Skip to content Skip to footer

Your tasks: Compliance monitoring & measurement

How can you measure and document data management capabilities?


Being able to reliably measure and document capabilities in data management, data protection and information security is important for research institutions. By knowing their capabilities institutions can spot areas of improvement and direct human and IT resources accordingly. Also, having capabilities documented or formalised by certifications saves a good deal of effort during data management planning.


  • Are you being asked to describe information security and data protection arrangements for a project DMP and you find yourself repeating similar descriptions across DMPs of projects?
    • Contact your institution’s Data Protection Officer (DPO) and Chief Information Security Officer (CISO). They may be able to provide you with a standard description of data protection and information security measures for institutional data platforms.
    • Inquire whether the platforms you will use for your project’s data management have an information security or data privacy certification.
  • Are you providing a data service, such as data hosting, curation or archival and want to document and assess your service’s capabilities?
    • Consider measuring the FAIR maturity of your services and the FAIRness of your data assets using community adopted standard metrics.


  • FAIR data
  • RDA developed a first set of guidelines and a checklist related to the implementation of the FAIR indicators.
  • The FAIRplus project with its FAIR Cookbook provides services, tools, and indicators necessary for the assessment or the evaluation of data against the FAIR Principles.
    • FAIR Evaluation Services are an automated approach to evaluate FAIRness of data services.
    • aims to collect and describe existing resources for the assessment and/or evaluation of digital objects against the FAIR principles.
  • The FAIR-Wizard utilizes FAIRification resources developed by the FAIRplus project and other platforms, suggests FAIRification materials based on the FAIRification requirements, and designs FAIRification solutions for data owners, data stewards, and other people involved in FAIRification.
  • The FAIRshake evaluates the FAIRness of Digital Objects.
  • Information Security, Data Protection, Accountability
    • 21 CFR part 11 is a standard, which outlines criteria for electronic records in an IT system to be as valid as signed paper records. It is widely adopted in lab information systems and applications used in clinical trials and medical research.
    • ISO/IEC 27001 is an international standard for the management of information security. It is adopted by some universities and research institutes to certify their data centres.
    • ISO/IEC 27018 is a standard aimed to be a code of practice for protection of personally identifiable information (PII) in public clouds.

How can you ethically access genetic resources of another country?


If during your research project you need to access or transport genetic resources and/or associated traditional knowledge from any country, you should comply to all relevant (inter)national legislation. One important legislation in this case is the Nagoya Protocol. The Nagoya Protocol specifies the Access and Benefit-Sharing (ABS) principles, established by the Convention on Biological Diversity (CBD), for countries providing and using genetic resources in a legally binding way.

Article 3 of CBD clarifies, that states have sovereign rights over their own (biological and genetic) resources. Negotiations concluded in 2014 with the Nagoya Protocol on ABS. Since then, working with genetic resources and associated data of another country requires more preparatory measures. The aim of the Nagoya protocol is to ensure fair and equitable sharing of benefits arising from utilisation of genetic resources and from traditional knowledge associated with genetic resources. Many countries, as well as the EU, are parties of the Nagoya Protocol and information on this can be found at the ABS Clearing House. By enactment of EU Regulation No. 511/2014 the obligations were implemented in the EU on 12.10.2014. Here you can find a short video about ABS – Simply Explained.

Genetic resources are defined as “all genetic material of actual or potential value. Essentially, the term encompasses all living organisms (plants, animals and microbes) that carry genetic material potentially useful to humans. Genetic resources can be taken from the wild, domesticated or cultivated. They are sourced from: natural environments (in situ) or human-made collections (ex situ) (e.g. botanical gardens, gene banks, seed banks and microbial culture collections).”. The definition of “traditional knowledge associated with genetic resources” is left to the Parties of the Protocol instead. However, in the context of the Nagoya Protocol, “the term is used in relation to the knowledge, innovations and practices of indigenous and local communities that result from the close interaction of such communities with their natural environment, and specifically to knowledge that may provide lead information for scientific discoveries on the genetic or biochemical properties of genetic resources. It is characteristic of traditional knowledge that it is not known outside the community holding such knowledge.”.


  • Since ABS regulations and Nagoya Protocol put high demands on documentation, this legal aspect is time consuming and therefore needs to be taken into account when planning the research project.
  • ABS is not relevant for all genetic resources. It applies only to resources that have been accessed from a provider country after October 12, 2014. Some genetic resources are explicitly excluded, like for example human genomes, some crops and some viruses. Moreover, there are countries who are party of the Nagoya Protocol, but have no ABS legislation in place.
  • If ABS is relevant to the project it should be part of the Data Management Plan.
  • You must comply with the Nagoya Protocol and other national legislation before accessing the genetic resources.
  • When negotiating the Mutually Agreed Terms (MAT), it is very important to think about the future reusability of the data generated based on the genetic resources. When sharing this data, it is important to include the necessary metadata regarding ABS and to clarify the legal basis, in order to make the data reusable to others again.


  • In the planning stage of your research project, allow extra time to familiarise yourself with the legal requirements. In order to determine if the Nagoya Protocol applies to your research, take a look at:
  • If ABS principles and Nagoya Protocol apply to your project, make sure to:
    • investigate the conditions for accessing the genetic resources and/or the associated traditional knowledge in the country of origin;
    • make a Prior Informed Consent (PIC) with the country that will provide the genetic resources and/or the associated traditional knowledge, to clarify the goal of your research and how you will use the requested resources;
    • negotiate a Mutually Agreed Terms (MAT) to establish how to share the resulting benefits. The benefits for the provider of the genetic resources and/or the associated traditional knowledge can be monetary, transfer of knowledge and technology, training, etc.

Related pages

More information

FAIR Cookbook is an online, open and live resource for the Life Sciences with recipes that help you to make and keep data Findable, Accessible, Interoperable and Reusable; in one word FAIR.

Skip tool table
Tool or resource Description Related pages Registry
FAIR Cookbook FAIR Cookbook is an online resource for the Life Sciences with recipes that help you to make and keep data Findable, Accessible, Interoperable and Reusable (FAIR) TransMed Health data Tool info Training
FAIR Evaluation Services Resources and guidelines to assess the FAIRness of digital resources.
FAIR-Wizard The FAIR wizard utilizes FAIRification resources developed by the FAIRplus project and other platforms, suggests FAIRification materials based on the FAIRification requirements, and designs FAIRification solutions for data owners, data stewards, and other people involved in FAIRification. Training Help you discover resources to measure and improve FAIRness.
FAIRshake A System to Evaluate the FAIRness of Digital Objects
ISO/IEC 27001 International information security standard Human data
Skip national tools table

Tools and resources tailored to users in different countries.

Tool or resource Description Related pages Registry
23 Things for Research Data Management tool

Shared reference tool for knowledge on data management.

Human data Data management plan

Online tool which helps researchers and data managers assess how much they know about the requirements for making datasets findable, accessible, interoperable, and reusable (FAIR) before uploading them into a data repository.

Researcher Data management plan Data publication
Handbook for Adequate Natural Data Stewardship

Guidelines on data stewardship and practical toolbox for researchers at Dutch University Medical Centres (UMCs).

Human data Researcher Data management plan
Technology Hotels

More than 130 Technology Hotels offer access to high-end technology and expertise in the field of bioimaging, bioinformatics, genomics, medical imaging, metabolomics, phenotyping, proteomics, structural biology, and/or systems biology.

Human data Bioimaging data Proteomics Researcher