Finally ISO 16919 is published, ISO auditing can start

Originally posted on: http://digitalpreservation.nl/seeds/finally-iso-16919-is-published-iso-auditing-can-start/

Rijksmuseum-man-voor-commissie

I blogged before about the enormous amount of time it takes before a draft standard becomes an approved ISO standard and finally this week happened what we were waiting for: ISO officially published the ISO 16919 standard. Fully named: Requirements for bodies providing audit and certification of candidate trustworthy digital repositories. This mouthful of words all comes down to one element: consistency. An audit done with auditors from one part of the world should be comparable with an audit done by auditors in another part of the world. This is a problem that ISO has tackled by having a standard that regulates the accreditation of auditors : ISO 17021 Standard requirements for A&C general management systems. The PTAB group adapted this standard in order to make it complementary to the ISO 16363 -2012 standard Audit and Certification of Trustworthy Digital Repositories. What additions were needed? In short: specific digital preservation knowledge is introduced as a requirement in this standard. This is done by an explicit reference to the OAIS standard ISO 14721-2012, and the ISO 16363-2012. A list of competencies is added, describing the qualifications an auditor should possess to participate in the audit process. This also is focused on digital preservation aspects, adding to general auditors requirements like confidentiality, impartiality, responsibility etc.  Experience in digital preservation is expected and where the knowledge is lacking, training might fill the gaps. The next step will be that qualified auditors will be appointed. Here the national standard bodies play an important role, as they monitor this process. So we are not there yet, but an important milestone is reached. The European framework of audit and certification sees an external audit according to ISO 16363 as the highest level of certification. An organisation can start with certification according to the Data Seal of Approval, followed by the Nestor/DIN 31644 standard. This  will leave some time to train qualified auditors and get experience with the concept of certification in the evolving world of digital preservation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s