DSA logo

 

Data Seal of Approval

Guidelines version 2014-2017
July 19, 2013

Introduction

This guide supports repository self-assessment and peer review against the 16 Data Seal of Approval (DSA) Guidelines for the application and verification of quality aspects related to the creation, storage and (re-)use of digital data. The Guidelines have been designed with a focus on scientific and scholarly materials but may be applied to all types of digital information. These Guidelines serve as a basis for granting a ‘Data Seal of Approval’ by the Data Seal of Approval Board.

Fundamental to the Guidelines are five principles that together determine whether or not the digital data may be considered as sustainably archived:

These principles are integral to the Guidelines, which focus on three stakeholders: the data producer, the data repository and the data consumer.

Although the Guidelines address three different groups, it is the data repository which is responsible for enabling and supporting data producer and data consumer compliance with the Guidelines.

It is assumed that in the data lifecycle the repository may actually interact with a ‘depositor’ acting on behalf of the data producer.

A data repository is designated a Trusted Digital Repository (TDR) according to the requirements of the Data Seal of Approval if it meets Guidelines 4-13 and if it enables data producers and data consumers to adhere to Guidelines 1-3 and 14-16.

This Assessment Guide may also be used as a form for recording draft self-assessments before using the DSA online tool.

The Self-Assessment and Peer-Review Process

Once application details have been processed via datasealofapproval.org, the applicant can complete and submit a self-assessment against the 16 Guidelines.

A peer reviewer appointed by the DSA Board will either confirm the self-assessment evidence and compliance levels for each Guideline or reject them and provide relevant comments to be addressed by the applicant. The comment/response process will continue until the reviewer can decide whether to award the DSA. In the event of a dispute the applicant may appeal to the Board.

Outsourcing

In the original version of the DSA outsourcing to third parties was permitted for Guidelines 4, 6, 7, 8 and 13 as long as the outsource partner had a DSA or better level of trust certification.

To take account of the increasingly distributed and service-based nature of modern repositories, the DSA Board expanded the possibility of outsourcing to all Guidelines.  This decision will be monitored over time and may be amended in future in cooperation with the DSA community. Applicant information relevant to outsourcing is requested in the ‘Repository Context’ section and must form part of the evidence for each applicable Guideline.

____________________________________________________________________

Completing the Self-Assessment

Topics for discussion and inclusion are suggested in supporting text below each Guideline, but they are neither exhaustive nor prescriptive.

Abbreviations should be expanded the first time they are used.

The following fields appear below each Guideline:

____________________________________________________________________

Self-Assessment Statement:

Your self-assessment statement should directly address the Guideline and its supporting text. Your statement should indicate which documentation (linked or draft) provides support. Please mention why it supports your evidence statement and mention which section is applicable, especially for long documents or those with a broad scope.

If part of a Guideline is ‘Outsourced’ to a third party (where applicable) identify the partner and provide evidence for the parts of the process you are responsible for and for those the Outsource Partner is responsible for.

____________________________________________________________________

 Linked Documentation and/or documentation deadline (English summary if applicable):

The self-assessment statement for each Guideline must be supported by a link to relevant publicly available documentation (preferably in English). If the documentation is not in English a short summary in English should be provided. If documentation is in draft and/or not yet publicly available a deadline should be provided which would be monitored in subsequent applications for the DSA. Self-assessed compliance levels would be expected to be lower if supporting evidence is only available in draft. These public documents are considered critical to the transparency of the DSA process.

Please add hyperlinks to public documentation used to support your self-assessment.

Each document here should have been mentioned in the self-assessment statement above.

____________________________________________________________________

Self-Assessed Compliance Level:

For each DSA Guideline there is a minimum level of compliance reflecting how mature repository practices should be to receive the Seal. As best practices emerge, the DSA Board will re-evaluate the minimum compliance level.

____________________________________________________________________

Peer Reviewers Comments:

This space will be used by the reviewers to add comments or ask for further clarification. ____________________________________________________________________

Reference for Peer Reviewers

____________________________________________________________________

Liability

By starting the application process for the DSA you agree to the following terms:

All parties concerned including the DSA Board and designated reviewer will treat self-assessment evidence and compliance levels as sensitive until the DSA is awarded; after this time the final version of evidence, self-assessment levels and reviewer comments will be made publically available via the DSA Tool.

The DSA Board will handle all data provided with the utmost care but accepts no liability for any damage or losses resulting from the use of these data.

 

Guidelines

Guideline Minimum requirement
0 Repository Context N/A
1 The data producer deposits the data in a data repository with sufficient information for others to assess the quality of the data, and compliance with disciplinary and ethical norms. 3
2 The data producer provides the data in formats recommended by the data repository. 3
3 The data producer provides the data together with the metadata requested by the data repository. 4
4 The data repository has an explicit mission in the area of digital archiving and promulgates it. 4
5 The data repository uses due diligence to ensure compliance with legal regulations and contracts including, when applicable, regulations governing the protection of human subjects. 4
6 The data repository applies documented processes and procedures for managing data storage. 4
7 The data repository has a plan for long-term preservation of its digital assets. 3
8 Archiving takes place according to explicit work flows across the data life cycle. 3
9 The data repository assumes responsibility from the data producers for access and availability of the digital objects. 4
10 The data repository enables the users to discover and use the data and refer to them in a persistent way. 3
11 The data repository ensures the integrity of the digital objects and the metadata. 3
12 The data repository ensures the authenticity of the digital objects and the metadata. 3
13 The technical infrastructure explicitly supports the tasks and functions described in internationally accepted archival standards like OAIS. 3
14 The data consumer complies with access regulations set by the data repository. 4
15 The data consumer conforms to and agrees with any codes of conduct that are generally accepted in the relevant sector for the exchange and proper use of knowledge and information. 4
16 The data consumer respects the applicable licences of the data repository regarding the use of the data. 4

 

Assessment

Statement of Compliance Means Comments and/or URLs
0 N/A: Not Applicable. Provide an explanation
1 No: We have not considered this yet. Provide an explanation
2 Theoretical: We have a theoretical concept. Provide a URL for the initiation document.
3 In progress: We are in the implementation phase. Provide a URL for the supporting document.
4 Implemented: This guideline has been fully implemented for the needs of our repository. Provide a URL for the supporting document.

0. Repository Context

Applicant manual

Please provide a brief general description of the functions and activities undertaken by the repository with particular regard to specialised aspects of your repository and services that might not be familiar to a peer reviewer. Where possible refer to standard OAIS functions and terms.

Please provide a concise list of any Outsource Partners referenced in the Self-Assessment and their relationship (organisational/contractual, etc.) with your repository including whether or not they have the Data Seal of Approval or have undertaken some other Trusted Digital Repository assessment. List the Guidelines for which they provide all or part of the relevant functionality/service. Define the relationship with/control over the outsourced functions under the relevant Guideline including any contracts or Service Level Agreements (SLAs) which are in place.

Because outsourcing will almost always be partial, you will still need to provide appropriate evidence for functions under the Guideline which are not outsourced, for example, “documented processes and procedures for managing data storage” and “explicit workflows” for the parts of the data lifecycle which you control.

Reviewer manual

1. The data producer deposits the data in a data repository with sufficient information for others to assess the quality of the data, and compliance with disciplinary and ethical norms.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

As regards this Guideline, how do you support the data producer (and/or depositor) before and during submission to the repository?

Sector-specific quality criteria indicate to what degree the data are of interest to consumers. The assessment by experts and colleagues in a field is the main deciding factor for the quality of data. Transparency in terms of adherence to ethical norms in relevant disciplines facilitates the assessment of data content. Therefore, it is the responsibility of the data producer to provide sufficient information to enable data consumers to assess the data.

Does the repository define the full package of information that should be deposited to facilitate assessment? What is required and what is optional?

Does the repository ask for:

How much of this information collected from the data producer is passed on to data consumers to let them make independent assessments?

Reviewer manual

2. The data producer provides the data in formats recommended by the data repository.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

As regards this Guideline, how does the repository support the data producer before and during submission to the repository?

Various data formats exist for digital objects, and for all formats there is a risk that they may become obsolete, rendering data objects unusable. For storage of data objects preferred formats are used. Preferred formats are those that a data repository can reasonably assure will remain readable and usable. Typically, these are the de facto standards employed by a particular discipline.

Reviewer manual

3. The data producer provides the data together with the metadata requested by the data repository.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

As regards this Guideline, how does the repository support the Data Producer before and during submission to the repository?

It is the responsibility of the data producer to provide the data with information about the context of the data (metadata). There is a distinction between descriptive, structural and administrative metadata. These must be provided in accordance with the Guidelines of the data repository.

The data repository specifies the level of producer-created metadata required and provides the tools for its effective capture.

 

[1]  See: <http://www.dublincore.org> [accessed July 19, 2013].

Reviewer manual

4. The data repository has an explicit mission in the area of digital archiving and promulgates it.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline relates to the level of authority which the repository has.

Reviewer manual

5. The data repository uses due diligence to ensure compliance with legal regulations and contracts including, when applicable, regulations governing the protection of human subjects.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline relates to the legal regulations which impact on the repository.

Reviewer manual

6. The data repository applies documented processes and procedures for managing data storage.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline relates to the ability of the repository to manage data.

Reviewer manual

7. The data repository has a plan for long-term preservation of its digital assets.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

This Guideline relates to the ability of the repository providing continued access to data.

Reviewer manual

8. Archiving takes place according to explicit work flows across the data life cycle.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

This Guideline relates to the levels of procedural documentation for the repository.

Does the repository have procedural documentation for archiving data? Provide references to:

Reviewer manual

9. The data repository assumes responsibility from the data producers for access and availability of the digital objects.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline relates to the levels of responsibility which the repository takes for its data.

Reviewer manual

10. The data repository enables the users to discover and use the data and refer to them in a persistent way.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

This Guideline relates to the formats in which the repository provides its data and its identifiers.

Reviewer manual

11. The data repository ensures the integrity of the digital objects and the metadata.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

This Guideline relates to the information contained in the digital objects and metadata and whether it is complete, whether all changes are logged and whether intermediate versions are present.

Reviewer manual

12. The data repository ensures the authenticity of the digital objects and the metadata.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

This Guideline refers to the degree of reliability of the original and to the provenance of the data including relationship between the original data and that disseminated, and whether or not existing relationships between datasets and/or metadata are maintained.

Reviewer manual

13. The technical infrastructure explicitly supports the tasks and functions described in internationally accepted archival standards like OAIS.

Required statement of compliance:

3. In progress: We are in the implementation phase.

Applicant manual

This Guideline refers to the level of conformance with accepted standards. The technical infrastructure constitutes the foundation of a Trusted Digital Repository. The OAIS reference model,[1] an ISO standard, is the de facto standard for using digital archiving terminology and defining the functions that a data repository fulfils.



[1]  Details regarding the OAIS reference model can be found at: <http://public.ccsds.org/publications/archive/650x0m2.pdf. > [accessed January 31, 2013].

 

Reviewer manual

14. The data consumer complies with access regulations set by the data repository.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline refers to the responsibility of the repository to create legal access agreements which relate to relevant national (and international) legislation and the levels to which the repository informs the data consumer about the access conditions of the repository.

Reviewer manual

15. The data consumer conforms to and agrees with any codes of conduct that are generally accepted in the relevant sector for the exchange and proper use of knowledge and information.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline refers to the responsibility of the repository to inform data consumers about any relevant codes of conduct.

Reviewer manual

16. The data consumer respects the applicable licences of the data repository regarding the use of the data.

Required statement of compliance:

4. Implemented: This guideline has been fully implemented for the needs of our repository.

Applicant manual

This Guideline refers to the responsibility of the repository to inform data consumers regarding the applicable licences.

The quality of the use of data is determined by the degree to which the data can be used without limitation by the various target groups, while complying with applicable codes of conduct.

The open and free use of data takes place within the relevant legal frameworks and the policy Guidelines as determined by relevant national authorities.

With regard to accessing information, the data consumer is bound by relevant national legislation. The data repository may have separate access regulations, which include restrictions imposed by the laws of the country in which the data repository is located. Access regulations should be based on relevant international access standards (e.g., Creative Commons) as much as possible.

Most nations have legal frameworks relating to the ethical use and re-use of data. These frameworks range from the statutory — which protect the privacy of individuals — to formal codes of conduct which inform ethical issues. Repositories must be aware of these local legal frameworks and ensure that they are taken into account when providing data for re-use.

Reviewer manual

Data Seal of Approval Board
Wwww.datasealofapproval.orgEinfo@datasealofapproval.org