InterPARES - Records in the Cloud

Research

Public Research Dissemination

This section provides access to publicized research dissemination for the Records in the Cloud project.

Search

by Author:

by Text in Citation:

Sub-Section Title

Alva, A., Endicott-Popovsky, B., David, S.

"Forensic Barriers: Legal Implications of Storing Information in the Cloud," UNESCO Conference: The memory of the World in the Digital Age: Digitization and Digital Preservation. Vancouver, B.C.

Barloura, G., Pan, W., Rowe, J.

Weimei Pan, Joy Rowe, Georgia Barloura (2013) "Records in the Cloud (RiC): Profile of Cloud Computing Users," Proceedings of the Inaugural International Conference on Cloud Security Management (ICCSM-2013), Seattle, WA.
Weimei Pan, Joye Rowe, Georgia Barloura (2013) "Records in the Cloud (RiC): Profile of Cloud Computing Users," Poster presentation at Inaugural International Conference on Cloud Security Management (ICCSM-2013), Seattle, WA.
"Records in the Cloud (RiC): Profile of Cloud Computing Users," Poster presentation at ARMA International Conference, Las Vegas, NV. October 2013.

Boel, J., Goh, E.

Jens Boel, Elaine Goh (2014) "International Organizations' Use of the Cloud for Records Management Purposes." 2nd Annual Conference of the International Council on Archives. 11th-15th October, 2014. Girona, Spain.

Borglund, E.

Erik Borglund (2015) "What About Trust in the Cloud?: Archivists' Views on Trust" in The Canadian Journal of Information and Library Science Vol. 39: 2, pp. 114-127.
Erik Borglund (2015) “Informationshantering och molnet” [Information Management and Cloud Computing], Computer Association of Energy Companies in Sweden: Spring Seminar. 21 April, 2015. Stockholm, Sweden.
2015 “Informationshantering och molnet” [Information management and cloud computing] Computer association of energy companies in Sweden spring seminar, 21 April, Stockholm
2014 “Forskning kring tillit i molnet” [Research on trust in the cloud], Sundsvall 42 conference 14th October 2014.
2015 “Molntjänster, arkivet & arkivarien är det så farligt?” [Cloud services, the archive, and the archivist, is it so dangerous?], FAI (Association of archives and information management) Spring seminar, 26 Mars, Stockholm
Erik Borglund (2015) “Molntjänster, arkivet & arkivarien är det så farligt?” [Cloud Services, the Archive, and the Archivist, Is It So Dangerous?], FAI (Association of Archives and Information Management) Spring Seminar. 26 March 2015. Stockholm, Sweden.
Borglund, Erik (2014) Authentic Records in the Cloud? International Conference on Cloud Security Management ICCSM2014. 23-24 October, 2014. Reading, UK.
Erik Borglund (2013) "Presentation of RiC." Sundsvall 42, ARENA 42 - Swedish biggest IT-conference. October 15-17.
Borglund, E. (2013) "Records in the Cloud - The Project," 4th International Symposium on Information Management in a Changing World, (Limerick, Republic of Ireland), September 4-6, 2013.
"Challenges to Capture the Hybrid Heritage: When Activities Take Place in Both Digital and Non-Digital Environments," UNESCO Conference: The memory of the World in the Digital Age: Digitization and Digital Preservation. Vancouver, B.C.
Erik Borglund (2014) "“Forskning kring tillit i molnet” [Research on Trust in the Cloud], Sundsvall 42 Conference. 14 October, 2014. Sundsvall, Sweden.
Erik Borglund (2014) "Authentic Records in the Cloud?" 2nd International Conference on Cloud Security Management (ICCSM 2014). 23-24 October, 2014. Reading, UK.

Borglund, E., Bushey, J., Shaffer, E.

"Records In the Cloud: A Collaborative Research Project," Panel Session at the Information Management in a Changing World (IMCW) International Symposium, Limerick, Ireland

Bushey, J.

Jessica Bushey (2016) "The Archival Trustworthiness of Digital Photographs in Social Media Platforms.” Electronic Theses and Dissertations (ETDs) 2008. University of British Columbia.
Jessica Bushey (2015) "Lost in the Stacks" Broadcast interview, Georgia Tech Radio.
Jessica Bushey (2015) “Investigating Sites of Power: Audiovisual Archives and Social Media Platforms.” In Photographic Powers, Mika Elo and Marko Karo eds. Helsinki, Finland: Aalto University Press, pp. 264-286.
Bushey, Jessica. (2015) "Digital Traces as Sources of Evidence and Memory." ICA Annual Conference, Reykjavik, Iceland. September 28-29, 2015.
Jessica Bushey (2014) "Trustworthy Digital Images and the Cloud: Early Findings of the Records in the Cloud Project." Challenges of Information Management Beyond the Cloud Communications in Computer and Information Science. Vol. 423, pp. 43-53.
Jessica Bushey (2014) “Digital Photographs in Social Media Platforms: Preliminary Findings.” 2nd International Conference on Cloud Security Management (ICCSM), The Cedars University of Reading. October 23-24. Reading, United Kingdom.
Jessica Bushey (2014) “Records in the Cloud.” Association of Canadian Archivists 38th Annual Conference. June 13-15. Winnipeg, Canada.
Jessica Bushey (2014) "Convergence, connectivity, ephemeral and performed: new characteristics of digital photographs." Archives and Manuscripts. Vol. 42, No. 1, pp. 33-47.
"Click to agree: Digital Photographs and Social Networking Platforms," SLAIS Research Day
"Trustworthy Digital Images and the Cloud," Barbados, West Indies, International Council of Archives Section on University and Research Institutions Archives Annual Conference 2013
"Records in the Cloud Poster," Presented at the Association of Canadian Archivists: Community as Archives, Archives as Community Conference, Winnipeg, MB

Bushey, J., Shaffer, E., Borglund, E.

Jessica Bushey, Erik Borglund, Elizabeth Shaffer (2013) “Records in the Cloud: A Collaborative Research Project.” Information Management in a Changing World (IMCW) International Symposium. September 4-6. Limerick, Ireland

Dupuis, M., Endicott-Popovsky, B., Crossler, R.

Marc Dupuis, Barbara Endicott-Popovsky, and Robert Crossler (2013) "An Analysis of the Use of Amazon’s Mechanical Turk for Survey Research in the Cloud." In Proceedings of the International Conference on Cloud Security Management: ICCSM 2013 , Barbara Endicott-Popovsky ed. October 17-18. Seattle, USA: Academic Conferences and Publishing International Limited. pp.10-18.

Duranti L.

Luciana Duranti (2014) “Preservation in the Cloud: Towards an International Framework for a Balance of Trust and Trustworthiness,” in Dinesh Katre and David Giaretta eds., APA/C-DAC International Conference on Digital Preservation and Development of Trusted Digital Repositories. February 5-6. New Delhi, India. New Delhi: Excel India Publishers, pp. 23-38.

Duranti, L.

Luciana Duranti (2016) "La Conservazione Nel Cloud." Biblioteche Oggi. Vol 34 (September 2016): pp. 57-64.
Luciana Duranti (2015) "Digital Records and Archives in the Commercial Cloud." In Regulating the Cloud. Christopher S. Yoo and Jean-François Blanchette, eds. Cambridge: MIT Press.
Luciana Duranti (2015) "Preface." Canadian Journal of Information and Library Science. Vol. 39, No. 2 (June 2015): pp. 91-96.
Luciana Duranti (2015) "From Ink and Paper to the Cloud. The European Correspondence of Jacob Burckhardt." International Conference, Speaker on The Cloud as a Place for Documentary Memory, (Cortona, Italy), April 10.
Luciana Duranti (2014) "Preservation in the Cloud: Towards and International Framework for a Balance of Trust." Canadian-American Archival Conference, (Bellingham, WA), April 17.
Luciana Duranti (2014) "A Clear Sky Forecast on a Cloudy Day: Archival Strategies for the Needs of a Constantly Connected Society." Keynote Speaker, International Conference on "Fellessamling for Arkivverket," (Gardermoen, Norway), March 20-21.
Luciana Duranti (2014) "Ethics in the Cloud: an Oxymoron or a Model Needing Reinterpretation?" European Commision Joint Research Centre, Workshop on "Digital Memories: Ethics of Emerging Information Technologies." January 16-17. Ispra, Italy.
Luciana Duranti (2013) "Archival Science in the Cloud Environment: Continuity or Transformation?" Atlanti. Vol. 23, Special Issue in Honour of Charles Keskemiti, pp. 45-52.
Luciana Duranti (2013) "Records in the Cloud: Authenticity and Jurisdiction." UNESCO Digital Preservation. October 29. Marseille, France.
Luciana Duranti (2013) "Documentary Heritage in the Cloud: Simply a Security Matter or an Oxymoron?" International Conference on Cloud Security Management ICCSM, (Seattle, WA), October 17-18.
Luciana Duranti (2013) "Cloud Computing: Problems e Opportunita per gli archive Digitali." UNIDOC Lecture Series. July 2. Roma, Italy.
Luciana Duranti (2013) "Records in the Cloud." International Council on Archives, Section on Universities and Research Institution Archives, International Quadriannual Conference, Keynote Speaker (Bridgeport, Barbados), June 25-29.
"Records in the Cloud: Trading Transparency and Control for Security and Economy," Russian Federation Records Management Forum, INFODOCUM 2013, Moscow, Russia
Luciana Duranti (2013) "Historical Documentary Memory in the Cloud: An Oxymoron of the Inescapable Future?" Revista D'arxius. No. 11-12, pp. 19-60.
"Gli archivi digitali: creazione e gestione," Venezia, Italy. Università IUAV di Venezia. International Seminar on "Il patrimonio culturale digitale: creazione e conservazione."
"Records in the Cloud: Towards InterPARES Trust," Fondazione Rinascimento Digitale. CULTURAL HERITAGE online: Trusted Digital Repositories & Trusted Professionals. Florence, Italy.
Luciana Duranti (2012) "Transformation and Continuity in the Role of the Archivist." First Annual Lecture, The Department of Information Science in the College of Human Sciences, The University of Pretoria, South Africa.
"Trust and Conflicting Rights in the Digital Environment," UNESCO Conference: The memory of the World in the Digital Age: Digitization and Digital Preservation. Vancouver, B.C.
Luciana Duranti (2012) "InterPARES and Beyond." Public Lecture. University of Kyoto.
"Beyond InterPARES 3: Records in the Cloud," Association of Canadian Archivists Annual Conference, Whitehorse, Yukon.
"Digital Records Forensics - from Law Enforcement to Records Management," ARMA Canada Annual Conference. Nanaimo, British Columbia.
"Confianza y Autenticidad en el ambiente digital: Un tema cada vez más nublado," Foro Ibero Americano de Evaluacion de documentos, Mexico City, Mexico.
Luciana Duranti (2012) "Trust in Digital Records: An Increasingly Cloudy Issue." ARPICO, Italian Institute of Culture. Vancouver, Canada.
"Beyond InterPARES: Issues of Trust," International Conference "Management of Cultural Heritage in the Digital World," Istanbul, Turkey.
"Confiabilidad y autenticidad en el ámbito digital: un tema cada vez más nebuloso," IV Convención Internacional de Archivista, San Bernardo, Chile.

Duranti, L., Goh, E., Chu, S.

"Archival Legislation for Engendering Trust in an Increasingly Networked Digital Environment," International Congress on Archives. Brisbane, Australia.

Duranti, L., Jansen, A.

Luciana Duranti, Adam Jansen (2013) "Records in the Cloud: Authenticity and Jurisdiction." in Proceedings of the 2013 Digital Heritage International Congress, Marseille, France, vol. 2 (Paris: IEEE) Oct-1 November: pp. 161-164.

Duranti, L., Jansen, A., Michetti, G., Rogers, C., Mumma, C., Prescott, D., Thibodeau, K.

Luciana Duranti, Adam Jansen, Giovanni Michetti, Courtney Mumma, Daryll Prescott, Corinne Rogers, Kenneth Thibodeau (2016) "Preservation as a Service for Trust (PaaST)." In Security in the Private Cloud. John R. Vacca, ed. London: CRC Press, Taylor & Francis Group, LLC.

Duranti, L., L

"Focusing on Relationships in the Networked Environment: InterPARES Trust," Association of Canadian Archivists Annual Meeting, Winnipeg, MB

Duranti, L., Rogers, C.

Luciana Duranti, Corinne Rogers (2016) "Trust in Records and Data Online." in Integrity in Government Through Records Management: Essays in Honour of Anne Thurston, eds., James Lowry, and Justus Wamukaya, Routledge (New York, NY): pp. 203-214.
Luciana Duranti, Corinne Rogers (2012) "Trust in digital records: An increasingly cloudy legal area." Computer Law & Security Review. Vol. 28, Issue 5, pp. 522-531.

Duranti, L., Rogers, C., Bushey, J.

"Different Communities, Same Issue: Trust Relationships in a Networked Environment," Association of Canadian Archivists (ACA) Annual Conference 2013

Duranti, L., Shaffer, E.

Luciana Duranti, Elizabeth Shaffer (2013) "E-Learning Records: Are There Any to Manage? If So, How?" in Social Media and the New Academic Environment: Pedagogical Challenges, eds., Bogdan Patrut, Monica Patrut, Camelia Cmeciu, Information Science Reference (an Imprint of IGI Global), (Hershey, Pennsylvania): pp. 273-292.
"The Potential Challenges of E-Learning Records: Are We Up to the Task of Managing Them?," Vancouver, B.C. -- 9th International Conference on Technology, Knowledge and Society.

Endicott-Popovsky, B.

Barbara Endicott-Popovsky, ed. (2013) The Proceedings of the International Conference on Cloud Security Management ICCSM-2013 . Seattle, USA: Academic Conferences and Publishing International Limited. 17-18 October 2013.

Ferguson-Boucher, K., Endicott-Popovsky, B.

Kirsten Ferguson-Boucher, and Barbara Endicott-Popovsky (2012) “Forensic Readiness in the Cloud (FRC): Integrating Records Management and Digital Forensics.” In Cybercrime and Cloud Forensics: Applications for Investigation Processes , Keyun Ruan, ed. Hershey, Pennsylvania: IGI Global. pp.105–28.

Franks, P.

Patricia Franks (2016) "Capitalizing on the Cloud - examples of local government use of cloud-based software and services, risks and suggested solutions." NYALGRO School. June 7. Callicoon, United States.

Goh, E.

Elaine Goh (2014) "Clear skies or cloudy forecast? Legal challenges in the management and acquisition of audiovisual materials in the cloud." Records Management Journal. Vol. 24, No. 1, pp. 56-73.
Elaine Goh (2013) "Strengthening the Regulatory Framework in a Digital Environment." The Memory of the World in the Digital Age: Digitization and Preservation. September 26-28. Vancouver, Canada.
"Beyond Borders: Legislative Challenges to the Management of Records in the Cloud," Connaught Summer Institute on Monitoring Internet Openness and Rights
"Clear Skies or Cloud Forecast? Challenges in the Acquisition and Preservation of Audio Visual Records in the Digital Environment," 17th SEAPAVAA Conference:Redefining the Audio-Visual Archives in the Digital Age, Bangkok, Thailand

Goh, E., Duranti, L., Chu, S.

Elaine Goh, Luciana Duranti, Simon Chu (2012) "Archival Legislation for Engendering Trust in an Increasingly Networked Digital Environment." A climate of change: International Council on Archives Congress, Brisbane. August 20-24. Brisbane, Australia.

Lemieux, V.

Victoria Lemieux (2016) "Provenance: Past, Present and Future in Interdisciplinary and Multidisciplinary Perspective." In Building Trust in Information Perspectives on the Frontiers of Provenance Ed. Victoria Lemieux. Switzerland: Springer International Publishing pp. 3-45
Victoria Lemieux (2015) "Visual analytics, cognition and archival arrangement and description: studying archivists' cognitive tasks to leverage visual thinking for a sustainable archival future" Archival Science. Vol. 15, No. 1, pp. 25-49.
"Financial Records and Their Discontents: Safeguarding the records of our Financial Systems," UNESCO Conference: The memory of the World in the Digital Age: Digitization and Digital Preservation. Vancouver, B.C.

Léveillé, V., Maklouf Shabou, B.

Basma Maklouf-Shabou and Valerie Léveillé (2014) "Records in the Cloud: Résultats préliminaires." 43e Congrès de l\'Association des archivistes du Québec. May 28.

Makhlouf-Shabou, B.

Basma Makhlouf-Shabou (2013) "Cloud Computing Practices in Swiss context: Preliminary Findings." RIC Project Meeting. Seattle. October 19.
Basma Makhlouf-Shabou (2016) "Les solutions infonuagiques en Suisse : enjeux et défis." Consommer l’information : de la gestion à la médiation documentaire. 45e Congrès de l'Association des Archivistes du Québec. June 14.
Basma Makhlouf-Shabou (2015) "Digital Diplomatics and Measurement of Electronic Public Data Qualities: What lessons should be learned?" Records Management Journal. Vol. 25, No. 1, pp. 56-77.
Basma Makhlouf-Shabou (2014) "Le projet QADEPs : un outil au service de la pérennisation des archives publiques." In De la préservation à la conservation : stratégies pratiques d’archivage. Françoise Hiraux and Françoise Mirguet, eds. Louvain-la-Neuve: Academia l’Harmattan, pp. 87-98.
Basma Makhlouf-Shabou (2013) Présentation du poster : qualités des données et documents électroniques publics : définition et mesure en vue de la pérennisation Journées des archives de l’Université catholique de Louvain 2013 – Louvain-la-Neuve, 18 et 19 avril.
Basma Makhlouf-Shabou (2014) Records in the Cloud: Preliminary Results. 1st InterPARES Trust International Symposium. May 14. Stockholm, Sweden.
Makhlouf Shabou, B. (2013) "Digital Diplomatics and Qualities of Electronic Public Data: What lessons should be learned?" Digital Diplomatics, (Paris, France), November 14, 2013.
Basma Makhlouf-Shabou (2012) "Étude sur la définition et la mesure des qualités des archives définitives issues d’une évaluation," Revue Archives (Association des archivistes du Québec). Vol. 43, No. 2, pp. 39-70.
Basma Makhlouf-Shabou (2012) "Le concept de qualité en archivistique contemporaine : quelques pistes…" Revue Archives (Association des archivistes du Québec). Vol. 43, No. 1, pp. 65-80.
Basma Makhlouf-Shabou (2012) Comment mesurer la qualité des archives? Méthode et instruments de mesure des dimensions de qualité des archives définitives. Saarbrücken: Éditions universitaires européennes.

Makhlouf-Shabou, B., Destraz, M., Grazhenskaya, A., Nicolet, A., Petrelis, L.

Marion Destraz, Arina Grazhenskaya, Aurèle Nicolet, Lucie Petrelis (2016) Records in the Cloud - Switzerland. Research paper, under the direction of Basma Makhlouf-Shabou. Haute École de Gestion de Genève, Switzerland.

Makhlouf-Shabou, B., Léveillé, V.

MakhloufShabou, B., and Léveillé, V. (2014) Projet: Records in the Cloud, 43rd Congress of the Association of Archivists of Quebec, Laval, Quebec, May 29.

Marciano, R.

Richard Marciano (2013) "Socializing 'Big Data': Collaborative Opportunities in Computer Science, the Social Sciences, and the Humanities." Duke University Franklin Humanities Institute and Social Science Research Institute.
Richard Marciano (2013) "Big Data Curation." Research talk. University of Washington iSchool.

Oliver, G., Knight, S.

Gillian Oliver, Steve Knight (2015) "Storage is a Strategic Issue: Digital Preservation in the Cloud." D-Lib Magazine. Vol. 21, No. 3/4.

Orton, I., Alva, A., Endicott-Popovsky, B.

Ivan Orton, Aaron Alva, and Barbara Endicott-Popovsky (2012) “Legal Process and Requirements for Cloud Forensic Investigations.” In Cybercrime and Cloud Forensics: Applications for Investigation Processes. Keyun Ruan, ed. Hershey, Pennsylvania: IGI Global. pp.186-229.

Ostrzenski, V.

Victoria Ostrzenski (2013) "Cloud Computing and Risk: A look at the EU and the application of the Data Protection Directive to cloud computing." Infopreneurship Journal. Vol. 1, No. 1, pp. 29-38.

Pan, W., Guo, W., Fang, Y., Li, D.

Wei Guo, Yun Fang, Weimei Pan, Dekun Li, (2016) "Archives as a trusted third party in maintaining and preserving digital records in the cloud environment" Records Management Journal , Vol. 26 Iss: 2, pp.170 - 184.

Pan, W., Mitchell, G.

Weimei Pan and Grant Mitchell. (2015) Records Management in the Use of Software as a Service (SaaS) Applications: A Case Study. 3rd International Conference on Cloud Security and Management, October 22. Tacoma, WA.

Pan, W., Rowe, J., Barlaoura, G.

RiC - User Survey Report (October 23, 2013)
Records in the Cloud (2013) "Records in the Cloud (RiC): Users Survey Report.” Weimei Pan, Joy Rowe, Georgia Barloura.

Rogers, C.

"Records in the Cloud," SLAIS Research Day (poster)

Rudolph, C., Kuntze, N., Endicott-Popovsky, B.

Carsten Rudolph, Nicolai Kuntze, and Barbara Endicott-Popovsky. (2013). “Forensic Readiness for Cloud-Based Distributed Workflows.” In Proceedings of the International Conference on Cloud Security Management: ICCSM 2013 , Barbara Endicott-Popovsky ed. October 17-18. Seattle, USA: Academic Conferences and Publishing International Limited. pp. 59–67.

Schweiger, M., Chung, S., Endicott-Popovsky, B.

Michael Schweiger, Sam Chung, and Barbara Endicott-Popovsky. (2013). "Malware Analysis on the Cloud: Increased Performance, Reliability, and Flexibilty.” In Proceedings of the International Conference on Cloud Security Management: ICCSM 2013 , Barbara Endicott-Popovsky ed. October 17-18. Seattle, USA: Academic Conferences and Publishing International Limited. pp. 127-135.

Shaffer, E.

"Social Media and Digital Records," Barbados, West Indies, International Council of Archives Section on University and Research Institutions Archives Annual Conference 2013

Sheppard, A.

"Building a legal framework to facilitate long-term preservation of digital heritage," UNESCO Conference: The memory of the World in the Digital Age: Digitization and Digital Preservation. Vancouver, B.C.

Tweneboah-Koduah, S., Endicott-Popovsky, B., Tsetse, A.

Samuel Tweneboah-Koduah, Barbara Endicott-Popovsky, and Anthony Tsetse (2014) “BARRIERS TO GOVERNMENT CLOUD ADOPTION.” International Journal of Managing Information Technology (IJMIT). Vol. 6, No. 3, pp. 1–16.

Select a Section above to view its content.

Project Description

The research focuses on the benefits and risks of keeping records in the cloud. The term "cloud" is a metaphor for the Internet, where it is possible to create a virtual computing infrastructure replacing in whole or in part that internal to an organization. Hence, "cloud computing." Five essential characteristics make the cloud what it is:

on-demand self-service, that allows users to access as many computing capabilities as they need;
broad network access, so that a user can access the cloud from any machine that has a connection to the Internet;
resource pooling, which makes of the cloud a multi-tenant model, supporting multiple users at the same time;
rapid elasticity, in that users can change the amount of computing resources they need at any time, and the cloud will instantly expand to support their needs; and
measured service, in that how much a user utilizes is precisely measured in terms of storage, processing, bandwidth, etc., and these resources can be monitored, controlled and reported to the users, who are only charged for what they need, using a pay-as-you-go model, in most cases reducing costs.

The most attractive aspect of the cloud is low cost. But how high is the price that organizations which keep records in the cloud pay in terms of control on their records or, as is the case with archives, on the records entrusted to them? The proposed research seeks to address that question in the context of the Canadian legal, administrative, and value system by investigating the following more specific research questions:

How can confidentiality of organizational records and data privacy be protected in the cloud?
How can forensic readiness of an organization be maintained, compliance ensured, and e-discovery requests fully met in the cloud?
How can an organization's records accuracy, reliability, and authenticity (i.e., identity and integrity) be guaranteed and verifiable in the cloud?
How can an organization's records and information security be enforced in the cloud?
How can an organization maintain governance upon the records entrusted to the cloud?

This research is urgent and critical, addressing a demand as yet unmet. A fast growing number of public and private organizations, in an effort to save resources, is joining the cloud and entrusting the control of its records to external service providers without a full understanding of the risks involved with regard to legal jurisdiction on the records, security, privacy, processing, compliance, forensic readiness, and last, but not least, the ability to prove the records accuracy, reliability and authenticity. To these issues one has to add those related to the potential loss of access to the records due to law enforcement investigations of records of co-tenants, to the closing down of the CSP, or to the breaking down of retrieval systems. And how is an organization to know whether the records that were scheduled for destruction still exist when most, if not all CSPs, do not allow audit? The questions are many, but there are no answers based on facts ascertained through research. The dearth of academic literature, the inconsistency of legal opinions, and the sensationalism of media stories that fuel uncertainty and fear all support the urgency of this research. This project aims to enable small and medium-sized organizations which cannot afford a full-fledged digital recordkeeping and/or records preservation system to decide what is the best way to ensure that their records, or the records of others entrusted to them, will be safe, accessible, trustworthy, and under their control by developing the knowledge supporting such decision.

Theoretical Framework

Our approach to the development of knowledge about digital records and systems has consistently and successfully relied upon the theoretical constructs of archival science and diplomatics, centuries-old disciplines that study, respectively, the nature, structure, context, use and management of records aggregations, and the genesis, formal characteristics, transmission, and legal nature and consequences of individual records (Duranti, 1996, 1998). This project will continue to use the archival/diplomatics theoretical framework because it requires an understanding of digital records in complex systems, their authenticity and means of authentication, the conditions of their access and use, and the means of their long-term preservation. The concepts developed by the InterPARES (www.interpares.org) and the Digital Records Forensics (www.digitalrecordsforensics.org) projects constitute the necessary foundation for the research, which is also grounded on the principles governing risk management and information governance and assurance, as well as forensic readiness in the context of legal theory, especially as it regards the law of evidence.

Objectives

To identify and examine in depth the management, operational, legal, and technical issues surrounding the storage and management of records in the cloud
To determine what formal policies and procedures a CSP should have in place for fully implementing the records/archives management regime of the organization outsourcing the records, and for responding promptly to its needs
To determine what formal policies and procedures a CSP should have in place for detecting, identifying, analyzing and responding to incidents
To develop a methodology and an instrument for assessing the risks and benefits of outsourcing records/archives storage and processing to a CSP
To develop guidelines for contractual agreements between organizations and CSPs, and for certifications and attestations by CSP
To develop policy and procedural models for the integration of outsourcing to the cloud with an organization's records management and information governance programs, or archival preservation program

Methodology

A key part of the methodology will be gathering feedback from the two types of stakeholders, CSPs and users, not only in the structured way provided by the focus groups in third year of the research, but also informally though the delivery of workshops, continuing education opportunities, and papers at conferences.

View our Research and Privacy Statement

Year 1: Data Collection

We will collect and analyze data iteratively. We will first identify on the basis of the writings mentioned in the literature review above and of CSPs' websites various types of providers, and categorize them in terms not only of size and services (including the technology delivering them), but also of targeted clients. Then the team will select a small number of providers from each category to interview, in order to gather a clear understanding of their services and the conditions under which they are offered. In preparation for the interviews the team will collect from these providers samples or models of contracts and any other documentation, such as list of actual clients, if available and public. At the same time, the team will search for relevant legislation, regulations, case law and standards to identify the requirements that CSPs must satisfy and, on the basis of the accumulated information, prepare the interview questions. After interviewing the CSPs, the team will create a web survey directed to Canadian small and medium-sized public and private organizations - the most interested potential adopters of cloud computing - in order to assess how many use cloud services for recordkeeping and preservation and their level of satisfaction with the services received, and how many are thinking of using such services and why. Responses to the questionnaire will be coded and analyzed with NVivo Qualitative Research Software, and follow up interviews will be conducted with selected survey respondents who will have identified themselves as interested in participating in the research. We wish to interview a cross-section of those who are presently using cloud services (across types of services) and of those who are thinking of doing so.

Year 2: Analyze Data

The interview transcripts will also be analyzed using NVivo. Triangulation of data from the questionnaire and interviews, collected examples of CSPs' and clients' policies, sample contracts, etc., will be sought through document analysis conducted on a) legal and regulatory texts and case law, and b) reviewed literature, websites and documentation. On the basis of our findings, the team will draft the model policies and procedures, model contracts, strategies, and guidelines described among the objectives.

Year 3: Consult, Review, Test

The team will assemble focus groups of stakeholder's representatives among participating CSPs and potential clients to discuss, criticize and make suggestions about the draft material. The stakeholders will be sent the materials well in advance of a one day long face-to-face meeting in Vancouver, during which the two parties, CSPs and potential clients, will express their point of view and make recommendations, first separately and then jointly. The research team will write the proceedings compiling all the recommendations and will send them to both groups of stakeholders for review. Based on this feedback, the team will edit the material and ask the two groups of stakeholders' representatives to take it to their respective organizations to assess whether it is implementable and, if applicable, with what adjustments.

Year 4: Collect Tests' Results, Finalize Products, Write Research Findings

On the basis of the second feedback, the team will write the final version of model policies, procedures, contracts, strategies, and guidelines. The team will conclude the project by writing several scholarly articles discussing the findings of the research project from the point of view of each of the areas of knowledge involved, including archival science, diplomatics, records and information management and governance, information technology security, risk management, digital forensics, information assurance and forensic readiness, and the law of evidence.