New content in MANTRA: ‘Keeping research data safe’

We are pleased to provide an update on MANTRA, the free online research data management training resource.

The MANTRA course was developed around ten years ago to provide knowledge and training on a number of key research data management topics, including data management plans, effective organisation of data and files, and archiving and sharing research data at the end of a project.

As part of an ongoing update to MANTRA, six of the eight training modules have now been updated in order to refresh content and introduce new concepts and topics to better reflect current research data management practices and conventions.

Our most recent update is the new Unit 6: ‘Keeping research data safe’, which replaces the original ‘Storage and security’ unit covering how to store research data effectively, including keeping backups and methods to safeguard data. The new unit updates that content, and introduces a number of new topics including data classification, networked and cloud storage, password management tools, data access controls, transferring files securely, and working remotely.

Additionally, the new unit has been refreshed to include new images, videos and links to further reading to ensure it remains relevant and interesting to anyone looking to learn more about storing their research data safely and effectively.

In addition to this latest update, over the past year we have also reviewed and updated a further three modules:

  • Unit 2: ‘Data management planning’ – Main updates include: new videos on the topic of data management planning from the Research Data Service, and new content covering planning of a broader range of research outputs (e.g. software code, workflows, methods and protocols), and information on software management planning.
  • Unit 3: ‘Organising data’ – Main updates include: restructuring the content to make it easier to read and understand, and new pages on collaboration and working in teams, versioning files and using versioning tools, and managing software and code.
  • Unit 8: ‘FAIR sharing and access’ – Main updates include: new videos, new pages on open data, the FAIR principles, making data FAIR, open data repositories, and data access statements, plus revisions to unit summary activities.

You can also read previous blog posts about updates to Unit 1: ‘Research data in context’ (blog post) and Unit 7: ‘Protecting sensitive data’ (blog post).

We hope you find time to visit MANTRA to see what is new and to learn more about looking after your research data effectively. We will be sharing more news on MANTRA as further updates are released.

Bob Sanders
Research Data Support Assistant, L&UC

End of an era – 2017-2020 RDM Roadmap Review (part 1)

Looking back on three years that went into completing our RDM Roadmap in this period of global pandemic and working from home, feels a bit anti-climactic. Nevertheless, the previous three years have been an outstanding period of development for the University’s Research Data Service, and research culture has changed considerably toward openness, with a clearer focus on research integrity. Synergies between ourselves as service providers and researchers seeking RDM support have never been stronger, laying a foundation for potential partnerships in future.

thumbnail image of poster

FAIR Roadmap Review Poster

A complete review was written for the service steering group in October last year (available on the RDM wiki to University members). This was followed by a poster and lightning talk prepared for the FAIR Symposium in December where the aspects of the Roadmap that contributed to FAIR principles of research data (findable, accessible, interoperable, reusable) were highlighted.

The Roadmap addressed not only FAIR principles but other high level goals such as interoperability, data protection and information security (both related to GDPR), long-term digital preservation, and research integrity and responsibility. The review examined where we had achieved SMART-style objectives and where we fell short, pointing to gaps either in provision or take-up.

Highlights from the Roadmap Review

The 32 high level objectives, each of which could have more than one deliverable, were categorised into five categories. In terms of Unification of the Service there were a number of early wins, including a professionally produced short video introducing the service to new users; a well-designed brochure serving the same purpose; case study interviews with our researchers also in video format – a product of a local Innovation Grant project; and having our service components well represented in the holistic presentation of the Digital Research Services website.

Gaps include the continuing confusion about service components starting with the name ‘Data’___ [Store, Sync, Share, Vault]; the delay of an overarching service level definition covering all components; and the ten-year old Research Data Policy. (The policy is currently being refreshed for consultation – watch this space.)

A number of Data Management Planning goals were in the Roadmap, from increasing uptake, to building capacity for rapid support, to increasing the number of fully costed plans, and ensuring templates in DMPOnline were well tended. This was a mixed success category. Certainly the number of people seeking feedback on plans increased over time and we were able to satisfy all requests and update the University template in DMPOnline. The message on cost recovery in data management plans was amplified by others such as the Research Office and school-based IT support teams, however many research projects are still not passing on RDM costs to the funders as needed.

Not many schools or centres created DMP templates tailored to their own communities yet, with the Roslin Institute being an impressive exception; the large majority of schools still do not mandate a DMP with PhD research proposals, though GeoSciences and the Business School have taken this very seriously. The DMP training our team developed and gave as part of scheduled sessions (now virtually) were well taken up, more by research students than staff. We managed to get software code management into the overall message, as well as the need for data protection impact assessments (DPIAs) for research involving human subjects, though a hurdle is the perceived burden of having to conduct both a DPIA and a DMP for a single research project. A university-wide ethics working group has helped to make linkages to both through approval mechanisms, whilst streamlining approvals with a new tool.

In the category of Working with Active Data, both routine and extraordinary achievements were made, with fewer gaps on stated goals. Infrastructure refreshment has taken place on DataStore, for which cost recovery models have worked well. In some cases institutes have organised hardware purchases through the central service, providing economies of scale. DataSync (OwnCloud) was upgraded. Gitlab was introduced to eventually replace Subversion for code versioning and other aspects of code management. This fit well with Data and Software Carpentry training offered by colleagues within the University to modernise ways of doing coding and cleaning data.

A number of incremental steps toward uptake of electronic notebooks were taken, with RSpace completing its 2-year trial and enterprise subscriptions useful for research groups (not just Labs) being managed by Software Services. Another enterprise tool, protocols.io, was introduced and extended as a trial. EDINA’s Noteable service for Jupyter Notebooks is also showcased.

By far and away the most momentous achievement in this category was bringing into service the University Data Safe Haven to fulfil the innocuous sounding goal of “Provide secure setting for sensitive data and set up controls that meet ISO 27001 compliance and user needs.” An enormous effort from a very small team brought the trusted secure environment for research data to a soft launch at our annual Dealing with Data event in November 2018, with full ISO 27001 standard certification achieved by December 2019. The facility has been approved by a number of external data providers, including NHS bodies. Flexibility has been seen as a primary advantage, with individual builds for each research project, and the ability for projects to define their own ‘gatekeeping’ procedures, depending on their requirements. Achieving complete sustainability on income from research grants however has not proven possible, given the expense and levels of expertise required to run this type of facility. Whether the University is prepared to continue to invest in this facility will likely depend on other options opening up to local researchers such as the new DataLoch, which got its start from government funding in the Edinburgh and South East Scotland region ‘city deal’.

As for gaps in the Working with Data category, there were some expressions of dissatisfaction with pricing models for services offered under cost recovery although our own investigation found them to be competitively priced. We found that researchers working with external partners, especially in countries with different data protection legislation, continue to find it hard work to find easy ways to collaborate with data. Centralised support for databases was never agreed on by the colleges because some already have good local support. Encryption is something that could benefit from a University key management system but researchers are only offered advice and left to their own mechanisms not to lose the keys to their research treasures; the pilot project that colleagues ran in this area was unfortunately not taken forward.

In part 2 of this blog post we will look at the remaining Roadmap categories of Data Stewardship and Research Data Support.

Robin Rice
Data Librarian and Head of Research Data Support
Library and University Collections

A visit from the data jungle: My internship in research data management

This is a guest post from Dr. Tamar Israeli, who completed a work/study internship with the Research Data Support team last Autumn. A link to her report is available below.

Recently, there has been a rumor in Israel that research data should be managed. As a librarian and information specialist working in an academic institution, I decided to check if this was true.

When looking for a place for an internship on the role of the library in research data management (RDM), I was happy to find out that the University of Edinburgh RDM support team has a good reputation. I remember enjoying very much my visit to Edinburgh 30 years ago so I was very happy to get Robin Rice & Martin Donnelly’s kind invitation so I could boldly go where… I had already been before.

During September 2019, I worked with the RDM support team, attended some of the staff meetings and participated in one of the RDM trainings.  As part of my internship we carried out a small scale study. The purpose of the study was mainly to understand what are the barriers that prevent researchers from using tools and services provided to them by the university when collaborating with data.

For that purpose, I interviewed six researchers from different schools and disciplines. The researchers were open and cooperative and the interviews were very interesting and insightful. If you’d like to learn about the way researchers collaborate and what influences their decision to use a particular tool or service, here is a link to our report: http://dx.doi.org/10.7488/era/2

Many thanks to the support team for their invitation and warm hospitality. It was one of the most pleasant months of my life.

Tamar Israeli
Librarian and information specialist
Western Galilee College

Research Data Service achieves ISO 27001 accreditation for Data Safe Haven facility

Following a five day on-site audit by Lloyd’s Register, the Information Security Management System (ISMS) which forms the basis for the Data Safe Haven facility for University of Edinburgh researchers has been officially certified to the ISO/IEC 27001:2013 standard. In a few weeks we will receive a certificate from UKAS (United Kingdom Accreditation Service).

The Data Safe Haven (DSH) team, comprised of members of Research Data Support in L&UC and Research Services in ITI, and with input from the Information Security team and external consultants, has been working toward certification since 2016. The system, designed by ITI’s Stephen Giles, has been extensively and successfully ‘white box penetration tested’ by external experts, one of the many forms of proof provided to the auditor. (White box means the testers were given access to certain layers of the system, as opposed to a black box test where they are not.)

The steel cage surrounding Data Safe Haven equipment in one of the University data centres.

In addition to infrastructure, a proper ISMS is made up of people who perform roles and manage procedures, based on organisational policies. The Research Data Support team work with research project staff to ensure their practices comply with our standard operating procedures. The ISMS is made up of all the controls needed to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. Over 150 managed and versioned documents covering every aspect of the ISMS were written, discussed, practiced, reviewed and signed off before being examined and questioned by the auditor.

The auditor stated in the final report, “The objectives of the assessment were achieved and with consideration to any noted issues or raised findings, the sampled areas of the management system demonstrated a good level of conformance and effectiveness. The management system remains supportive of the organisation and its business and service management objectives.” On a slightly more upbeat note, Gavin Mclachlan, Vice-Principal and Chief Information Officer, and Librarian to the University said by email, “Congratulations to you and the whole team on the ISO 27001 certification. That is a great achievement.”

The Digital Research Services programme has invested in the Data Safe Haven to allow University researchers to conduct cutting edge research, access sensitive data from external providers and facilitate new research partnerships and innovation. Researchers are expected to include Data Safe Haven costs in funded grant proposals to achieve some cost recovery for the University. To find out if your project is a candidate for use of the Data Safe Haven contact data-support@ed.ac.uk or the IS Helpline.

Robin Rice
Data Librarian and Head, Research Data Support
L&UC