3a - How will data and metadata be stored and backed up during the research process?
Science Europe DMP Guidance 
- annotated
3a.1
Describe where the data will be stored and backed up during research activities and how often the backup will be performed. It is recommended to store data in least at two separate locations.
3a.2
Give preference to the use of robust, managed storage with automatic backup, such as provided by IT support services of the home institution. Storing data on laptops, stand-alone hard drives, or external storage devices such as USB sticks is not recommended.
As a default, choose storage solutions delivered by the IT department at your institution. These services will in general will include backup, make sure you familiarise yourself with the backup routines at your institution (e.g. frequency and retention period). Important aspects when choosing a suitable storage solution for your projecrt includes confidentiality, collaboration with external partners and amount of data. In cases where institutionally managed storage cannot be used (e.g. field trips), the 3-2-1 rule should be followed (at least 3 copies of the data, 2 different media, 1 off-site copy). Be especially aware of cost and capacity issues if you have large amounts of data (in the order of terrabytes).
Sufficiently adressed (DMP Evaluation Rubric)
Clearly (even if briefly) describes:
- The location where the data and backups will be stored during the research activities.
- How often backups will be performed.
- The use of robust, managed storage with automatic backup (for example storage provided by the home institution). or
- Explains why institutional storage will not be used (and for what part of the data) and describes the (additional) locations, storage media, and procedures that will be used for storing and backing up data during the project.
**Relevant PID**
- none?
**Interested stakeholder**
- Level 2: ITA, Sigma2 if big data
**Relevant project phase**
- pre-award: outline (if budget-relevant)
- planning post-award, active phase
RDA Common Standard for maDMP 
[Properties in distribution]
- #host_table: nested, see below
[Properties in host] may also be used to describe unpublished datasets?
- #host_geo_location_tree [country code, controlled vocabulary]
- #host_storage_type_tree [string, free text]
- #host_backup_frequency [string, free text]
- #host_backup_type_tree [string, free text]
- #host_certified_with_tree [controlled vocabulary]
- #host_supports_versioning_tree: yes/no/unknown
Missing:
- most suited to published data
Explanations for support staff
- Where to find information about local & national computing infrastructure, when to use what.
- Technical knowledge of backup approaches.
Guidance from NFR
[Storage and data security during the project]\
- Where will (meta)data be stored and backed up throughout the project, and how often will this be performed? Storing data on laptops, typical external hard drives, USB-sticks or similar is not recommended due to less protection and greater risk of data being lost.
- How should data be recovered in the event of an accident?
FAIRsFAIR FAIR-Aware Additional Guidance 
- not covered
Explanations for users
Where to find information at own institution, use of institutionally managed storage, pricing policy (see question 6b), backup in case institutional storage cannot be used.
Existing sources that can be reused
DMP Tuuli
Where will your data be stored, and how will the data be backed up? Describe where you will store and back up your data during your research project. Consider who will be responsible for backup and recovery. If there are several researchers involved, create a plan with your collaborators and ensure safe transfer between participants. Show that you are aware of the storing solutions provided by your organisation. Do not merely refer to IT services. In the end, you are responsible for your data, not the IT department or the organisation. Explain the methods for preserving and sharing your data after your research project has ended in more detail in Section 5. Tips for best practices
- The use of a safe and secure storage provided and maintained by your organisation’s IT support or other reliable IT provider such as CSC is preferable.
- Do NOT USE external hard drives as the main storing option.
- Follow your institution’s data security requirements
NTNU - DMP guidance
- Describe where your data will be stored during the project period. We recommend using NTNU’s standard storage solutions (see NTNU storage guide). For specific information about procedures for back-up for the solution you choose for your project, contact the IT support at NTNU.
- Storing data on laptops, external hard drives, or external storage devices such as USB sticks is not recommended. Be sure to consider information security as well as data integrity and accessibility.
UiT - DMP guidance
- What are the procedures for storage and backup, and where will this be done?
- Who is responsible for backup and restoring the data? (For projects run exclusively at UiT, this will be the UiT IT Department for, provided that UiT facilities are used for storage.)
- Do you have sufficient storage facilities, or do you need extra services? If collecting data in the field (out of office), how will the data be safely transferred from the field to the main storage unit?
- What kind of folder structure and filename conventions will be used?
- If collecting data in the field (out of office), how will the data be safely transferred from the field to the main storage unit?
SND - Checklist DMP
Where and how will the data material be stored, and how do you make sure that it is securely stored? Will you do regular backups of the files? How will the data be recovered in the event of an incident? **Why is this important? ** Losing a data material is something you want to avoid. Secure storage with regular backups of the data is essential. You may want to consult with the university’s/organization’s IT security office about storage and backups before you begin the data collection/project.]
3b - How will data security and protection of sensitive data be taken care of during the research?
Science Europe DMP Guidance - annotated
3b.1
Explain how the data will be recovered in the event of an incident.
When using storage solutions and infrastructure at your institution or IT department, routines for backup and recovery should be in place. Check what is relevant for the specific solution used in your project.
3b.2
Explain who will have access to the data during the research and how access to data is controlled, especially in collaborative partnerships.
When choosing storage solutions and infrastructure, consider whether partners or collaborators outside your institution need access, as this might limit your options.
3b.3
Consider data protection, particularly if your data is sensitive for example containing personal data, politically sensitive information, or trade secrets. Describe the main risks and how these will be managed.
As in 3b.2, choosing a suitable storage and infrastructure is essential, in this case to be able to ensure data protection. In addition, a risk assessment should be performed to reduce and manage risks.
3b.4
Explain which institutional data protection policies are in place.
Sufficiently adressed (DMP Evaluation Rubric)
Clearly explains:
- How the data will be recovered in the event of an incident.
- Which institutional and/or national data protection policies are in place and provides a link to where they can be accessed.
- Who will have access to the data during the research.
- Clearly describes the additional security measures (in terms of physical security, network security, and security of computer systems and files) that will be taken to ensure that stored and transferred data are safe, when sensitive data are involved (for example personal data, politically sensitive information, or trade secrets).
**Relevant PID**
- none?
**Interested stakeholder**
- Level 1: Institution (information security)
- Level 2: DPO, REK, Sikt personverntjenester
**Relevant project phase**
- pre-award: outline
- planning post-award, active phase
RDA Common Standard for maDMP
[Properties in security and privacy]
- https://github.com/RDA-DMP-Common/RDA-DMP-Common-Standard?tab=readme-ov-file#properties-in-security_and_privacy: description [string, free text], name [string, free text]
[Properties in distribution]
- #distribution_data_access_tree: open/shared/closed
Missing:
- data recovery
- institutional/national data protection policies
- differential access rights, particularly in the active phase
Explanations for support staff
- National policies
- Classification of information: Institutional policies and storage guides
- Routines for data recovery
- Understanding data security measures
Guidance from NFR
[Storage and data security during the project]\
- Who will have access to the data during the project and how is access controlled? This is particularly important where the project is a collaboration with several research communities/institutions.
- If applicable, how should data security and risk management be handled in relation to sensitive data, such as personal data and data that underlies trade secrets?
- What institutional data protection policies apply?
Horizon Europe DMP Template
[5. Data Security]\
- What provisions are or will be in place for data security (including data recovery as well as secure storage/archiving and transfer of sensitive data)?
- Will the data be safely stored in trusted repositories for long term preservation and curation? (see also 5_sharing_preservation)
FAIRsFAIR FAIR-Aware Additional Guidance
- not covered
Explanations for users
- Data recovery
- National and institutional policies
- Information security levels
Existing sources that can be reused
DMP Tuuli
What legal issues are related to your data management? (For example, GDPR and other legislation affecting data processing). All types of research data involve questions of rights and legal and ethical issues. Demonstrate that you are aware of the relevant legislation related to your data processing. If you are handling personal or sensitive information, describe how you will ensure privacy protection and data anonymisation or pseudonymisation.
- Tips for best practices:
- Check your institutional ethical guidelines, data privacy guidelines and data security policy, and prepare to follow the instructions that are given in these guidelines.
- If your research is to be reviewed by an ethical committee, outline in your DMP how you will comply with the protocol (e.g., how you will remove personal or sensitive information from your data before sharing data to ensure privacy protection).
- Will you process personal data? If you intend to do so, please detail what type of personal data you will collect.
- All data related to an identified or identifiable person is personal data. Information such as names, telephone numbers, location data and information on the congenital diseases of the individual’s grandparents is personal data.
NTNU - DMP Guidance
Note that all data should be classified in order to choose the correct level of security and confidentiality. See Innsida for more information on how to classify research data. Also see Sikresiden.no for more information about information security. Relevant documents: NTNU Policy for information security NTNU Storage Guide
UiT - DMP guidance
Does your data include sensitive data? (If yes, also answer the questions below.) Are you going to collect informed consent to store and share the data? If so, how? How are you going to secure confidentiality and identity protection?
SND - Checklist DMP
Refer to the information security guidelines and policies in your university/organization and define what implications they have. What information classification level does the data material have and what security measures are needed to protect the material? Who should have access to the project data during the project and how do you plan to protect the data from unauthorised access? Why is this important? Access to the data material must be restricted so that authorised people can access it, but it is protected from unauthorised access. Secure work and storage environments can include access restriction (e.g. passwords), encryption, and virus and access protection. You may need to contact your organization’s IT security office to make sure that you have addressed all questions regarding information security before the data collection begins.]
Contributors
Contributor
Norwegian University of Science and Technology (NTNU)
Contributor
Norwegian University of Science and Technology (NTNU)