Applicants achieving CoreTrustSeal certification as a trustworthy digital repository (TDR) offer active long-term preservation of digital objects (data and metadata) for a designated (defined) community of users. They comply with 16 ‘core’ level requirements around organisational infrastructure, digital object management, technology and security.

The Research Data Alliance (RDA) identified a demand for a single set of ‘core’ (low barrier to entry) TDR Requirements, which led to the development of the RDA-endorsed CoreTrustSeal Requirements and Certification process. The process is now maintained with the support of the RDA Working Group model. CoreTrustSeal is aligned with the OAIS model (ISO 14721:2012) and follows its assumptions about mandatory responsibilities.

The CoreTrustSeal is a not-for-profit foundation (Stichting) registered under Dutch law. The elected Board members are responsible for the 16 Requirements and certification process in line with their Statutes and Rules of Procedure.

Applicants are confidentially reviewed by two peer repositories that have previously achieved the CoreTrustSeal. Successful applications are made public. Certified repositories contribute to future assessments by joining the Assembly of Reviewers, which also makes them eligible for Board membership. Final decisions on peer reviews are overseen by the Board.

The CoreTrustSeal Requirements are revised every three years through an open and transparent process of public feedback.

Certified compliance with good practice enhances a repository’s reputation and increases visibility. However the CoreTrustSeal recognises that not all repositories are ready for formal certification and works to ensure that all guidance and supporting information is freely available. Digital preservation is a process of continuous monitoring and managed change that ensures that the digital objects remain understandable and reusable. Even without an immediate or final goal of certification, the community-driven CoreTrustSeal Requirements provide a common reference point that repository (meta)data services can use as a benchmark for self-assessment and improvement.

CoreTrustSeal in 2 minutes:

An official representative working for an applicant organisation can open an application for the CoreTrustSeal. The applicant must have a mission that includes direct responsibility for the curation and long-term preservation of a specified collection of digital objects. The applicant must ensure provision of the appropriate infrastructure (documented policies, people and skills, workflows, and technologies) to preserve data and metadata, such that they remain accessible and reusable over time.

To fulfil this mission, the applicant must have sufficient expertise and management rights over the data to respond to changes in the technologies and the knowledge base of a well-defined Designated Community of users. Though the CoreTrustSeal certification remains domain-agnostic, applicants applying as specialist repositories must define the relevant domain or discipline they represent and reflect this in their evidence.

To ensure provision of a sufficient and sustained service an applicant may rely on third parties through insource (e.g. to a host organisation) or outsourcing, with the following exceptions:Preservation actions (e.g. format conversion or provision of emulation solutions) may be outsourced to a third party, but preservation planning and implementation decisions (R09) cannot. Long-term data preservation is a requirement for Trustworthy Digital Repository status through CoreTrustSeal certification. Outsourcing roles and relationships should be well-defined. All parties must provide evidence related to all of the functions or processes that they help undertake.

The entire cycle of CoreTrustSeal certification from submitting a self assessment by the repository for the first time to approval or declination of the application by the CoreTrustSeal Board shall take a maximum of 2 years from the submission date.

The CoreTrustSeal application process consists of the following steps and indicative deadlines.

Who?	What?	When?
Applicant	Submission of self assessment – version 1	Within three months of adding the applicant’s details to the tool.
Reviewers	Review of self-assessment	Within two months after payment of the fee or submitting the self-assessment when pre-payment applies.
Board	Assessment of reviews and response to the applicant	Within two weeks
Applicant	Submission of self assessment – version 2 to 5	Within three months of receiving the reviewers feedback.
Reviewers	Review of self-assessment – version 2 to 5	Within two months after submitting the self-assessment.
Board	Assessment of reviews versions 2 to 5 and response to the applicant	Within two weeks
Board	Approval of the self assessment and notification of applicant	Within two weeks after board approval
Board	Decline of the self assessment and notification of applicant	Within one month after board approval.

Notes:
* Inactive self assessments, that are not under review and which are over the stated deadlines will be removed from the online tool after several reminder mails have been sent.
* All approved CoreTrustSeal applications are archived in DataVerseNL and have received a Persistent Identifier (PID).

Recertification:
Certified repositories will automatically receive a reminder for renewal 6 month before their certification expires via the online tool. Their certification will also stay on the approved page for 6 months after the certification expires. This gives applicants a total of 1 year to complete their recertification.
The renewal process timeline depends amongst others on how long it takes the applicant to react to comments made by the reviewers, but also if they have worked on the improvements (if any) that were suggested by the reviewers in their current certification.
CoreTrustSeal will shorten the deadline for reviewer comments to 1 month instead of 2 and for a recertification the applicant will most likely not use the 5 review rounds but 3.

On September 21, 2023 a change to the CoreTrustSeal administrative fee was announced. From February 1st, 2024 onward, the fee will be 3000 EUR. Please refer to the Administrative Fee page for further information.

Usually, invoices for the administrative fee are paid via wire transfer to our bank account. Please make sure that any fees for the transfer are paid by your financial department so that CoreTrustSeal receives the full amount of 3000 EUR.

Credit card payments are also possible and are processed via PayPal. As PayPal has a fee for processing the payments, an extra 6% is added to the 3000 EUR administration fee to cover this cost. The invoice is amended to the correct amount and a request for money is sent via the PayPal service.

In the case that your organization requires the use of its own specific invoicing system, please contact finance@coretrustseal.org to discuss the details.

Yes, CoreTrustSeal is happy to accept bulk payments for a group of several repositories.

In addition, a bulk discount of 25% for umbrella organizations certifying ten or more data repositories is available. The administrative fee must be paid upfront for processing ten or more certifications. The vouchers can be used during a 3-year period and additional vouchers can be added at the same discounted rate.

To inquire about the possibility of a bulk discount, please send a formal request to CoreTrustSeal Board via info@coretrustseal.org, shortly describing the group or network and confirming that the group will coordinate to align application statements and evidence wherever possible.

The administrative fee may be waived in exceptional cases and at the discretion of the CoreTrustSeal Board. For example repositories located in Low and Middle Income Countries may request a waiver. The decision to waive the administrative fee will depend on eligibility of the repository and solvency of the CoreTrustSeal Foundation.

See “joint invoices” (above) for information on bulk discounts.