NSF and NIH require a Data Management Plan (DMP) with submissions for funding. Other funders or data providers may also require a DMP as part of the proposal process. The content in this article is designed in conjunction with DIT and the UMD Libraries to assist with the development of Data Management Plans for submissions with research proposals, and to be used in conjunction with the other resources available on the DMP Guide webpage.
If you would like to suggest any changes or additions to this article, please email firstname.lastname@example.org.
Regular DMP workshops are available through the Libraries Research Commons, but additional workshops are available upon request.
The DMPTool is a convenient way to draft your Data Management Plan, and provides digital templates that help you organize and write your plan.
The elements of the Data Management Plan will vary by sponsor and may have additional requirements depending on the directorate or sub-group of the sponsor. However, there are some key areas that the plans tend to have in common:
The following services are available to campus and have been organized based on their primary function and features. There are some example statements provided that are not intended to be boilerplate language, but are provided as a guide in how to include these tools in your plan. Your plan should reflect the unique characteristics of your research project, your processes, and any unique technology infrastructure you might use.
Data will be collected using Qualtrics, a survey and data collection software managed by the UMD Division of IT. Responses will be transmitted over HTTPS and stored in the Qualtrics platform servers for analysis by the research project team. Access to the data requires authentication with campus Directory ID, password, and multi-factor authentication. Access will be limited to research project team members using the built-in Qualtrics access control lists. Qualtrics provides data analysis features and data export capabilities for analysis in additional systems.
UMD Box will be used to store data and documents, and to allow multiple research team members to work concurrently on the same file. UMD Box is a cloud based storage platform. All data stored in Box is encrypted in transit and at rest, files are monitored with threat detection software, and all data is stored in the US. Access to the data will require authentication with a campus Directory ID, password, and multi-factor authentication, and access is controlled using built-in Box roles that are controlled by the file/folder owner.
UMD Google Drive will be used to store data and documents, and to allow multiple research team members to work concurrently on the same file. UMD Drive is a cloud based storage platform. All data stored in Drive is encrypted in transit and at rest, and all data is stored in the US. Access to the data will require authentication with a campus Directory ID, password, and multi-factor authentication, and access is controlled using built-in Box roles that are controlled by the file/folder owner.
In lieu of email, Secure Share, the campus tool for sending and receiving confidential files, will be used to receive or send sensitive data. Secure Share requires campus authentication to access, and encrypts and stores data temporarily until it can be accessed by the recipient, or until the specified access time period expires. If sharing with outside collaborators, they will use guest accounts in the system to access files.
All data will be stored and analyzed within the CUI Environment, a secure, on-premise campus computing and data enclave that adheres to all 110 NIST SP 800-171 controls. The system is logically and physically separated from other computing environments, outbound network access is blocked by default, and all data uploaded to the CUIE is encrypted using end-user specific private keys. Once inside the system, the data is limited only to collaborators who have specifically been authorized by the data owner. Data is analyzed on Virtual Machines and encrypted storage within the enclave. Connection to the system uses a specially designed application and is secured via a TLS tunnel from the end-user machine to the VM that uses public keys and temporary private keys to create a secure channel key that cannot be snooped by any other party, including admins.
All data related to the project will be stored in UMD Box, a cloud-based storage solution that requires campus Directory ID, password, and multi-factor authentication to access. All data in Box is encrypted, and all data is stored within the US. Additional capabilities that are in place include automatic detection of viruses, alerts to admins based on atypical end-user behavior, and policy based controls. Access is limited using built in Box roles, and access can be shared with external end-users who have Box accounts. Box will also be used to request files, in lieu of transfers over email.
All data stored in UMD Google Workspace apps (Gmail and Docs) is backed on a daily basis to Spanning Backup cloud storage. Data restores may be accomplished by individuals or by admins, and files may be stored individually or in bulk. Spanning Backup protects against file deletions, file corruption, malicious programs, and hackers.
Any workstations used to store and or analyze data will be backed up using the campus workstation backup service, Code42. Backups and versioning are iterative and are created every 15 minutes. Data is encrypted during transit and at rest in Code42’s cloud. The service is approved for data categorized as high risk. Code42 costs are included in the budget of this proposal.
This project will include the use of dedicated computing servers located in our data center. The servers used to store and analyze data in this project will be backed up on a regular basis using the campus data backup tool IBM Spectrum Protect. The backup process will encrypt data in transit and at rest using AES 256-bit encryption. The costs for this service are included in the budget of this proposal.
Data Stored in Commercial Cloud (AWS, Google Cloud, Azure)
Data stored in commercial cloud offerings will be backed up appropriately using service-adjacent backup offerings configurable per service (for example, database replication for database services). When backups are not a built-in feature of the service, Division of IT will be consulted to implement appropriate backup mechanisms to protect against data deletion, corruption, and malicious intent.
Data analysis will be completed using Stata/MP installed on research team members computing devices, and purchased through the campus licensing agreement.
This project will use campus provided the UMD Virtual Workspace to perform certain aspects of data analysis. The computers follow enterprise security protocols; they are patched regularly, access is controlled using campus authentication, anti-virus software is installed, and security logs are reviewed by the IT Security team. Data will not be permanently stored in the UMD Virtual Workspace; its storage is considered to be ephemeral. Instead, data and reports will be copied and stored in UMD Box.
Computational analysis will be performed using campus high performance computing resources. Data will be transferred to the system temporarily for analysis before being moved back to the project data storage solution.
Technical specifications: UMD's flagship cluster, intended for large, parallel jobs, housed off campus and maintained by the Division of Information Technology. It consists of over 380 nodes with dual socket (128 cores per node) AMD Milan processors. Twenty nodes also each contain four Nvidia A100 GPUs. All nodes have at least 512 GB of RAM, with six large memory nodes having 2 TB of RAM. All nodes have HDR-100 infiniband (100 Gb/s) interconnects, and there is 2 PB of fast BeeGFS scratch storage.
OSF Institutions (Provided by UMD Libraries and VPR)
This project will use the campus open source cloud-based project management platform (The Open Science Framework or OSF) to manage project resources and share data. The project space will be connected to campus storage (UMD Box) to store data, and used to control project and resource access. OSF will be used to provide version control, persistent URLs, and DOI registration. Research outputs will be shared using OSF as open access articles and preprints. The project team will ensure research reproducibility in part by accompanying data with relevant software repositories for use in analysis.
DRUM (Provided by UMD Libraries)
If Used For Data Sharing and Access:
Research products from this project will be archived at the Digital Repository at the University of Maryland (DRUM) unless a more appropriate facility can be identified. DRUM is a long-term, open-access repository managed and maintained by the University of Maryland Libraries. Researchers and the general public can download data and code files, associated metadata and documentation, and any guidelines for re-use. All records in DRUM are assigned a persistent DOI to support consistent discovery and citation. The project description will be automatically indexed in Google and Google Scholar to support global discovery. Whenever possible, digital curation specialists in the University Libraries work with researchers to document and format materials for long-term access.
If Used For Long Term Preservation:
The research products archived in DRUM will be available indefinitely. The University of Maryland Libraries’ DRUM repository is built on DSpace software, a widely used, reliable digital repository platform. DRUM performs nightly bit-level integrity tests on all files, and all contents are regularly copied to back-up storage. DRUM conforms to the digital preservation principles outlined in the University of Maryland Libraries’ Digital Preservation Policy.
The UMD Libraries can work with researchers to obtain a DOI (Digital Object Identifier). This project will use ORCiD to create a persistent identifier that will be used to share research outputs across platforms.
This project will follow appropriate security controls to protect the confidentiality of sensitive and restricted data by utilizing systems that conform to university policies and IT standards. All research team members have completed annual campus cybersecurity training and insider threat training. These systems include UMD Box and the UMD Virtual Workspace. Researcher computing devices will be managed and patched by the university, protected with FireEye endpoint protection, and backed up daily using Code42. Research Lab servers are joined and managed by the campus Active Directory, protected by FireEye endpoint protection, backed up using Spectrum Protect, and encrypted using FIPS 140-2 compliant cryptographic modules. The computing devices and server logs are forwarded to the campus SIEM for event analysis, response, and investigation.
Commercial cloud options provide scalability, flexibility, novel computing solutions, and access to Quantum resources. Cloud resources could be configured to meet various elements of a DMP - analysis, storage, reproducibility, or data archive. In most cases, cloud is useful for novel solutions to analysis and collaboration.
Google Cloud Platform
Data storage, pipeline, and analysis cyberinfrastructure will be built on the Google Cloud Platform. Google Cloud Storage, BigQuery, and AutoML will be used to store data, perform SQL queries, and create and train machine learning models. BigQuery will also be used to share data set segments with collaborators for additional analysis. Using Google Cloud Platform will allow efficient use of computing resources and remove unnecessary costs and overhead related to physical hardware procurement, setup, and management.
Amazon Web Services
AWS EC2 instances with attached graphical processing units will be used to provide short term access to extremely powerful computing resources necessary for training machine learning models. Data will be stored in AWS S3 cloud storage buckets. Using cloud based resources will assist with developing accurate estimates for the physical hardware resources necessary to operationalize machine learning models in future phases of work.
A Microsoft Azure subscription will be utilized in this project to submit jobs in Q# to run on Quantum simulators and ultimately on quantum computers.
Data Management Plan sections or elements will differ depending on sponsor, directorate, and discipline, so be sure to review the official guidance for your specific use case. Links to full descriptions from NSF and NIH may be found in the See Also section at the end of this article. Below are high level description of DMP sections and relevant technology considerations.
Products of Research
Relevant Services: Terpware, UMD Box, Google Drive, OSF Insitutions
Data Format Standards
Relevant Services: OSF Institutions
Access and Sharing
Relevant Services: UMD Box, CUI Environment, Secure Share, UMD Virtual Workspace, Network Storage, UMD Google Drive, OSF Institutions
Policies and Provisions (re-use and redistribution policies)
Relevant Services: OSF Institutions, Persistent Identifiers, UMD Box, Network Storage
Archive of Data
Relevant Services: DRUM, Persistant Identifiers
Relevant Services: UMD Box, Secure Share, CUI Environment, UMD Virtual Workspace, Network Storage
Related Tools, Software, Code
Relevant Services: Terpware, OSF Instituions
Relevant Services: UMD Box, OSF Institutions
Data Preservation, Access, and Timeline
Relevant Services: DRUM, Persistent Identifier, OSF Institutions, UMD Box, Secure Share, Network Storage, Cloud Services
Access, Distribution, and Reuse
Relevant Services: Persistant Identifiers, OSF Institutions, UMD Box
Relevant Services: OSF Institutions, UMD Box, DRUM