-
Can complete deletion of a dataset be done only at the request of the institute or depositor?
-
Do employees of DANS and/or subprocessors have access to the data?
-
Is there layering and/or compartmentalization of management accounts? How is this regulated?
-
How does user authentication take place?
-
Are there log files that track mutations to datasets?
-
What information security policy applies?
-
Are updates/new versions of Dataverse first tested in a test or acceptance environment?
-
How is the incident response designed?
-
Which users can use the deaccession functionality?
-
Who determines access to the application?