Page tree
Skip to end of metadata
Go to start of metadata

3.4.3 - The repository shall have an ongoing commitment to analyze and report on risk, benefit, investment, and expenditure (including assets, licenses, and liabilities).

Introduction

Comprehensive, systematic risk assessment is essential to the long-term security and reliability of SP and its archived information. In a financial context, risk assessment helps the repository identify and evaluate threats that could disrupt normal operations or impair its ability to meet its Mandatory Responsibilities and contractual obligations. SP began formally documenting and analyzing risks in the fall of 2011. The participants included key personnel from SP, OCUL, and the University of Toronto Libraries.

Please see the Risk Analysis and Management Strategies document for details. This document identifies threats, assesses their probability and potential impact, and provides an overview of the repository's risk-minimization and prevention strategies.

Responsibility

Digital Preservation Policy Librarian

OCUL Executive Director

OCUL Library Directors

Potential Risks

The chief risks associated with risk analysis are (1) failure to review and update the analysis in a timely and consistent manner and (2) failure to acknowledge and analyze foreseeable risks. To minimize the first risk, SP has monitoring commitments in place (see Monitoring Commitments below). To minimize the second risk, SP uses a comprehensive typology of threats as a model for identifying foreseeable and relevant risks (described in the Risk Analysis and Management Strategies document). This model includes financial and organizational risks such as loss of funding, or changes in organizational priorities.

Monitoring Commitments

The repository will assess its risk analysis on a regular basis, according to the Review Cycle for Documentation Policy, or whenever there are major changes to its operating environment such as significant staffing level changes, changes in mandate, or funding disruptions.

Relevant Document

  1. Risk Analysis and Management Strategies
  2. Critical Processes and OAIS Mandatory Responsibilities
  • No labels