TRUST Principles
What does trust mean when it comes to research data held in repositories? Learn about the TRUST Principles for constructing data repositories.
When we say we trust something, it behaves as expected. Trust means we can rely on it to do things for us without having to constantly check on it. This is the same for research data repositories.
On this page, you’ll learn about:
- the concept of trust in research data repositories and the TRUST Principles[1]
- how to get your data repository certified as trustworthy, specifically by CoreTrustSeal
- how the ARDC is contributing to a national trusted data framework.
Trust in Research Data in Repositories and the TRUST Principles
In the context of research data held in repositories, trust means the data is:
- protected over time
- protected from unapproved changes
- available when users want to access it
- described in a way that users can understand what it is and decide whether it meets their needs
- in line with certain criteria and standards when it is deposited, meeting the expectations of the repository and the community it serves.
To articulate what trust looks like in the context of data repositories, the TRUST[2] Principles were agreed on and published in 2020 in an article in Nature’s Scientific Data journal.[3] ‘TRUST’ is the acronym for the 5 aspects the authors argue should be covered to make a repository trustworthy:
The TRUST principles have been endorsed by over 40 organisations at invitation. These include many international, mostly European and US, organisations.
Certifying Your Repository with CoreTrust Seal
One way to ensure the TRUST Principles are addressed is to have your repository certified by an authority that provides a test and a certificate when a published standard is met. One such organisation is CoreTrustSeal.
The CoreTrustSeal certification emerged from a working group at the Research Data Alliance (RDA), a group of researchers, infrastructure and science agencies working on solving challenges in sharing research data. Among the challenges were where to put data and what standards a repository should meet to demonstrate good data-holding practice.
To receive the certification, you have to write an application responding to certain criteria or requirements around trust. These requirements are updated every 3 years to reflect changes in community standards. From 2023 to 2025, there will be 16 requirements across 3 categories. The following is a summary of the requirements:
R1: a mission to preserve data
R2: rights management
R3: a continuity plan
R4: compliance with legal and ethical norms
R5: sufficient qualified staff
R6: expert advisors
R7: data provenance and authorised changes
R8: quality data descriptions
R9: preservation processes
R10: descriptions for users to understand the data
R11: archiving workflows
R12: discoverable data
R13: sufficient descriptions for data reuse
R14: processes to ensure data storage and integrity
R15: software and hardware reliability
R16: technical protection of the data
Answers are expected to run to between 500 and 800 words approximately with links to evidence, which will usually be procedures of the repository that are publicly available on its website. Once submitted, applications will go through the following steps:
- They will be reviewed by volunteers drawn from previous recipients of CoreTrustSeal certification.
- Reviewers will usually have feedback or queries for the applicant to respond to.
- Once the reviewers are satisfied with the response and that the repository meets all the required standards, the CoreTrustSeal Board will award the CoreTrustSeal Seal of Approval. The Seal lasts for 3 years, after which the repository can re-apply for the certification.
Once certified, an application is made public on the CoreTrustSeal website as a benchmark for future. As of early 2023, close to 200 repositories are certified and their applications made public.
Building National Trusted Data Repositories with the ARDC
As part of its international engagement, the ARDC took part in discussions about why it is important for research data to be held in trusted data repositories. Bringing this information back to Australia, the ARDC invested in 3 pilot projects between 2016 and 2018 to have them certified as trusted repositories:
- CSIRO Data Access Portal
- Australian Data Archive (ADA) at the ANU
- National Imaging Facility (NIF), funded by NCRIS.
Following the success of these certifications, the ARDC solicited Expressions of Interest in getting support for certification from other Australian repositories in 2019. This resulted in ARDC facilitating a Trusted Data Repositories Community of Practice (TDR-CoP), helping repositories secure the CoreTrustSeal certification. Over time, an active group of organisations emerged to work together to write certification applications. This has resulted in 6 applications for international trust certification, which are pending review in 2023.
Next Steps
Read the Nature article on the TRUST Principles.
If you want to get your repository trust-certified and participate in the ARDC’s trusted data community:
- get meeting invitations by contacting our Community Liaison
- visit the ARDC TDR-CoP website
- visit the CoreTrustSeal website
- view successful applications for the CoreTrustSeal certification.
Notes
- Lin et al., 2020. The TRUST Principles for Digital Repositories. Scientific Data. https://doi.org/10.1038/s41597-020-0486-7. Jump back
- When referring to the principles from the Nature paper, “TRUST” is in all caps as an abbreviation. Jump back
- Lin et al., 2020. Jump back
Did you find this resource useful?
Receive tailored updates on latest digital research news, events, resources, career opportunities and more.