|1.||The Federation Operator actively declares support for R&S||Declare support by email to firstname.lastname@example.org. This will be re-verified as part of the REFEDS annual audit.|
|2.||Maintain a detailed description of the federation's administrative process for tagging a Service Provider with R&S||Host a wiki or web page with information for SPs. |
| 3.||Have a clear assessment process for Service Providers|
Consider using the following checks:
- Can the SP demonstrate that they meet the definition of R&S? ("Candidates for the Research and Scholarship (R&S) Category are Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part. Example Service Providers may include (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively.").
- Can the SP demonstrate a reasonable need to use the full R&S bundle?
- Is there a relevant and appropriate relationship between the data subject and the Service Provider?
- Would there be a reasonable expectation on the part of the data subject that personal data will be released?
- Does the Service Provider demonstrate appropriate safe-guards / effective behaviour regarding data protection (e.g. do they have a privacy notice? do they use a code of conduct etc?)
- Does the entity meet the registration criteria in Section 4 of the specification?
|4.||Have a Process for reviewing use of R&S||Have measures in place to review R&S where you are the Registration Authority. This may be in line with the annual REFEDS review of R&S.|
|5.||Have a Process for removing R&S from a Service Provider||Have a simple process that allows for the removal of R&S if an entity no longer meets the requirements, cannot demonstrate compliance or no longer wishes to support R&S.|