DRAMBORA audit of the NUSL as a trustworthy digital repository
A regular audit of the NUSL as a trustworthy digital repository has been performed since 2009 to ensure the proper long-term functioning of the repository. A tool and methodology called Digital Repository Audit Method Based on Risk Assessment (DRAMBORA) is used for this purpose. The output of the audit is a mapped repository and its relevant environment together with identified risks, based on which an action plan is built. The action plan is aimed at eliminating or moderating the impact of individual risks on the NUSL operation.
The first audit of the NUSL as a trustworthy digital repository using the DRAMBORA (Digital Repository Audit Method Based on Risk Assessment) tool and methodology was performed at the end of 2009 as part of the creation of a digital repository of grey literature in the National Library of Technology (NTK). The audit results and experience from its course were summarized in a final report, and published in a book entitled Grey Literature Repositories in 2010. The most important audit outcome was the identified risks connected to the NUSL and potentially endangering its operation, quality, image and other features. These risks were gradually eliminated or moderated by the NUSL team throughout 2010. The main principle of the DRAMBORA audit and, at the same time, its main contribution, is iteration, i.e. its repetition after a certain time period under new conditions as the original risks are reassessed, the measurements adopted for their solution are assessed and new risks are identified.
The second NUSL digital repository audit was performed a year later, again at the end of the year. In this audit, the actual state of the repository was assessed, as well as the progress achieved in 2010; new potential risks were also identified, as were possible ways to eliminate them or reduce their impact. The NUSL documentation, the description of the whole project, its processes, procedures and related documents were significantly developed during 2010 and, therefore, they made a very good basis for the audit.
The third audit was performed a year later using the same method as the two preceding audits, with the presence of an external consultant who obtained information by interviewing NUSL team members and through the study of the most significant documents containing responses to the previous audit and the progress of the NUSL in 2011, including changes in its relevant environment. In addition to the mapped repository and the relevant environment, the producers of the methodology and the tool consider another crucial output to be the analysis of identifiable risks to the repository, its quality, readiness, reputation and position in the eyes of both specialists and ordinary users. In the 2011 audit, 24 risks identified in the 2009 and 2010 audits were assessed, as was the progress towards their elimination, and 3 new risks were identified. The biggest change in comparison with last year was that the NUSL pilot project ended in 2011, and the NUSL became an integral part of the services offered by the NTK and was fully funded from the NTK budget, which was reflected in the assessment of the risks related to the mandate and funding of the NUSL. The other significant changes are apparent from incremental commentaries in the DRAMBORA database, from files attached to it and from records added mainly in the areas of Constraints, Objectives and Activities. The identified and reassessed risks continue to pertain particularly to the conditions of activity description and repository procedures, the state and development of staff, project funding, hardware and software resources and NUSL collections, including backup and the relevant NUSL environment.
The end of the pilot project, when the NUSL became an integral part of the services offered by the NTK and became fully funded from the NTK budget, was still a big change and was reflected in the assessment of the mandate and the related risks. The greatest risk was identified in the NUSL cooperation network - its state and future development. In the 2012 audit, 27 risks were assessed and 5 new risks identified.