ACCREDITED REPOSITORY

In a video interview Prof. Santacroce explains what it means to be an AgID accredited repository, why it is difficult to become an accredited company and why private companies rely on accredited repositories.

 

Watch the interviews below or the complete interview.

Certified service

Archiva is an accredited repository according to the requirements set by AgID – Agency for Digital Italy.
Its process is perfectly in line with the new Italian technical guidelines on the storage of electronic documents and it meets all the AgID requirements to carry out the preservation activity, including financial, technical and organisational reliability.

Introduction

Register of accredited repositories

What do you think about the register of accredited repositories?
The new Italian technical guidelines, approved on 3 December 2013 and operational since 11 April 2014 with compliance deadline on 11 April 2017, constitute a true revolution in the world of preservation, which has been transformed from simple data storage into a real preservation system. This new situation means that the level of the repositories must be upped. From this point of view, it seems to me that the creation of a register, with public control on its reliability, is the right answer for all those that in recent years have decided to adopt the electronic storage solution instead of the old paper archives.

Requirements

Requirements

What requirements does an accredited repository have to fulfil?
The new AgID technical guidelines and instructions, related to international standards, set a high level of requirements, detailed below:

  • Organisational. For preservation purposes data must be managed according to specific standards: mandatory, archiving and management standards.
  • Professional. The company offering the repository service must have professional figures that meet the legal, archiving and technological requirements; AgID defines specific professional roles.
  • Processo. Traceability of data and control of the processing stages.
  • Infrastructural. Related to the security of the preserved data.

You need more than a software

Is it sufficient to buy the right software to avoid sanctions?
It is not sufficient to have a smart card, it is also necessary to have personnel within the company with training that fulfils the accreditation requirements?
The preservation system is not only software, it is also organisation, technologies and compliance with security regulations. It is a process that complies with all the relevant regulations and it cannot be replaced by the mere purchase of software.

Main figures

What are the main figures foreseen by a preservation system?
A compliant preservation system revolves around a number of figures: preservation manager, document management manager, manager of the archiving aspect, personal data processing manager and preservation system security manager.
An accredited repository is made up of a team with mixed skills: accurate and high level legal and IT expertise.

You need more than a preservation manager

So isn’t it sufficient to have a preservation manager?
The preservation manager, internal or external, is certainly an important figure, but it is not sufficient. The manager must be supported by other figures that are important for the execution of the entire preservation process.

Interest for the private sector

Interest for private companies

The legal provisions concern public administrations. Why should it involve private companies?
The electronic management of data and its preservation over time, with the legally compliant presentation of evidence if required by authorities or for the recovery of credits from third parties, oblige private economic agents to implement stable, secure and accessible systems. The creation of metadata is also important for the searchability of data for different operational requirements. All this can only be achieved by means of a preservation activity that complies with the highest standards. An accredited repository fully meets these requirements.

Data content manager

If I entrust my documents to a company that is not suitably qualified, is it legally liable for not maintaining the archive correctly?
The repository is liable as per the agreement entered into. The owner of the data, i.e. the entrepreneur is in fact solely responsible for the document stored as regards third parties and all public authorities. Therefore, a claim for damage compensation due to loss of data may be filed, as I said previously, only according to the contractual provisions, but this never excludes the administrative responsibilities of the company that owns the data and relevant sanctions.

Obligations of PAs

By law, public administrations must make use of a repository enrolled in the register if the preservation is outsourced, otherwise they must have an internal digital preservation system. What do you think of the second solution?
The second solution that many public administrations prefer from a theoretical point of view poses many operational problems. In fact the Italian digital administration code (CAD) foresees that these administrations must have their processes certified. The reason for this is that it is not sufficient to implement a preservation system to meet all the legal requirements. I believe that a public body should focus on using the information available in the best way to achieve institutional objectives rather than worrying about storing data in-house.

What is happening in the market?

Digital preservation services

In recent years, digital preservation services have become part of the product portfolio of many companies, almost all those that deal with IT. What do you think about this?
It is important not to confuse the capability of IT companies to store data with the capability of being a repository that fulfils the commercial, economic, legal and archival requirements at the same time. This can only be achieved by making adequate investments in highly professional human resources and technologies.

Difficulty in being accredited

Almost all the companies that offer digital preservation services promise that they will be enrolled in the register. Is it that easy? If it is so easy why are there only a few companies enrolled in the register?
Everything I have mentioned so far combined with the Italian technical guidelines and the requirements that a repository must meet make it difficult to be accredited by the AgID. It is a difficult process which is not accessible to everyone.

Corporate data protection

When I entrust my documents to a company how can I be sure that suppliers will not access my data?
The outsourcing of data must be carefully agreed by the data owner with the repository. The data owner must request all the necessary guarantees that the data entrusted is not transferred to third parties or disclosed to others unless expressly authorised by the data owner. I am very worried that the lack of transparency and contractual obligations may mean that there is no control on the data, which sometimes for a company represents the heart of its commercial success.

We are at your complete disposal for any further information you may require.

CONTACT US

Log In is required for submitting new question.