An analysis of the improvements required on PDK v1 is included in https://doi.org/10.5281/zenodo.15506826 



Research GovernanceUsersIdentityCollaboration ManagementInfrastructure Integration and Service Providers
Rules of Participation

Membership ManagementService Levels 'AIC' Security ????????? - ASK DAVID
Identification of Primary AssetsWISE AUP
WISE AUPWISE AUP
Research Risk Assessment
Attribute Authority Operational SecurityAttribute Authority Operational Security
Escalation Procedure
SirtifiSecurity Operational BaselineSecurity Operational Baseline
Legal and Regulatory Complience(EEA) Privacy NoticeREFEDS DP CoCoREFEDS DP CoCoREFEDS DP CoCo


WISE AUP and Privacy NoticeSensitive Data Access (Policies)Sensitive Data Access (Enforcement)


REFEDS Assurance FrameworkAssurance RequirementsAssurance Requirements



Incident Response ProcedureIncident Response Procedure



SirtifiSirtifi



Notice management (presentation)Notice management (provision)



Privacy NoticePrivacy Notice





No Work NeededReference ExternallyWork NeedOut of ScopeNot a Policy



Steps to getting started with Policies for a Collaboration


  1. Define a unique name for your collaboration (recommend DNS) 
  2. Identify a governance body to make policy decisions
  3. We strongly suggest (although this is out of scope here) 
    1. Identifying your primary assets
    2. Completing a risk assessment
    3. Defining your rules of participation and the escalation procedure in case of non-compliance
    4. Any additional legal and regulatory compliance 
  4. Define the purpose of your collaboration → this will be used for your AUP
  5. Define the following 6 policies and seek endorsement from the governance body
  6. Ensure that the policies are presented to and accepted by the relevant audiences
  7. Publish your policies at a suitable location 



DocumentAARC TemplateExamples
Membership Management PolicyWIP
AUPWISE AUP
Privacy Policy
X Y Z 
AAOPSAttribute Authority Operational Security
Security Operational BaselineSecurity Operational Baseline
Incident response procedure X Y Z