Internal audit tool

From Archivematica
Revision as of 19:35, 26 April 2016 by Mcantelon (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Documentation > Internal audit tool


[edit] Drupal TRAC review tool

Developed by MIT in a project led by Nancy McGovern, Head of Curation and Preservation Services at MIT Libraries. Artefactual has permission to host this tool for community use. The copy provided here contains data about the TRAC requirements that Archivematica fulfills for the repository.

[edit] Installation

[edit] Summary

The following text is slightly edited from the home page of the Drupal TRAC Review site.

The home page of the site provides an overview of an organization's efforts to document its evidence for meeting the requirements of the CCSDS Audit and Certification of Trustworthy Digital Repositories checklist that was a pproved as ISO 16363 and is based on Trustworthy Repositories Audit and Certification (TRAC): Criteria and Checklist that was released in January 2007. A TRAC review is a self-assessment method for an organization to demonstrate good practice and conformance as a trusted digital repository to its designated communities and prepare for a peer review or other external audit. In many organizations, responsibilities for TRAC compliance are distributed throughout the organization, with specific units and committees having certain responsibilities for each requirement.

[edit] Responsibilities

  • Each entity is assigned a role for each requirement using the RACI responsibility assignment matrix. The RACI Matrix describes participation by various organizational roles in completing tasks for a project. RACI is especially useful in clarifying roles in projects and processes requiring distributed responsibilities. See the Responsibilities for TRAC page of the Drupal site for more information on RACI responsibilities, and a listing of units and committees that have roles in TRAC conformance.
  • In each requirement where Archivematica provides all or part of the evidence, the Operations Group is identified as one of the Responsible parties. Other organizational roles indicated are simply suggestions.

[edit] Requirements

  • In the site, each TRAC requirement has its own page. Sub- and Sub-sub requirements are referred to on the relevant high-level requirement page. Current compliance with TRAC requirements is assessed on a rating system from 0 to 4 (see example: SGDS report, page 14):
 4 = fully compliant - the repository can demonstrate that has comprehensively addressed the requirement
 3 = mostly compliant - the repository can demonstrate that it has mostly addressed the requirement and is on working on full compliance
 2 = half compliant - the repository has partially addressed the requirement and has significant work remaining to fully address the requirement
 1 = slightly compliant - the repository has something in place, but has a lot of work to do in addressing the requirement 
 0 = non-compliant or not started - the repository has not yet addressed the requirement or has not started the review of the requirement
  • Any group in the organization that is involved in defining policy and practice should update the status of relevant requirements. When listing evidence, please include sufficient information for reviewers to get to the cited evidence (e.g., a document title, date, a link) and note the name of the group or department that is adding an entry to the evidence addressing the requirement along with the date of the annotations (e.g., [Right Management group, 2/13/2013]). (Note that for requirements where Archivematica provides all or part of the evidence, no date or group is specified as this evidence must be reviewed and assigned a responsible group per repository) For additional guidance, please see the Responsibilities for TRAC page of the site.

[edit] Status

  • The site provides a sequence of status levels for each requirement:
    • Accepted – the evidence provided has been accepted as sufficient for this review round
    • Ready for review – the Responsible group has completed its work and the evidence is ready for review
    • In progress – the Responsible group is in the process of compiling or generating relevant evidence
    • Not started – no evidence or information has been provided yet
  • For requirements where Archivematica provides all or part of the evidence, the status is indicated as In Progress as it should still be reviewed, edited, and/or completed by the repository.

[edit] Support

[edit] Thanks

  • Artefactual is grateful to Nancy McGovern and Matt Bernhardt of MIT for their work towards the development of this tool and for allowing us to host it for community consumption here on the Archivematica wiki.
Personal tools