View Source

An analysis of the improvements required on PDK v1 is included in https://doi.org/10.5281/zenodo.15506826

AARC > The AARC Policy Development Kit > Screenshot 2025-10-29 at 13.32.00.png

AARC > The AARC Policy Development Kit > Screenshot 2025-10-29 at 13.40.44.png

AARC > The AARC Policy Development Kit > image-2025-10-29_14-25-9.png

Research Governance	Users	Identity	Collaboration Management	Infrastructure Integration and Service Providers
Rules of Participation			Membership Management	Service Levels 'AIC' Security ????????? - ASK DAVID
Identification of Primary Assets	WISE AUP		WISE AUP	WISE AUP
Research Risk Assessment		Attribute Authority Operational Security	Attribute Authority Operational Security
Escalation Procedure		Sirtifi	Security Operational Baseline	Security Operational Baseline
Legal and Regulatory Complience	(EEA) Privacy Notice	REFEDS DP CoCo	REFEDS DP CoCo	REFEDS DP CoCo
		WISE AUP and Privacy Notice	Sensitive Data Access (Policies)	Sensitive Data Access (Enforcement)
		REFEDS Assurance Framework	Assurance Requirements	Assurance Requirements
			Incident Response Procedure	Incident Response Procedure
			Sirtifi	Sirtifi
			Notice management (presentation)	Notice management (provision)
			Privacy Notice	Privacy Notice

No Work Needed	Reference Externally	Work Need	Out of Scope	Not a Policy

Steps to getting started with Policies for a Collaboration

Define a unique name for your collaboration (recommend DNS)
Identify a governance body to make policy decisions
We strongly suggest (although this is out of scope here)
1. Identifying your primary assets
2. Completing a risk assessment
3. Defining your rules of participation and the escalation procedure in case of non-compliance
4. Any additional legal and regulatory compliance necessary
Define the purpose of your collaboration → this will be used for your AUP
Review the AEGIS endorsed policy guidelines required for AARC compliance
1. Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/ and ensure its technical implementation
2. Token lifetimes
Define, or agree to adopt as is, the following 6 policies and seek endorsement from the governance body
Ensure that the policies are presented to and accepted by the relevant audiences
Publish your policies at a suitable location

Document	AARC template for interoperability	Examples
Membership management	Membership Management
AUP	WISE AUP
Privacy Policy		REFEDS privacy notice
AAOPS	Attribute Authority Operational Security
Security Operational Baseline	Security Operational Baseline
Incident response procedure		EOSC, UK-IRIS, AARC federated incident response procedure