3.3.5 Information integrity measurements
The repository shall define, collect, track, and appropriately provide its information integrity measurements.
This is necessary in order to provide documentation that it has developed or adapted appropriate measures for ensuring the integrity of its holding.
Written definition or specification of the repository’s integrity measures (for example, computed checksum or hash value); documentation of the procedures and mechanisms for monitoring integrity measurements and for responding to results of integrity measurements that indicate digital content is at risk; an audit process for collecting, tracking, and presenting integrity measurements; Preservation Policy and workflow documentation.
The mechanisms to measure integrity will evolve as technology evolves. The repository may provide documentation that it has developed or adapted appropriate measures for ensuring the integrity of its holdings. If protocols, rules and mechanisms are embedded in the repository software, there should be some way to demonstrate the implementation of integrity measures.
The Preservation Policy dictates that all preservation will be at bit-level and states “fixity checks will be performed on every file.” Content in the High Assurance and Premium Archive storage classes receive fixity checks every 180 days. Per the DART User Guide technical documentation, “APTrust will perform fixity checks on the S3 files every 180 days.” The frequency of fixity and other preservation measurements is an ongoing discussion in the digital preservation field and will be updated according to current best practices.
The process for verifying and providing fixity checks can be found in the APTrust Preservation & Storage documentation. The Member generates the MD5 checksum as part of their bagging process, and APTrust generates a SHA256 checksum, in addition to others, such as SHA-512, for future use cases.
Members choose an APTrust storage class to meet their needs. Only the High Assurance and Premium Archive storage classes include fixity checks every 180 days. APTrust relies on the underlying storage providers’ data integrity measures for content stored in Basic or Deep Archive classes and will only check fixity upon restoration.