16363 Reasons to Trust

by Hannah Wang, posted in Self-Assessment

This post was written by Amanda May, former Senior Digital Preservation Specialist

In 2025, the Digital Preservation Unit will be conducting its fourth biennial ISO 16363 self-assessment. This international standard for auditing and certifying trustworthy digital repositories is an important way for us to understand how well our digital repositories – the Electronic Records Archives (ERA) suite of systems – are performing.

A man working in NASA computer facilities, 1973 (NAID 354952333).

Introduction to ISO 16363

The International Organization for Standardization (ISO) is an independent body that publishes rigorously reviewed standards for everything from food safety to quality management to IT security. ISO 14721, commonly known as the OAIS Reference Model, is a standard widely used to guide the structure and development of digital repositories. A related standard, ISO 16363, guides the audit and certification of these repositories through 115 (previously 109) metrics assessing digital object management, IT infrastructure and security, and organizational policies. By gathering documentation and writing a justification for how the organization is meeting each metric, the organization takes a very thorough look at its own practices and comes to understand how it is or isn’t meeting the standards. 

Other institutions also utilize these ISO standards to guide the development and implementation of their own digital repositories. The OAIS Reference Model is widely taught in archival programs and terminology from both standards form the vocabulary for talking about digital repositories and trustworthiness. The Government Publishing Office (GPO) received the country’s first ISO 16363 certification in 2018 and became the first organization in the world to maintain this certification in 2021. Many other organizations perform self-assessments as well as other benchmarks, such as the Digital Preservation Coalition’s Rapid Assessment Model (DPC RAM).

NARA has conducted three self-assessments, in 2019, 2021, and 2023. With the 2019 assessment as the baseline, each subsequent report has shown overall improvement with how our organization meets metrics in each area. The practice of biennial self-assessments helps document these successes and highlight where we could improve. 

Updated Methodology in 2025

ISO 16363 has been updated this month, and ISO 14721 is also due to be updated in 2025. We received a preview version of the new editions and started updating our internal documents to reflect the changes. NARA’s 2025 self-assessment will conform to the new edition of ISO 16363.

Some of the changes include:

  • Updates to stay consistent with the changes in ISO 14721, like the addition of the term, “Preservation Objectives,” defined as a “specific achievable aim that can be carried out using the Information Object” (CCSDS 650.0-M-3, section 1.6.2)
  • Six new metrics: 4.1.13, 4.1.1.4, 4.2.3.2, 4.2.3.3, 4.3.5, 5.1.1.7
  • Clarifications that make the document easier to understand, and additional documents that can be used to demonstrate that the repository meets requirements
  • Changes the words “written” to “documented” and “metadata” to “information” in many places. 

In addition, this year’s self-assessment will break out each of NARA’s repository systems into their own sub-report, where previously they were treated as a monolith. In reality, federal agency records, Congressional records, Title 13 (Census) records, and Presidential records each exist in their own separate instances of ERA that have their own “flavors” based on their particular needs and access controls. Assessing each repository separately will help us understand those differences better.

2025 Self-Assessment Timeline

A screenshot of a project plan Gantt chart. It shows five phases of work: Up to Speed, Gathering Information, Drafting Report, Finalizing Report, and Cleanup.
A glance at the project plan. The final report is expected at the beginning of September 2025.

The self-assessment process requires help from every part of NARA that works with electronic records. From the U.S. Code to high-level NARA policies to IT system documentation to unit SOPs and job aids, everything that goes into making our electronic records repositories functional and trustworthy is gathered and assessed. We’re in that gathering process now – we put out a call for updated SOPs, we’re reviewing documents to see what is out of date, and we’re seeing what types of documents would be helpful for new and updated metrics. Once most of these documents have been gathered, the first draft of the report will be compiled in the spring. The final report will be completed by September 2025. 

By performing these biennial self-assessments, NARA is holding itself accountable to a global standard for trustworthiness. By highlighting what we are doing right and figuring out where we still need improvement, we ensure that the digital records of the United States federal government are as safe as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.