Keeping a record for ten years is a storage problem. Keeping it authentic, intelligible, and provably unaltered for fifty or a hundred years is a preservation problem, and it demands far more than reliable disks. File formats become obsolete, media degrade, organizations reorganize, and the people who understood the context retire. A “trustworthy digital repository” is the answer the preservation community developed to this challenge: a repository whose policies, infrastructure, and accountability mechanisms give designated users a justified basis for believing the digital objects it holds will remain usable and authentic over time. Two reference frameworks define what that means in practice. The Open Archival Information System (OAIS) reference model supplies the conceptual vocabulary and functional architecture, and ISO 16363 supplies the audit-and-certification criteria built directly on top of it.
Understanding these standards matters to records managers because retention schedules increasingly carry obligations measured in decades or in perpetuity, and because legal and regulatory regimes expect organizations to demonstrate—not merely assert—that long-lived records remain trustworthy. OAIS and ISO 16363 turn the vague promise of “we’ll keep it forever” into a structured set of commitments that can be examined, tested, and certified.
The OAIS Reference Model
OAIS, published as ISO 14721, is a reference model rather than a system specification. It does not tell you which software to buy; it defines a shared functional and information model so that archives, vendors, and auditors can talk about preservation using the same terms. At its center is the idea of an archive as an organization of people and systems that has accepted responsibility to preserve information and make it available to a Designated Community—the specific audience the archive commits to serving, defined precisely enough that “understandable” has measurable meaning.
The model describes several functional entities, including Ingest (accepting and validating submissions), Archival Storage, Data Management, Preservation Planning, Administration, and Access. It also defines a powerful information packaging concept. Material arrives as a Submission Information Package (SIP), is transformed into an Archival Information Package (AIP) for long-term keeping, and is delivered to users as a Dissemination Information Package (DIP). Crucially, an AIP must bundle the content with the metadata needed to keep it meaningful: Representation Information (what the bits mean and how to render them), Provenance, Context, Reference identifiers, and Fixity (integrity) information. This packaging discipline is what lets a future archivist open a file no longer in common use and still understand and trust it.
ISO 16363 and Repository Audit
OAIS describes what a trustworthy archive looks like; ISO 16363, “Audit and certification of trustworthy digital repositories,” defines how to evaluate whether a given repository actually meets that bar. Developed from the earlier Trustworthy Repositories Audit and Certification (TRAC) checklist, it organizes its criteria into three broad areas.
- Organizational infrastructure — governance, viability, staffing, succession and contingency planning, financial sustainability, and the legal right to preserve and provide access. A repository can have flawless technology and still fail here if no one can show the institution will fund and govern it for the long term.
- Digital object management — the preservation work itself: ingest procedures, generation and maintenance of AIPs, preservation planning, fixity and integrity monitoring, format management, and access controls that deliver authentic copies.
- Infrastructure and security risk management — the technical and security foundations: storage redundancy, disaster recovery, change management, and information security commensurate with the risks.
Certification against ISO 16363 is performed by accredited auditors, and the rigor it demands is considerable. Many organizations use the criteria as a self-assessment and maturity roadmap rather than pursuing formal certification, which is itself a legitimate and common use of the standard.
How These Standards Fit the Broader Records Landscape
Trustworthy-repository standards do not stand alone. They sit alongside the records-management standards an organization already follows—such as ISO 15489 for records management principles and ISO 16175 for records in digital environments—and they extend those principles into the long-term-preservation horizon. ISO 16175, in particular, addresses functional requirements for managing records digitally, and pairs naturally with OAIS thinking when records cross from active recordkeeping into enduring archival custody.
It is worth noting how the requirements landscape has shifted in the United States. For years, the DoD 5015.2 standard served as the de facto benchmark for electronic records management system capabilities, carried by NARA’s endorsement. NARA ended that endorsement in 2022 and now points agencies toward the Universal Electronic Records Management (ERM) Requirements and the Federal Electronic Records Modernization Initiative (FERMI). That move reflects a broader trend away from monolithic product-certification checklists and toward outcome- and capability-based requirements—which is philosophically aligned with the way ISO 16363 evaluates whether real preservation outcomes are being achieved rather than whether a particular feature box is ticked.
Putting the Frameworks to Work
Records managers rarely need to implement OAIS from scratch, but they benefit enormously from using its vocabulary and ISO 16363’s criteria as a checklist for due diligence. Useful practices include:
- Define your Designated Community explicitly, so “usable” and “understandable” have concrete meaning.
- Capture Representation Information and provenance at ingest, not later—context is cheapest to record when records first arrive.
- Monitor fixity continuously, using checksums to detect silent corruption, and maintain geographically separated copies.
- Plan for format obsolescence through migration or emulation strategies, documented in a preservation plan.
- Treat organizational sustainability—funding, governance, succession—as a first-class preservation risk, not an afterthought.
The enduring lesson of these frameworks is that trust is not a property of storage hardware; it is a property of an accountable organization that has documented its commitments and can demonstrate it is meeting them. OAIS gives that commitment a shared language, and ISO 16363 gives it a yardstick. Together they let an institution move from hoping its long-term records survive to being able to prove they will. For related frameworks, see the compliance and standards hub.
Sources & further reading
Authoritative government and non-profit references.
- Digital preservation (Library of Congress) — Library of Congress
- ISO 16175 records in digital environments — ISO
- Records management (NARA) — National Archives (NARA)
How to cite this page
APA
RM University Editorial Team. (2026). Trustworthy Digital Repositories: OAIS and ISO 16363. Records Management University. https://www.recordsmgmt.org/articles/trustworthy-digital-repositories-oais-iso-16363/
MLA
RM University Editorial Team. "Trustworthy Digital Repositories: OAIS and ISO 16363." Records Management University, 16 June 2026, www.recordsmgmt.org/articles/trustworthy-digital-repositories-oais-iso-16363/.