4.1.6 Control over digital objects document Copy URL

The repository shall obtain sufficient control over the Digital Objects to preserve them.

This is necessary in order to ensure that the preservation can be accomplished, with physical control, and is authorized, with legal control.

Documents showing the level of physical control the repository actually has. A separate database/metadata catalog listing all of the digital objects in the repository and metadata sufficient to validate the integrity of those objects (file size, checksum, hash, location, number of copies, etc.)

The repository must obtain complete control of the bits of the digital objects conveyed with each SIP. Sufficient physical and legal control is necessary for the archives to make any changes required by their Preservation Implementation Plan for that data and to distribute it to their consumers. For example, in cases where SIPs only reference digital objects, the repository must also reference the digital objects or preserve them if the current repository is not committed to such preservation.

Legal Control

As per the APTrust Sustaining Member Deposit Agreement, Sustaining Members who deposit content to the APTrust storage environment hold responsibility for all all ownership, usage, intellectual property, and other rights to the deposited Digital Objects.  If for any reason the depositor cannot fulfill those responsibilities, the Member must notify the APTrust and terminate this Agreement unless other arrangements are made to the satisfaction of the APTrust.

Physical Control

As described in Definition of AIP, the file transfer content is initially uploaded to the member’s Amazon Web Services receiving bucket. From there, the content is replicated to an APTrust working environment.

Preservation responsibility transfer occurs when depositor places content in S3 bucket (

APTrust will take all reasonable steps to assure the security of the storage environment in the following ways:

  • By keeping software and patches up to date, and by restricting access to the servers and ports with firewalls and encryption- key-based access.
  • By restricting access to data and metadata by using password authentication and authorization checks on all attempts to access any data or metadata.
  • By performing regular fixity checks to ensure file integrity

The physical and informational security measures are outlined in .

This page is linked on the Mandatory Responsibilities page.