The Handbook is currently under development and may change at any point - it is not meant for production use

Maturity model

Indicators

Indicator	Maturity Levels
[1.1] Strategy for RDM	No RDM strategy is defined Initial RDM strategy planned or drafted RDM strategy approved by the organisation RDM strategy is actively communicated RDM strategy fully implemented with regular revisions
[1.2] Personnel for RDM	No staff has explicit DM duties There are staff that has DM duties There are dedicated DM staff There is a dedicated DM coordination team
[1.3] Internal RDM goals and KPIs (operational improvement)	No RDM goals nor KPIs defined RDM goals defined without KPIs (Some) RDM goals and KPIs defined (but not monitored) RDM goals defined and monitored via KPIs
[1.4] Adherence to relevant governing RDM policies on international, European, national, local, organisational level	Governing policies not taken into consideration Governing policies partially taken into consideration Governing policies fully taken into consideration
[1.5] Research data governance: policies and procedures	Minimal or no documented RDM policies and procedures. Individual researchers or departments manage research data independently. Some RDM policies and procedures are defined but not yet fully implemented across the organization. Well-defined and written RDM policies and processes, supported by technology and formal oversight. A unified approach to research data management in the organisation. Proactive, and continuous improvement of well-established research data governance.
[1.6] Organizational RDM efforts align with relevant RDM best practices on international, European, national, local, organisational level (harmonisation)	No consideration Some mentioned in strategy Networking and alignment actively pursued
[1.7] Funding sources for RDM efforts	No specific funding Funding from individual grant-based project or minimal stable funding (annual allowance) Large stable funding or combination of grant-based and stable funding Combination of grant-based, stable funding and detailed cost recovery model

Indicator	Maturity Levels
[2.1] Legal framework for research data	Legal processes are ad hoc and reactive, with no standardized framework or templates regarding RDM. Legal tasks are handled informally by various departments. Agreements go through minimal review. Standard templates and contractual clauses are being introduced, but not consistently used. The legal department exists but does not yet support project initiation or have fully defined processes for RDM issues. The legal framework is well-defined and standardized across the organization. A dedicated personel is responsible for supporting the establishment of a legal framework covering RDM requirements. Comprehensive templates and standardized contractual clauses for RDM issues. Continuously improved and optimized legal framework for research data; regularly updated to reflect RDM best practices and regulatory changes. Use of advanced, customizable templates and optimized contractual clauses for RDM issues.
[2.2] IT security for research data (RD) and associated services	Security measures for RD and services are ad hoc or minimal. There are few or no documented policies and/or procedures. Staff have limited awareness of IT security. Basic protections like antivirus software and standard firewalls are used reactively. Implementation of documented policies/procedures for security of RD; regular staff training of recognition and response to cyber threats; access control and password management systems are in place; regular software updates and patches. Incident response and disaster recovery plans for RD are in place and tested; proactive security measures, vulnerability testing and assessment; Multi-Factor Authentication (MFA) is enforced for sensitive systems; tools for advanced threat detection and response are in place. ISO certification or similar (ISO/ NIST, ...); real-time threat monitoring for RD and automated response mechanisms are in place; regular audits and continuous improvement.
[2.3] Data protection compliancy of research data	The organisation has a part-time Data Protection Officer (DPO) with general responsibilities (consulting) for RD. Active monitoring for data protection compliance by the DPO. Mostly, there is no standardised framework or templates regarding RDM, and most of the work is reactive. Organisation has a full-time DPO. Guidelines, documentations and consultations are actively done by DPO for RD. No procedures in place to involve the DPO. Established systems for Data Protection legislation compliance (ROPA, consent management, DPIA, etc.) of RD. No procedures in place to involve the DPO. Sometimes a DPO is involved at the planning stages, but not always. Procedures are in place and the organisation is willing and actively involves a DPO at the right stages of the project. The top leaders of the organisation understand the necessity of the DPO and the processes regarding data protection. The organisation does regular auditing (internal or external), and the ongoing evaluation is taking place regarding data protection for RD. Established procedures for the exercise of Data Subject Rights.
[2.4] Ethics / ELSI for research data (regarding animal / human subjects, Nagoya matters)	Ethical considerations for RD are minimal and reactive. There are no formal guidelines or processes for ensuring ethical compliance in research. Basic ethical guidelines are established, but not consistently applied. Awareness of ethical issues is growing, and some training is provided. Ethical guidelines regarding RD are well-defined and consistently applied. Regular training and monitoring ensure compliance, and there is a clear process for addressing ethical issues. Ethical standards regarding RD are fully integrated into the research process. Continuous improvement and proactive measures are in place, with advanced training and robust mechanisms for ensuring ethical integrity.

Indicator	Maturity Levels
[3.1] RDM Training	No RDM training offered to staff Ad-hoc RDM training provided, no or limited targeted approach Regular training and/or broad audience reach with targeted contents Structured program and train-the-trainer is made available to internal trainers
[3.2] Availability of RDM training material	Not available Available on request Accessible to staff and partners only Open, multilingual/English and widely promoted
[3.3] Framework for different levels (e.g., local, national, international) of networking opportunities for the organizational RDM expertise	Only internal interaction - RDM expertise is only shared and accumulated within the organization, i.e., no further networking Informal interaction with external RDM experts – Sharing and exchange of RDM expertise is reaching beyond the own institute, but only informally Minimal network participation - Formal interaction with external RDM expert network(s) with occasional collaboration with external partners Formal support for RDM expert networking participation – Encouragement and/or funds to attend regular forums, meetings, or platforms enable regular collaboration and sharing of RDM expertise
[3.4] RDM information / guidelines for researchers	None Unclear and hard to find – Information is scattered or outdated; staff don’t know where to look Partially available – Some centralised sources exist and are occasionally updated; visibility varies Clearly visible and maintained – There are accessible, up-to-date sources that are actively shared across the organisation
[3.5] Flow of RDM communication and responsiveness	One-way and slow – Information is shared top-down only; feedback is rare or unanswered Some feedback and interaction – Staff can ask questions or raise issues, but response time and engagement vary Responsive and two-way – Communication is timely and interactive, with active listening and feedback loops in place
[3.6] Formalization of support for RDM services (e.g., tools as service, and similar)	Services present but only informally supported Services formally supported and documented Professional service provision with ticketing system, usage agreements, formal documents, templates, etc; relevant services are integrated with each other

Indicator	Maturity Levels
[4.1] RDM software and resources used by end-users	No software or resources for data management present or recommended Reference to generic software and resources Software and guidelines provided and documented for researchers / relevant groups / relevant RDM processes Software and guidelines adopted by researchers / relevant groups / relevant RDM processes
[4.2] Research data organisation standards	No standard present or recommended Reference to generic best practices Guidelines / standards provided and documented for researchers / relevant groups / relevant RDM processes Guidelines / standards adopted by researchers / relevant groups / relevant RDM processes
[4.3] Documentation standards	No standard present or recommended Reference to generic best practices Guidelines / standards provided and documented for researchers / relevant groups / relevant RDM processes Guidelines / standards adopted by researchers / relevant groups / relevant RDM processes
[4.4] Technical research infrastructure	No technical infrastructure for research / RDM is available Technical infrastructure for research / RDM is available; general usage recommendation Technical infrastructure for research / RDM facilitates data handling along the research data life cycle; more specific usage recommendations Usage guidelines (and/or SOPs) and automated processes are present in the technical infrastructure for research / RDM regarding, e.g., storage conditions, archiving rules, deletion rules
[4.5] Research data publication	No guideline present or recommended for research data publication Reference to generic best practices of research data publication Specific guidelines and standards are provided regarding data and metadata Research data publication follows a standardized, documented process and support is available
[4.6] Catalog of data assets	Lists of data assets capturing basic (non-standardized) information do not exist or exist within separate sub-units. Central catalog exists (although incomplete) with basic metadata about data assets. Central catalog exists. Procedures are in place to capture most of the datasets of organizational interest. Search allows to find data asset of interest only based on basic metadata. Centralized searchable catalog with standardized metadata allowing search of datasets in alignment with organizational goals and retrieval of metadata via API. All assets have a unique accession number.
[4.7] Accessibility of research data	No access standards are in place on the actual format and SOPs are not in place for access decision making (e.g., unofficial approval of management) Standard access channel is in place. The data access requests have to be submitted. Data use conditions are reviewed upon request. Full audit trail is in place for access. Data is easily accessible and retrieval is optimised for efficiency. Access is (semi-)automated. APIs and efficient transfer channels allowing fast automated retrieval. Following standard secure protocols. Data accessibility is seamless, with advanced search and retrieval capabilities following domain standards.
[4.8] Data management planning	Nothing offered Best practice and guidelines available Consultancy and training available, more standardized guidelines; DMP writing may be required from some researchers DMP tool available and machine actionability facilitate further integration; DMP writing may be required for all projects

Version information

Version: 1.2.1 Fix mm-data-infrastructure
Release date: 2025-12-15