4.1.6 Control over digital objects document
The repository shall obtain sufficient control over the Digital Objects to preserve them.
This is necessary in order to ensure that the preservation can be accomplished, with physical control, and is authorized, with legal control.
Documents showing the level of physical control the repository actually has. A separate database/metadata catalog listing all of the digital objects in the repository and metadata sufficient to validate the integrity of those objects (file size, checksum, hash, location, number of copies, etc.)
The repository must obtain complete control of the bits of the digital objects conveyed with each SIP. Sufficient physical and legal control is necessary for the archives to make any changes required by their Preservation Implementation Plan for that data and to distribute it to their consumers. For example, in cases where SIPs only reference digital objects, the repository must also reference the digital objects or preserve them if the current repository is not committed to such preservation.
Legal Control
As per the How Deposits Work guideline, Sustaining Members who deposit content to the APTrust storage environment hold responsibility for all ownership, usage, intellectual property, and other rights to the deposited Digital Objects. If for any reason the depositor cannot fulfill those responsibilities, the Member must notify the APTrust and terminate this Agreement unless other arrangements are made to the satisfaction of the APTrust.
Physical Control
As described in Definition of AIP, the file transfer content is initially uploaded to the member’s Amazon Web Services S3 receiving bucket. From there, the content is replicated to an APTrust working environment, from which it is ingested into the storage environment.
Responsibility for physical control transfers when the content is replicated into the APTrust working environment. Responsibility for preservation transfers when the content is ingested into the APTrust storage environment as described in the Definition of AIP (see also 3.5.1.3).
APTrust will take all reasonable steps to ensure the security of the working and storage environments in the following ways:
- Keeping software and patches up to date, and by restricting access to the servers and ports with firewalls and encryption- key-based access.
- Restricting access to data and metadata by using password authentication and authorization checks on all attempts to access any data or metadata.
- Performing regular fixity checks to ensure file integrity.