Practical steps to getting started with Policies for a Research Collaboration
Note: we are missing DP CoCo from these steps
- Define a unique name for your collaboration (recommend DNS)
- Identify a governance body to make policy decisions
- Define the purpose of your collaboration (this will be used for your AUP)
- We strongly suggest (although this is out of scope here)
- Identifying your primary assets
- Completing a risk assessment
- Defining your rules of participation and the escalation procedure in case of non-compliance
- Any additional legal and regulatory compliance necessary
- Define, or agree to adopt as is, the following 6 documents and seek endorsement from the governance body
- Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation
- Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/
- Identify suitable token lifetimes
- Ensure that the policies are presented to and accepted by the relevant audiences
- Publish your documents and responsible parties at a suitable location
| Document | AARC template for interoperability | Examples where no template is recommended for interoperability purposes |
|---|---|---|
| Membership management | Membership Management | |
| AUP | WISE AUP | |
| Privacy Policy | REFEDS privacy notice | |
| AAOPS | Attribute Authority Operational Security | |
| Security Operational Baseline | Security Operational Baseline | |
| Incident response procedure | EOSC, UK-IRIS, AARC federated incident response procedure |
-------
Full Trust Framework links
An analysis of the improvements required on PDK v1 is included in https://doi.org/10.5281/zenodo.15506826
