SSHOC promotes trust and quality assurance by supporting data repositories in their journey to CoreTrustSeal certification.

Fourteen data repositories were selected for certification support through an open call between June and August 2020. These repositories are in varying stages of preparation with some closer to being ready to apply for certification and others more focused on taking note of issues and establishing best practices. The work of the SSHOC certification task team is to meet repositories at their point of readiness and provide assistance and guidance related to the certification process along with feedback on the repositories’ self-assessments before they submit their applications to CoreTrustSeal.

SSHOC works in cooperation with  FAIRsFAIR and with other EOSC projects which also have activities to support the certification of data repositories. FAIRsFAIR, for instance, aims to align the FAIR Principles with the CoreTrustSeal requirements. The EOSC Executive Board FAIR Working Group has recently published Recommendations on certifying services required to enable FAIR within EOSC.

Supported repositories

 

Certification FAQs

What is the cost of CoreTrustSeal certification?

The administrative fee of CoreTrustSeal certification is 1000 euros. Since the certification is valid for three years, this works out to 333 euros per year of certification. Waivers and  volume discounts are available - please see further information on the CoreTrustSeal website. There are no further external costs for the applicant during the review process (which includes both a review by and feedback from CoreTrustSeal authorities).

Is there a fixed date for submitting a CoreTrustSeal application?

There are no fixed dates for submitting an application. It would be helpful to coordinate with the SSHOC group as we will liaise with the CoreTrustSeal Board and try to manage the flow of applications to avoid a system overload and possible delays.

Can you provide some examples of “best practice” repositories?

All CoreTrustSeal certificates are published and we encourage you to use them as a reference point. Examples of good self-assessments, with all or most guidelines fully implemented, include the Inter-university Consortium for Political and Social Research (ICPSR), CLARINO Bergen Centre, and Archeology Data Service (ADS). However, we advise applicants to avoid copying and pasting self-assessment statements as the reviewers want the applicants to describe the practices of their specific repository.

What is the level of detail the certification experts want to see in the responses (especially with regard to describing storage procedures)?

Because applicants come from a wide range of organisations whose mission, size, and data collection methodologies vary considerably, response length and level of detail will vary. However, even the most complex evidence statements should usually be at the lower end of the 500–800 word range. Taking the storage procedures (CoreTrustSeal Requirement 9) as an example, what would generally be sufficient to get you the CoreTrustSeal is that the statement covers that you have documented procedures throughout, ideally with some kind of online overview of how you manage storage, and that these procedures are followed by your curators.

The thing to remember with describing storage procedures is that this particular item falls within the ‘digital object management‘ section of the CoreTrustSeal assessment and not specifically under the technical requirements. You would cover your backup and storage procedures etc. in more detail for the technical requirements, but R9 is more about demonstrating them from the data curators’ point of view. What the reviewers are looking for is that there are standard procedures for data storage from the point of deposit, during curation and preservation, and in the access system.

Should all supporting documents be available in English?

Translating supporting documents into English is not required for CoreTrustSeal certification. Links to public evidence in your national language are sufficient. However, you may consider whether translations into English are beneficial for your user base.

Does the CoreTrustSeal certification include a site visit?

It does not. This is why links to public evidence should be provided. Provisions can be made for repositories who want sensitive parts of their evidence to remain confidential.

Do you think it is worth trying to get the CoreTrustSeal certification for a metadata registry (not a data repository)?

The “Turning FAIR into reality” report did set up registries as one of the key components of the future European Open Science Cloud, and at SSHOC we feel that metadata repositories are in scope. If you are looking to certify a metadata registry, then please do get in touch with us as it would be a great exemplar for us and for CoreTrustSeal Board to look at. We think that certification would be generally applicable but let's have a chat and make sure we don't waste your time but ensure that we get the most out of that that we can.

If our repository holdings contain sensitive data, how is this assessed in the certification process?

With a broad base of CoreTrustSeal applicants, sensitive data is not relevant to all of the repositories, but it is considered important enough to be included in the requirements (R2 and R4). It also relates to security (R16): a core level certification is not going to provide enough detail for you to write a secure environment from scratch. During a review, the expectations will be higher for any organisation that holds personal data or data of another sensitive type. But as long as the licenses cover this in enough detail and there is clear process information around sensitive data, this should be enough. CoreTrustSeal does not set specific detailed standards for handling sensitive data.

What should be kept in mind while planning to create a repository, aiming for certification in future?

Designing a repository with no technical or data legacy is a real advantage in terms of avoiding common pitfalls. Key issues to take into consideration include policy, funding, embedding in your ecosystem, and planning and implementing services. Although your overall focus should be on quality of service and sustainability rather than ‘certification’, we think that the 16 CoreTrustSeal requirements are a very good reference point for planning in general. 

Business information management is important for designing a repository, getting certified and maintaining certification. Using and managing procedures as part of your day-to-day service makes running the service better and recertification relatively easy over time. That is a direct lesson that we have heard from repositories renewing their CoreTrustSeal certificates.

Our repository is part of a complex organisation. How do we decide which entity should apply for certification and the level at which the self-assessment is conducted?

As data repositories differ tremendously from each other in terms of their organizational structures, there is no clear-cut answer to this question. For example, if your repository is part of a larger organisation, which is responsible for hosting the data, you should provide evidence about the technical infrastructure and security on the level of the hosting organisation and on the level of your repository as well. 

If your repository belongs to a complex, hierarchical organisation, attaching an organisational chart in the application can be helpful to illustrate the hierarchy to the reviewers. 

How is SSHOC Task 8.2 trust work connected to EOSC?

Trustworthy data repositories capable of curating FAIR data are a critical requirement for the European Open Science Cloud. See the report Turning FAIR into reality by the European Commission expert group on FAIR data and the EOSC Executive Board Working Group’s Recommendations on certifying services required to enable FAIR within EOSC

What is the relationship between FAIR and CoreTrustSeal certification?

Through the FAIRsFAIR project there is ongoing work to align the FAIR Principles and indicators with the CoreTrustSeal requirements. Ideally, a repository could be certified as ‘FAIRenabling’ as well as Trustworthy. But the mapping and process are still under development. Any good TDR is likely to be well placed to ensure FAIRness though. 

What is the E-RIHS approach to certification of repositories?

The ​European Research Infrastructure for Heritage Science ​(E-RIHS) is a distributed infrastructure supporting Heritage Science (HS): the interdisciplinary domain of scientific study of Cultural Heritage (CH). HS draws on diverse humanities, sciences and engineering disciplines and focuses on enhancing the understanding, care and sustainable use of heritage so it can enrich people’s lives, both today and in the future.

E-RIHS is still in its preparatory phase and will become an ERIC within a couple of years. The actual procedures are based on a modular operation: the evaluation of the candidate’s internal processes, of its scientific excellence and of the quality of its services and eventual suitability for E-RIHS. DIGILAB, the E-RIHS digital platform, will provide access to a wide range of cutting-edge tools, datasets and instruments for Heritage Science research, analysis and interpretation. It is therefore of fundamental importance that resources selected, created and used by scientists are managed, curated, and archived in a way that preserves their value and trustworthiness. 

Every service provided by DIGILAB will be FAIR-oriented and compliant with EU policies and strategies concerning scientific data. The repository certification process will represent an important contribution to ensure the reliability of the E-RIHS resources, increasing the potential for sharing data over a long period of time, and their value.

Are there other ongoing projects working with FAIR, certification and trusted repositories?

Yes. The SSHOC task 8.2 team members are directly involved for example in the aforementioned  FAIRsFAIR project, and in the EOSC-Nordic project that has tasks on FAIRification and certification within the Nordic and Baltic countries. The FAIRsFAIR Synchronisation Force provides coordination and interaction with European projects working on different aspects of FAIR and trust. It liaises with the five ESFRI Clusters (PANOSC, SSHOC, ENVRI-FAIR, ESCAPE, EOSC-Life), the thematic and regional EOSC (5b) projects (SYNERGY, NORDIC, EOSC-PILLAR, NI4OS-EUROPE, EXPANDS) and the European Group of FAIR Champions.