AARC PDK v2

An analysis of the improvements required on PDK v1 is included in https://doi.org/10.5281/zenodo.15506826

Research Governance	Users	Identity	Collaboration Management	Infrastructure Integration and Service Providers
Rules of Participation			Membership Management	Service Levels 'AIC' Security ????????? - ASK DAVID
Identification of Primary Assets	WISE AUP		WISE AUP	WISE AUP
Research Risk Assessment		Attribute Authority Operational Security	Attribute Authority Operational Security
Escalation Procedure		Sirtifi	Security Operational Baseline	Security Operational Baseline
Legal and Regulatory Complience	(EEA) Privacy Notice	REFEDS DP CoCo	REFEDS DP CoCo	REFEDS DP CoCo
		WISE AUP and Privacy Notice	Sensitive Data Access (Policies)	Sensitive Data Access (Enforcement)
		REFEDS Assurance Framework	Assurance Requirements	Assurance Requirements
			Incident Response Procedure	Incident Response Procedure
			Sirtifi	Sirtifi
			Notice management (presentation)	Notice management (provision)
			Privacy Notice	Privacy Notice

No Work Needed	Reference Externally	Work Need	Out of Scope	Not a Policy

Steps to getting started with Policies for a Collaboration

Define a unique name for your collaboration (recommend DNS)
Identify a governance body to make policy decisions
We strongly suggest (although this is out of scope here)
1. Identifying your primary assets
2. Completing a risk assessment
3. Defining your rules of participation and the escalation procedure in case of non-compliance
4. Any additional legal and regulatory compliance
Define the purpose of your collaboration → this will be used for your AUP
Define the following 6 policies and seek endorsement from the governance body
Ensure that the policies are presented to and accepted by the relevant audiences

Document	AARC Template	Examples
Membership Management Policy	WIP
AUP	WISE AUP
Privacy Policy		X Y Z
AAOPS	Attribute Authority Operational Security
Security Operational Baseline	Security Operational Baseline
Incident response procedure		X Y Z