X Close

Data Management Planning for Secure Services (DMP-SS)


Just another Blogs.ucl.ac.uk site


Research Data Management Steering Group meeting

By F D ( Tito ) Castillo, on 22 February 2012

Attendees: Graham Hart (Chair), Tito Castillo (DMP-SS Principal Investigator), Stelios Alexandrakis (DMP-SS Project Manager and Lead Developer), Martin Donnelly (Project Manager DMPOnline, Digital Curation Centre), Jacky Pallas (Platform Technologies), Rachel Knowles (UK Birth Cohort Study), Trevor Peacock (AISC), Mike Sievwright (AISC), Peter Dukes (MRC Head Office), Julie Withey (MRC Unit of Lifelong Health and Ageing), Martin Moyle (UCL Library Service, Deputising for Paul Ayris)

On Friday 17th February 2012 we convened the first meeting of the Research Data Management Steering Group. Chaired by Professor Graham Hart, the Dean of the Faculty of Population Health Sciences at UCL, the Steering Group has been constituted to address issues that emerge from the DMP-SS project and our collaboration with the Digital Curation Centre.

The meeting drew from relevant expertise and stakeholders from both within UCL and the wider academic community, with representation from UCL Library Service, Advanced Information Systems Centre, Platform Technologies, UCL Centre for Health Informatics and Multi Professional Education, UCL Research & Innovations, MRC Head Office, UK Birth Cohort Study, MRC Centre of Epidemiology for Child Health and MRC Unit of Lifelong Health and Ageing.

The meeting began with an examination of the proposed Terms of Reference for the Group (see below) which were approved.


To encourage and aid the development of secure research data management, including tools and techniques for planning and execution, within the Faculty of Population Health Sciences at UCL and to share best practice with population health scientists throughout the UK.

Terms of Reference

To identify appropriate deliverables and metrics of success in the following domains:
  1. awareness of the importance of information security and data management planning in the Faculty and beyond;
  2. community involvement via consultation and engagement across appropriate UCL and UK population health constituencies;
  3. sharing of best practice across population health science research community.

There followed a series of short presentations that were designed to set the scene for the group and provide background to the DMP-SS project. I started by giving an overview of the local epiLab service that we have established at the MRC Centre of Epidemiology for Child Health over the past 3 years. I described how the implementation of a secure virtual desktop environment has inevitably required that we develop ways of better describing users data management requirements and is of particular concern when cloud services are being considered.

Martin Donnelly, the project manager of DMPOnline, continued with a description of the service and outlined the ongoing development strategy, including the refinement and validation of mappings to funders requirements, the provision of flexible templates to accommodate funder and institutional requirements and the possible deployment of DMPOnline as a secure, independently hosted JANET service.

Mike Sievwright, the project manager of the UCL Identifiable Data Handling Project at UCL, outlined the approach that his group has taken in developing the strategy for management of identifiable research data at the UCL School of Life and Medical Sciences. A clear message from his work has been the need to significant cultural change through education and researcher engagement.

Discussion points:

1) Storage of Data Management Plans outside host institution.

the question was posed of whether there were any practical concerns held by the group in respect of the possibility of DMPs being stored on DMPOnline, at Edinburgh University.

MD expressed the view that no intellectual property should reside within a data management plan, however TC pointed out that institutions may want to capture a more detailed plan, including some local information that is not deemed relevant by the DCC. Furthermore, reduction in the need for multiple entry of information would be crucially important for uptake by researchers. JP said that there was value in having local templates that researchers could complete “off-line” rather than being forced to log into a website. PD confirmed that MRC’s view of data management plans is that they should be kept simple and typically take the form of a short Word document.

MD pointed out that discussions are on-going about the possibility of a JANET hosting service being created to host an instance of DMPOnline.

2) Data Management Planning at UCL

PD expressed his strong support for the engagement of UCL widely in the adoption of formal processes for the development of data management plans. The view of the group is that we need to achieve a firm academic basis for data curation, handling and information security generally. It was proposed that the project team set up a workshop to which interested stakeholders at UCL would be invited to discuss the challenges in DMP development at an institutional level – to include representation from the LSHTM. There may be an opportunity to link with Paul Ayris on the UCL Library Research Data strategy.

MD pointed out that the DCC has resource specifically to assist institutions with the development of DMPs and he would be happy to support this initiative.

3) Training and user engagement

Training and community engagement were identified across the group as critically important requirements for success and adequate resource should be identified to support this activity.

JISC Managing Research Data (MRD) Launch Meeting

By sejjsa9, on 20 January 2012

Anthony Thomas and I attended the JISC MRD Programme Launch meeting at the NCL Conference Centre in Nottingham on the 1st and 2nd December 2011 being the two delegates representing the University College London’s project Data Management Planning for Secure Services (DMP-SS).

The event was organised and led by Simon Hodson (JISC program manager) and included a wide range of presentations and workshops on topics such as the application of Digital Curation Centre’s (DCC) tools (DAF, DMPOnline), UMF tools and demos (Brisskit, DataFlow etc) as well as looking into ways to gather and measure benefits and impact (Benefits Framework Tool, Value Chain Impacts Tool).

Anthony and I presented a poster in the session at the end of day 1 our project, DMP-SS, which aims to use and extend existing DDI editors and broking services to act as a core registry of data management plans that can interoperate with both DMPOnline and a locally managed information security management systems.

We have found the event valuable in allowing us to meet people from the other JISC projects, finding out what other people are doing so as to examine potential for reuse, inform them of our aims and current development as well as learn from mistakes of past/completed projects.

On day 2 attended the breakout group for projects with a biomedical/health interest in which a number of very interesting points were introduced and initially discussed with the view to extend the dialog on a shared facility to facilitate collaboration and exchange of ideas. Bill Worthington has blogged about that session in more detail here as well as Jonathan Tedds.

We would like to thank JISC and Simon Hodson for a helpful and well-organised event!

Data Management Planning Workshop at ICH

By F D ( Tito ) Castillo, on 23 November 2011


On Friday 18th November we held a workshop that brought together all interested parties in the JISC Enhancing DMPonline Projects funding stream. The day focused on developing a mutual understanding of the potential challenges and opportunities for extension of the Digital Curation Centre’s DMPOnline tool.


DMP-SS Team: (UCL Institute of Child Health & MRC Unit for Lifelong health & Ageing)

  • Tito Castillo – Principal Investigator, MRC Centre of Epidemiology for Child Health
  • Stelios Alexandrakis – Project manager and Lead Developer, MRC Centre of Epidemiology for Child Health
  • Kevin Garwood – Software Developer
  • Michael Waters, Research & Innovations

Digital Curation Centre (DMPOnline)

  • Martin Donnelly – Project Manager
  • Adrian Richardson – Lead Software Developer

Oxford University (Oxford DMPOnline project)

  • David Shotton – Principal Investigator
  • Richard Jones – Cottage Labs


  • Arofan Gregory – Metadata Technology & Open Data Foundation
  • Veerle Van den Eynden – MRC Data Support Service Project Manager Medical Research Council
  • Jonathan Tedds, Senior Research Liaison Manager, University of Leicester
  • Simon Hodson, JISC Programm Manager


After a thought provoking discussion we were left with a few key messages to consider and act upon:

  1. Is the existing DCC centralised hosting model for Data Management Plans going to be widely acceptable amongst the wider research community? The existing DCC model involves the management of a centralised repository of data management plans. It was suggested in the meeting that this may prove to be unacceptable to many researchers and we will need to examine the possibilities of federated models being used.
  2. Can we express the current DMPOnline data model in a form that is suitable for encorporation into DDI? Arofan Gregory agreed to lead an initiative to develop a more formal modeol of the current DCC checklist that may be used in future to inform the further development of the DDI ‘life-cycle’ standard. Arofan’s clear view was that there are siginificant elements of the existing DDI model that do not explicitly support the DMP concepts although it would be highly desirable to consider their inclusion in a later version of DDI.
  3. What is the possible relationship between the IRAS (Integrated Research Application System) and DMP and would there be oportunities to interoperate? The IRAS system is used for submission of a range of approval applications and appears to make use of some form of common interchange standard. The question was askes as to whether thie DMP process could support the IRAS system in some way and how widespread is the use of IRAS at the moment.
  4. Is it possible for the DMP-SS project team to story board the proposed interaction between a DMP registry and their proposed Information Security management System? The relationship between the proposed ISMS and DMP registry is still unclear and it is important to begin to describe the proposed information flows and use cases in support of the ongoing development. Stelios Alexandrakis agreed that he would begin this work and Tito castillo agreed to share the current mapping that has been carried out between the DMP checklist and ISO-27001 controls.
  5. DDI ‘life-cycle’ training opportunity. Arofan Gregory noted that there is a possibility of DDI training being commissioned by UK Data Archive during 2012 however this has yet to be finalised. There was widespread interest among the group to attend suc a course if and when it takes place.


10.00 Welcome and introductions
10.20 The background to the JISC programme (Simon Hodson)
10.40 DMPOnline history and strategic plan (Martin Donnely)
11.10 Break
11.30 Introduction to the DDI Standard and associated tools (Arofan Gregory)
12:15 Discussion
12:30 Lunch
13:20 DMP-SS Project discussion (led by Tito Castillo)
14:20 Break
14:30 Oxford DMPOnline discussion (led by David Shotton)
15:30 Opportunities for collaboration and enhancement
16:00 Close

DMP-SS presented to JANET CSIRT Information Security Conference

By F D ( Tito ) Castillo, on 15 November 2011

JANET’s Computer Security Incident Response Team’s (CSIRT) annual conference took place in the Royal Society of Medicine on 10th November 2011. I had already been asked to present the outcomes of our TSB funded SHARE project which involved the use of a secure private cloud to host epidemiology research computing services. This was of particular interest to the delegates since it outlines the practical issues that we faced with contracts and formal certification to ISO-27001 of the working environment. When I was writing the talk I realised that the DMP-SS project represented an important component of the whole picture and illustrates the iterative nature of our information security approach. The whole slide deck is available here but the key message that I was looking to make is best summed up below.

Illustration of the journey in the development of an ISMS

Illustration of the journey in the development of an ISMS showing the need for data management plans as a core component of domain knowledge

Essentially, the use of data management plans in the development and ongoing curation of an information security management system is one of the core issues being explored by this project and I was interested to see what the views of delegates to this meeting would be to this proposal. I think its fair to say that there was broad agreement that this approach seems to address one of the critical challenges in establishing good information security within an academic research environment. The delegates at the meeting had confidence that they understood the technical issues relating to security but acknowledged that the management issues we perhaps the most profound and enigmatic.

This was indeed the conclusion of the first speaker, Richard Walton, who spoke eloquently on his long career advising government agencies on information security. He clearly outlines the importance of management issues, suggesting that most of the breaches in information security should be from the inside of an organisation.

A surprising outcome from this presentation was the chance meeting with UCL’s Deputy Head of Information Security, Luci Thomas. We had an opportunity to discuss the SHARE and DMP-SS projects in more detail and agreed to work closely with her team to ensure that the ISMS that we develop within the DMP-SS project can be applied across the broader UCL context.

DMPOnline tools to assist with ISMS development

By F D ( Tito ) Castillo, on 30 October 2011

Plans are underway for the Digital Curation Centre’s innovative DMPOnline tool to be used in the creation of an information security management tool, designed for the medical research community. JISC has provided funding for a short 12 month project that seeks to adapt and extend features of DMPOnline within its own information security management system. If successful, the resulting tool will be made available to the wider research community.

The relationship between data management planning and information security management is interesting to consider. To some extent, both terms refer to similar concepts but may be directed at a slightly different audience. While data management planning focusses on the discipline of defining the course of action to take in order to meet a set of objectives, information security management considers everything that might act to impede or confound progress. Some people may find it easier to think through the data management planning approach since this is a check-list of what needs to be done, however and information security driven approach forces individuals to consider the risks associated with data management.

Best practice in information security is described in the international standard ISO-27001 and its accompanying code of practice ISO-27002. This standard provides guidance in the construction of an Information Security Management System (ISMS)

DMP-SS conceptual diagram

DMP-SS conceptual diagram showing the use of DDI as a central broker for data management plans, linked to both the DMPOnline service and a local information security management system

that may be independently audited and certified as meeting this standard. The process of building an ISMS and obtaining ISO-27001 certification is time consuming and resource intensive however its maintenance involves continuous re-examination and improvement. Users of such a system must engage in this process to ensure that their own data and processes are appropriately secured.

The DMP-SS project seeks to adopt and refine the DMPOnline tool to assist with project-specific risk assessment and ISMS curation. Lead researchers, using the DMPOnline approach, will be able to provide details of assets, threats, vulnerabilities associated with their research projects in combination with relevant safeguards (or ‘controls’) that must be implemented as part of their data management plan. By using the language of data management planning we anticipate that they will be more able to provide relevant and complete information, augmenting additional information within our ISMS.

DMP-SS project website launch date announced

By F D ( Tito ) Castillo, on 30 October 2011

The DMP-SS project website is due to be launched officially on 1st November 2011. This will coincide with the full launch of the new website for the MRC Centre of Epidemiology for Child Health, a site that has been in development over the last 5 months.

Contract signed with Metadata Technology

By F D ( Tito ) Castillo, on 30 October 2011

After a slight delay in finalising the contract, we’re finally under way. Yesterday it was confirmed that Metadata Technology have signed and returned the contract to work on the DMP-SS project. This just leaves the consortium agreement to be finalised between UCL and the Medical Research Council.