I originally posted about this about 3 weeks back but didn't receive any responses so thought I'd give it one more try. If you have any thoughts they are gratefully received.
I work in a museum which holds an archive on behalf of two businesses. There are two drivers to take a more structured approach to information security (I have been looking at Cyber Essentials certification): one being for the security of the operational records of the museum itself; and the second one being for the security of digital records transferred to the archive from the businesses. We don’t currently have a digital preservation system but are looking at specifications for this and at developing our digital archival holdings. The businesses will naturally require reassurances around information security before transferring digital records to us.
I’m interested to hear from other archives in business or museum settings about what information security measures/ standards you have in place to protect both the service itself and the digital archive holdings. Do you have a certification of some kind? What framework do you follow? What information security policies/ procedures do you feel are essential/ desirable?
Contact the list owner for assistance at [log in to unmask]
For information about joining, leaving and suspending mail (eg during a holiday) see the list website at