To apply for accreditation, the integrating authority needs to complete a self-assessment explaining how they meet the eight criteria for accreditation, evidenced by supporting documentation and signed off by the head of the organisation. [1. The ‘head of the organisation’ is the person legally accountable for the activities of the organisation, and those of its staff and affiliates. In the case of a government department, this will be the Secretary of the department.] The self-assessment is a statement about what is currently in place at the organisation to meet the criterion questions. The applicant is responsible for obtaining an independent audit of their self-assessment against the accreditation criteria to substantiate their claims to the Oversight Board.
To facilitate the audit process and the decision of the Oversight Board, the self-assessment should be succinct and applicants should avoid qualitative statements that cannot be directly verified in the documentary evidence provided. Each statement in the self-assessment should be supported with documented evidence which is clearly referenced in the statement so that it can be located by the auditor. Documentary evidence provides a direct and concrete source of the information represented in the self-assessment that can be validated by the auditor.
If an integrating authority intends to outsource any component of the work to another party on an ongoing basis (for example, creation of data linkage keys or use of infrastructure such as the Secure Unified Research Environment (SURE) to provide users with secure access to data), this should be indicated in the self-assessment report, together with any documentation to support claims in relation to this component of work. The integrating authority will be held accountable for the safe conduct of data integration projects and will need to ensure that the use of such infrastructure complies with commitments made to data custodians and meets the requirements of the interim accreditation criteria. See outsourcing or working in partnership for more information.
Commonwealth data integration accreditation has recently undergone a period of review. The interim Data Integration Accreditation Subcommittee Secretariat can provide information on the governance and application process. Please email dsdg-coord [at] pmc.gov.au
Applications for accreditation should be signed off by the head of the agency, that is, the person legally accountable for the activities of the organisation, and those of its staff and affiliates. This sign off certifies that, in their opinion, the answers and information provided are accurate, and that their organisation has the necessary values, skills and infrastructure to ensure that data integration involving Commonwealth data for high risk statistical or research projects is carried out in a safe and effective way.
The completed application for accreditation should be emailed to the Secretariat: dsdg-coord [at] pmc.gov.au
Examples of documentation which may be considered to support accreditation claims against the eight criteria are given in the following links:
Criterion I – Ability to ensure secure data management
Criterion II – Demonstrate safe data access
Criterion III – Availability of appropriate skills
Criterion IV – Appropriate technical capability
Criterion V – Lack of conflict of interest
Criterion VI – Culture and values
Criterion VII – Transparency of operation
Criterion VIII – Existence of an appropriate governance and administrative framework
For more information about the accreditation process see Accreditation.