Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Planning for Secure Services (DMP-SS) † Tito Castillo,

Meeting Disciplinary Challenges in Research Data Management Planning – March 23rd 2012

Data Management Planning for Secure Services (DMP-SS)

†Tito Castillo, †Stelios Alexandrakis, †Anthony Thomas, †Michael Waters, *Phil

Curran, *Kevin Garwood†UCL Institute of Child Health

*MRC Unit for Lifelong Health and Ageing


DMP-SSData Management Planning for Secure Services

The Digital Curation Centre has developed DMPOnline to assist researchers with the design of structured and standardised data management plans.

Data management planning involves consideration and application of effective information security.

Question: Can we harness aspects of DMPOnline to assist with the establishment of a formal Information Security Management System (ISMS)?


Summary• The project seeks to develop an Information Security

Management System (ISMS) • ISO-27001:2005

• ISMS designed to operate with a local registry of data management plans

• Health and social science surveys are standardising on DDI as the method for metadata representation

• Local DMP registry will extend DDI top accommodate the DMPOnline checklist.


Information Security Management Systems

International standard for information securityISO-27001:2005

Describes requirements (i.e. what you ‘shall’ do)

Independently audited

Associated code of practice ISO-27002:2005

Provides guidance (i.e. what you ‘should’ do)

An ISMS is dynamic


Objectives

Extend DMPOnline checklist through a formal object model for data management planning

Create a local DMP repository service by extension of the DDI 3.x standard to accommodate elements of the DMP object model.

Develop suitable web-services from the local DMP repository to allow for search and retrieval of data management plans contained within the repository

Develop the necessary functional components for an ISO-27001 compliant ISMS

asset and risk registers controls and assurance records document management system


DMP-SS ProjectData Management Planning for Secure Services


DMPOnline Checklist

The DMPOnline checklist provides a taxonomy of questions relating to the planned use of data assets within a research project


ISO 27001 controls taxonomy

The standard proposes a taxonomy of controls and associated assurance mechanisms that may be applied by an organisation to reduce the risk to specified information assets.


Information Security Management System (ISMS) Development

PLAN

Management Support

Define ISMS Scope

Create Asset Register

Risk Assessment

Risk Treatment Plan

Statement of Applicability

DO

ISMS Implementation Programme

Create ISMS

ISMS

CHECK

Compliance Review

Stage 1 Audit

Stage 2 Audit

ISO-27001 Certification

ACT

Corrective Action

Corrective Action Procedure


DataManagementPlan

InformationSecurityManagementSystem

Relationship betweenDMP and ISMS


What is DDI?

• Data Documentation Initiative (DDI)– XML metadata specification– Describes the study, datasets, supporting docs & other external resources– DDI Alliance

• DDI version 1.0-2.1– focus is on the archive / preservation / dissemination– Has been around since 2000. – Widely used and tools available

• DDI version 3.0-3.1– Encompasses the entire survey life cycle– Initial version released in 2009. – Early adoption stage and tools in development


DDI ‘life-cycle’ standard

Metadata descriptors of data management process.

….. from conceptualisation through to archival.


Project Workpackages1. Adaptation of DMP Online

• DCC develop web service API

2. DDI Repository development• Metadata Technology develop formal model of DMP and extend DDI repository

3. Risk assessment tool development• ICH develop ISMS (database and document management system)

4. Stakeholder Engagement• Pilot studies

5. Reporting

Documents

Meeting Disciplinary Challenges in Research Data Management Planning – March 23 rd 2012 Data Management Planning for Secure Services (DMP-SS) † Tito Castillo,