Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)
2007) Digital Repository Audit Method Based on Risk Assessment (DRAMBORA). (
This is the first iteration of the DCC/DPE Digital Repository Audit Method Based on Risk Assessment (DRAMBORA) and will be followed by revised versions during 2007 and 2008 following each of the formal testing phases of the toolkit and public comment on it. The construction of this toolkit is a dynamic process and this is the second stage in this process. The DRAMBORA toolkit represents the latest development in an ongoing international effort to conceive criteria, means and methodologies for audit and certification of digital repositories. The intention throughout its development has been to build upon, extend and complement existing efforts. A key requirement has been to establish a toolkit that contributes towards a single process for repository assessment. The importance of international cooperation and collaboration, and the potential dangers associated with divergence were acknowledged very early on within the DCC and DPE's work in this area. Perhaps the most notable efforts to date within this context are those invested within the RLG/NARA Task Force and the nestor working group to develop criteria for audit and certification of trustworthy digital repositories. Further significant work was led by the Center for Research Libraries (CRL). The results of these efforts have been foremost within our considerations throughout the development of this toolkit, and in the DCC-led pilot audits that preceded it. The DCC/DPE working group has engaged with representatives of other groups to agree upon a set of principles, representing the fundamental, objective baseline criteria for preservation repositories and these, and their underlying concepts, are profoundly important within the toolkit. It is anticipated that self audit based on DRAMBORA can be facilitated if undertaken in association with one or both of the check-lists, and vice versa.. The risk-based approach assists efforts to match a repository against these lists of requirements. Only with a clear view of an organisation's business context and its implicit risks can an auditor effectively utilise these requirements. The toolkit contextualises these lists so they can be more effectively applied. In addition to these resources, we have also sought to incorporate and adapt ideas and concepts from an additional, diverse range of sources, including a wide range of international information standards, many with their basis in the risk management industry, aiming to broaden ever further the perspectives that our international colleagues have already established.