View Current

Research Data Management Procedure

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Purpose

(1) This procedure supports the Research Policy by stating the responsibilities and processes for the management of research data at Charles Sturt University (the University).

(2) This procedure is intended to:

  1. enable the University to comply with relevant legal requirements and ethical standards, including the Australian Code for the Responsible Conduct of Research (the Code), and any applicable contractual and funding body requirements.
  2. ensure research data is well managed across the research data life cycle so that it is preserved and accessible for current and future research or other purposes
  3. ensure the same level of care and protection of primary research records, such as laboratory notebooks, as of the analysed research data
  4. state who will manage research data and who can be contacted for accessing data, and
  5. clearly define all stakeholders and their roles in the research data management cycle.


(3) This procedure has the same scope as the Research Policy.

(4) This procedure applies to:

  1. all research projects whether funded or unfunded or requiring ethics approval or not, and
  2. research data managed by the University, regardless of the source. 

(5) As well as following this procedure, researchers must meet the research data management provisions of any contracts, copyright obligations, funding or collaboration agreements for their research.

(6) The Intellectual Property Policy determines ownership of research data and primary material, which may also be influenced by other third-party agreements including funding agreements for projects.

Top of Page

Section 2 - Policy

(7) This procedure supports the Research Policy and should be read alongside that policy.

Top of Page

Section 3 - Procedure

Management of research data

(8)   The responsible conduct of research includes within its scope the appropriate generation, collection, access, use, analysis, disclosure, storage, retention, disposal, sharing and re-use of data and information. Researchers must acknowledge and clearly specify details regarding ownership, custodianship, access, licensing, and intended dissemination and use of any data collected, generated, or collated as part of their research projects.

(9) Subject to the terms of agreement between the University and any other party:

  1. the University owns research materials and data created by staff
  2. in the absence of any agreement to the contrary, a research student owns the research materials and data created as a student of the University.

(10) It is the responsibility of staff and students to manage and retain the material and data on behalf of the University.

(11) Researchers and supervisors should plan for and execute the handover of research data and primary materials at the conclusion of the research or when a researcher leaves the University to the responsible organisational unit, including information about access to and potential reuse of data.

Research data management plans (RDMP)

(12) The Office of the Deputy Vice-Chancellor (Research) will establish and maintain a register of Research Data Management Plans (RDMPs).

(13) The RDMP will set out regulatory approval, data governance, and data management across all stages of the research data life cycle, including appropriate end-of-project plans (retention, dissemination, and archiving) so that other researchers (or the researchers themselves in the future) may benefit from the data. 

(14) RDMP planning should apply, to the extent possible, the findable, accessible, interoperable, and reusable (FAIR) data principles.

(15) All researchers must create and submit an RDMP online using the form specified by the Office of the Deputy Vice-Chancellor (Research). Where a research project includes multiple researchers, the first-named researcher, or chief investigator, is responsible for completing and submitting the RDMP on behalf of the research team for each new research project before the research project commences.

(16) The RDMP will set out regulatory approval, data governance, and data management across all stages of the research data life cycle, including appropriate end-of-project plans (retention, dissemination, and archiving).

(17) The RDMP must be submitted as an accompanying document with applications submitted to any of the following committees:

  1. Animal Care and Ethics Committee
  2. Human Research Ethics Committee
  3. Institutional Biosafety Committee
  4. Radiation Safety Committee

(18) Research students, in consultation with their research supervisor(s), must create and register an RDMP prior to the commencement of a research project.

(19) Researchers must review their RDMP regularly, either annually or as changes arise, to ensure it accurately reflects the research project at any given time. Research students must review their RDMP in consultation with their research supervisor.

Data storage

(20) Researchers will plan for appropriate storage, access and use of research data at the beginning of the project, ensuring proper management of the data, data resilience and retrieval requirements, and avoiding potential data loss or security breaches for restricted data. This will be documented in the RDMP. Refer to Research Data Management Guidelines for help in assessing restricted data, appropriate security measures, and suggested platforms.

(21) Researchers can request free data storage from the Division of Information Technology using the RDMP online form. 

(22) The use of non-University supported external service providers and platforms for collection, management, collaboration, analysis, archiving, or dissemination of restricted data must be approved by the Pro Vice-Chancellor (Research and Innovation) and included as part of an RDMP. Platforms must allow researchers and the University to comply with relevant legal, ethical, funder and publisher requirements, and provide research data security and privacy comparable to research data systems approved by the University.

Digitisation of physical data

(23) Wherever possible and appropriate, physical research data, primary materials and research records should be digitised in a preferred format, to minimise the risk of loss or damage, and minimise physical storage requirements.

(24) Physical data should be converted into a durable format if possible, quality checked for any errors and completeness, and then stored digitally.

(25) After physical data has been converted to digital form, the original physical data can be destroyed once the minimum retention period for source documents has been met, and in accordance with the Records Management Procedure.

Note: Examples of digitisation include scanning documentation, manuscripts or participant consent forms to PDF format; or photographing physical materials and storing them in TIFF format.

Physical data storage

(26) Physical data that cannot be digitised can be stored at the CSU Regional Archives.

(27) The storage of physical data other than paper (non-standard formats for example) must be stored appropriately and ensure compliance with the University’s workplace, health and safety and other policies and procedures.

(28) If storage of non-standard formats is not possible within the University, it may be necessary for researchers to gain written approval from the Deputy Vice-Chancellor (Research) to approach external third-parties for storage options.

Retention, archiving and disposal of data

(29) The minimum retention periods for research data are set out in the Research Data Management Guidelines and align with the National Health & Medical Research Council (NHMRC) guidelines and the State Records Act 1998. Researchers must also comply with any contractual and/or third-party agreements, and discipline norms.

(30) Retention of research data is required for all projects but in particular where the data is critical to the substantiation of research findings and cannot be readily or practically duplicated and for research that is:

  1. controversial or of high public interest, or has influence in the research domain
  2. costly or impossible to reproduce or substitute if the primary data is not available (e.g. cannot be substituted with an alternative data set of acceptable quality and useability, or if data reproduction would place unnecessary burden on human research participants or animals), or
  3. relates to the use of an innovative technique for the first time.

(31) Researchers must ensure that all research data owned by the University and sufficient metadata is made available to the University within 12 months of completing the research activity so that retention periods can be managed.

(32) The minimum requirement for retention of data is normally five years (or as set out under the general retention authority GA 47 – Higher and further education records). The University, at its absolute discretion, may determine to keep the research data beyond the minimum period. Where this occurs, restricted data must be de-identified and any confidential or personal information removed.

(33) Research data owned by a research student or an external party is not a University record,and the student or external party will be responsible for ensuring the appropriate periods are met and disposing of data, as appropriate.

(34) Once the minimum retention periods for University owned research data have been met, dispoal or distruction must be in accordance with the Records Management Procedure. 

(35) With the exception of research data required as a State archive, faculties and research institutes will be responsible for managing and preserving the research data owned by the University until the minimum retention period is met.

(36) Where physical research data owned by the University is required as a State archive and is not being used for other research activities, the research data and sufficient metadata must be made available to the CSU Regional Archives within 12 months of the completion of the research activity.

(37) The CSU Regional Archives, as a regional archives centre, will maintain custody of the research data required as a State archive and facilitate access where appropriate, whilst control of the research data will pass to NSW State Archives and Records Authority.

Research outputs and access

(38) At the conclusion of a project, or at the time of publication or dissemination of a research output, researchers should also disseminate their data, following best practices in their discipline and in accordance with any publisher or funder requirements.

(39) Research outputs should conform to the FAIR data principles as far as possible. Appropriate context (descriptive, technical, methodological, and access information) should be provided for the data, either within the data or a separate metadata record.

(40) University owned research data should be made open access where possible and only closed or restricted as necessary to meet ethical, contractual or intellectual property requirements.

(41) Acess to data may be closed or restricted by:

  1. the author’s agreement with a grant funder
  2. the agreement of the Deputy Vice-Chancellor (Research)
  3. requirements to:
    1. preserve confidentiality
    2. respect culturally sensitive information
    3. prevent the breach of Defence Trade Controls
    4. prevent the breach of copyright such as third-party content or publisher agreements
    5. protect commercially sensitive information
    6. restrict dissemination of information that might be used for cyber-crime.

(42) Researchers must determine and apply appropriate techniques and safeguards for safely disseminating restricted data.

(43) Researchers may choose an embargo period, up to 18 months or longer if approved by the Deputy Vice-Chancellor (Research), to allow time to publish results before making data open or public.

(44) Researchers must register their metadata in CRO, using the data sets module linked to their researcher profile by the project end date. The entry must include the location (either physical or digital) of the dataset, as well as the organisational unit and contact information for the purpose of managing the dataset. The visibility of the metadata (public, University login required, or restricted) can be set as determined by the researcher and/or the research team.

Reuse of data

(45) Researchers given approved access to reuse data must comply with any existing conditions that apply to the data.

(46) Researchers who reuse existing data sets and manipulate or make changes to create a new data set must manage the research data in accordance with this procedure.    

Data security and confidentiality

(47) Researchers must consult Research Data Management Guideline to determine minimum security measures for data management together with terms of any applicable research agreements.

(48) There are various data protection techniques available including password protection on files and folders, encryption, de-identification, saving in ‘read-only’ formats and keeping portable storage devices locked away when not in use.

(49) Researchers must provide the same level of care and protection to non-digital research data and primary materials, such as laboratory notebooks, interview recordings, biological specimens, and survey responses.

(50) Where restricted data collected during research is lost or subjected to unauthorised access or disclosure, the researcher must report the research data security breach immediately to the Manager, Research Integrity and to other relevant parties including the relevant ethics or compliance committee. Researchers must initiate appropriate remedial action to reduce the likelihood of serious harm occurring from the inappropriate use of, access to, or loss of restricted data.

(51) Researchers must report circumstances where a suspected or known security breach might have resulted in the unauthorised access, unintended disclosure, loss, theft, destruction or alteration of data, in accordance with the Information Technology Procedure - Acceptable Use and Access, Privacy Management Plan and Information Technology Procedure - Personal Data Breach.

Ethics and safety

(52) All decisions throughout the research data lifecycle must be consistent with the ethics, compliance and safety requirements set out in, as relevant: 

  1. National Statement on Ethical Conduct in Human Research 2023
  2. Australian Code for the Care and Use of Animals for Scientific Purposes 8th Edition 2013 (Updated 2021)
  3. Guidelines for Ethical Research in Australian Indigenous Studies 2012

Training and education

(53) Ongoing training, education, assistance and advice in research data management will be offered in a variety of formats made available through the Division of Library Services and Office of Research Services and Graduate Studies. Training will be reviewed regularly to maintain currency. It is expected that all researchers, staff and research students will engage with the training, education and resources made available via the University and complete all compulsory training where appropriate.

Top of Page

Section 4 - Guidelines

(54) Research Data Management Guidelines.

Top of Page

Section 5 - Glossary

(55) This procedure uses terms defined in the Research Policy, as well as the following:

  1. Data sharing - means sharing of data sets upon completion of the original project, not sharing between collaborators in the current project.
  2. Dataset – means a collection of research data.
  3. Durable formats – means digital file formats that will remain readable and usable over time. This has implications for choices relating to both software and hardware.
  4. Metadata – means information about a dataset submitted to CRO, such that a dataset can be understood, re-used, and integrated with other datasets. It includes elements such as keywords, file format, contact and access conditions, plus Creative Commons licence selected by the author.
  5. Primary materials – means physical objects that are collected or used for research, from which data may be obtained. For example, laboratory notebooks, interview recordings, biological specimens, and survey responses.
  6. Research data lifecycle – means the stages of data management for the entire period of time that data exists in the system and describes how data flows through a research project from start to finish.
  7. Research data management – means the process of deciding and documenting how research data will be collected, organized, stored and shared for current and future research. It is all the processes and actions required to manage and curate data throughout the research life cycle.
  8. Research data management plan (RDMP) – means a document that outlines how the research data for a specific project will be collected, organised, stored, backed-up, preserved, shared, archived and disposed.
  9. Research data security – means the protection of data from loss, unauthorised access and unauthorised modification. Security must be maintained while data is both at rest and in transit.
  10. Research project – mean a process of systematic inquiry that entails collection or generation of data and analysis and interpretation of that data in accordance with suitable methodologies set by specific professional fields and academic disciplines.
  11. Research student – means any enrolled student at the University undertaking research as part of their studies.
  12. Restricted data – means data that must be protected against unwarranted disclosure for legal or ethical reasons unless specifically granted permission. This includes, but is not limited to:
    1. licensing or publisher agreements
    2. preserving confidentiality
    3. respecting culturally sensitive information
    4. preventing the breach of Defence Trade Controls
    5. preventing the breach of copyright such as third-party content or publisher agreements
    6. protecting commercially sensitive information, or
    7. restricting dissemination of information that might be used for cyber-crime.