DRAMBORA: Benefits

Completion of the DRAMBORA process will yield a number of valuable results, facilitating both retrospective reflection and proactive planning for participating organisations. Firstly, organisations will have established a documented self-awareness of their fundamental objectives, and of associated activities and assets.

By defining their operational contexts organisations are well positioned to determine their own assessment parameters as well as verify that their resources are optimally invested and positioned to ensure success.

Secondly, organisations will have developed a documented understanding of the risks they face expressed in terms of their likelihood and potential impact. Mapped to organisational aspirations and efforts this will facilitate subsequent organisational development and resource allocation, and offer a quantifiable insight into the contemporary severity of risks faced. Finally, organisations will have defined their chosen means for risk management, determining the appropriate strategies for avoidance, treatment, transfer and tolerance as well as the mechanics of their implementation. This process, which should be repeated on a regular basis, will provide opportunities to establish and achieve quantifiable targets, facilitating the ongoing development of every aspect of organisational activity.

As well as being a tremendously valuable process in and of itself, self assessment with DRAMBORA is expected to represent a worthwhile precursor to external audit and certification when these services become broadly available. The six stages of self audit correspond closely to the preparatory work that organisations will be expected to undertake when exposed to full audit, and the aggregated documentation will be highly reusable.

In summary, following the successful completion of the self-audit exercise, organisations can expect to have:

• Established a comprehensive and documented self-awareness of their mission, aims and objectives, and of intrinsic activities and assets
• Constructed a detailed catalogue of pertinent risks, categorised according to type and inter-risk relationships, and fully described in terms of ownership, probability and potential impact of each risk
• Created an internal understanding of the successes and shortcomings of the organisation, enabling it to effectively allocate or redirect resources to meet the most pressing issues of concern
• Prepared the organisation for subsequent external audit whether that audit will be based upon the Trustworthy Repositories Audit & Certification (TRAC), nestor Catalogue of Criteria for Trusted Repositories, or forthcoming Consultative Committee for Space Data Systems (CCSDS) digital repository audit assessment criteria

The DRAMBORA methodology will provide auditors with an organisational risk register detailing each risk faced and its status.