Day 4 /4 questions
Quiz-summary
0 of 34 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
Information
Question covering day 1 of the 4 day video course.
Good luck!
|
You must specify a text. |
|
|
You must specify an email address. |
|
|
You must specify a text. |
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 34 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Access Rights 0%
- AIP 0%
- Audit 0%
- Collection Policy 0%
- Designated Community 0%
- Disaster Recovery 0%
- Information Property 0%
- Mission 0%
- Security 0%
- TDR 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- Answered
- Review
-
Question 1 of 34
1. Question
An AIP :
Correct
An archive may send out, as a DIP, all the information that makes up an AIP.
An SIP must at least be supplemented by Provenance that records where the SIP came from, in order to create the AIP.Incorrect
An archive may send out, as a DIP, all the information that makes up an AIP.
An SIP must at least be supplemented by Provenance that records where the SIP came from, in order to create the AIP. -
Question 2 of 34
2. Question
An audit:
Correct
A repository may contain many different types of information including notes, plans, personal emails, as well as information which the repository management has agreed to preserve. Therefore the audit does not need to cover everything in the repository.
One of the first decisions that the repository must make is the scope of the audit.Incorrect
A repository may contain many different types of information including notes, plans, personal emails, as well as information which the repository management has agreed to preserve. Therefore the audit does not need to cover everything in the repository.
One of the first decisions that the repository must make is the scope of the audit. -
Question 3 of 34
3. Question
Is ISO 2700x certification enough to be a TDR?
Correct
The metrics in section 5 of ISO 16363 overlap with ISO 2700x. If a repository has ISO 2700x certification that means the section 5 metrics will probably be satisfied. However the metrics in sections 3 and 4 are not addressed by ISO 2700x.
Incorrect
The metrics in section 5 of ISO 16363 overlap with ISO 2700x. If a repository has ISO 2700x certification that means the section 5 metrics will probably be satisfied. However the metrics in sections 3 and 4 are not addressed by ISO 2700x.
-
Question 4 of 34
4. Question
ISO 2700x certification is always required?
Correct
The metrics in section 5 of ISO 16363 overlap with ISO 2700x. If a repository has ISO 2700x certification that means the section 5 metrics will probably be satisfied. However the metrics in sections 3 and 4 are not addressed by ISO 2700x.
Incorrect
The metrics in section 5 of ISO 16363 overlap with ISO 2700x. If a repository has ISO 2700x certification that means the section 5 metrics will probably be satisfied. However the metrics in sections 3 and 4 are not addressed by ISO 2700x.
-
Question 5 of 34
5. Question
The Conformity Assessment Body (CAB) (select all correct answers):
Correct
A Conformance Assessment Body (CAB) performs the audit. One of its first actions is to establish an audit plan. The CAB must have policies and procedures which satisfy ISO 16919. The auditors that perform the audit should also be assessed by the CAB to ensure that they have the appropriate competences.
Incorrect
A Conformance Assessment Body (CAB) performs the audit. One of its first actions is to establish an audit plan. The CAB must have policies and procedures which satisfy ISO 16919. The auditors that perform the audit should also be assessed by the CAB to ensure that they have the appropriate competences.
-
Question 6 of 34
6. Question
What is an acceptable limit with respect to evidence that should be inspected:
Correct
The auditors must identify rissk byt perfection is not required. The repository must provide evidence but the auditors make decisions.
Incorrect
The auditors must identify rissk byt perfection is not required. The repository must provide evidence but the auditors make decisions.
-
Question 7 of 34
7. Question
What is not an acceptable validation methodology for assessing evidence:
Correct
The auditors can request on the repository staff’s opinions and expertise but cannot rely on them.
The auditors can ask “what if” questions and can also check if members of the Designated Community can use the objects being preserved.Incorrect
The auditors can request on the repository staff’s opinions and expertise but cannot rely on them.
The auditors can ask “what if” questions and can also check if members of the Designated Community can use the objects being preserved. -
Question 8 of 34
8. Question
Which is not an acceptable approach to auditing:
Correct
The auditors should do more than work through the metrics in sequence since they may miss the way in which processes work together.
The Designated Community may identify issues which may be considered by the auditors, for example in complaints about the repository, but these should not be the only considerations.Incorrect
The auditors should do more than work through the metrics in sequence since they may miss the way in which processes work together.
The Designated Community may identify issues which may be considered by the auditors, for example in complaints about the repository, but these should not be the only considerations. -
Question 9 of 34
9. Question
An AIP (identify all the correct answers):
Correct
AN AIP is a logical structure and so may be made up of several files. It may also be created using information from several SIPs.
However if an AIP is made up from information from a single SIP there must be some additional Provenance Information recording the receipt of the SIP by the respository, including when and from where it was received.Incorrect
AN AIP is a logical structure and so may be made up of several files. It may also be created using information from several SIPs.
However if an AIP is made up from information from a single SIP there must be some additional Provenance Information recording the receipt of the SIP by the respository, including when and from where it was received. -
Question 10 of 34
10. Question
An AIP (identify all the correct answers):
Correct
AN AIP may be altered, for example additional Representation Information may need to be added in order to ensure that the preserved information can be unserstood and used by the Designated Community.
Incorrect
AN AIP may be altered, for example additional Representation Information may need to be added in order to ensure that the preserved information can be unserstood and used by the Designated Community.
-
Question 11 of 34
11. Question
A repository must be able to demonstrate that it:
Correct
OAIS defines Information Packages as logical containers, hence they may be constructed in various ways. Therefore an AIP does not have to be a single file, nor is it required that there is only one type of AIP.
However the repository must be able to extract information from the AIP otherwise how can it be preserving the information it contains.
Incorrect
OAIS defines Information Packages as logical containers, hence they may be constructed in various ways. Therefore an AIP does not have to be a single file, nor is it required that there is only one type of AIP.
However the repository must be able to extract information from the AIP otherwise how can it be preserving the information it contains.
-
Question 12 of 34
12. Question
A repository must be able to demonstrate that it:
Correct
OAIS does not require that the same Designated Community applies to all objects so there may be different Designated Communities for different types of Content Information or even individual Content Information.
OAIS defines the Designated Community as: An identified group of potential Consumers who should be able to understand a particular set of information. The Designated Community may be composed of multiple user communities. A Designated Community is defined by the Archive and this definition may change over time.
However the words “an identified group of potential Consumers” does not mean that the individuals must be identified, as is illustrated in section 3.2.3 of OAIS.
Incorrect
OAIS does not require that the same Designated Community applies to all objects so there may be different Designated Communities for different types of Content Information or even individual Content Information.
OAIS defines the Designated Community as: An identified group of potential Consumers who should be able to understand a particular set of information. The Designated Community may be composed of multiple user communities. A Designated Community is defined by the Archive and this definition may change over time.
However the words “an identified group of potential Consumers” does not mean that the individuals must be identified, as is illustrated in section 3.2.3 of OAIS.
-
Question 13 of 34
13. Question
Which of the following are determined for the approach and conduct of an audit:
Correct
Before the audit it must be clear:
- what is expected from the client organisation otherwise the audit will not be able to follow the schedule,
- how many auditors will take part, for example to arrange security clearance if required,
- what access to staff, documentation and systems is required – in order to ensure that there will not be delays during the audit, for example arranging access to appropriate staff.
Incorrect
Before the audit it must be clear:
- what is expected from the client organisation otherwise the audit will not be able to follow the schedule,
- how many auditors will take part, for example to arrange security clearance if required,
- what access to staff, documentation and systems is required – in order to ensure that there will not be delays during the audit, for example arranging access to appropriate staff.
-
Question 14 of 34
14. Question
Which of the following is a competency required for audit planning (select all correct answers):
Correct
The matrix in Annex A of ISO 16919 shows that all of these competencies are required.
Incorrect
The matrix in Annex A of ISO 16919 shows that all of these competencies are required.
-
Question 15 of 34
15. Question
Which of the following is a method for collecting information to be used as evidence (select all correct answers):
Correct
Annex B of ISO 17021 states:
Methods for evaluating individuals’ competence can be grouped into five major categories: review of records, feedback, interviews, observations and examinations.
Incorrect
Annex B of ISO 17021 states:
Methods for evaluating individuals’ competence can be grouped into five major categories: review of records, feedback, interviews, observations and examinations.
-
Question 16 of 34
16. Question
A collection policy is (identify all the correct answers):
Correct
ISO 16363 states:
3.1.3 The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage, and provide access to.
Supporting Text
This is necessary in order that the repository has guidance on acquisition of digital content it will preserve, retain, manage and provide access to.Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement
Collection policy and supporting documents; Preservation Policy, mission, goals and vision of the repository.Discussion
The collection policy can be used to understand what the repository holds, what it does not hold, and why. The collection policy supports the broader mission of the repository. Without such a policy the repository is likely to collect in a haphazard manner, or store large amounts of low-value digital content. The collection policy helps the organization to identify what digital content it will and will not accept for ingestion. In an organization with a broader mission than preservation of digital content the collection policy helps to define the role of the repository within the larger organizational context.Therefore the Collections Policy
- should not be defined on a case by case basis
- is a requirement
- does specify the types and the nature of the information preserved
Incorrect
ISO 16363 states:
3.1.3 The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage, and provide access to.
Supporting Text
This is necessary in order that the repository has guidance on acquisition of digital content it will preserve, retain, manage and provide access to.Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement
Collection policy and supporting documents; Preservation Policy, mission, goals and vision of the repository.Discussion
The collection policy can be used to understand what the repository holds, what it does not hold, and why. The collection policy supports the broader mission of the repository. Without such a policy the repository is likely to collect in a haphazard manner, or store large amounts of low-value digital content. The collection policy helps the organization to identify what digital content it will and will not accept for ingestion. In an organization with a broader mission than preservation of digital content the collection policy helps to define the role of the repository within the larger organizational context.Therefore the Collections Policy
- should not be defined on a case by case basis
- is a requirement
- does specify the types and the nature of the information preserved
-
Question 17 of 34
17. Question
Which of the following is true about audits and audit preparation:
Correct
- A self-audit is certainly useful preparation for the audit
- A request by the audit team for extra evidence should usually (ideally always) be allowed
- The identification of areas for potential improvement are certainly an audit objective
- The scope of an audit does include specification of the physical boundaries.
Incorrect
- A self-audit is certainly useful preparation for the audit
- A request by the audit team for extra evidence should usually (ideally always) be allowed
- The identification of areas for potential improvement are certainly an audit objective
- The scope of an audit does include specification of the physical boundaries.
-
Question 18 of 34
18. Question
Documentation of changes in a repository (identify all the correct answers):
Correct
The documentation of changes must be captured and must take into account changes in people as well as technology – because the repository is made up of systems and people.
Changes certainly could affect the AIPs; even if the original Fixity information is maintained that only refers to the Content Information – but what about the Provenance Information etc.?
Incorrect
The documentation of changes must be captured and must take into account changes in people as well as technology – because the repository is made up of systems and people.
Changes certainly could affect the AIPs; even if the original Fixity information is maintained that only refers to the Content Information – but what about the Provenance Information etc.?
-
Question 19 of 34
19. Question
How does ISO 16363 relate to the ISO 27000 series of standards? (identify all the correct answers)
Correct
ISO 16363 is specifically for audit and certification of Trustworthy Digital Repositories whereas the ISO 27000 series is about Information Security. Clearly Trustworthy Digital Repositories must keep their information secure but must also ensure that the Information is understandable and usable.
The metrics in section 5 of ISO 16363 overlap with ISO 27000. Several metrics mention ISO 27000 series in Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement.
Incorrect
ISO 16363 is specifically for audit and certification of Trustworthy Digital Repositories whereas the ISO 27000 series is about Information Security. Clearly Trustworthy Digital Repositories must keep their information secure but must also ensure that the Information is understandable and usable.
The metrics in section 5 of ISO 16363 overlap with ISO 27000. Several metrics mention ISO 27000 series in Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement.
-
Question 20 of 34
20. Question
Is ISO 2700x certification always required for a TDR?
Correct
Metrics in Section 5 of ISO 16363 overlap with ISO 2700x requirements so that ISO 2700x certification is not required. However if a repository ISO 2700x with the appropriate scope then it is likely that all metrics in section 5 of ISO 16363 are fulfilled.
Incorrect
Metrics in Section 5 of ISO 16363 overlap with ISO 2700x requirements so that ISO 2700x certification is not required. However if a repository ISO 2700x with the appropriate scope then it is likely that all metrics in section 5 of ISO 16363 are fulfilled.
-
Question 21 of 34
21. Question
The access policies for preservation:
Correct
ISO 16363 defines an Access Policy as
Written statement, authorized by the repository management, that describes the approach to be taken by the repository for providing access to objects accessioned into the repository. The Access Policy may distinguish between different types of access rights, for example between system administrators, Designated Communities, and general users.
It must specify something about security, for example how the repository prevents its holdings from being deleted or changed in an unauthorised way.
The repository may have to specify aspects which go beyond the Producer’s decisions, for example increased or decreased) restrictions based on national legal requirements.
Access Policies do not cover issues of authenticity.
Incorrect
ISO 16363 defines an Access Policy as
Written statement, authorized by the repository management, that describes the approach to be taken by the repository for providing access to objects accessioned into the repository. The Access Policy may distinguish between different types of access rights, for example between system administrators, Designated Communities, and general users.
It must specify something about security, for example how the repository prevents its holdings from being deleted or changed in an unauthorised way.
The repository may have to specify aspects which go beyond the Producer’s decisions, for example increased or decreased) restrictions based on national legal requirements.
Access Policies do not cover issues of authenticity.
-
Question 22 of 34
22. Question
The Disaster Recovery Plan (identify all the correct answers)
Correct
ISO 16363 metric 5.2.4 requires:
The repository shall have suitable written disaster preparedness and recovery
plan(s), including at least one off-site backup of all preserved information together with
an offsite copy of the recovery plan(s).Supporting Text
This is necessary in order to ensure that sufficient backup and recovery capabilities are in
place to facilitate continuing preservation of and access to systems and their content with
limited disruption of services.Other metrics make it clear that staff have appropriate skills and training and that procedures are regularly reviewed.
Incorrect
ISO 16363 metric 5.2.4 requires:
The repository shall have suitable written disaster preparedness and recovery
plan(s), including at least one off-site backup of all preserved information together with
an offsite copy of the recovery plan(s).Supporting Text
This is necessary in order to ensure that sufficient backup and recovery capabilities are in
place to facilitate continuing preservation of and access to systems and their content with
limited disruption of services.Other metrics make it clear that staff have appropriate skills and training and that procedures are regularly reviewed.
-
Question 23 of 34
23. Question
The information properties (identify all the correct answers):
Correct
OAIS defines an Information Property as:
That part of the Content Information as described by the Information Property Description. The detailed expression, or value, of that part of the information content is conveyed by the appropriate parts of the Content Data Object and its Representation Information.
Therefore there must be associated Representation Information.
ISO 16363 metric 4.1.1 is:
The repository shall identify the Content Information and the Information Properties that the repository will preserve.
Metric 4.1.1.1 is:
The repository shall have a procedure(s) for identifying those Information Properties that it will preserve.
Supporting Text
This is necessary to establish a clear understanding with depositors, funders, and the repository’s Designated Communities how the repository determines and checks what the characteristics and properties of preserved items will be over the long term. These procedures will be necessary to confirm authenticity or to identify erroneous claims of authenticity of the preserved digital record.
Some Information Properties may be specified by the Produce, especially Transformational Information Properties, therefore they may be defined during submission.
Some Information Properties do not need to be preserved, for example after a Transformation, therefore not all Information Properties are relevant to claims of Authenticity.
Incorrect
OAIS defines an Information Property as:
That part of the Content Information as described by the Information Property Description. The detailed expression, or value, of that part of the information content is conveyed by the appropriate parts of the Content Data Object and its Representation Information.
Therefore there must be associated Representation Information.
ISO 16363 metric 4.1.1 is:
The repository shall identify the Content Information and the Information Properties that the repository will preserve.
Metric 4.1.1.1 is:
The repository shall have a procedure(s) for identifying those Information Properties that it will preserve.
Supporting Text
This is necessary to establish a clear understanding with depositors, funders, and the repository’s Designated Communities how the repository determines and checks what the characteristics and properties of preserved items will be over the long term. These procedures will be necessary to confirm authenticity or to identify erroneous claims of authenticity of the preserved digital record.
Some Information Properties may be specified by the Produce, especially Transformational Information Properties, therefore they may be defined during submission.
Some Information Properties do not need to be preserved, for example after a Transformation, therefore not all Information Properties are relevant to claims of Authenticity.
-
Question 24 of 34
24. Question
The mission statement (identify all the correct answers)
Correct
ISO 16363 metric 3.1.1 is:
The repository shall have a mission statement that reflects a commitment to the preservation of, long term retention of, management of, and access to digital information.
This does not only apply to repositories which look after public information.
The mission statement may be a single specific document or it may contain pointers to parts of other documents, for example from a parent organisation.
Incorrect
ISO 16363 metric 3.1.1 is:
The repository shall have a mission statement that reflects a commitment to the preservation of, long term retention of, management of, and access to digital information.
This does not only apply to repositories which look after public information.
The mission statement may be a single specific document or it may contain pointers to parts of other documents, for example from a parent organisation.
-
Question 25 of 34
25. Question
What is not an acceptable validation methodology for assessing evidence:
Correct
The auditors can request on the repository staff’s opinions and expertise but cannot rely on them.
The auditors can ask “what if” questions and can also check if members of the Designated Community can use the objects being preserved.Incorrect
The auditors can request on the repository staff’s opinions and expertise but cannot rely on them.
The auditors can ask “what if” questions and can also check if members of the Designated Community can use the objects being preserved. -
Question 26 of 34
26. Question
Which is not an acceptable approach to auditing:
Correct
The auditors should do more than work through the metrics in sequence since they may miss the way in which processes work together.
The Designated Community may identify issues which may be considered by the auditors, for example in complaints about the repository, but these should not be the only considerations.Incorrect
The auditors should do more than work through the metrics in sequence since they may miss the way in which processes work together.
The Designated Community may identify issues which may be considered by the auditors, for example in complaints about the repository, but these should not be the only considerations. -
Question 27 of 34
27. Question
A repository must be able to demonstrate that it:
Correct
OAIS does not require that the same Designated Community applies to all objects so there may be different Designated Communities for different types of Content Information or even individual Content Information.
OAIS defines the Designated Community as: An identified group of potential Consumers who should be able to understand a particular set of information. The Designated Community may be composed of multiple user communities. A Designated Community is defined by the Archive and this definition may change over time.
However the words “an identified group of potential Consumers” does not mean that the individuals must be identified, as is illustrated in section 3.2.3 of OAIS.
Incorrect
OAIS does not require that the same Designated Community applies to all objects so there may be different Designated Communities for different types of Content Information or even individual Content Information.
OAIS defines the Designated Community as: An identified group of potential Consumers who should be able to understand a particular set of information. The Designated Community may be composed of multiple user communities. A Designated Community is defined by the Archive and this definition may change over time.
However the words “an identified group of potential Consumers” does not mean that the individuals must be identified, as is illustrated in section 3.2.3 of OAIS.
-
Question 28 of 34
28. Question
Which of the following are determined for the approach and conduct of an audit:
Correct
Before the audit it must be clear:
- what is expected from the client organisation otherwise the audit will not be able to follow the schedule,
- how many auditors will take part, for example to arrange security clearance if required,
- what access to staff, documentation and systems is required – in order to ensure that there will not be delays during the audit, for example arranging access to appropriate staff.
Incorrect
Before the audit it must be clear:
- what is expected from the client organisation otherwise the audit will not be able to follow the schedule,
- how many auditors will take part, for example to arrange security clearance if required,
- what access to staff, documentation and systems is required – in order to ensure that there will not be delays during the audit, for example arranging access to appropriate staff.
-
Question 29 of 34
29. Question
A collection policy is (identify all the correct answers):
Correct
ISO 16363 states:
3.1.3 The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage, and provide access to.
Supporting Text
This is necessary in order that the repository has guidance on acquisition of digital content it will preserve, retain, manage and provide access to.Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement
Collection policy and supporting documents; Preservation Policy, mission, goals and vision of the repository.Discussion
The collection policy can be used to understand what the repository holds, what it does not hold, and why. The collection policy supports the broader mission of the repository. Without such a policy the repository is likely to collect in a haphazard manner, or store large amounts of low-value digital content. The collection policy helps the organization to identify what digital content it will and will not accept for ingestion. In an organization with a broader mission than preservation of digital content the collection policy helps to define the role of the repository within the larger organizational context.Therefore the Collections Policy
- should not be defined on a case by case basis
- is a requirement
- does specify the types and the nature of the information preserved
Incorrect
ISO 16363 states:
3.1.3 The repository shall have a Collection Policy or other document that specifies the type of information it will preserve, retain, manage, and provide access to.
Supporting Text
This is necessary in order that the repository has guidance on acquisition of digital content it will preserve, retain, manage and provide access to.Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement
Collection policy and supporting documents; Preservation Policy, mission, goals and vision of the repository.Discussion
The collection policy can be used to understand what the repository holds, what it does not hold, and why. The collection policy supports the broader mission of the repository. Without such a policy the repository is likely to collect in a haphazard manner, or store large amounts of low-value digital content. The collection policy helps the organization to identify what digital content it will and will not accept for ingestion. In an organization with a broader mission than preservation of digital content the collection policy helps to define the role of the repository within the larger organizational context.Therefore the Collections Policy
- should not be defined on a case by case basis
- is a requirement
- does specify the types and the nature of the information preserved
-
Question 30 of 34
30. Question
Which of the following is true about audits and audit preparation:
Correct
- A self-audit is certainly useful preparation for the audit
- A request by the audit team for extra evidence should usually (ideally always) be allowed
- The identification of areas for potential improvement are certainly an audit objective
- The scope of an audit does include specification of the physical boundaries.
Incorrect
- A self-audit is certainly useful preparation for the audit
- A request by the audit team for extra evidence should usually (ideally always) be allowed
- The identification of areas for potential improvement are certainly an audit objective
- The scope of an audit does include specification of the physical boundaries.
-
Question 31 of 34
31. Question
Documentation of changes in a repository (identify all the correct answers):
Correct
The documentation of changes must be captured and must take into account changes in people as well as technology – because the repository is made up of systems and people.
Changes certainly could affect the AIPs; even if the original Fixity information is maintained that only refers to the Content Information – but what about the Provenance Information etc.?
Incorrect
The documentation of changes must be captured and must take into account changes in people as well as technology – because the repository is made up of systems and people.
Changes certainly could affect the AIPs; even if the original Fixity information is maintained that only refers to the Content Information – but what about the Provenance Information etc.?
-
Question 32 of 34
32. Question
Does the definition of the Designated Community depend only on the digital object?
Correct
The Designated Community is defined by the Archive. Identical copies of a Data Object may be kept by separate Archives; these Archives may have different definitions.
Incorrect
The Designated Community is defined by the Archive. Identical copies of a Data Object may be kept by separate Archives; these Archives may have different definitions.
-
Question 33 of 34
33. Question
How does ISO 16363 relate to the ISO 27000 series of standards? (identify all the correct answers)
Correct
ISO 16363 is specifically for audit and certification of Trustworthy Digital Repositories whereas the ISO 27000 series is about Information Security. Clearly Trustworthy Digital Repositories must keep their information secure but must also ensure that the Information is understandable and usable.
The metrics in section 5 of ISO 16363 overlap with ISO 27000. Several metrics mention ISO 27000 series in Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement.
Incorrect
ISO 16363 is specifically for audit and certification of Trustworthy Digital Repositories whereas the ISO 27000 series is about Information Security. Clearly Trustworthy Digital Repositories must keep their information secure but must also ensure that the Information is understandable and usable.
The metrics in section 5 of ISO 16363 overlap with ISO 27000. Several metrics mention ISO 27000 series in Examples of Ways the Repository Can Demonstrate It Is Meeting This Requirement.
-
Question 34 of 34
34. Question
The Disaster Recovery Plan (identify all the correct answers)
Correct
ISO 16363 metric 5.2.4 requires:
The repository shall have suitable written disaster preparedness and recovery
plan(s), including at least one off-site backup of all preserved information together with
an offsite copy of the recovery plan(s).Supporting Text
This is necessary in order to ensure that sufficient backup and recovery capabilities are in
place to facilitate continuing preservation of and access to systems and their content with
limited disruption of services.Other metrics make it clear that staff have appropriate skills and training and that procedures are regularly reviewed.
Incorrect
ISO 16363 metric 5.2.4 requires:
The repository shall have suitable written disaster preparedness and recovery
plan(s), including at least one off-site backup of all preserved information together with
an offsite copy of the recovery plan(s).Supporting Text
This is necessary in order to ensure that sufficient backup and recovery capabilities are in
place to facilitate continuing preservation of and access to systems and their content with
limited disruption of services.Other metrics make it clear that staff have appropriate skills and training and that procedures are regularly reviewed.