VRC Stages
Back to: VRC Approach
Aligning Classic Risk Management with VRC Stages
The VRC framework expands on the classic risk management
model. Each stage in the VRC framework can be applied to Web resources to
enable monitoring along the spectrum of Web contextual
layers. VRC uses a bottom-up approach, analyzing data about pages and
sites to build a base of risk knowledge specific to individual sites and
cutting across the range of target sites (the technological perspective).
A top-down approach (the organizational perspective) is then used to apply
organization-specific requirements. The table below maps the organization
and technological VRC stages onto the classic risk management stages. Each
organizational stage is then discussed further.
Identification
The identification stage is the starting point for the VRC approach. An
organization begins with one or more Web resources it is interested in monitoring
and evaluating. Web search tools offer the means to identify resources continually,
systematically, and comprehensively. The URL of a Web page can provide some
information about the structure of the site within which the page resides,
possibly even the name of the organization, institution, or individual responsible
for publishing and maintaining the page. Top-level domain name can help
classify organization type (i.e., .edu, .gov, .com). The example shown in
the figure below provides some of this type of information:
Evaluation
A Web sitesite, by its nature, changes over time. Once it is identified as of
potential interest, a baseline profile of the site is needed to determine
the scope, structure, and status of the site. What can we know about the
site and how it is managed? The role of VRC tools is key in this stage for
gathering data and characterizing potential risks.
Appraisal
In this stage value and risk are assessed based on attributes such as:
- · relevancy to the organization’s collection(s)
- · significance—essential, desirable, ephemeral
- · archival role—primary archives for resource, informal agreement for full or partial capture, other
- · maintenance—rating for key indicators of good site management
- · redundancy—captured by more than one archive
- · risk response—time delay and action based on test notifications
- · capture requirements—complexity of site structure, update cycle, MIME types, dynamic content, and behavior indicators
- · size—number of pages, depth of crawl required, etc.
Again,
VRC tools, in both automated and manual deployment, can provide risk-significant
data, such as site attributes, site events and changes, and environmental
information. (See below for further discussion of automated versus manual
tasks.)
Strategy
An organization will establish risk parameters for individual sites as well
as classes of Web resources in the Strategy stage. Changes deemed as risk
in one organizational context may be insignificant in others. An organization
can assess a resource based on perceived value, the organization’s
trust in its stability, and the level of control the organization can exert
over it. Resulting strategies may range from passive monitoring, to notifying
site managers of potential risks, to actively capturing and managing Web
resources. (Invoking active control measures will generally require formal
agreements between the organization that owns or manages the target resource
and the archival organization that wants to ensure its longevity.) An example
of tracking strategies based on control and trust is shown in the table
below.
Detection
The detection stage supports ongoing monitoring at the page and site level.
Detected changes are correlated to risk parameters established for each
site. Potential loss or damage is assessed and possible responses proposed.
If these parameters are plotted on grid, as shown below, visual indicators—watch
(yellow), warning (orange), or act (red)—would highlight resources
where risk is detected. By clicking on the affected resource, a staff member
could review the full risk report.
Response
In the response module potential or probable risks are presented, with any
automatic responses that were invoked immediately upon detection using predefined
rules. The organization may opt to document the risks, notify the organization
that owns or controls the Web site, or take action if desired or possible,
i.e., the monitoring organization has an agreement with the owner and has
the necessary authorizations to enable an active response, repair, or mitigation
of imminent or actual danger. Response selections and preferences will be
captured and used to refine and extend responses.
Manual versus Automated Means
Though our ideal might be a fully automated process from initial identification
of a Web resource through its eventual demise, we recognize that at least
initially the process would be more manual than automated. VRC does not
remove the human factor in each stage, but seeks to automate as much of
the process as possible to maximize efficiency, comprehensiveness, cost-effectiveness,
and accuracy. The process consists of alternating interactions between humans
and tools, summarized in the table below. The sequence of the roles listed
in each stage indicates which is primary (listed first) or secondary.
Back to: VRC Approach
