MARA Competency H
Be conversant with current information technologies and best practices relating to records preservation and security.
“As with any information system, trustworthiness of data is determined by the trustworthiness of the hardware, software, and the procedures that created them. The reliability and authenticity of the data and information extracted from the [system] will be a function of [its] reliability and authenticity of the…system…There needs to be a means to ensure the integrity of data first by having procedures to control the movement of data to…[and] from operational systems and second by having controls to protect…data from unauthorized changes…Trustworthiness and security are contingent upon acquisition, transformation and access metadata and systems documentation.”
“Data warehouse description” (May 20, 2002). MN State Archives
What do you understand this competency to mean?
Practitioners from any organization, including archives, libraries, museums, academia, government and industry, should be aware of the need to preserve data that provides evidence of historical value or that meets some legal requirement. What does long-term digital preservation mean, and how will we know we have succeeded? Digital data is especially worrisome because of the fragility of technology; it changes so rapidly. While we may succeed in preserving digital bits, the information may be ‘trapped’ within the digital object, remaining unusable. A principle of the Open Archival Information System, known as the OAIS reference model (ISO 14721), is that it isn’t enough to simply preserve ‘bits;’ to claim that digital information has been ‘preserved’ is essentially meaningless. The only way to ‘prove’ the claim is if the information can be accessed for use by a designated community in the future. Format is necessary to preserve information, but it isn’t enough. Context is also needed in order to retrieve the information so that it is useable for communication, interpretation, or processing in a meaningful way by the designated community for which it was intended (Giaretta, 2008).
A preservation strategy of ‘benign neglect,’ in relation to digital records, is no preservation strategy at all. Files can be preserved through emulation (recreating the environment the digital object) or through migration or conversion (changing the digital object so that it adapts to the current digital environment). Information Science professionals (archivists and records managers) need to work with Information Technology [IT] professionals within their organizations to balance risk and value for the organization and its community of stakeholders.
I would like to discuss the differences between digital master files and working copies in context of Minitex – an information- and resource-sharing program at the University of MN created in 1969. Minitex is an acronym for Minnesota Interlibrary Teletype Experiment. As far back as 1976, Mintex partnered with the Online Computer Library Center [OCLC] online cataloging system for 18 academic libraries. Minitex provides the infrastructure to host databases for online delivery of digital items. It applies for and receives grants to purchase large and expensive digitizing equipment. It provides digitizing services for the tristate partnership between Minnesota, North and South Dakota. Organization send the originals to a Minitex scanning center along with metadata generated at the object level. The objects are scanned to create digital objects.
The original scan format is a 24-bit color TIFF, a commonly used archival format. Mechanical or computer text is scanned OCR. TIFF master files can be upwards of 12MB each. An organization needs to consider if they have the digital storage capacity to store them. Plans need to be made to migrate them every three years. (Rengel, 2010). Other file formats are created from the master TIFF files: JPEG2000 (file extension JP2) access images and low quality JPG thumbnails. Generally, you can zoom in to see the detail of digital objects because the files are of high resolution. JPEG2000 (ISO 15444) is both a lossless and lossy compression providing better image quality using smaller file sizes than a JPEG file (JPEG2000 Source, n.d.). Minitex maintains the master files at the University of MN. For storage and preservation a duplicate file is sent to OCLC partners at the Universities of Indiana, and Michigan.
What course assignments or other work products are you submitting as evidence of your mastery of this competency?
I have chosen several works that present my cognizance of current information technologies and best practices relating to records preservation and security. These projects, as well as class discussions, explore the role information professionals play in preserving and constructing social memory.
Why did you select these particular work products as evidence for your mastery of this competency?
From MARA 259
Security Management for Knowledge Assets
This paper examines how organizations can use ISO 27001 as a framework to assess threats to Knowledge Management Systems, and how strategies can address vulnerabilities. ISO 27001 certification and compliance is a way for an organization to demonstrate an evolving information security management policy. Not only will certification attest to the commitment an organization has to risk management and business continuity, but it sets an organization apart from competitors, providing the stakeholders confidence that their digital assets are secure from unauthorized use. Creating an organization-wide policy to protect digital assets enhances the security of all IT systems. Although this paper focuses on protecting KMS, a sound Information Management System security policy based on ISO 27001, when implemented enterprise-wide, can provide risk mitigation, demonstrate compliance to regulatory bodies, and prevent business loss (SaintGermain, 2005). This is evidence of “current best practices relating to records security.”
From MARA 284
Panem University Archives Policy for Digital Preservation
This long-term preservation policy was created for the fictional Panem University Archives [PUA] demonstrating of my recognition of best practices in developing strategies for the long-term preservation of digital assets. The policy is designed to providing access to digital assets, including both mandated records and special collections selected to meet the strategic vision of the University. University archives generally support the University mission statements to enrich the intellectual life of scholars worldwide. Similar to many University libraries and archives, PUA supports both new knowledge discovery and long-term access to its Archives. It partners with Panem University Technological Services division, University departments, and with other institutional partners dedicated to refine, develop, and share expertise within the information community to ensure long-term access to digital assets (USC, 2010). This is evidence of “current information technologies and best practices relating to records preservation.”
From MARA 284
Indiana University’s Information Governance Policy Review
Indiana University’s Information Governance Policy was issued by the Committee of Data Stewards. It applies to “all individuals encountering university information, regardless of the user’s role or affiliation” (IUIPO, 2010. p. 1). It regards all information in whatever location or format it is stored, but it does not include personal data that is created using university resources as a consequence of personal use, e.g. saved passwords and user names. It isn’t meant to replace special governance requirements necessary for certain information types, e.g., records, intellectual property, personally identifiable information stored within the universities systems etc. The policy was drafted to protect the value of the university’s information, as well as to meet regulatory, and contractual terms requiring reasonable safeguards to protect information. The information governance plan protects the confidentiality, integrity, and availability of university information through consistently applied information management procedures. The goal of the university’s information governance plan is three-fold: to maintain the operational and reputation and viability of the university’s information; secondly, to support the university’s mission of teaching, learning, outreach, and support; and thirdly, to guide the university’s conduct of business. This is evidence of “current information technologies and best practices relating to records preservation and security.”
How do your selections show not simply learning but also application?
My digital habits have changed as a result of my understanding of current information technologies and best practices relating to records preservation and security. I had been using a nesting file/folder strategy. I regularly saved files to my desktop; then every month I would stick them in a folder named “up to Month/Year”, e.g., Up to May 2012. I would place all the files on my desktop, including the old month’s folder, into the new replacement folder. Then I would begin saving new files on the desktop again. Locating files in my nested folders was difficult at best. Following the best practices relating to records preservation, I don’t do that anymore. I adhere to the principle of LOCKSS (n.d., “Lots of Copies Keeps Stuff Safe”). I have taken up culling monthly – paying special attention to the folders into which I download material from the internet. I also use several cloud services: iCloud, SkyDrive [soon to be OneDrive], Google Drive, and Dropbox. I sync files to the cloud servers and keep my working copies only in one specified service rather than scattered about on the many devices I use.
I am aware of digital formatting concerns and in response I have become more aware of file formats. I keep everything as simple as possible. I write everything in TextEdit – saving as .txt files. Unformatted text is so much easier to work with and I believe has long term survivability as a format. I save photos in .jpeg format. Any scans or graphic design work, I save as .PDF or .TIFF.
Digital security is another area that has improved as a result of my attainment of this competency. I have become conversant in user authentication (user is valid) as well as authorization (user access and usage permissions). I am a proponent of strong passwords – and I am knowledgable enough to trust that the IT professionals to protect organizational resources to the extent called for by its information governance policy.
What have you learned?
I am aware of my digital exhaust that I spew out into the internet on a daily basis. I do not want my personal collections of documents and ephemera to live on after my death and have taking steps to ensure that certain personal digital spaces are shut down and destroyed. In contrast, libraries, archives, and museums have a mandate to preserve and secure information – in whatever form it takes. It is one thing for my house to burn down, and for me to lose most of, if not everything, I have amassed in my lifetime. It is entirely different for an archive to be destroyed or lose a significant proportion of its collection due to improper preservation strategies or loss of intellectual property, business records, or personal information.
Giaretta, D. (October 2008). Introduction to Digital Preservation Lecture. Digital Preservation Europe. Retrieved from http://www.digitalpreservationeurope.eu/video-training/prague-2008/
Indiana University Information Policy Office [IUIPO] (2010, April 16). Information governance policy (v. 1.0). Retrieved from http://www.itbusinessedge.com/itdownloads/indiana-universitys-information- governance-policy/88479
JPEG2000 Source (n.d.). What is JP2? Retrieved from http://www.jpeg2000info.com/index.html
“Lots of copies keep stuff safe” (n.d.), Stanford University Libraries http://www.lockss.org/
Marshall, C.C. (2007). How people manage personal Information over a lifetime. In Personal Information Management (Jones and Teevan, eds.), University of Washington Press. Seattle, Washington.
Rengel, M. (2010, Oct. 21). Using the new Minnesota Reflections. [MDL Webinar]. Retrieved from http://mediamill.cla.umn.edu/mediamill/display/138399
SaintGermain, R. (2005, Jul/Aug). Information security management best practice based on ISO/IEC 27001. Information Management Journal, 39(4), 6066.
University of South Carolina (2010). Retrieved from http://library.sc.edu/digital/USC_Libraries_Digital_Preserva.pdf