Registering for an ORCID iD takes about two minutes. Keeping the record behind it accurate is where most researchers fall down, and an out-of-date ORCID record quietly undermines the very thing the identifier is meant to do. The good news is that, with a few settings configured once, ORCID will keep much of your record current for you — the work is far more about permissions than about manual data entry. This guide explains how. For the background on what the identifier is and why it matters, the persistent-identifiers guidance for authors and the explainer on what an ORCID iD is are the place to start; this article assumes you already have one and want to keep it healthy.
The two kinds of data on an ORCID record
The single most useful thing to understand about ORCID is that not all the information on a record is equal. ORCID distinguishes between data that you have typed in yourself and data that a trusted organisation has asserted about you.
- Self-asserted data is anything you add by hand — an affiliation you typed, a paper you entered manually. It is useful, but a reader cannot tell whether it is verified.
- Validated assertions are added by a trusted organisation through ORCID’s API — your university confirming an employment, a publisher confirming you authored a paper, a funder confirming you hold a grant. These carry the source of the assertion, so anyone reading the record can see that the affiliation came from the institution itself, not just from your own claim.
A record full of validated assertions is dramatically more trustworthy — and more useful to funders and hiring committees — than one you have populated entirely by hand. The goal of good ORCID maintenance is therefore to let trusted organisations do as much of the asserting as possible.
Turn on auto-update
The highest-value setting is auto-update. When you connect your ORCID iD to Crossref and DataCite — a one-time authorisation — new works that are deposited with your ORCID iD attached are added to your record automatically. In practice this means that when you publish a paper and the publisher includes your ORCID iD in the Crossref deposit, the paper appears on your ORCID record without you doing anything, and it appears as a validated assertion sourced from the registration agency.
The condition is simple but easy to miss: the publisher has to actually collect and deposit your ORCID iD. That is why you should always supply your ORCID iD during submission, and ideally sign in with it rather than typing it, so that the iD is authenticated. An authenticated iD attached at submission is what makes the whole auto-update chain work. Connect once, supply your iD every time, and your publication list largely maintains itself.
Manage your trusted organisations and trusted individuals
Auto-update is one instance of a broader mechanism: trusted parties. ORCID lets you grant two kinds of trust:
- Trusted organisations — institutions, funders, publishers, and systems you authorise to read from or write to your record through the API. Your university’s research-information system, for example, can be a trusted organisation that adds your validated employment affiliation and pushes your institutional outputs onto your record.
- Trusted individuals — a person, such as a research administrator or an assistant, whom you authorise to manage your record on your behalf. This is useful for senior researchers who would rather delegate the upkeep.
Both are managed under the Trusted parties section of your account settings, and both are fully revocable. Granting access does not hand over your password; it grants a scoped, auditable permission that you can withdraw at any time. Reviewing this list once or twice a year — confirming the organisations you expect are there, and revoking any you no longer deal with — is the core maintenance habit.
Set your visibility deliberately
Every item on an ORCID record has a visibility setting: everyone, trusted parties only, or only me. The default for new items can be configured in your account. For the record to be useful to the systems that consume it — funders checking your outputs, journals verifying your identity, your CRIS pulling your profile — the key items generally need to be public. A common and self-defeating mistake is to register an iD, set everything to private, and then wonder why the identifier seems to do nothing. As a rule, make your name, affiliations, and outputs public, and reserve restricted visibility for things you genuinely want kept back.
A short maintenance routine
- Connect to Crossref and DataCite auto-update once. This is the single highest-leverage action; it keeps your works current automatically.
- Always supply your authenticated ORCID iD at submission — for papers, datasets, software, and grant applications — so that each output and award can be asserted onto your record.
- Authorise your institution as a trusted organisation so that your employment and institutional outputs arrive as validated assertions.
- Review your trusted parties annually and revoke any you no longer use.
- Add the things no one else will assert — education, professional memberships, peer-review and editorial service, older works that predate ORCID — by hand, since these often have no organisation to assert them for you.
- Check your visibility settings so that the items you want discoverable are actually public.
Why a current record pays off
Beyond convenience, an accurate ORCID record increasingly does real work on your behalf. Funders draw on it for applications and reporting; narrative-CV and biosketch tools pull from it; institutional systems reconcile your outputs against it. A record rich in validated assertions lets you make precise, checkable claims about your contribution history — including, where publishers deposit them, your CRediT roles per paper, so that “I led the analysis on these studies” becomes a verifiable statement rather than an assertion on a CV. The effort is front-loaded into a handful of one-time settings; the payoff compounds across every later application and assessment.
Where shared vocabulary fits
“Auto-update”, “trusted party”, “validated assertion”, “source”, and “self-asserted” are ORCID-specific terms that are easy to muddle, and confusion about them is exactly why so many records go stale. A shared, federated vocabulary that defines these terms precisely is what lets guidance from one institution be understood at another. Supplying that definitional layer is part of the role the CASRAI dictionary is designed to play.