The repository shall have and maintain appropriate contracts or deposit agreements for digital materials that it manages, preserves, and/or to which it provides access.

This is necessary in order to ensure that the repository has the rights and authorizations needed to enable it to collect and preserve digital content over time, make that information available to its Designated Community, and defend those rights when challenged.

Properly signed and executed deposit agreements and licenses in accordance with local, national, and international laws and regulations; policies on third-party deposit arrangements; definitions of service levels and permitted uses; repository policies on the treatment of ‘orphan works’ and copyright dispute resolution; reports of independent risk assessments of these policies; procedures for regularly reviewing and maintaining agreements, contracts, and licenses.

Repositories may need to show evidence that their contracts are being followed. This is especially important for those with third-party deposit arrangements. These arrangements may require the repository to guarantee that relevant contracts, licenses, or deposit agreements express rights, responsibilities, and expectations of each party. Contracts and formal deposit agreements should be legitimate; that is, they need to be countersigned and current. When the relationship between depositor and repository is less formal (e.g., a faculty member depositing work in an academic institution’s preservation repository), documentation articulating the repository’s capabilities and commitments should be provided to each depositor. Repositories engaged in Web harvesting may find this requirement difficult because of the way in which Web-based information is harvested/captured for long-term preservation, and so contracts or deposit agreements are rarely required. Some repositories capture, manage, and preserve access to this material without written permission from the content creators. Others go through the very time-consuming and costly process of contacting content owners before capturing and ingesting information. Ideally, agreements are tracked, linked, managed, and made accessible in a contracts database.

The APTrust’s How Deposits Work (current adopted version) demonstrates that the repository has the rights and authorizations needed to enable it to collect and preserve digital content over time, and make that information available to its Designated Community.

APTrust uses the University of Virginia’s institutional repository, LIBRA, to manage and maintain each policy or contract (including all versions) over time. LIBRA is publicly accessible and has limited internal access along with a verified audit trail through both its repository version (currently: Fedora-based repository) and its preserved version in APTrust. Access follows these conventions:

UVA Box Implementation (Address), accessible by [name], using [authentication method] provides AP Trust the means of defending these rights if challenged.

The following staff can read/write to the uploaded document:

• Libra Staff
• Repository Manager

However, all changes to the original document are tracked in a Fedora audit trail (as well as checksum validation through SHA1). [This has been verified with an email from Ellen Ramsay, Libra manager and Dave Goldstein, Libra repository manager – January 2018]

All contracts are with the state and through procurement at the University of Virginia.