Internal audit tool

From Archivematica
Revision as of 11:42, 21 October 2013 by Courtney (talk | contribs) (→‎Summary)
Jump to navigation Jump to search

Drupal TRAC review tool

Developed by MIT in a project led by Nancy McGovern, Artefactual has permission to host this tool for community use. The copy provided here contains data about the TRAC requirements that Archivematica fulfills for the repository.

Installation

  • Download link:
  • Instructions for installation:

Summary

The following text slightly edited from the home page of the Drupal TRAC Review site.

The home page of the site provides an overview of an organization's efforts to document its evidence for meeting the requirements of the CCSDS Audit and Certification of Trustworthy Digital Repositories checklist that was a pproved as ISO 16363 and is based on Trustworthy Repositories Audit and Certification (TRAC): Criteria and Checklist that was released in January 2007. A TRAC review is a self-assessment method for an organization to demonstrate good practice and conformance as a trusted digital repository to its designated communities and prepare for a peer review or other external audit. In many organizations, responsibilities for TRAC compliance are distributed throughout the organization, with specific units and committees having certain responsibilities for each requirement.

Responsibilities

Each entity is assigned a role for each requirement using the RACI responsibility assignment matrix. The RACI Matrix describes participation by various organizational roles in completing tasks for a project. RACI is especially useful in clarifying roles in projects and processes requiring distributed responsibilities. See the Responsibilities for TRAC page for more information on RACI responsibilities, and a listing of units and committees that have roles in TRAC conformance.

Requirements Each TRAC requirement has its own page. Sub- and Sub-sub requirements are referred to on the relevant high-level requirement page. Current compliance with TRAC requirements is assessed on a rating system from 0 to 4 (see example: SGDS report, page 14):

 4 = fully compliant - the repository can demonstrate that has comprehensively addressed the requirement
 3 = mostly compliant - the repository can demonstrate that it has mostly addressed the requirement and is on working on full compliance
 2 = half compliant - the repository has partially addressed the requirement and has significant work remaining to fully address the requirement
 1 = slightly compliant - the repositroy has something in place, but has a lot of work to do in addressing the requirement 
 0 = non-compliant or not started - the repository has not yet addressed the requirement or has not started the review of the requirement

Any group in the organization that is involved in defining policy and practice should update the status of relevant requirements. When listing evidence, please include sufficient information for reviewers to get to the cited evidence (e.g., a document title, date, a link) and note the name of the group or department that is adding an entry to the evidence addressing the requirement along with the date of the annotations (e.g., [Right Management group, 2/13/2013]). For additional guidance, please see the Responsibilities for TRAC page.

Status The summary below reflects this sequence of status levels.

 Accepted – the evidence provided has been accepted as sufficient for this review round
 Ready for review – the Responsible group has completed its work and the evidence is ready for review
 In progress – the Responsible group is in the process of compiling or generating relevant evidence
 Not started – no evidence or information has been provided yet
   Printer-friendly version

Status Summary Section Total Requirements * Average Compliance Rating 3. Organizational Infrastructure 25 0.1200 4. Digital Object Management 60 2.5333 5. Infrastructure and Security Risk Management 24 0.0417