This page contains information on the SURF Research Access Management (SRAM) service, but focused on research collaborations. Generic information about SRAM, it's advantages for all parties, an animation etc can be found at SURF Research Access Management - SRAM.


Using SRAM for your research collaboration

Who can create a CO in SRAM?

Only research collaborations for which a Dutch institution takes responsibility can create a CO on the SRAM service. Wondering whether you can use SRAM or who to contact? Email us!

Dutch institutions can sign up for the SRAM service. If approved, the institution can configure who within the institution can create a new CO in SRAM: some institutions allow anyone to create a new CO, some limit that functionality to certain people or roles, for instance to the research support team of the institution.

What services can we use?

Before you can use a research service, both a (one time) 'technical' connection between SRAM and a service is necessary, as well as a 'logical' connection between the SRAM CO and the service:

New services connect to SRAM all the time. If you can't seem to select the service or platform you need for your research, please let us know and we will be in contact right away: we love adding new services, and take pride in doing so as fast as possible (while keeping eye on quality and security, of course (wink)).

What does SRAM do and check, what do we need to do ourselves?

We had discussions about whether SRAM should 'demand' certain things from research services before they are allowed to connect. But who are we to decide what a research collaboration deems o.k.? So for now we decided to limit the 'demands', and stick to 'advise'.

We do advise COs to check out the AARC Policy Development Kit (MOOC), which provides templates of all kinds of policies.

The AARC Policy Development Kit also references aspects a CO could check to decide whether or not to use a service. Like whether the service complies:

  1. to the Research and Scholarship Entity Category (R&S)
  2. to the GÉANT Data Protection Code of Conduct ("CoCo"), with the intend to comply with v2 GDPR version of the Code of Conduct
  3. with and use Sirtfi
  4. to the REFEDS Assurance Framework

SRAM does check for certain things:

  1. whether the service uses secure communications. For instance, when a SSL certificate is used, as a rule of thumb, it should have at least a "B" rating on (but preferably better, of course). If you would like to test your server for configuration issues, you can use the Qualys SSL labs server test at: 

O.k., what's next?


Any questions? Contact the SRAM-team at .