An ontology for risk management of digital collections

Maintaining accessibility to and understanding of digital information over time is a complex challenge that often requires contributions and interventions from a variety of individuals and organizations. The processes of preservation planning and evaluation are fundamentally implicit and share similar complexity. Both demand comprehensive knowledge and understanding of every aspect of to-be-preserved content and the contexts within which preservation is undertaken. Consequently, means are required for the identification, documentation and association of those properties of data, representation and management mechanisms that in combination lend value, facilitate interaction and influence the preservation process. These properties may be almost limitless in terms of diversity, but are integral to the establishment of classes of risk exposure, and the planning and deployment of appropriate preservation strategies. We explore several research objectives within the course of this thesis. Our main objective is the conception of an ontology for risk management of digital collections. Incorporated within this are our aims to survey the contexts within which preservation has been undertaken successfully, the development of an appropriate methodology for risk management, the evaluation of existing preservation evaluation approaches and metrics, the structuring of best practice knowledge and lastly the demonstration of a range of tools that utilise our findings. We describe a mixed methodology that uses interview and survey, extensive content analysis, practical case study and iterative software and ontology development. We build on a robust foundation, the development of the Digital Repository Audit Method Based on Risk Assessment. We summarise the extent of the challenge facing the digital preservation community (and by extension users and creators of digital materials from many disciplines and operational contexts) and present the case for a comprehensive and extensible knowledge base of best practice. These challenges are manifested in the scale of data growth, the increasing complexity and the increasing onus on communities with no formal training to offer assurances of data management and sustainability. These collectively imply a challenge that demands an intuitive and adaptable means of evaluating digital preservation efforts. The need for individuals and organisations to validate the legitimacy of their own efforts is particularly prioritised. We introduce our approach, based on risk management. Risk is an expression of the likelihood of a negative outcome, and an expression of the impact of such an occurrence. We describe how risk management may be considered synonymous with preservation activity, a persistent effort to negate the dangers posed to information availability, usability and sustainability. Risk can be characterised according to associated goals, activities, responsibilities and policies in terms of both their manifestation and mitigation. They have the capacity to be deconstructed into their atomic units and responsibility for their resolution delegated appropriately. We continue to describe how the manifestation of risks typically spans an entire organisational environment, and as the focus of our analysis risk safeguards against omissions that may occur when pursuing functional, departmental or role-based assessment. We discuss the importance of relating risk-factors, through the risks themselves or associated system elements. To do so will yield the preservation best-practice knowledge base that is conspicuously lacking within the international digital preservation community. We present as research outcomes an encapsulation of preservation practice (and explicitly defined best practice) as a series of case studies, in turn distilled into atomic, related information elements. We conduct our analyses in the formal evaluation of memory institutions in the UK, US and continental Europe. Furthermore we showcase a series of applications that use the fruits of this research as their intellectual foundation. Finally we document our results in a range of technical reports and conference and journal articles. We present evidence of preservation approaches and infrastructures from a series of case studies conducted in a range of international preservation environments. We then aggregate this into a linked data structure entitled PORRO, an ontology relating preservation repository, object and risk characteristics, intended to support preservation decision making and evaluation. The methodology leading to this ontology is outlined, and lessons are exposed by revisiting legacy studies and exposing the resource and associated applications to evaluation by the digital preservation community.

Managing university records and documents in the world of governance, audit and risk: Case studies from South Africa and Malawi

There are enormous benefits for any organisation from practising sound records management. In the context of a public university, the importance of good records management includes: facilitating the achievement the university’s mandate; enhancing efficiency of the university; maintaining a reliable institutional memory; promoting trust; responding to an audit culture; enhancing university competitiveness; supporting the university’s fiduciary duty; demonstrating transparency and accountability; and fighting corruption. Records scholars and commentators posit that effective recordkeeping is an essential underpinning of good governance. Although there is a portrayal of positive correlation, recordkeeping struggles to get the same attention as that given to the governance. Evidence abounds of cases of neglect of recordkeeping in universities and other institutions in Sub-Saharan Africa. The apparent absence of sound recordkeeping provided a rationale for revisiting some universities in South Africa and Malawi in order to critically explore the place of recordkeeping in an organisation’s strategy in order to develop an alternative framework for managing records and documents in an era where good governance is a global agenda. The research is a collective case study in which multiple cases are used to critically explore the relationship between recordkeeping and governance. As qualitative research that belongs in the interpretive tradition of enquiry, it is not meant to suggest prescriptive solutions to general recordkeeping problems but rather to provide an understanding of the challenges and opportunities that arise in managing records and documents in the world of governance, audit and risk. That is: what goes on in the workplace; what are the problems; and what alternative approaches might address any existing problem situations. Research findings show that some institutions are making good use of their governance structures and other drivers for recordkeeping to put in place sound recordkeeping systems. Key governance structures and other drivers for recordkeeping identified include: laws and regulations; governing bodies; audit; risk; technology; reforms; and workplace culture. Other institutions are not managing their records and documents well despite efforts to improve their governance systems. They lack recordkeeping capacity. Areas that determine recordkeeping capacity include: availability of records management policy; capacity for digital records; availability of a records management unit; senior management support; level of education and training of records management staff; and systems and procedures for storage, retrieval and dispositions of records. Although this research reveals that the overall recordkeeping in the selected countries has slightly improved compared with the situation other researchers found a decade ago, it remains unsatisfactory and disjointed from governance. The study therefore proposes governance recordkeeping as an approach to managing records and documents in the world of governance, audit and risk. The governance recordkeeping viewpoint considers recordkeeping as a governance function that should be treated in the same manner as other governance functions such as audit and risk management. Additionally, recordkeeping and governance should be considered as symbiotic elements of a strategy. A strategy that neglects recordkeeping may not fulfil the organisation’s objectives effectively.