Beyond data recovery: A CIO’s perspective on digital preservation

While most IT organizations have taken the time to establish data backup and recovery procedures as part of their overall operations, few consider long term digital preservation as part of data protection planning. Establishing a formal plan to ensure access to critical data over time is becoming increasingly important as the amount of digital information continues to expand and serves as the only record of an organization’s asset.

Digital preservation is a formal endeavor to ensure the digital information of continuing value remains accessible and usable. It involves planning, resource allocation, and application of preservation methods and technologies.  This is done to ensure continued access to reformatted and born-digital content, regardless of the challenges of media failure and technological change.  

A workable plan takes into consideration that digital content both at rest and in transit can be corrupted and content is impacted by underlying technologies that will become obsolete, rendering files unreadable and inaccessible.

Performing backup and restore on digital content does NOT ensure preservation although it may be essential to integrate preservation into a combined strategy of protecting digital assets. As a CIO, do you care? Well, that depends on your organizational requirements for digital content.

Do you have digital intellectual property that is expected to maintain a high level of integrity and accessibility over time? Do you have digital content that has a retention period of “in perpetuity?”  If your answer is yes to these questions, then you need to consider data preservation strategies beyond backup and restore and business continuity.  

As a practice, digital preservation is fairly nascent and narrowly focused. There are few enterprise applications that service this space. There is generally a chasm that exists between IT and the practitioners of digital preservation in museums, libraries, government and educational institutions.  This fact was reinforced when I offered my perspectives on digital preservation and the importance of establishing a preservation environment at the annual Preservation and Archival Special Interest Group conference held this year in Mexico City where I found many digital conservators but no IT professionals.

Digital preservation as an operational mandate

As a CIO, if you have a practice in digital preservation but you are not involved, get involved. Why? Because digital content destined for preservation can swamp your available storage space and network connectivity and can have profound impact on continuity and disaster recovery planning and testing. If you do not have a practice in preservation, but meet some of the criteria mentioned above, then you have a tall task in educating your executives and Board about the inherent risks your organization faces with the status quo. Not being involved can also lead to “shadow IT” with longer-term support issues.

There are international standards (ISO 16363 and others) that cover the topic, but one of the easiest and most straightforward I have found is the National Digital Stewardship Alliance standard. This standard provides an easy way to benchmark your organization on a level of 1 to 4 as to your digital preservation maturity. To achieve a level 4, from an IT perspective, you must maintain 3 copies of your digital archive that are geographically and technologically distributed. You should also maintain a “dark” copy that is not accessible by humans, but through the preservation platform itself.

Geographic separation mitigates risks from natural disasters, power failures, or man-made calamity. Technological separation mitigates risk of a single common technological flaw. Having three copies in three different data centers using the same cloud provider does not meet this requirement. The “dark” copy mitigates risk from intentional or unintentional deletion of the entire archive. There are also important IT security implications for the architecture. The deep archive should be locked down to a minimal number of preservation and support staff and the archive network should be segmented to provide further security. Availability and access monitoring are also paramount.

Conclusions and best practice recommendations

Hopefully, I have succeeded in providing a small IT-centric perspective on the basics of digital preservation, although there are many more implications from an enterprise and organization point of view. Here are some recommendations for those who may be considering a digital preservation strategy:

• Determine the risk for your long-term digital content.
• Educate your key stakeholders as to the risk.
• Identify your organization’s requirements for digital preservation that aligns with its overall mission for data integrity and accessibility.
• Form a closely integrated cross functional team with IT, digital preservation staff and key stakeholders.
• Establish the appropriate governance for the long term. This is not a one-time project, but an established practice that must be sustainable over time.
• Perform a more detailed assessment of the current and future practices for maintaining digital content.
• Communicate the requirements for digital preservation to content creators. Not only do you need a digital preservation platform but an integrated digital asset management environment so that appropriate metadata can be captured at creation to meet preservation standards for deep archival.
• Establish funding sources, recognizing that this is not a typical ROI but an investment in knowledge preservation.
• Partner with established experts in the field. While the industry is relatively young, there are well established practitioners and experts in digital preservation.