CoreTrustSeal logo

 

Implementation of the CoreTrustSeal

The CoreTrustSeal board hereby confirms that the Trusted Digital repository Swedish National Data Service complies with the guidelines version 2017-2019 set by the CoreTrustSeal Board.
The afore-mentioned repository has therefore acquired the CoreTrustSeal of 2016 on February 7, 2018.

The Trusted Digital repository is allowed to place an image of the CoreTrustSeal logo corresponding to the guidelines version date on their website. This image must link to this file which is hosted on the CoreTrustSeal website.

Yours sincerely,

 

The CoreTrustSeal Board

Assessment Information

Guidelines Version:2017-2019 | November 10, 2016
Guidelines Information Booklet:DSA-booklet_2017-2019.pdf
All Guidelines Documentation:Documentation
 
Repository:Swedish National Data Service
Seal Acquiry Date:Feb. 07, 2018
 
For the latest version of the awarded DSA
for this repository please visit our website:
http://assessment.coretrustseal.org/seals/
 
Previously Acquired Seals:
  • Seal date:July 21, 2016
    Guidelines version:2014-2017 | July 19, 2013
 
This repository is owned by:
  • Swedish National Data Service


    Sweden

    T +46 31 7861204
    E snd@gu.se
    W http://snd.gu.se/

Assessment

0. Context

Applicant Entry

Self-assessment statement:

1. Repository Type


Domain or subject-based repository: A domain-based repository with focus on research data from the social sciences, humanities, health science domain.


National repository system, including governmental: National infrastructure for research data


2. Repository’s Designated Community


The Swedish National Data Service (SND) is a national data service for research, teaching and learning. SND promotes data sharing and curates and disseminates digital research data for research and teaching purposes. SND serves both national and international users.


SND’s Designated Community primarily includes stakeholders in social sciences, humanities and health science. The former independent repository, Environment and Climate Data Sweden, ECDS is now a sub-division within SND with their own staff from the domain.


As a consequence of Governmental guidelines on open data SND will act as a repository for so called homeless data. This means that data from other areas will be accepted and be checked and managed by external experts on the subject.


The Swedish National Data Service (SND) is instigated as a National Unit at the University of Gothenburg (GU) funded by Vetenskapsrådet (Swedish Research Council). Vetenskapsrådet is the executive authority of the Swedish government in research issues.


From 2018 under a new 5-year contract with the Research Council, SND is organised as a consortium with participation from six other universities beside Gothenburg. These other universities will contribute with expertise in other areas than those mentioned above.


As an organizational part of the GU, staff, equipment, technical infrastructure, as well as rules & policies, are to a large extent decided/managed by the University.


The scope of SND is formulated in a contract between Vetenskapsrådet and GU and is monitored by a board/scientific advisory group appointed by the consortium.


SND has a national mission as a research infrastructure for the humanities, medicine & health and social science. SND preserves, promotes and disseminates digital research data for research and educational purposes.


SND is appointed as the Swedish CESSDA ERIC Service Provider (SP) by the Swedish Research Council. SND is also part of Swe-CLARIN, the Swedish Service Provider for CLARIN ERIC.


SND accepts both quantitative and qualitative digital research data, and follows the OAIS reference model throughout the preservation process.


3. Level of Curation Performed:


D; Data-level curation; Metadata on variable level is displayed in the online catalogue.


4 Outsource Partners:


Storage is outsourced to the PDC Center (ParallellDatorCentrum) for High Performance Computing at the KTH Royal Institute of Technology. It has used part of their resources designated for EUDAT2020. From March 1st 2018 these resources will be assigned through SNIC, Swedish Infrastructure for Computing.  A Service Level Agreement will be in place in February 2018.


https://www.pdc.kth.se


5 Other Relevant Information


As SP to CESSDA ERIC SND actively participates in projects and other activities to further enhance the European Social Science research infrastructure.


https://www.cessda.eu


SND is also part of Swe-CLARIN, the Swedish Service Provider for CLARIN ERIC


https://sweclarin.se/eng

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

1. Mission/Scope

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

SND has a dedicated national research infrastructure mission and mandate from the Swedish Research Council [1]. SND’s primary role is to support the accessibility, preservation, and re-use of data and related materials. SND accept research data and data descriptions from researchers in Sweden and internationally and ensure that data are stored securely in a way that allows them to be used in the future [2].


SND is placed as a National Unit at the University of Gothenburg [3].


SND has been included in The Swedish Research Council's Guide to Infrastructures since 2007.


In 2013 Sweden became member of the CESSDA A/S (CESSDA ERIC from 2017), for which SND is the Swedish Service Provider [4]. In 2014 Sweden became member of CLARIN ERIC, and SND is an A-centre within Swe-CLARIN [5]. These assignments comes from the Swedish Research Council.


URLs:


[1] Swedish Research Council website, Research Infrastructures: http://vr.se/forskningsinfrastruktur/infrastrukturerforforskning.4.12276aba1326e7bd62a800017663.html (Only in Swedish) (accessed 2017-10-27)


[2] SND, about us:  https://snd.gu.se/en/about-us (accessed 2018-01-24)


[3] University of Gothenburg: http://www.gu.se/english/about_the_university/organisation/national-units/?languageId=100001&disableRedirect=true&returnUrl=http%3A%2F%2Fwww.gu.se%2Fomuniversitetet%2Forganisation%2Fnationella-enheter%2F (accessed 2017-10-27)


[4] CESSDA website: https://www.cessda.eu/Consortium/CESSDA-Countries/CESSDA-Members/Sweden  (accessed 2017-10-27)


[5] Swe-CLARIN website:https://sweclarin.se/eng/about (accessed 2017-10-27)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

2. Licenses

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

All data accessible at SND is owned by its producer (i.e. the depositor’s home institution). The original data remains at the originating institution and SND only holds a copy. Accessibility and availability via SND is stipulated by the data owner in the deposit agreement [1]. If the original depositor becomes unavailable, the head of the originating institution is contacted.


Data consumers are informed about what licenses and regulations are applicable for use of data. These licenses and regulations are determined by the data producer.


The conditions of use include the license agreement. The user has to agree to these terms before ordering or downloading the data [2], [3].


Some data are provided only for research or under special restrictions, while other data are provided for any academic use and some are openly accessible for anyone [4].


In case of misuse, SND can ban the user from further access to data, and notify the user’s home organisation and the research funder of the breach.


URLs:


[1] Deposit agreement: https://snd.gu.se/en/deposit-data/deposit-agreement (accessed 2017-10-27)


[2] Terms of Use: http://snd.gu.se/en/search-and-order-data/conditions (accessed 2017-10-27)


[3] Terms of Use Data Online Analysis: http://analysis.snd.gu.se/webview/?language=en (accessed 2017-10-27)


[4] Access levels: http://snd.gu.se/en/search-and-order-data/accessibility-levels (accessed 2017-10-27)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

3. Continuity of access

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

The contract between the Research Council and University of Gothenburg states that the university shall have a Succession Plan. The Succession Plan (available only in Swedish, can be supplied by on request) states that if the funding for SND is withdrawn there should be a two-year period for closing down operations. The plan contains detailed instructions how to manage an orderly transfer of data to other actors. It states among other things such as staff and resource management, that an investigation about possible relocating institutions will start in year 1 where special attention will be paid to the continuous use of assigned DOIs. Possible institutions can be both national and international such as a fellow Service Provider in CESSDA ERIC. As part of a governmental institution the unlikely event of a shutdown will be handled in an orderly way.

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

4. Confidentiality/Ethics

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

SND refers to “Good research practice” by the Swedish Research Council [1].


The Deposit Form includes the question ”if the study has been ethically reviewed (in accordance with the Act Concerning the Ethical Review of Research Involving Humans [SFS 2003:460])”[2].


In the Deposit Agreement the depositor is asked about sensitive data and licensing issues concerning the data set [3]. All datsets are scanned for possible disclosure risks as part of the pre-ingest process and, if necessary, modified in consultation with the investigator to fully anonymized datasets. SND only disseminates anonymized datasets. SND's Handbook describes anonymization procedures in detail (only in Swedish, available on request).


Data at SND are stored and distributed according to the Regulation for IT-Security at University of Gothenburg [4].


Knowledge and compliance with national and international law, such as the Swedish Public Access to Information and Secrecy Act (Offentlighets- och sekretesslagen 2009:400) and the Personal Data Act (Personuppgiftslagen 1998:246) is ensured by internal training and counseling. SND employs a legal advisor (20% FTE).


URLs:


[1] Swedish Research Council, “Good research practice”: https://publikationer.vr.se/en/product/good-research-practice/ (accessed 2017-10-27)


[2] SND Deposit Form: https://snd.gu.se/en/beskriv-och-lamna-in-data/form#tab-2 (accessed 2017-10-27)


[3] Deposit agreement: https://snd.gu.se/en/deposit-data/deposit-agreement (accessed 2017-10-27)


[4] University of Gothenburg website: http://medarbetarportalen.gu.se/digitalAssets/1531/1531415_regulations-for-it-security_-revision2015_rev_pl.pdf (accessed 2017-10-27)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

5. Organizational infrastructure

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

SND has a dedicated national research infrastructure mission and funding from the Swedish Research Council [1].  The policy of the Swedish Research Council is to fund their research infrastructures in periods with evaluations in between. SND begins a new 5-year funding period in 2018. The funded budget covers all aspects of the repository’s activities, including ongoing training and professional development of the staff. At the moment the staff consists of 29 persons, 9 within admin and services, 7 in IT and development and 13 in repository and training. [2] Staff expertise include data management, technology and/or academic research. Staff have expertise in multiple disciplines, such as in sociology, economics, statistics, archaeology, political science, information technology, communication studies and law.


Training of the staff is carried out by



  1. In-house training, including a 4-weeks introductory training for newly employed data managers and weekly half-day training sessions covering different aspects of data management, in which all staff are encouraged to participate.

  2. External training, including a range of courses for staff offered at the University of Gothenburg, as well as training activities provided by CESSDA ERIC, but also training at summer schools, workshops in connection with conferences, auscultations at other data archives, etc.


URLs:


[1] Swedish Research Council website, Research Infrastructures: http://vr.se/forskningsinfrastruktur/infrastrukturerforforskning.4.12276aba1326e7bd62a800017663.html (Only in Swedish) (accessed 2017-10-27)


[2] SND staff: https://snd.gu.se/en/about-us/staff (Accessed 2018-01-24)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

6. Expert guidance

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

The SND Steering Committee [1] has a broad expertise in both scientific research and management of research infrastructures. Its purpose is to ensure that SND’s activities promote Swedish research. They meet together with SND staff four times a year at the premises of SND.


In November each year SND arranges a number of meetings with its designated community [2]. The aim of these meetings is to present SND’s services and to get feedback and advice from its users. SND also participates in many other arrangements organised within the user community where feedback on SNDs services are given.


SND has close contact with large research centers to keep in touch with the community.


URLs:


[1] SND’s Steering Committee: https://snd.gu.se/en/about-us/organisation/-steering-committee (accessed 2017-10-27)


[2] SND events:  https://snd.gu.se/en/about-us/events-at-snd (accessed 2017-10-27)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

7. Data integrity and authenticity

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

SND is using checksums for fixity checks both at ingest and archiving.


Each study is processed by a data manager. All changes made by SND to a SIP to create an AIP to allow digital preservation are documented. Complete information about each data and metadata file as well as change logs and additional administrative metadata are stored in SND's internal management system (SIMS), and certain information is also published with the metadata.


All versions of data archived are saved. Version changes are manually logged in SND’s management system and new versions are assigned a new DOI.


- Major version change: Changes in the dataset matrices (the datasets have a different number of units, variables and/or value categories).


- Minor version change: Changes in the documentation of the dataset.


By default, SND provides access to the most recent version of the study. For earlier versions, users must contact SND. Version number of the study is part of its citation [1].


All original data, metadata and other material are saved in original format as well as standard preservation formats, listed in the SND Handbook (available in Swedish on the SND intranet),  for backtracking purposes. If, for some reason, changes have to be made to the data these changes are proposed to the data producers for their acceptance.


Relations to other datasets, studies or publications are noted and part of the metadata assigned to the DOI.


Version history is available on catalogue page which also serves as the landing page for the DOI [2].


All metadata is documented in DDI [3] and can be accessed as DDI lifecycle, DDI codebook, MARC-xml and JSON.


URLs:


[1] SND website, Data Citation Example: See tab “Datasets/Revisions“ at https://snd.gu.se/en/catalogue/study/SND0961/001/2.1(accessed 2017-10-25)


[2] SND website, Version History Example: See tab “Datasets/Revisions“ at https://snd.gu.se/en/catalogue/study/snd0905 (accessed 2017-10-25)


[3] DDI Alliance website: http://www.ddialliance.org/  (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

8. Appraisal

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

SND does not have a formal collection policy, but accepts all reusable data which fulfil the legal, qualitative and technical criterias within the mission.


All necessary metadata to ensure future re-usability is collected via the deposit form [1].


During the ingest process, all files are checked and if necessary, the depositor is asked to provide further information about the tools and methods used to create the files. Quality checks are done manually by data managers, and the checking procedure is described in detail in the SND Handbook. The SND Handbook (available in Swedish on the SND intranet) contains detailed information about the ingest process and also describes the qualitative, technical and legal criteria the data have to meet in order to be accepted to the Archive. A short overview of the Ingest process is available at the SND Web site [2]. As SND is service provider to several ERICs and communities incoming data is evaluated by data managers proficient in the methods and workflows used by those communities. This to ensure that the different domain specific best practices are followed.


SND provides a list of preferred and accepted formats [3]. Other formats might be accepted, and if so converted to a suitable format. All incoming data/metadata are checked for usability and understandability.


URLs:


[1] SND’s Deposit Form: https://snd.gu.se/en/describe-and-deposit-data/form (accessed 2017-10-25)


[2] Overview of the Ingest process (only in Swedish): https://snd.gu.se/sv/beskriv-och-lamna-in-data/s%C3%A5-h%C3%A4r-g%C3%A5r-det-till (accessed 2017-10-25)


[3] List of preferred and accepted formats (only in Swedish): https://snd.gu.se/sv/filformat (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

9. Documented storage procedures

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
3. In progress: We are in the implementation phase.
Self-assessment statement:

All relevant processes and procedures are described in the SND Handbook [1] and all actions taken are documented in the internal management system (SIMS). Access to archive storage is limited to designated archival managers.


SND’s process of moving its storage to PDC Center for High Performance Computing at the KTH Royal Institute of Technology (PDC/KTH) was completed in December 2017. The new storage facilities is managed by the IT service at PDC/KTH [2], which includes backups, recovery, security (secure server rooms, fire proof backup storage, etc.).


URLs:


[1] SND Handbook, content: https://snd.gu.se/en/snd-handbook (accessed 2018-01-25)


[2] PDC website: https://www.pdc.kth.se (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

10. Preservation plan

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

According to Swedish regulations, all data created within the realm of the Universities are the property of the originating University. They are not transferable to any other institution except the National Archives, this for preservation purposes. This means that units as SND can concentrate more on making a copy of the data accessible and usable according the FAIR principles than preserving them, although preserving the data deposited at SND is an important task. It also means that depositors can withdraw their data from SND.


All data depositors sign a Deposit Agreement with SND [1]. This agreement implies that SND acts only as depositary and that the full ownership of the data remains with the Research Institution, including intangible rights and archival responsibilities in accordance with national legislation (in Sweden, the Archives Act [Arkivlagen, 1990:782]). Data will be kept at SND only as part of technical processing and technical storage on behalf of the research institution (as per the Swedish Freedom of the Press Act, Chapter 2 § 10) and is not to be considered official documents at SND.


Through this agreement, SND is mandated to process, and ascertain the technical integrity of, the data. Management includes migration for the purpose of long-term usability of the data. The technical basis for deposited data at SND is specified in a separate description (see Managing deposited research material at the Swedish National Data Service) [2], which contains information about what SND does to ensure usability in the future. This is done on several levels to secure readability not only on bitstream level but also to secure usability on higher levels such as operating systems and software. It also includes information on which metadata will be published and where.


URLs:


[1] SND Deposit Agreement: https://snd.gu.se/en/deposit-data/deposit-agreement  (accessed 2017-10-25)


[2] Managing deposited research material at the Swedish National Data Service (only in Swedish) https://snd.gu.se/sites/snd.gu.se/files/Hantering%20av%20deponerat%20forskningsmaterial%20vid%20SND.pdf (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

11. Data quality

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

At the Pre-Ingest phase data is controlled and checks are made to ensure all relevant metadata are included and that data is eligible for Ingest. All data ingested into the repository contains sufficient metadata to be fully understood. All metadata collected during ingest [1] can be accessed by users via the SND catalogue for assessment [2]. Controlled vocabularies and terminology is used and based on well accepted guidelines for the domain where mandatory and recommended elements are used.


If more metadata is found, the public catalogue information is updated. SND scans, among other sites, the National publication portal (Swe-Pub) [3] for publications associated with datasets in the repository. Whenever one is found its link is added to the metadata in the catalogue.


URLs:


[1] SND’s Deposit Form: https://snd.gu.se/en/describe-and-deposit-data/form (accessed 2017-10-25)


[2] Example of SND catalogue entry: https://snd.gu.se/en/catalogue/study/snd0905 (accessed 2017-10-25)


[3] Swe-Pub: http://swepub.kb.se (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

12. Workflows

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

The workflow at the SND consortium follows the OAIS Reference Model and the DDI research data life cycle model. The internal document “Arbetsprocesser vid SND” (Work processes at SND, a copy can be provided on request) contains an overview of the work processes including acquisition, data processing, long time preservation and dissemination. The intranet based handbook “SND Handboken” contains detailed descriptions of the workflows. Workflow related questions are continuously monitored at the biweekly Data Management Forum. This Forum is also responsible for the content of the Handbook.


SND provides guidance about data management for researchers and depostiors [1]


SND does not accept any data containing direct identifiers to respondents. Such data is returned to the depositor for possible anonymization. During Ingest, data is also checked for possible risks for disclosure, and if needed these risks are minimized in collaboration with the depositor.


SND accepts both quantitative and qualitative digital research data from SND’s designated user groups and the work flows conforms to these types of data. Data from other communities is accepted if there is no other suitable repository at hand. In these cases external experts will be consulted.


Upon signing the agreement (contract) the data producer is supplied with information about how SND manages the deposited research data (text file only (in Swedish and English), a copy can be provided on request).


URLs:


[1] https://snd.gu.se/en/support-researchers/data-management (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

13. Data discovery and identification

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

All metadata are published in the SND Catalogue [1]. The SND Catalogue offer both simple and advanced search down to question and variable level. Study descriptions are available in Swedish and in English. OAI harvesting and deep search are available.


SND is included in Registry of Research Data Repositories (Re3data) [2].


SND ensures that all of its data are usable and are identified uniquely. SND provides data with Digital Object Identifiers (DOIs) as well as downloadable data citations for use in publications based on analyses of the data [3].


URLs:


[1] SND catalogue: https://snd.gu.se/en/catalogue?subject=Political+Science (accessed 2017-10-25)


[2] SND at Re3data website: https://www.re3data.org/search?query=Swedish+National+Data+Service (accessed 2017-10-25)


[3] Example of SND catalogue entry, see tab datasets: https://snd.gu.se/en/catalogue/study/snd0905 (accessed 2017-10-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

14. Data reuse

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

All metadata is provided in formats such as DDI Lifecycle 3.2, DDI Codebook 1.2.2, MARC-XML, JSON [1].


If possible, disseminated data is provided in the format preferred by the user, typically SPSS, Stata, SAS, and Excel [2].


SND uses migration strategies for providing long-term preservation of the SND data holdings. The data formats that SND uses for storing the data are chosen with long-term preservation in mind, avoiding proprietary, closed or rarely used file formats. Extensive metadata are collected and stored to ensure the usability of data. Developments and progress in technologies are followed closely by involvement in national and international organizations working with research data sharing and preservation.


URLs:


[1] SND website, download metadata: See tab “Description” at https://snd.gu.se/en/catalogue/study/snd1026 (accessed 2018-01-25)


[2] SND website, Order data: https://snd.gu.se/en/catalogue/order-data (accessed 2018-01-25)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

15. Technical infrastructure

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

 The technical infrastructure of SND is under constant development and consists of resources on both data and metadata level.


The software used by SND is a combination of in-house developed tools and open source software, as well of proprietary software.


Common programming languages such as .NET and PHP are used to develop in-house utility tools for data and metadata management. For metadata management an internally developed system based on .NET and MariaDB is used. The SND discovery platform are built on common open source software such as Drupal [1], elasticsearch [2], and existdb [3]. System documentation on these systems are available for internal use.


Common proprietary software such as SPSS, Stata, ArcGIS and StatTransfer are also used for data and metadata management.


Metadata is documented within an in-house developed metadata management system. The system is compliant with different metadata standards such as Data Documentation Initiative [4], an international standard for describing data in the social, behavioral, and health sciences. Other examples of standards supported are Dublin Core, MARC-XML, DataCite and ISO 19115.


The ISO standard OAIS (ISO 14721:2012 [5]) is used as a reference for the daily SND operations and work.


Instructions on OAIS, metadata standards, and software use is described in the internal SND Handbook.


The servers of SND are operated by the University of Gothenburg using a virtual server cluster. The servers run Red Hat Linux and software is maintained using Ansible[ 6] for automation and supervisord [7] for process monitoring. Nagios[ 8] is also used for process, endpoint, and hard drive allocation monitoring.


SND adheres to the University of Gothenburg “Policy for IT security” [9] and “Rules for IT security”. The second document is only available for employees at the university.


SND assesses its technical infrastructure on a regular basis to ensure a high level of security and service to the research community.


URLs:


[1] Drupal: https://www.drupal.org/ (accessed 2018-02-02)


[2] Elasticsearch: https://www.elastic.co/products/elasticsearch (accessed 2018-02-02)


[3] Existdb:  http://exist-db.org/exist/apps/homepage/index.html (accessed 2018-02-02)


[4] DDI-alliance: http://www.ddialliance.org/ (accessed 2018-02-02)


[5] OAIS: https://www.iso.org/standard/57284.html (accessed 2018-02-02)


[6] Ansible: https://www.ansible.com/ (accessed 2018-02-02)


[7] Supervisord: http://supervisord.org/ (accessed 2018-02-02)


[8] Nagios: https://www.nagios.org/ (accessed 2018-02-02)


[9] University of Gothenburg, Policy for IT security: https://medarbetarportalen.gu.se/digitalAssets/1518/1518253_policy-for-it-security2.pdf (accessed 2018-02-02)

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

16. Security

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
4. Implemented: This guideline has been fully implemented for the needs of our repository.
Self-assessment statement:

SND has existing security measures on several levels and works continuously on minimizing risks. SND adheres to the University of Gothenburg “Policy for IT security” [1] and “Rules for IT security”. The second document is only available for employees at the university. All SND employees have agreed and adhere to the “Rules for use of university IT resources”[2].


Risk analyses exists for all software products and storage and are revisited and revised every three months. These risk analyses follow university procedures on risk assessments and covers both technical and other kinds of risks. In addition to this, the organization and all software systems have documented phase out plans for either data migration or organization or software discontinuation. 


Storage is outsourced to the SNIC [3] centre at Royal Institute of Technology, PDC [4]. All storage servers are maintained at a high availability facility with multiple backbone connections and electricity backup generators. All storage media components are monitored and replaced on any sign of deterioration. Backup is done daily to PDC facilities on other locations.


Read-only access to deposited data is granted to personnel with tasked involving data ingest, processing and dissemination. Write-access is only granted to personnel with special clearance.


Recovery plans on data, metadata and other software data are documented and available for employees when needed. Any known incidents regarding IT security are routinely reported in the university incident reporting system. All incidents reported will be investigated and followed up by the university´s Incident Response Team. Affected software, processes and procedures will be evaluated to investigate if any amendments are needed. 


User accounts for software and servers are managed by local university accounts and are, in most cases, connected to an Identity federation through SWAMID [5]. All access credentials to software and storage are routinely checked and updated. 


URLs: 


[1] University of Gothenburg, Policy for IT security:  https://medarbetarportalen.gu.se/digitalAssets/1518/1518253_policy-for-it-security2.pdf (accessed 2018-02-02)


[2] University of Gothenburg, Rules for IT-Security, only in Swedish:  https://medarbetarportalen.gu.se/digitalAssets/1529/1529233_regler-f--r-anv--ndning_20150212_pl.pdf (accessed 2018-02-02)


[3] Swedish National Infrastructure for Computing:  http://snic.se/ (accessed 2018-02-02)


[4] PDC center for high performance computing:  https://www.pdc.kth.se/ (accessed 2018-02-02)


[5] Swedish Academic Identity Federation: https://www.sunet.se/swamid/ (accessed 2018-02-02)


 

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept

17. Comments/feedback

Minimum Required Statement of Compliance:
0. N/A: Not Applicable.

Applicant Entry

Statement of Compliance:
0. N/A: Not Applicable.
Self-assessment statement:

No further comments

Reviewer Entry

Accept or send back to applicant for modification:
Accept
Comments:

Accept