...
- Define a unique name for your collaboration (recommend DNS)
- Identify a governance body to make policy decisions
- Define the purpose of your collaboration (this will be used for your AUP)
- We strongly suggest (although this is out of scope here)
- Identifying your primary assets
- Completing a risk assessment
- Adopting the REFEDS Data Protection Code of Conduct if it is suitable for your research collaboration
- Defining your rules of participation and the escalation procedure in case of non-compliance
- Any additional legal and regulatory compliance necessary
- Define, or agree to adopt as is, the following 6 documents and seek endorsement from the governance body
Expand title view the 6 documents - document 1
document 2Membership management
Privacy Policy
AAOPS
Security Operational Baseline
Incident response procedure
Membership Management - Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation
- Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/
- Identify suitable token lifetimes
- Ensure that the policies are presented to and accepted by the relevant audiences
- Publish your documents and responsible parties at a suitable location
...