entities, includ-ing the Municipal Archives. In this process, Records Man-agement concerns overlap with DP concerns and a numberof specific drivers of organizational change. Generic high-level DP goals as outlined in [1] are pictured at the bottom.Relevant business drivers to be addressed are shown on thetop. These include long-term authenticity and provenance,as well as a need for evidence-based proof of effectiveness.Selected constraints posed by RAC and Moreq2010 are listedon the left. The right side shows indicators that can betracked externally and internally to exercise control basedon a quantative assessment. The related constraints, drivers,capabilities, maturities, capability metrics, goals, and KPIsare shaded in gray.3http://www.emc.com/domains/documentum/index.htm
8
Capabilities 4.1 Ingest:Acquisitionof Content
4.2 Ingest:Creation ofthe AIP
4.3 Preser-vation Plan-ning
4.4 AIPPreserva-tion
4.5 Informa-tion Manage-ment
4.6 AccessManage-ment
Governance
Compliance A A A A A ACommunity Relations S S S SCertificationMandate Negotiation ABusiness ContinuitySuccession PlanningIT Governance A A A A A AManage Risks A A A A A A
Busin
ess Acquire Content R R
Secure Bitstreams S S SPreserve Content- Preservation Planning S S R S- Preservation Operation S S R SDisseminate Content S R
Support Data Management S S S
Manage InfrastructureManage HRManage Finances
Table 2: High-level capabilities (A)ware of, (R)esponsible for or (S)upporting RAC criteria in group 4
The increasing move towards email deposit intersects withRAC 4.1.1, since the significant properties that will be pre-served need to be decided. This is a typical task for preser-vation planning, which will require a clear documentationof decision factors and the ability to diagnose possible op-tions for email preservation to decide on a feasibility andlevel of authenticity that can be guaranteed. On an opera-tional level, this requires processes and tools for email anal-ysis and quality assurance for potential preservation actions.The affected component capabilities can be assessed alongthe measures outlined above, while Preservation Planningand Preservation Operation can be assessed for capabilitymaturity. On the level of end-user results, i.e. business out-comes, Key Performance Indicators can be used to track goalachievement from an external perspective.
Table 2 summarizes the impact of each group of RAC cri-teria in section 4 (Digital Object Management) on the capa-bilities. Essentially, a criterion can be (part of) the primaryresponsibility of a capability, or a capability may be indi-rectly required to support the fulfilment. For example, oper-ational verification of content integrity as requested in RAC4.2 – which is primarily concerned with Ingest – requires fix-ity checks, which are part of Data Management. Finally, cer-tain capabilities may need to be aware of compliance criteriato be successful in their mission. For example, Complianceis affected by all constraints – since its mission is to ‘verifythe compliance of operations and report deviations’ [4], itwill need to be aware of all compliance constraints. Thisapplies a priori to Governance, Risk and Compliance, but isalso required in other areas. In this sense, it is interesting tosee how certain groups of criteria have an impact beyond theobvious one that refers to the directly responsible capability.For example, the criteria listed in section 4.1 influence notonly the Acquire Content capability, but also others, such asthe business capability Secure Bitstream. This is caused by‘4.1.6 The repository shall obtain sufficient control over theDigital Objects to preserve them.’ [19], which makes directreferences to bitstream preservation.
The compliance with RAC criteria will also have an im-pact on the maturity level of capabilities. However, thisis dependent on the way that compliance is achieved. Forinstance, RAC 4.1.5, The repository shall have an ingestprocess which verifies each SIP for completeness and cor-rectness, may influence the maturity levels for the Policies,
Plans and Procedures dimension of the Acquire Content ca-pability. Depending on the way compliance is monitored,it can also impact the Tools and Automation dimension, ifthe verification is automated. Other dimensions will be im-pacted as well, although indirectly.
6. DISCUSSION AND OUTLOOKThe Reference Architecture that forms the basis of this
article is an Enterprise Architecture-based approach thatenables the accommodation of digital preservation concernsin the overall architecture of an organization. For that, acapability-based model of preservation was derived from es-tablished digital preservation key references and best prac-tices from related fields. This included in-depth analysisof the stakeholders of the domain, their concerns, goals,and influencers (drivers and constraints). The result is amultidimensional view on the domain concepts covered inthese key references. The approach taken with this Ref-erence Architecture enables the transfer of DP know-howinto a nontraditional repository-based DP scenario, since itis itself agnostic to concrete scenarios. In other words, thiscapability-based approach can deliver value to organizationsin which the preservation of contents is not a main businessrequirement, but required to enable actual delivery of valuein the primary business.
The specification of internal process metrics and externalmetrics measuring the achievement of certain goals by eachcapability through KPIs represents an essential step towardsa quantified control mechanism that can be used effectivelyto exercise control and govern capabilities [3].
The approach provides a powerful tool to enable respon-sible stakeholders to analyze the impact of compliance reg-ulations and constraints on their systems’ architecture re-quirements and their organizational capabilities. It can fur-thermore be used to assess capability maturity and processmaturity to enable focused improvement of key areas. Itthus enables organizations to improve maturities by con-sidering the impact that compliance requirements have onorganizations’ capabilities and processes. Based on a ma-turity assessment, an organization can target a capabilityincrement to improve its capabilities and their maturitiesby undergoing a change initiative to increase performancefor a particular capability [29].
Current work is focused on moving forward in the TOGAF-
9
ADM cycle to derive a contextualized Business Architecturefor a concrete real-world scenario, and conducting a full-depth analysis of the combined implications of constraintscoming from the domains of DP and Records Managementin a real-world case. This furthermore sets the grounds fora full maturity model on all capabilities.
AcknowledgmentsThis work was supported by FCT (INESC-ID multi-annualfunding) through the PIDDAC Program funds and by theprojects SHAMAN and SCAPE, funded under FP7 of theEU under contract 216736 and 270137, respectively.
7. REFERENCES[1] G. Antunes, J. Barateiro, C. Becker, R. Vieira, and
J. Borbinha. Modeling contextual concerns inEnterprise Architecture. In Fifteenth IEEEInternational EDOC Conference, Helsinki, Finland,August 29 - September 2 2011.
[2] G. Antunes, J. Barateiro, and J. Borbinha. Areference architecture for digital preservation. In Proc.iPRES2010, Vienna, Austria, 2010.
[3] C. Becker, G. Antunes, J. Barateiro, R. Vieira, andJ. Borbinha. Control Objectives for DP: DigitalPreservation as an Integrated Part of IT Governance.In Proc. 74th Annual Meeting of ASIST, New Orleans,October 2011.
[4] C. Becker, G. Antunes, J. Barateiro, R. Vieira, andJ. Borbinha. Modeling digital preservation capabilitiesin enterprise architecture. In In 12th AnnualInternational Conference on Digital GovernmentResearch (dg.o 2011), June 12-15, College Park, MD,USA., 2011.
[5] C. Becker, H. Kulovits, M. Guttenbrunner, S. Strodl,A. Rauber, and H. Hofman. Systematic planning fordigital preservation: Evaluating potential strategiesand building preservation plans. Int. Journal onDigital Libraries (IJDL), December 2009.
[6] Blue Ribbon Task Force on Sustainable DigitalPreservation and Access. Sustainable Economics for aDigital Planet. 2010.
[7] Software Engineering Institute. Capability MaturityModel Integration for Development. Version 1.3.Carnegie Mellon University, November 2010.
[8] IT Governance Institute. CobiT 4.1. framework –control objectives – management guidelinces –maturity models, 2007.
[9] E. Conway, M. Dunckley, B. Mcilwrath, andD. Giaretta. Preservation network models: Creatingstable networks of information to ensure the long termuse of scientific data. In Ensuring Long-TermPreservation and Adding Value to Scientific andTechnical Data, Villafranca del Castillo, Madrid,Spain, 2009.
[10] CRL and OCLC. Trustworthy Repositories Audit &Certification: Criteria and Checklist (TRAC).Technical report, The Center for Research Librariesand Online Computer Library Center, February 2007.
[11] Department of Defense, Washington D.C. DoDArchitecture Framework, Version 2.0, 2009.
[12] DLM Forum Foundation. MoReq2010 - ModelRequirements for Records Systems. Draft - v0.92, 2010.
[13] S. Dobratz, A. Schoger, and S. Strathmann. Thenestor catalogue of criteria for trusted digitalrepository evaluation and certification. In Proc.JCDL2006, 2006.
[14] D. L. Gibson, D. R. Goldenson, and K. Kost.Performance Results of CMMI-Based ProcessImprovement. Software Engineering Institute,Pittsburg, PA, 2006.
[15] IEEE. Recommended Practice for ArchitectureDescription of Software-Intensive Systems (IEEE1471-2000). IEEE Computer Society, 2000.
[16] ISO 14721:2003. Open archival information system –Reference model, 2003.
[17] ISO 15489-1:2001. Information and documentation:Records management, 2001.
[18] ISO/IEC 15504-1:2004. Information technology -Process assessment – Part 1: Concepts andVocabulary, 2004.
[19] ISO/DIS 16363. Space data and information transfersystems - Audit and certification of trustworthy digitalrepositories. Standard in development, 2010.
[20] ISO/IEC 27000:2009. Information technology -Security techniques - Information securitymanagement systems - Overview and Vocabulary,2009.
[21] ISO 31000:2009. Risk management – Principles andguidelines, 2009.
[22] A. McHugh, R. Ruusalepp, S. Ross, and H. Hofman.The digital repository audit method based on riskassessment (DRAMBORA). In Digital CurationCenter and Digital Presevation Europe, 2007.
[23] Object Management Group. Semantics of BusinessVocabulary and Business Rules (SBVR), Version 1.0.OMG, 2008.
[24] Object Management Group. Business MotivationModel 1.1. OMG, May 2010.
[25] PLANETS Consortium. Report on the planetsfunctional model. Pp7/d3-4, 2009.
[26] PREMIS Editorial Committee. PREMIS DataDictionary for Preservation Metadata version 2.1,January 2011.
[27] RLG/OCLC Working Group on Digital ArchiveAttributes. Trusted Digital Repositories: Attributesand Responsibilities. Research Libraries Group, 2002.
[28] C. Rosenthal, A. Blekinge-Rasmussen, J. Hutar,A. McHugh, S. Strodl, E. Witham, and S. Ross.Repository Planning Checklist and Guidance. HATIIat the University of Glasgow, 2008.
[29] The Open Group. TOGAF Version 9. Van HarenPublishing, 2009.
[30] R. J. van Diessen, B. Sierman, and C. A. Lee.Component business model for digital repositories: Aframework for analysis. In Proc. iPRES 2008, 2008.
[31] C. Webb. Guidelines for the Preservation of DigitalHeritage. Information Society Division United NationsEducational, Scientific and Cultural Organization(UNESCO) – National Library of Australia, 2005.
[32] J. Zachman. A framework for information systemsarchitecture. IBM Systems Journal, 12(6):276–292,1987.
10