Contents:
- 1. Introduction
- 2. Prior Work
- 3. Background to the Model
- 4. The SPOT model for risk assessment
- 5. Comments on the model
- 6. Practical application
- 7. Conclusions
- Notes
- References
- Appendix: Comparison of digital preservation threat taxonomies
This article proposes a new outcome-based model, the Simple Property-Oriented Threat (SPOT) Model for Risk Assessment which defines six essential properties of successful digital preservation and identifies a limited set of threats. After an introduction, section 2 reviews several existing threat models in the context of four desired attributes: conceptual clarity, appropriate detail and consistent granularity, comprehensiveness and simplicity. Section 3 describes the properties of well preserved digital objects as the basis for a new approach to risk assessment. Section 4 presents the SPOT model. Section 5 offers some commentary on the model while Section 6 provides two practical applications (Statistics New Zealand Archive and Florida Digital Archive). Section 7 concludes with some suggestions for further work.
This article provides a simpler way for archives to enter the world of threat identification and associated risk analysis. It acknowledges the value of more extensive models such as DRAMBORA and the Audit and Certification of Trustworthy Digital Repositories while rightly emphasizing the overwhelming amount of work such models represent to archives just starting down the assessment path. For those archives looking to focus primarily on threats and risks associated with the technical management of digital objects, and not on the organizational management risks, this model offers one of the clearest identification and definition of the essential properties of digital objects, which digital preservation systems need to address. Newcomers to concepts such as persistence or renderability or confused by seemingly similar concepts such as identity and understandability will find the definitions offered in this article very clear. Although it offers itself as a practical tool, it still requires some background in the OAIS model and as the authors suggest, might be even more useful if the threats it identifies were mapped to the points within the OAIS framework with which they are most likely associated. It definitely offers archives just beginning with risk assessment a less complex approach, enabling them to at least begin what is eventually a long and important path to developing a trustworthy digital repository infrastructure.