You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

5.2.1 - The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.

Introduction

A summary of our practices in relation to our objectives, commitments, and context. May include:

  1. Standards met or industry best practices employed, and their applicability to Scholars Portal; certifications achieved or audits undertaken if applicable
  2. Differences from standards or best practices and our rationale for those differences if applicable
  3. Parties involved in the creation of the document if applicable\

The complete text of the SOMETHING is available through the link below. The SOMETHING fulfills all or part of this criteria by describing SOMETHING, SOMETHING, and SOMETHING. (repeat for all documents linked)

Responsibility

Digital Preservation Policy Librarian - Ensures proper functioning of overall system.

Potential Risks

The chief risks associated with risk analysis are (1) failure to review and update the analysis in a timely manner and (2) failure to acknowledge and analyze foreseeable risks. To mitigate the first risk, Scholars Portal has monitoring commitments in place (see next item). To mitigate the second risk, Scholars Portal uses a comprehensive typology of threats to model likely dangers (explained in the Risk Analysis and Management Strategies document below).

Monitoring Commitments

The repository will assess its risk analysis and management strategies on a regular basis or whenever there are major changes to its operating environment such as hardware refreshment, staffing changes, or cyber attack.

Future Plans

Scholars Portal recognizes that formal security audits and third-party vulnerability assessments could be valuable. In the long run, the repository would like to establish an alternate hot or 'mirror' site to provide full, continuous redundancy of archival storage, data management, and dissemination systems.

Relevant Document

  1. Risk Analysis and Management Strategies
  • No labels