Comprehensive, systematic , and unbiased risk assessment is essential to the long-term security and reliability of Scholars PortalSP and its archived information. Risk assessment helps the repository identify and evaluate threats that could disrupt normal operations or impair its ability to meet its Mandatory Responsibilities and contracted obligations and mandatory responsibilities to its Designated Community. Scholars Portal . SP began formally documenting and analyzing risks in the fall of 2011. The participants included key personnel from Scholars Portal, SP, OCUL, and the University of Toronto Libraries, and the Library's Information Technology Services. In many cases, the risk analysis merely documented threats that librarians, architectssystems administrators, and programmers had already addressed tacitly in the design and implementation of the repository.
At present, Scholars Portal SP does not employ a third-party code of practice for risk analysis. Instead, Scholars Portal SP reviewed risk assessment practices used by a variety of revelant institutions and recommended by various organizations in order to minimize the impact of biases or idiosyncracies in individual codes avoid being 'locked in' to a particular code of practice. Following the review, Scholars Portal SP designed a risk analysis model that suited the repository's operating conditions and technical evironmentenvironment.
The complete text of Please see the Risk Analysis and Management Strategies document is available through the link below. The document satisfies the criteria by identifying threats, assessing for details. This document identifies threats, assesses their probability and potential impact, and providing provides an overview of the repository's mitigation risk-minimization and prevention strategies.
Digital Preservation Policy Librarian - Ensures proper functioning of overall system.
OCUL Executive Director
OCUL Library Directors
The chief risks associated with risk analysis are (1) failure to review and update the analysis in a timely and consistent manner and (2) failure to acknowledge and analyze foreseeable risks. To mitigate minimize the first risk, Scholars Portal SP has monitoring commitments in place (see next itemMonitoring Commitments below). To mitigate minimize the second risk, Scholars Portal SP uses a comprehensive typology of threats as a model for identifying foreseeable and relevant risks (described in the Risk Analysis and Management Strategies document below).
The repository will assess its risk analysis on a regular basis, according to the Review Cycle for Documenation Documentation Policy, or whenever there are major changes to its operating environment such as hardware refreshment, significant staffing level changes, or cyber attacksecurity incidents.
Scholars Portal SP recognizes that formal security audits and third-party vulnerability assessments could be valuable. In the long run, the repository would like to establish an alternate hot or 'mirror' site to provide full, continuous redundancy of archival storage, data management, and dissemination systems.