Open Data Policy on QQI certification data

The Qualifications and Quality Assurance (Education and Training) 2012 Act (as amended),  provides that, following an application from a provider of education and training, QQI can make an award to a learner where it is satisfied that a learner has acquired the appropriate standard of knowledge, skill or competence determined for that award. The Act also enables QQI to share information collected through the performance of its functions with appropriate bodies.

QQI publishes annual statistics and interactive visualisations on the number of QQI award holders in Ireland. The data are sourced from QQI’s QHub and QBS systems - online secure services where providers of programmes of education and training leading to QQI awards enter information on programmes and learners who have completed awards. 

Collection and quality assurance of these data are undertaken by the QQI Certification and Validation units. A formal auditing process is carried out every certification period by the Certification and IT functions in QQI, to ensure data quality, validity, and accuracy (QQI normally certifies awards six times per year, in February, April, June, August, October and December of each year). Once this auditing process is finalised, certification data is transferred automatically to the Achievement by Learners Database (ALDa), an MS SQL Server database which provides information on each award made by QQI. Visualisation and analysis of the data in the ALDa is undertaken by QQI’s Research & Innovation division.

ALDa combines data that can be grouped into four broad areas.

1. Certification data on QQI award holders: This contains pseudonymised data on the individuals who achieved a QQI award, including their age, gender and (where applicable) the grade they achieved.
2. QQI awards table: This contains information on QQI awards, including: award code, title, class, NFQ level, credit value, programme code, provider and centre code, field of learning, ISCED (broad and narrow), and educational sector (i.e. further education and training (FET) or higher education (HE).
3. QQI programmes table: This contains information on the education and training programmes validated by QQI, including: programme code, award code, provider code, centre code, and whether they are apprenticeships.  QQI is continuing to develop work in this area, as the current framework remains incomplete.
4. QQI centres table: This contains information on providers and centres offering programmes that have been validated by QQI, including provider code, provider status, provider name, centre code, centre name, centre status, centre type, centre local authority, centre address and centre geographical location (latitude and longitude coordinates).

The ALDa database only holds certification data on QQI award holders from 2012 onwards. It does not include the name of learners.

QBS data are only accessible by members of the Certification, IT, and Research & Innovation divisions in QQI. However, aggregated data are made available for the public for download via the QQI website on the ‘Our Data’ section and are also presented through interactive data visualisations.

To allow the user to tailor the data to their needs, several filters are available. Filters available include:

• Sector (FET/HE)
• QQI provider/centre and geographical location
• Award Class
• NFQ level
• Credit value
• ISCED Narrow Field of Education & Training
• ISCED Broad Field of Education & Training
• Grade
• Gender
• Age Groups

At QQI, we are committed to producing high-quality, reliable, and timely statistics that support transparency, accountability, and informed decision-making in Ireland’s education and training system.

Our statistical outputs are developed and maintained by a dedicated team of professionals who uphold the highest standards of integrity, accuracy, and confidentiality. The work of the unit is guided by relevant national and European legislation, including the Statistics Act 1993 and the General Data Protection Regulation (GDPR), ensuring that all data is handled responsibly and ethically.

Our aim is to produce statistics that are useful, accurate and reliable, coherent and comparable. We will be objective in our analysis and disseminate our statistics in a clear, accessible and timely manner. We aim to be transparent in the statistical methods and techniques employed to support reproducibility.

Through our work, we abide by the following core values, based on international principles and best practice:

• Statistical Professionalism
• Independence and Integrity
• Respect for statistical confidentiality
• Excellent service to our stakeholders
• Respect to our data providers

We adhere to the principles of the Irish Statistical System Code of Practice (ISSCoP), which include relevance, accuracy, timeliness, accessibility, clarity, comparability, and coherence. These principles are central to our approach in delivering statistical information that is both meaningful and trustworthy.

Our work is also aligned with the core values of QQI:

• Shared Responsibility - We work collaboratively and inclusively to build confidence in the quality of education and training.
• Trust and Integrity - Our decisions and regulatory practices are grounded in fairness, transparency, and ethical conduct.
• Evidence-Based Practice - We rely on national and international best practices to inform our actions and policies.
• Learning and Innovation - We continuously improve our systems and expertise to guide, advise, and regulate effectively.
• Insight and Impact - We value research, analysis, and insight as drivers of meaningful and measurable outcomes.

To ensure our outputs meet the needs of users, we actively seek feedback through regular stakeholder engagement, including user group meetings and feedback on our statistical products. This feedback informs our continuous improvement efforts and helps us align our outputs with user expectations.

We publish our certification statistical releases according to a pre-announced release calendar, ensuring predictability and fairness in access to information. The Open Data Liaison Officer (ODLO) oversees the planning, quality assurance, and dissemination of QQI certification statistical outputs, ensuring consistency and compliance with best practices.

Our goal is to produce statistics that are accessible, coherent, and comparable, enabling users to draw meaningful insights and make evidence-based decisions. We are committed to continuous improvement and welcome collaboration with all stakeholders to enhance the value and impact of our statistical work related to QQI certification functions.

QQI is the state agency responsible for promoting the quality, integrity and reputation of Ireland's further and higher education system. 

We are responsible for the external quality assurance of further and higher education and training in Ireland. We validate programmes, make awards and are responsible for the promotion, maintenance, development and review of the National Framework of Qualifications (NFQ). We also inform the public about the quality of education and training programmes and qualifications and advise the Government on national policy regarding quality assurance and enhancement in education and training.

Privacy Statement

QQI’s privacy statement can be found at: gdpr-privacy-statement-for-learners.pdf (qqi.ie)

This privacy statement is designed to provide QQI award holders with information as to how and why QQI, as a data controller and processor, gathers and processes their personal data, by providing detail in relation to the processing activities of QQI in carrying out its statutory functions. This notice applies to the certification data on learners submitted by providers of programmes of education and training for the purpose of making QQI awards. Further information on how QQI processes personal data is available here.

Data protection law includes the General Data Protection Regulation EU regulation 679/2016 (GDPR) and the Data Protection Act 2018 (DPA 2018), which transposed the GDPR into Irish Law, and the E-Privacy Directive (S.I. 336/2011) and they each apply to the processing of personal data from QQI award holders.

QQI is a data controller pursuant to these laws and as such we are required to provide QQI award holders as a data subject with certain information to ensure they are aware that we are taking due care when processing personal data and are doing so in a compliant manner.  

QQI’s privacy statement covers data processed on the QQI website and by QQI in carrying out its functions. It does not cover how learners’ data is processed by FET and HE providers: for more specific information please refer to the relevant FET/HE provider.

Our data protection officer can be reached by emailing: DPO@qqi.ie

QQI award holders can consult the Data Protection Privacy Statement for Learners on QQI’s website for further guidance on how and why QQI processes their personal data.

How are learners’ records used by QQI’s Research & Innovation division?

QQI’s Research & Innovation division carries out research and analysis on its certification data in order to provide statistical information and analyses in accordance with the Data Protection Privacy Statement for Learners. These are available on our website. Our analyses are used to provide information to interested stakeholders on QQI awards they may also be used, for example, to inform QQI’s review and development of awards and standards. They do not contain any personal data. 

Some aggregated and disaggregated forms of our certification data may be shared internally within QQI to support the delivery of its statutory functions. 

Who do we share QQI award holders’ data with?

Section 14 A (2-3) deals with the furnishing to others of personal data by the Authority which is required to be in accordance with the general law.

Under 14 A(1) of the 2012 act (as amended), QQI is mandated to share certain information with Government Departments and other statutory bodies. This subsection does not apply to personal data within the meaning of the GDPR.

QQI shares certification data with the following:

The Central Applications Office (CAO)

QQI and the CAO have established a data sharing agreement, under which QQI securely transfers data on certain QQI award holders to the CAO (including PPSN number, awards achieved, and results scored by QQI). These files contain data relating only to QQI award holders who have informed the CAO (by completing the CAO application form and ticking the box that states ‘QQI FET/FETAC Level 5/6 Exams’ i.e. only full awards at these two levels generate scored results for CAO and are therefore accepted by CAO) that they have achieved awards from QQI. 

The Central Statistics Office (CSO)

Certification data (including award holders' PPSN, gender, age and certification year; award achieved by sector (FET/HE), NFQ level, award class and grade; and provider and centre attended) are shared with the CSO pursuant to the Statistics Act 1993. A memorandum of understanding has been established between QQI and the CSO to support this process. The data as shared by QQI with the CSO are not published or made available to the general public.

The Department of Education (DoE) 

Certification data (including award holders' masked PPSN, gender, age and certification year; award achieved by sector (FET/HE), NFQ level, award class and grade; and provider and centre attended) are shared annually with DoE for the completion of the report ‘Education Indicators for Ireland’. This is a requirement under EU legislation concerning the production and development of statistics to establish a common framework for the systematic production of European statistics in the field of education and lifelong learning. Reference: Regulation (EC) No 452/2008 of the European Parliament and of the Council and Commission Regulation (EU) No 912/20132. PPSNs and DOB of QQI award holders are masked so that data is anonymised (pseudonymised). Anonymised data carries a small residual risk of indirect identification. The data as shared by QQI to DoE are not published or made available to the general public.

The Department of Further and Higher Education, Research, Innovation and Science (DFHERIS)

As an agency of DFHERIS, we are occasionally requested to share some certification data on ad hoc basis. These data are provided in an aggregate format so that data are anonymised. Anonymised data carries a small residual risk of indirect identification. QQI applies CSO guidance on minimising the potential of statistical disclosure to these data (see below QQI’s approach to data minimisation on aggregate data) by suppressing small numbers. 

SOLAS

Certification data including award holders' masked PPSN, gender, age and certification year; award achieved by sector (FET/HE), NFQ level, award class and grade; and provider and centre attended) - are shared annually with SOLAS. A data sharing agreement between QQI and SOLAS sets out the data to be shared and the conditions under which the data is shared. PPSNs and DOB of QQI award holders are masked so that data is pseudonymised. The data as shared by QQI to SOLAS are not published or made available to the general public.

Some aggregated QQI certification data are shared with relevant stakeholders/researchers on request (e.g. awarding trends in relation to particular discipline). These aggregates never reveal personal data, such as PPSN, masked or unmasked, or date of birth/actual age of learner. The information provided is limited to those variables which are necessary for the proposed request. QQI does not provide values of aggregates on very small cell sizes by applying a principle of data minimisation whereby no individual should be identifiable. A minimum frequency of 5 is applied to minimise the potential of statistical disclosure; and aggregates / total values are not provided to guard against disclosure through comparing different aggregates. QQI may apply further principles of data minimisation, by using higher minimum frequency (i.e. 10), if necessary, depending on sample size and/or level of detail. For more information, refer to the CSO Guidance on Microdata Statistical Disclosure Control.

Detailed data protection guidance can be viewed on the Data Protection Commission website. 

Do we transfer your data outside the EEA?

QQI data resides in EU datacentres, and while we do not transfer data to third-parties their access within the capacity of their work is deemed a transfer under EU judgement. QQI have appropriate safeguards in place via standard contractual clauses within this third-party support contract. These are standard data protection clauses that have been approved by the European Commission and allow controllers and processors to comply with their obligations under EU data protection law when embedded in a contract. QQI have also completed a third country assessment (via our external DP partner) for relevant countries in question. We continue to look at supplementary measures that can be applied along with the SCC’s to maintain the level of protection, e.g. automation of processes and explicit access by this Third party via EU based Virtual Machines.

Rights of data subjects

The rights of data subjects under data protection legislation are detailed in QQI’s Data Subject Rights Policy and Procedures. Further information on the application of these rights can be obtained by contacting DPO@qqi.ie.

At QQI, we are dedicated to maintaining the highest standards of confidentiality and data protection in the processing of certification data. Our approach is guided by internationally recognised principles and best practices to ensure the integrity, security, and responsible use of these data.

Preservation of anonymity

We rigorously protect the anonymity of certification data received from our data providers. These data are processed and published in a manner that prevents the identification of individuals, organisations, or sensitive entities. We employ robust anonymisation techniques and adhere to strict data handling protocols.

High standards of publication

Our publications meet the highest standards of statistical quality, transparency, and ethical responsibility. We ensure that all outputs are accurate, impartial, and free from any risk of disclosing confidential information.

Adherence to the principles of ISSCoP

We comply with the Irish Statistical System Code of Practice (ISSCoP), which governs the ethical and professional conduct of our statistical outputs related to certification. This includes principles of integrity, accountability, methodological soundness, and confidentiality.

Open data

Our policy is to ensure that our certification data are accessible to and reusable by the widest possible audience. All of our certification-related statistics are published free of charge. We are committed to publishing open data where possible. 

Statistical disclosure control

To safeguard confidentiality, we apply statistical disclosure control (SDC) techniques—such as cell suppression—by enforcing a minimum frequency threshold of 5 in all statistical outputs. This approach minimises the risk of statistical disclosure and prevents the release of sensitive information in tables and visualisations. This technic is applied systematically to minimise the risks that  an individual can be identified through published data.

Even in aggregated data, rare combinations of attributes can make it possible to identify individuals within a dataset, either directly or by comparing it with other data. Where there is a risk, we employ statistical disclosure control techniques to safeguard the confidentiality of information about individuals. This may reduce the level of detail we publish or alter a dataset in a minor way so that personal or commercial information is not identifiable, in line with CSO Guidance on Microdata Statistical Disclosure Control.

Confidentiality in employment contracts

All employees are bound by confidentiality clauses embedded in their contracts. These clauses explicitly prohibit the unauthorised use, sharing, or disclosure of any confidential or sensitive information obtained during the course of their employment.

Errors and corrections 

Where an error occurs in a published output, we will address this promptly and place a notice on the affected statistical release, making any correction as soon as possible (see the section below detailing our ‘Revisions policy’).

At QQI, we are committed to ensuring that our statistical products and data are disseminated in a transparent, accessible, and equitable manner. Our dissemination practices are guided by ISSCoP standards, with a strong emphasis on public value and data integrity.

Free and open access

QQI publishes certification statistics we produce openly online and available free of charge to all. This aligns with our commitment to open data and supports informed decision-making across society.

We follow the Irish Statistical System Code of Practice (ISSCoP), which promotes transparency, impartiality, and professional independence in the dissemination of official statistics.

To ensure transparency and predictability, publications on statistics related to certification are pre-announced in accordance with our ‘Timelines for Release of Data’. This timeline outlines the dates and topics of upcoming releases, allowing users to plan and prepare for data availability. See our section on ‘Timelines for Release of Data’ below.

Our ‘revisions policy’ governs how and when statistical outputs are updated. This ensures that users are informed of any changes to previously published data and understand the reasons behind those revisions. See below for ‘revisions policy’.

In line with broader Government Policy, our statistical products are designed to be accessible to all. We prioritise usability, clarity, and inclusivity in our dissemination formats, ensuring that data can be easily understood and used by a wide range of audiences.

QQI normally certifies awards six times per year. We aim to release updated statistical data on certification on a biannual basis as follows:

• Certification data up to the end of Q2 are updated before 31 July (as many providers of QQI awards operate programmes on an academic year basis, June is normally the largest certification period for QQI awards)
• Certification data up to the end of Q4 are updated before 31 January of the following year, providing annual data on a calendar year basis.

Where there is a delay in releasing new data, this will be flagged on our website.

Timelines for release of data 

We also publish focussed statistical studies and analyses from time to time. Examples can be found on ‘Our Data’. 

Revisions policy

Published statistics are unlikely to change. Nonetheless, where a revision occurs in a published output, this will be addressed promptly and a notice placed on the affected statistical release.

Where the format, content or methodology of published statistics are altered and revised in future iterations, notice of such revisions will also be communicated in subsequent releases.

Our Open Data Liaison Officer is responsible for identifying, documenting, and reporting errors in accordance with the CSO Error Correction Policy and the guidelines outlined in "How to deal with publication errors: general guidelines on managing errors in published data" by the Central Statistics Office (CSO).

Custom reports

You can customise the views of our available dashboards. Note that data in the dashboards accessed from ‘QQI certification data | Quality and Qualifications Ireland’ are not always available for download to avoid statistical disclosure.

Access to statistical certification-related microdata

QQI is committed to supporting research, policy development, and informed decision-making by providing controlled access to statistical microdata for approved external users. This access is granted under strict confidentiality and data protection protocols to ensure the responsible use of sensitive information.

Requests for QQI certification-related microdata 

QQI is committed to supporting the re-use of data collected for analytical and policy-making purposes in a secure, efficient, and transparent way, in line with the Public Service Data Strategy 2019-2023 and the National Statistics Board Strategic Priorities for Official Statistics –2021-2026. We are also at all times committed to ensuring that the integrity and confidentiality of individual data subjects’ microdata (i.e. information on QQI award holders) is maintained.

Controlled access for approved external users

External researchers, academic institutions, and policy analysts may apply for access to anonymised certification-related microdata for statistical and research purposes only. Access is granted on a case-by-case basis, subject to a rigorous application and approval process.

Protocol and application process

To ensure transparency and accountability, we have published a comprehensive Microdata Access Protocol for our certification data and an accompanying Application Form on our website. These documents outline:

• Eligibility criteria for applicants
• Conditions of use and data protection requirements
• The approval and review process
• Obligations regarding data security and reporting

Access the certification-related microdata protocol and application form on the QQI website here: QQI certification-related Microdata Access Application Form  & Data Use Agreement

Commitment to confidentiality

All users granted access must complete our online ‘microdata access application form’, sign the ‘data use agreement’ and adhere to strict data handling protocols. Data are provided in a secure environment, and outputs are subject to disclosure control to prevent the identification of individuals or organisations.

All approved microdata files will be transmitted securely using one of the following methods, depending on the nature of the data and the access permissions granted:

• Core FTP (file transfer protocol): For users with appropriate technical infrastructure, files will be transferred via Core FTP using encrypted channels. Access credentials and instructions will be provided upon approval. This method ensures secure, direct file transfer to your designated system.
• Microsoft SharePoint Access: For users within the public sector or affiliated institutions, data may be shared through a secure SharePoint environment. Access will be restricted to authorised users only, with permissions managed by QQI’s data governance team. SharePoint allows for controlled access, version tracking, and audit logging.

Both methods are compliant with QQI’s data protection and security protocols. Users are responsible for ensuring that any data downloaded or accessed is stored securely and used in accordance with the terms outlined in the ‘data use agreement’.

Applicants may have a preferred method or specific technical requirements. Our team will work with applicants to ensure a secure and efficient data delivery process.

Supporting research and innovation

By enabling access to high-quality microdata, we aim to foster evidence-based research and innovation while maintaining the highest standards of data confidentiality and ethical use.

1. Purpose

This protocol outlines the principles, procedures, and responsibilities for accessing QQI certification-related microdata collected and maintained by QQI. It ensures data confidentiality, promotes responsible data use, and facilitates research and policy development.

2. Scope

The protocol applies to all individuals and organisations requesting access to QQI certification-related microdata for research, statistical, or policy analysis purposes.

3. Definitions

• Certification microdata: unit-level data collected through QQI administrative records on certification. It contains information on individuals, providers and QQI awards.
• Confidential data: Data that contains personally identifiable information (PII) or sensitive attributes.
• Data user: Any individual or organisation granted access to QQI certification-related microdata.

See Glossary of Terms for further definitions.

4. Access Conditions

Access to QQI certification-related microdata is granted under the following conditions:

• The data is used solely for statistical or research purposes.
• The applicant demonstrates the capacity to protect data confidentiality.
• The research proposal is reviewed and approved by the QQI Open Data Liaison Officer (ODLO) and Data Protection Officer (DPO)

5. Application Process

1. Submit a completed microdata access application form.
2. Provide a detailed research proposal.
3. Sign a Data Use Agreement (DUA).
4. Await review and approval by the ODLO and DPO.

6. Data Use Agreement (DUA) - conditions of use

The DUA outlines:

• Data must be used solely for the approved research project, as outlined in the application form
• Data must not be shared with unauthorised individuals. If there are multiple researchers involved in the project, each researcher must complete a separate application form.
• Data must be stored securely during the project and destroyed securely after the project is completed.
• Outputs must be subject to disclosure control to prevent identification of individuals or organisations (see further information in our ‘Confidentiality Statement’ above).
• Data must not be transferred to or processed outside the European Union.

7. Data security

Applicants must:

• Store data on secure, access-controlled systems.
• Prevent unauthorised access or sharing.
• Destroy data upon project completion.

8. Monitoring and compliance

Periodic audits may be conducted. Breaches of the DUA may result in penalties, including revocation of access and legal action.

9. Contact

For inquiries, contact:

QQI Data Protection Officer (DPO): Cliona Curley

Email: DPO@qqi.ie

QQI Open Data Liaison Officer (ODLO): Arancha Oviedo 

Email: aoviedo@qqi.ie

Microdata access application form and Data use agreement: https://forms.office.com/e/94NGKMGfkk

1. QQI certification terminology

Award 

An award is a formal statement given to a learner to verify that s/he has demonstrated the knowledge, skill and/or competence associated with a particular qualification. An award can be hard copy (certificate) or digital.

Award holder

An individual who has achieved a QQI award/certificate.

Centre

The provider entity which applies to QQI for certificates for learners. In most cases, a provider has only one such entity and the provider and centre are effectively the same thing. In a few significant cases, however, large national or regional providers have many different centres. Each will have its own name, address, staff and management and will offer a selection of the provider’s validated programmes.

Certificate

A certificate is formal confirmation from QQI that someone has demonstrated the knowledge, skill and competence required to achieve a specific award.  QQI certificates/records of awards carry invisible security features to ensure they cannot be copied or changed.

Certification process 

Normally, before a learner is entitled to receive a certificate issued by QQI: 

1. the relevant programme(s) offered by the provider must have been validated by QQI; 
2. the provider must have demonstrated to QQI that they assess learners in a fair and consistent way against the relevant standard; and 
3. the learner must have achieved a pass/successful grade or higher in their assessments.

Providers are required to use the secure QBS certification platform (QQI certification database) to submit details of their learners' results. Once received, QQI generates a certificate for each learner. The certificates are sent to the provider, which is responsible for issuing them to the learner.

Programme

A programme is a course of instruction or study through which a learner acquires the knowledge, skill and/or competence required for a specified NFQ award. There can be many different programmes leading to the same award.

Programme Validation

Programme validation is a QQI process designed to ensure that a new programme can succeed i.e., it can enable a learner to acquire and demonstrate the knowledge, skill and competence required for a particular award. The newly designed programme is reviewed by a group of people with relevant expertise and knowledge and approved by QQI before it can enrol any learners. 

Provider

In QQI certification statistics, a provider is any organisation which offers a QQI-validated programme.

2. Statistical disclosure control terminology 

Aggregate data 

High-level data which is acquired by combining individual-level data (i.e. microdata).

Anonymised data

Data containing only anonymised records.

Anonymised record

A record from which direct identifiers have been removed.

Disclosure

When data, either as a research microdata file (RMF) or as a table, allows users to learn previously unknown information about individuals or organisations.

Statistical disclosure control (SDC) 

The methods that allow the dissemination of statistical information while seeking to protect against disclosure of individual data. The key challenge in SDC is achieving this protection while ensuring that information loss is kept to a minimum.

There are two main types of disclosure risk:

• Identity disclosure - if an individual can be identified with a disseminated data record or table entry containing confidential information. For example, if a table showed that there was 1 death in a particular town, the deceased could be identifiable from the table.
• Attribute disclosure – this refers to the case where attributes of an individual could be identified based on information in the released data. As a hypothetical example, if a table disclosed that all individuals in a particular location commuted for four hours a day, then this attribute would be known about all residents in that location. 

Disclosure events are classified into primary or secondary disclosure. 

• Primary disclosure – when an unsafe cell is published (‘unsafe cells’ are cells with identity or attribute disclosure risk)
• Secondary disclosure – if an unsafe cell is removed, but its value can be deduced from the aggregate totals and the other non-suppressed values.

Microdata 

Sets of records containing anonymised information on individuals, providers and QQI awards. QQI uses them in official statistics to produce aggregate information, usually in table format or visuals.

Minimum frequency rule

A primary suppression rule applied to aggregated/frequency tables. It has the following steps:

• Aggregated/frequency tabular data are generated.
• A particular cell is deemed unsafe if the number of elements/contributors to the cell is less than a pre-specified value (usually pre-specified value of 5 or 10). E.g. if a cell contains less than 5 QQI award holders, it is to be suppressed.

Researchers microdata file (RMF)

Access to microdata for scientific purposes only. Researchers from recognised organisations must apply for access and need to be recognised as a research entity. Examples include universities, research institutes or research departments in a public administration, statistical institutes, etc.