CPA1.2 - Contracts, Licenses and Liabilities

Information

Repositories must maintain all applicable licenses covering data access and use, communicate about them with users, and monitor compliance. The generic requirements relates to all applicable licenses set by the organisation, data repository itself, as well as any codes of conduct that are generally accepted in the relevant sector for the exchange and proper use of knowledge and information.

 

GO1.2.1: Service Contracts and Liabilities

To provide services that are in compliance with relevant regulations, and to have and maintain appropriate contracts, licenses and/or agreements.

 

GRA1.2.1.1: Knowledge of legislation

The organisation has sufficient knowledge and documentation on how (relevant aspects of) the (national or international) legislation applies to and affects the holdings and procedures of the organisation.

(0) Not defined:

There is no evidence of knowledge or documentation about national legislation and how it applies to the organisation or infrastructure.

(1) Initial:

No or limited knowledge; no or limited documentation.

(2) Repeated/partial:

There is partial knowledge on relevant legislation, or knowledge is not wide-spread. There is some formalised documentation, but it maybe insufficient documentation.

(3) Defined:

Sufficient and documented knowledge on all relevant legislative aspects is available to all staff.

(4) Managed:

There are regular analysis of the national legislation, application and effects. non-observance in the application of the legislation are documented.

(5) Optimised:

Procedures and mechanisms are in place to update this knowledge and are used.

 

GRA1.2.1.2: Communication of service licenses and agreements.

The organisation openly declares its conditions and/or limitations of use and any costs (if applicable) which may arise from any service it provides.

(0) Not defined:

No conditions of service use are listed or communicated.

(1) Initial:

Some awareness of the need to place conditions on some types of service; issues are solved on an ad hoc/case-by-case basis; no formalised service access licenses or agreements are in place.

(2) Repeated/partial:

The application of licenses and conditions of service use occur on a regular basis; formulations of conditions are not formalised; no procedures for implementation.

(3) Defined:

Licenses and conditions of service use are formalised (in written statements and/or agreements) and are listed/communicated to all relevant stakeholders; the repository may distinguish between different types or categories of service access.

(4) Managed:

Service licenses and access categories are regularly reviewed and updated.

(5) Optimised:

Service access licenses and the service access conditions framework is regularly reviewed and updated based on regular and formalised communication with relevant stakeholders.

 

GRA1.2.1.3: Non-compliance measures

The organisation has documentation on measures in the case of non-compliance with contractual conditions.

(0) Not defined:

There is no evidence of documentation available internally or externally.

(1) Initial:

No formalised documentation available. Individuals have different interpretations on what measures may apply to non-compliance to conditions access and use.

(2) Repeated/partial:

Documentation on measures in the case of non-compliance with conditions of access and use are available, but not actively communicated with the users.

(3) Defined:

Documentation on measures in the case of non-compliance with conditions of access and are part of the conditions of use and are communicated with the users.

(4) Managed:

The application of measures for non-compliance are monitored.

(5) Optimised:

There are regular intervals reviews of the documentation are conducted and where necessary changes are made. Changes are communicated internally and externally in accordance with the communication plan.

 

GRA1.2.1.4: Legal / contractual regulation

Service access procedures are based on legal or contractual regulations that are settled in agreements between the service users and the repository; and the contractual and legal regulations, ensures that the parties do not infringe any intellectual property rights (IPR) of any other person(s) or institution(s).

(0) Not defined:

No contracts, regulations or agreements in place.

(1) Initial:

Legal and contractual issues are solved on an ad hoc basis; case-by-case.

(2) Repeated/partial:

Contracts and agreements are set up on a regular basis; contracts are not formalised or standardised; no procedures for implementation.

(3) Defined:

Contracts and agreements are standardised and implemented according to written procedures; contracts and regulations are made publicly available.

(4) Managed:

Legal and contractual framework is regularly reviewed and updated; all legal and contractual regulations are aligned to higher level policies; roles and responsibilities are identified and maintained.

(5) Optimised:

The usage and success of access licenses and the access conditions framework are continuously assessed; monitoring of wider legal framework (e.g. national and EU regulations); regular and formalised contact with relevant stakeholders.

 

GEA1.2.1.5: Provision of Services under a Service Level Agreement

The organisation formally defines all appropriate aspects of a service it provides (e.g. scope, quality, responsibilities, availability, performance) in written form as service level agreements (SLA) with relevant service users (Designated Community or other key stakeholders).

(0) Not defined:

There is no evidence of written agreements.

(1) Initial:

No formalised documentation available. Individuals have different interpretations of what is and should be in any agreement.

(2) Repeated/partial:

Contracts and agreements are set up on a case-by-case basis with some regular content, perhaps due to copying a previous contract.

(3) Defined:

Formal, written agreements are in place with all specified appropriate aspects included.

(4) Managed:

Use of the written agreement is monitored.

(5) Optimised:

At regular intervals reviews of what is required in the agreements and updates.