Human Data Infrastructure Maturation Model

The aim of this Maturity Model is to create a guide which can be used by technical decision makers to support the organisational data-sharing maturation strategy which they are tasked to execute. It should help bridge the gap between the goals of the high level decision makers and the actions of the technical implementers.

Ultimately, this model should support technical leads in human data sharing projects and organisations, provide concrete steps in supporting operational goals through the use of standards, align with existing related projects, and support the ELIXIR HGTD vision from the ground up.

Institutional

Subdomains	Indicator	Connected Indicator	Levels
[1.1] Legal Governance	[1.1.1]Legal Governance for International Agreements	6.3.1 5.3.1 3.3.1	Requirements being gathered to set legal agreements in place supporting international data sharing. Legal agreements drafted to support international data sharing. Legal agreements in place to support international data sharing. Legal agreements in place to support international data sharing and a mechanism for updates exists.

Subdomains	Indicator	Connected Indicator	Levels
[2.1] Communications	[2.1.1] Communications with User Groups		Requirements being gathered to create a communication and outreach plan with user groups. Communication and outreach plan with user groups drafted. Communication and outreach plan with user groups is implemented and encourages use of the infrastructure. The communication and outreach plan with user groups is implemented, encourages use of the international infrastructure and is regularly reviewed.
[2.2] Alignment with initiatives	[2.2.1]1+ Million Genome (1+MG) National Mirror Group Alignment	2.2.2	Requirements being gathered to establish a 1+MG National Mirror Group (or equivalent). 1+MG National Mirror Group (or equivalent) established. 1+MG National Mirror Group (or equivalent) established and functioning to deliver a roadmap that is compatible with 1+MG. Demonstrated advancements and leadership of activities to support infrastructure and services that align with the 1+MG roadmap.
	[2.2.2]Alignment with the 1+MG Trust Framework	2.2.1	Gathering requirements for policies and agreements which align with the 1+MG Trust Framework to enable effective and secure cross-border access to sensitive human data. Cohesive plan that aligns with the 1+MG Trust Framework drafted covering policies and agreements enabling effective and secure cross-border access to sensitive human data. Cohesive plan that aligns with the 1+MG trust framework has been implemented at the Node level to support secure cross-border data access of sensitive human data. Cohesive plan that aligns with the 1+MG trust framework has been implemented and enforced at the Node level and is under regular review.
	[2.2.3] EHDS Alignment		Outputs of the EHDS are being analysed for benefit to the Node. Plans drafted to implement or interoperate with the appropriate outputs of the EHDS. Appropriate EHDS outputs implemented or interoperability established. Node is driving or contributing to the advancement of EHDS outputs.
	[2.2.4]EOSC Alignment		Outputs of the EOSC are being analysed for benefit to the Node. Plans drafted to implement or interoperate with the appropriate outputs of the EOSC. Appropriate EOSC outputs implemented or interoperability established. Node is driving or contributing to the advancement of EOSC outputs.
	[2.2.5] National Genomic Programme		Requirements being gathered to form a mutual connection between the Node's activities and the current National or Regional Genomic Programme. Plan drafted and key individuals identified for forming a mutual connection between the Node's activities and the current National or Regional Genomic Programme. Human data activities of the Node and the current National or Regional Genomic Programme are harmonised and collaborating. Human data activities of the Node and the current National or Regional Genomic Programme are harmonised and the Programme is utilising ELIXIR tools, services and/or knowledge. A plan is in place to ensure the continuity of this collaboration.
[2.3] Sustainability	[2.3.1]Planning and secured funding		Requirements being gathered to create a long term funding plan to support the operation of the Infrastructure. Developed a plan to secure long term funding for the operation of the infrastructure, initial (4-5 year) funding has been secured. Long term funding secured for the national infrastructure. Long term sustainability plan in place.
[2.3] Sustainability	[2.3.2]Business Plan		Requirements being gathered to create a business plan to support the infrastructure. Business plan drafted to support the infrastructure. Business plan has been deployed and is currently helping to sustain the infrastructure. Business plan to support the infrastructure is operating, is periodically evaluated for optimization, taking into account developments.
[2.4] Human Capacity Building	[2.4.1] ELSI Capacity		Requirements being gathered for Node capacity supporting ELSI concerns of human genomic data sharing, currently covered ad hoc. ELSI capacity requirements are drafted and recruiting is underway. Full Node capacity needs are not yet met. Current Node ELSI capacity needs met. Current Node ELSI capacity needs are met and there is a plan for expansion or change as the Node advances.
	[2.4.2] Technical Capacity		Requirements being gathered for Node capacity supporting technical requirements for human genomic data sharing, currently covered ad hoc. Technical capacity requirements are drafted and recruiting is underway. Full Node capacity needs are not yet met. Current Node technical capacity needs met. Current Node technical capacity needs are met and there is a plan for expansion or change as the Node advances.
	[2.4.3] Training		Requirements being gathered to create a training program to support onboarding and advancement within the infrastructure. Node training program drafted. Consistent Node training programs are implemented and support alignment with the international infrastructure. Consistent Node training programs are implemented, support alignment with the international infrastructure, and are consistently reviewed and updated.

Core Functionalities

Subdomains	Indicator	Connected Indicator	Levels
[3.1] Data Discoverability Technical Concerns	[3.1.1] Data Discovery Functionalities	2.2.2	Requirements being gathered for the implementation of data discovery functionalities aligned with the 1+MG proof of concept. A plan is drafted to implement the data discovery elements of the 1+MG proof of concept system. The data discovery elements of the 1+MG proof of concept system have been fully deployed at a Node level. The data discovery elements of the 1+MG proof of concept have been deployed at the Node level, are fully connected with the complete end-to-end system and a plan is in place to update and expand the data discovery capabilities as the needs and standards evolve.
[3.2] Data Discoverability Semantics	[3.2.1] Metadata structure	4.2.1	Requirements being gathered for metadata structure standardisation needs. Metadata structure standards drafted that are interoperable with the 1+MG network. Metadata structure standards established that are interoperable with the 1+MG network and are deployed at a Node level. Interoperable metadata structure to support data findability are established, deployed at a Node level, enforced, and open to opportunities and upgrade.

Subdomains	Indicator	Connected Indicator	Levels
[4.1] Data Reception Technical Concerns	[4.1.1] Data Reception APIs	4.2.1 4.3.1	Requirements being gathered for data reception standardisation mechanisms to ensure consistent data reception. Data reception standardisation mechanisms are drafted to ensure consistent data reception. Data reception mechanisms to ensure consistent data reception are deployed at a Node level. Data reception standardisation mechanisms to ensure consistent data reception and access are deployed, enforced and open to opportunity and upgrade.
[4.2] Data Reception Semantics	[4.2.1] Data Reception Standards	3.2.1	Data and metadata reception requirements being gathered, such as minimal metadata requirements, data standards, file formats, or relevant ontologies. Data and metadata requirements, standards, interoperable file formats, and relevant ontologies are chosen, may be suggested to users, but not yet enforced. Minimal metadata requirements are enforced, data standards, formats, and ontologies are suggested. Minimal metadata and internationally interoperable data standards, file formats, and ontologies are required and enforced and under regular review.
[4.3] Data Reception Organisational Concerns	[4.3.1] Data Reception Quality Control Requirements	4.3.2	Information being gathered for data quality control requirements. Data quality control requirements have been drafted, but are not yet enforced, potentially with manual review Data quality control requirements are enforced with manual review. Data quality control requirements are enforced, automated and under review in line international quality standards.
[4.3] Data Reception Organisational Concerns	[4.3.2] Data Quality Control Procedures	4.3.1	Requirements being gathered to draft data quality control procedures to ensure consistent data reception. Data quality control procedures are drafted to ensure consistent data reception. Data quality control procedures to ensure consistent data reception are deployed at a Node level. Data quality control procedures to ensure consistent data reception are deployed, enforced and open to opportunity and upgrade.

Subdomains	Indicator	Connected Indicator	Levels
[5.1] Secure Storage and Interfaces Technical Concerns	[5.1.1] Storage and Interface APIs		Requirements being gathered for secure data storage and APIs supporting submission, metadata, and distribution. Secure data storage and APIs supporting submission, metadata, and distribution are drafted. Secure data storage and APIs supporting submission, metadata, and distribution are deployed at a Node level. Secure data storage and APIs supporting submission, metadata, and distribution are deployed, enforced and open to opportunity and upgrade.
[5.2] Storage and Interfaces Organisational Concerns	[5.2.1] Physical Infrastructure for Data Storage	2.3.1	Physical hardware needs are drafted to support the storage needs of the national human data network. Storage needs have been drafted and planned to support the national human data network. Some hardware acquisition or contract negotiations with an external storage provider may have occurred. Current storage needs to support the national human data network have been met including mechanisms to prevent data loss. Current storage needs to support the national human data network have been met and there is a plan for expansion or change as the Node advances.
[5.3] Storage and Interfaces Legal Concerns	[5.3.1]Data Storage Policies	1.1.1	Requirements being gathered for data storage and storage security policies. Data storage and storage security policies have been drafted and approved by appropriate bodies. Data storage and storage security policies are implemented and enforced. Data storage and storage security policies are enforced, regularly reviewed and open to opportunity and upgrade.

Subdomains	Indicator	Connected Indicator	Levels
[6.1] Data Management & Access Technical Concerns	[6.1.1] Access Control Mechanisms		Requirements being gathered for the system to support controlled access management using Life Science AAI or compatible system. Plan to implement a system has been drafted to support controlled access using Life Science AAI or compatible system. Life Science AAI or compatible system implemented at the Node level to support controlled access. Life Science AAI or compatible system is deployed, regularly reviewed and open to opportunity and upgrade.
[6.1] Data Management & Access Technical Concerns	[6.1.2]Permissions Management		Requirements being gathered for the system to support permissions management using Life Science AAI or compatible system. Plan to implement a system has been drafted to support permissions management using Life Science AAI or compatible system. Life Science AAI or compatible system implemented at the Node level to support permissions management. Life Science AAI or compatible system is deployed, regularly reviewed and open to opportunity and upgrade.
[6.2] Data Management & Access Semantics	[6.2.1]Data Use Semantics	4.2.1 3.2.1	No or ad hoc labeling of datasets for allowed usage. Requirements being gathered to implement a consistent ontology for data usage and access policies. Plan drafted to implement a consistent ontology for data usage and access policies at the Node level. Internationally compatible ontology of data usage and access policies has been implemented at the Node level. Internationally compatible ontology of data usage and access policies has been implemented at the Node level, is regularly reviewed and feeds back to the ontology creators for updates and expansion.
[6.3] Data Management & Access Legal Concerns	[6.3.1] Data & Metadata sharing & access policies	1.1.1 4.2.1 6.2.1	Requirements being gathered for data & metadata sharing and access policy needs to support data access & discoverability. Data & metadata access policies to support data access & discoverability are drafted. Data & metadata access policies created to support data access & discoverability within the federated European human data ecosystem. Data & metadata access policies are established, enforced, and open to opportunities and advancement.

Subdomains	Indicator	Connected Indicator	Levels
[7.1] Data Processing Technical Concerns	[7.1.1] Data Processing Technical Infrastructure		Requirements being gathered for the technical infrastructure to support data processing. Technical infrastructure plans to support data processing are drafted. Technical infrastructure for data processing is deployed at the Node level. Technical infrastructure for data processing is deployed, enforced, and open to opportunity and upgrade.
[ 7.2] Data Processing Organisational Concerns	[7.2.1] Data Processing Capacity		Requirements being gathered to support the data processing needs of the national human data network. Data processing needs have been drafted and planned to support the national human data network. Some hardware acquisition or contract negotiations with an external cloud provider may have occurred. Current data processing needs to support the national human data network have been met. Current data processing needs to support the national human data network have been met, are regularly reviewed and there is a plan for expansion or change as the Node advances.
[7.3] Data Processing Legal Concerns	[7.3.1]Data Processing Service Terms	2.3.2	Requirements being gathered for data processing policies. Data processing policies drafted. Data processing policies are deployed at the Node level. Data processing policies are deployed, enforced and reviewed regularly.

Institutional

[1] ELSI

[2] Organisation

Core Functionalities

[3] Data Discoverability

[4] Data Reception

[5] Storage and Interfaces

[6] Data Management Access

[7] Processing