|| Preservation Procedure Policy: Risk Management
| Related Guidance Policy
| Definition/ Description
|| Risk management is defined as: _“_Coordinated activities to direct and control an organisation with regard to risk.” (ISO/IEC Guide 73:2002, via Drambora Glossary)
|| Digital preservation is all about identifying and mitigating risks. Digital material is dependent on a technical environment. Risks are related to every aspect of handling these digital collections. It is important that an organisation has a process implemented to create a regular updated overview of the risks for the preserved collections and will act upon the risks identified with appropriate staff and procedures.
The organisation needs to be confident that risks to all parts of the collection have been considered and appropriate mitigation measures have been taken. This is not to imply that all parts of the collection/collections should be treated equally, more that the risks to the collection should be understood and prioritised in line with the importance of the collection and available resources.
|| If an organisation is not aware of the risks, it might lead to damage or even loss of collections and hence to loss of reputation, and the organisational goals will not be achieved. This could be a threat for the continuity of the organisation.
| Life cycle stage
|| Curate and Preserve, Preservation Planning
|| Management: need to decide on risk management
Operational Management: need to implement risk procedures and monitor the execution of it by operational management
| Cross Reference
Trustworthy Digital Repository
|| State and University Library, Denmark: “Digital preservation at the State and University Library is based on the principles of risk management. The library continuously manages and updates its digital preservation risk analysis in accordance with existing legislation and international standards.” Source:, http://en.statsbiblioteket.dk/about-the-library/dpstrategi
| Control Policy
|| Where the mitigating action for a particular risk is to watch for changes in the environment, it should be possible to monitor this. Examples of this are
- FormatShouldBeIInternationalStandard SHOULD be Yes
- Number of tools available >= 1
| Questions to foster discussions
- Has your organisation done risk assessments on all collections in its care?
- Are there procedures implemented related to risk management of the preserved collections?
- Are the IT activities involved in the risk management procedures?