Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Planning for Secure Services (DMP-SS) † Tito Castillo, † Stelios Alexandrakis, † Anthony Thomas, † Michael Waters, *Phil Curran, *Kevin Garwood † UCL Institute of Child Health *MRC Unit for Lifelong Health and Ageing
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 DMP-SS Data Management Planning for Secure Services The Digital Curation Centre has developed DMPOnline to assist researchers with the design of structured and standardised data management plans. Data management planning involves consideration and application of effective information security. Question: Can we harness aspects of DMPOnline to assist with the establishment of a formal Information Security Management System (ISMS)?
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Summary The project seeks to develop an Information Security Management System (ISMS) ISO-27001:2005 ISMS designed to operate with a local registry of data management plans Health and social science surveys are standardising on DDI as the method for metadata representation Local DMP registry will extend DDI top accommodate the DMPOnline checklist.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Information Security Management Systems International standard for information security ISO-27001:2005 Describes requirements (i.e. what you ‘shall’ do) Independently audited Associated code of practice ISO-27002:2005 Provides guidance (i.e. what you ‘should’ do) An ISMS is dynamic
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Objectives Extend DMPOnline checklist through a formal object model for data management planning Create a local DMP repository service by extension of the DDI 3.x standard to accommodate elements of the DMP object model. Develop suitable web-services from the local DMP repository to allow for search and retrieval of data management plans contained within the repository Develop the necessary functional components for an ISO compliant ISMS asset and risk registers controls and assurance records document management system
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 DMP-SS Project Data Management Planning for Secure Services
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 DMPOnline Checklist The DMPOnline checklist provides a taxonomy of questions relating to the planned use of data assets within a research project
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 ISO controls taxonomy The standard proposes a taxonomy of controls and associated assurance mechanisms that may be applied by an organisation to reduce the risk to specified information assets.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Information Security Management System (ISMS) Development PLAN Management Support Define ISMS Scope Create Asset Register Risk Assessment Risk Treatment Plan Statement of Applicability DO ISMS Implementation Programme Create ISMS ISMS CHECK Compliance Review Stage 1 Audit Stage 2 Audit ISO Certification ACT Corrective Action Corrective Action Procedure
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Plan Information Security Management System Relationship between DMP and ISMS
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 What is DDI? Data Documentation Initiative (DDI) – XML metadata specification – Describes the study, datasets, supporting docs & other external resources – DDI Alliance DDI version – focus is on the archive / preservation / dissemination – Has been around since – Widely used and tools available DDI version – Encompasses the entire survey life cycle – Initial version released in – Early adoption stage and tools in development
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 DDI ‘life-cycle’ standard Metadata descriptors of data management process. ….. from conceptualisation through to archival.
Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Project Workpackages 1.Adaptation of DMP Online DCC develop web service API 2.DDI Repository development Metadata Technology develop formal model of DMP and extend DDI repository 3.Risk assessment tool development ICH develop ISMS (database and document management system) 4.Stakeholder Engagement Pilot studies 5.Reporting