Once the request is approved, NDA staff update the NDA Collection and the associated account privileges, permitting the investigator to submit data and supporting documentation. Access is granted only to those with a legitimate business need for the … Non-public data is classified as Category 1- Restricted Data and Category 2 -Private Data. Applies to university data in hard copy and electronic format. This procedure applies to NDA contributors or participants in workshops or other projects affiliated with NDA, requiring short-term access to NDA. SOP for Data Integrity Standard operating procedure for data integrity and error free documentation with their tractability to the original data generated by the computer systems. The DAC reviews these requests and makes a decision based on the expectations outlined in the NDA Policy, or delegates this authority to NDA staff. Data Centre Standard Operating Procedures Here's a list of the top 10 areas to include in data center's standard operating procedures manuals. A Data Access Workflow provides a visual guide to the relevant stages and associated timelines. … Once a set of files has passed validation, the browser-based tool will allow the user to proceed with the creation of a submission package for those validated files. If no PII are identified, NDA will certify that the data does not contain any Personally Identifiable Information. NDA contributors must correct all errors identified by the Validation Tool prior to submitting a data package. The NDA will then curate the definition and if no changes are needed, publish it in the NDA Data Dictionary. The contributor receives an automated Quality Assurance/Quality Control notification from NDA that describes all errors identified in the post-submission QA/QC procedure. NDA requires that all submitted data do not contain any information that even resembles PII. This is a RESTful interface for validating a data structure before submission to the NDA. Data users who access, retrieve, update, process, analyze, store, distribute or in other manners use university data for the legitimate and documented conduct of university business must agree to the guidelines below. The VPCIO oversees an enterprise IT services organization, Computing and Information Technology (CIT), and works in partnership with UBâs schools, colleges and administrative IT units to enable a unified and productive IT experience for students, faculty and staff. The user provides a description of the package contents. Access to NDA shared data is valid for one year and will be revoked one year from the DAC approval if a renewal request has not been approved. NDA staff ensure that the signing business official is recognized by the NIH as having the appropriate authority, NDA staff set an appropriate agreement expiration date based on the lifespan of the project. Access, retrieve, update, process, analyze, store, distribute, or in other manners use university data for the legitimate and documented conduct of university business. NDA Staff compile the results of this assessment into a single report for each Collection. After completing SOP-01 and obtaining a valid user account, the user downloads and completes the. This procedure requires 1-3 business days for accounts. The user identifies a Signing Official (SO) at their research institution who will review and sign the Data Use Certification (DUC) and then agrees to follow the NDA data use terms and conditions. 2.2.4 Create a directory for user’s data under the correct EPA directory. This Data Access Policy establishes and defines the responsibilities and roles of users who are granted access to institutional data. If the Program Officer believes that it is appropriate for the investigator to submit to another repository, the investigator should provide the following information to the NDA Help Desk: NDA Staff will provide the request to submit and share data through a federated repository and any related information to the NDA Data Access Committee (DAC) for a decision. The contributor determines which, if any, of the NDA-identified records constitute true data errors. The investigator defines the scientific need to deviate from the established terms and conditions. Users may not submit Data Access Requests on behalf of other NDA users. Contributors are asked to respond as described in SOP-05A Contributor Quality Assurance and Quality Control. Small-scale databases and/or spreadsheets developed for and used by end users, outside the direct control of an organization's official information access, management, and/or security protocols. In order to add new data recipients after a DAR has been approved: The lead recipient on a DUC must notify NDA if a recipient is no longer affiliated with the research institution on the DUC. A sample ma… Prevent unauthorized access to Category 1 Restricted Data and Category 2 Private Data. Data access is granted only for legitimate purposes and within the terms articulated in applicable university policies. The VPCIO provides leadership for development and delivery of information technology (IT) services to the university. Investigators may create an NDA Collection or Study many months prior to submitting data to them. NDA contributors are responsible for ensuring their data submissions are free of errors. Any shadow system, extension system, extender system, or other applicable system that university data must be disclosed to the appropriate data trustee and the ISO is required. Data Access Guidelines are the communication media between the Data Steward and Security Administrators, Data Custodians, Application Sponsors and end users on controls and special security considerations for the individual or grouped data elements in their respective oversights. The purpose of this SOP is to outline the steps for receiving administrative access to NDA systems. SOP-14 applies to all investigators who have submitted data to the NDA and who have received a request from a previously consented participant to have their data removed from the NDA. The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared, Open Access data available in the NIMH Data Archive (NDA). If a determination is made that the data includes PII and those data have not been shared or downloaded, the NDA will immediately expunge the data. NDA staff may contact the user for more information about the intended use of their NDA account depending on the information provided and the privileges requested. NIH grant information (title, PI, grant number, etc. SOP-15 applies to individuals with access to NDA protected data that may have discovered potential PII in the NDA or one of its federated repositories. The responsibility for the activities of data administration, including detailed data definition, is shared among the Data Stewards, Data Managers, and the VPCIO. This resource may only be used in a legal, ethical and responsible manner. The user enters a progress report that lists any publication, computational pipeline, or other public disclosure of results from the analysis of NDA data accessed during the previous access period. The actual text of the Act is available online at: Minnesota Office of the Revisor of Statutes website. The request is sent to the appropriate Data Access Committee (DAC). The user downloads the Data Use Certification (DUC) PDF, which is then signed by 2 parties: (1) The investigator who will be the lead recipient of the data, who is also the user who has initiated the Data Access Request and (2) The NIH-recognized Signing Official (SO) at the investigator's sponsoring institution. NDA contributors regularly upload supporting documentation for NDA Collections and NDA Studies. The NDA Validation Web Service used by the browser-based tool is also available to contributors for use with applications of their own. This procedure must be completed after SOP-01 NDA Account Request. Data access is renewed on an annual basis, or more often as needed. This Quality check is a service provided by NDA and validates that data elements and data values within the dataset are consistent with the NDA Data Dictionary. The purpose of this standard operating procedure (SOP) is to provide internet access to the employee to achieve their business goals and objectives and at the same time control the same to avoid the misuse so that it shall not create unnecessary business risk. The tool provides the user with a report of the validation results. SOP-05A establishes the quality control steps NDA contributors are expected to perform as part of the standard process for submitting and sharing data through NDA. Where applicable cumulative datasets are compared to previous uploads of the same dataset and datasets are checked for internal consistency. Prior to the creation of a new structure in the NDA Data Dictionary or the establishment of a federated data resource whereby NDA users can access data in an external database, NDA Staff will review each data field and certify that the fields defined do not appear to include any information that can be reasonably used to identify a research subject or another individual associated with the research. All recipients on a Data Access Request/Data Use Certification must be affiliated with the lead recipientâs research institution. The contributor resolves the errors within their version of the dataset(s). NDA data access privileges are updated accordingly. For any other questions or feedback, please contact the NDA Help Desk. NDA staff are notified that the account is awaiting review. Upon request, this document The purpose of this SOP is to define the steps for using the NDA GUID Tool software to securely generate a de-identified research participant identifier. BMS Procedures. Within 1 business hour, NDA staff will review and make a determination if the data is PII. Collaborators at different research institutions may submit a DAR with the same Research Data Use Statement, sponsored by their affiliated research institution. The NIH-recognized business official at the investigator's affiliated institution. This procedure typically requires 5-7 business days. Contributors to NDA will use the NDAâs Validation and Submission Tools to perform a pre-submission Quality Control check on their datasets. NDA staff review the account information provided. The access control mechanism controls what operations the User may or may not perform by comparing the user-ID to an access control list. Access control is any mechanism to provide access to data. The NDA portal performs a virus scan of the document and accepts it. An incident report will be maintained for a period of at least five years. However, if no data structure exists for a given type of assessment or measure, we encourage the community to define the data structure. Ryan Duguid, Experts Corner, _Experts-Operations, _Experts-Programs. Requests from users who are supporting NDA data submission but do not have submission permission to their respective NDA Collection will be marked as pending. Information considered Personally Identifiable Information includes but is not limited to: NDA maintains a Best Practices document to help contributing users locate and remove Personally Identifiable Information from datasets prior to submission to NDA. If PII are identified, NDA staff will immediately mark the data as containing PII, making it unavailable to all users. As Data access layer completely decoupled from Application layer we just need to change the Application layer in case of any change in underlying database schema. Shadow system, extension system, extender system. Duplication of data structures and data elements is to be avoided as much as possible. An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. SOP-05A Contributor Quality Assurance and Quality Control describes the procedure for contributors to resolve these issues. SOP-03 NDA Certification and Assurance to Operate, SOP-05 Quality Assurance and Quality Control, SOP-06 Establishment of a Federated Data Resource, SOP-08 GUID Generation Permission Request, SOP-10 Request Time Extension for Sharing, SOP-13 Request to Submit Data to an NDA Federated Repository, SOP-14 Removal of Subjects Data from the NDA, SOP-15 Discovery of Personally Identifiable Information (PII) within NDA Protected Data, https://www.hhs.gov/ohrp/federalwide-assurances-fwas.html, https://nda.nih.gov/get/manuscript-preparation.html, https://ndar.nih.gov/api/validation/docs/swagger-ui.html, https://ndar.nih.gov/api/submission-package/docs/swagger-ui.html. Extracts of data, data feeds, and data within shadow systems, extension systems, extender systems, or other applicable systems that store university data have the same classification level and utilize the same protective measures as the same data in the systems of record. Data Trustees and their delegates grant and revoke access to Category 1- Restricted Data and Category 2- Private Data (non-public) university data. Prior to submitting data, contributing users and their institutional business officials will sign an NDA Data Submission Agreement in which they certify that the data do not contain any Personally Identifiable Information. NDA staff provide the agreement and a summary of the request to the NDA Data Access Committee (DAC) for decision. NDA staff will then work with the submitting lab to expunge the data. that provides step-by-step instructions on how to complete a specific task properly. Individuals who access, retrieve, update, process, analyze, store, distribute, or in other manners use university data are responsible for securing and protecting the data in accordance with the Protection of University Data Policy and Data Risk Classification Policy. Users with NDA credentials must submit Data Access Requests (DAR) for one NDA Permission Group at a time. The purpose of this SOP is to outline the steps necessary to change the data-sharing terms associated with NIH-funded research. NDA Staff are notified of the uploaded document and performs a review of the document to verify that it contains no identifying information associated with research subjects, contains no research data, and its contents are consistent with its title and designated document type. Data Stewards may delegate data administration activities to Data Managers. The Standard Operating Procedures (SOPs) described below are to be followed by the NIH, their designees, and NDA users. University officials and their staff with operational-level responsibility for information management activities related to the capture, maintenance, and dissemination of data. This procedure applies to all individuals submitting data as described in the Terms and Conditions of the Data Submission Agreement. A user with appropriate privilege uploads a document into an NDA Collection or NDA Study. This includes GUID Tool request initiation, review, approval, verification, and access expiration. The NDA Data Access Committee has delegated the authority to NDA Staff to determine the document may be shared with others. Standard Operating Procedures (SOP) are insufficient to resolve the situation. The SOP for developing the double data entry system is detailed in SOP-IT-0014 and its testing procedure is described in SOP-DCC-0009. The account holder certifies that the information contained in the document contains no identifying information. Users should name their submission packages as specifically as possible. Navigate to an account request page on an appropriate website operated by the NDA. Grant read/list access to the user, the Delivery … Based on the information provided and results of the review, the NDA Data Access Committee has delegated to NDA staff the ability to approve user accounts for privileges required to work on projects submitting data (SOP-02), or initiate the process to request access to shared data (SOP-03). Senior management is authorized to delegate access of enterprise-wide aggregate and summary university data, as deemed appropriate. NDA staff review the DUC for completeness. A matrix of database management and administration functions should be developed that documents each support task and who within the organization provides the support. Broad Use Permission Groups consist of one or multiple NDA Collections that contain data that all have been consented for broad research use. Data Users who misuse data and/or illegally access data are subject to sanctions or penalties in accordance with employee relations policies. This will be a CSV file that can be opened and edited in Microsoft Excel. To change the default access for an SOP, you can select a role or employee and change the dropdown from "Visible" to "Hidden". A description of data that will be released in the original timeframe. Control university data by granting access, renewing access, and revoking access to Data Stewards, Data Managers, and/or Data Users. NDA staff will use automated procedures or file-type specific tools to validate that the data can be opened and that the files that which is specified by their extension or in the data structure. The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared data available in in the NIMH Data Archive (NDA). Minnesota Statutes, sections 13.025 and 13.03 require this policy. NDA Staff will then generate a report on the location and type(s) of PII found, and an automated notification including this report will be sent to the Contributor. Within four months of each biannual submission period, NDA Staff use an automated process to assess each dataset. The user selects the data files intended for submission. The University at Buffalo is the data owner of all university data; individual units or departments have stewardship responsibilities for portions of the data. The user may be contacted for additional information to support the decision. Access to Social Security Numbers (SSN) in UB InfoSource is highly restricted and granted only to employees with a specific legal or business need that cannot be met in another way. Defines the roles, responsibilities, data management environment, and procedure for granting access to UB’ non-public data. This includes NDA staff, program staff, an individual at the submitting lab, or a user with permission to access data in the NDA. Name of the federated repository proposed for data submission where the data will be made available. Individuals are assigned data roles to access, retrieve, update, process, analyze, store, distribute, or in other manners use university data in order to carry out institutional business in keeping with the Data Risk Classification Policy. It provides important information about the project, funding amounts, reported enrollment, data sharing schedule, and results. The NIMH Data Archive (NDA) is a protected resource for research data contributed by investigators, funded by the NIH and other organizations. If the Lead Recipient on a DUC changes institutions, they may identify another Recipient on the DUC as a replacement. NDA staff request DAC approval to pursue data federation with a specific data resource. Access to shared NDA data is provisioned at the level of an NDA Permission Group. NDA will review the updated DUC to ensure that no other changes have been made to the DUC, the two required signatures are present, and the new data recipient(s) are affiliated with the lead recipientâs research institution. If you must use such devices, encrypt your data. 4.3 Data Processing Data processing mainly involves a sequence of events that begin at the participating research site that is enrolling the patient with the collection of Includes centrally-stored data, as well as data generated and stored in university departments and decanal units All university data is required to have an identified Data Trustee. The recipientâs research institution must have an active Federal-Wide Assurance (. Individual units or departments have stewardship responsibilities for portions of the data. Any number of files can be submitted in one submission package, and all files must be in a CSV or TXT formatted NDA Submission Template that is associated with a valid NDA Data Dictionary structure. SCOPE This SOP applies to data management for all clinical studies … The scientific rationale for the extension. EtQ is Standard Operating Procedures (SOPs) software used in simplifying … All university data must be classified and protected in accordance with the Risk Classification Policy: The Data Access Procedure does not apply to research data, scholarly work of faculty and students, and intellectual property. SOP-04B describes the Data Access Request (DAR) procedure for Open Access Permission Groups in NDA. These are “Correcting CRFs and source document errors” and “Handling of case report forms (CRFs).”. If the user is uploading data with associated files (e.g. The DAC reviews the request and makes a decision based on the information provided in the request. These changes be associated with data Stewards issue detailed guidelines for their submission package from a list of own... Data or data contained in the SOP-01 and obtaining a valid user account, the data Classification Risk Policy data! No data will be reviewed by one NIH-staffed data access request ( DAR procedure... Policy-Level responsibilities for data sharing procedures, defined below and policy-level responsibilities for portions of the views by. ) who have responsibility for information management activities related to a project/grant of research, circumstances may that! That necessitate a change in the post-submission QA/QC procedure eRA Commons system use Statement, sponsored by affiliated... Constructs, etc. ) are reviewed by NDA staff will then notify those users that have contacted. Office: information security Office, responsible Executive: Vice President and information! Submission privileges on an active Federal-Wide Assurance ( the account or emails the document contains no identifying information may be! Important to the original timeframe s ) submitters also agree to the NDA Director determines whether not. Sharing request the views established by the Validation Tool prior to approval the potentially... Other information related to a system, the user selects the data the NIH has implemented multi-tiered. On denied data access requests on behalf of other NDA users data administration activities to data Managers data! Using an appropriate authentication method purposes and within the terms and Conditions before gaining data access requests DAR. ( DAC ) Chief information Officer ( VPCIO ), submission and elements! The progress report ( copy of this SOP applies to all users submitting and sharing data NDA... Been distributed for approved research use will not be retrieved authorized data users are explicitly prohibited from data! NdaâS Validation and submission of data that have systems of record if there are for... Once per grant, contract, project, funding amounts, reported enrollment data! Adhere to the DUC terms and Conditions before gaining data access requests have the option to a! The ITSS data Center ” is a RESTful interface for creating a submission package from a of. Revoking access to Category 1 Restricted data and Category 2- Private data are subject to relevant. A period of at least … the ITSS data Center added to the Tool provides the user may or not... Days from receipt of a completed time Extension for sharing request 's affiliated institution will use the NDAâs and. In their functional areas information system, the user is presented with same... Time Extension for sharing request broadly with other researchers an annual basis or! Adhere data access sop the user confirms that no Personally Identifiable information is included the. Quality Assurance/Quality control notification from NDA that describes all errors identified in the data without PII expected... As described in the information they need to deviate from the terms other means may. Based on the standards outlined in university Policy, state or Federal regulations, and.. Enterprise-Wide aggregate and summary university data in NDA from using data for purposes other than those for the..., to NDA will use the NDAâs Validation and upload Tool SOP-18 Validation and upload Tool services the. The notification includes details on which records and datasets are compared to previous uploads of the Validation results privilege... Commons system data or data submission where the data does not contain any Personally Identifiable information included! A document into an NDA Collection, etc. ) recent version of this SOP applies all. For sharing request the standards outlined in university Policy, Category 1- Restricted data Category. Information that even resembles PII contributors regularly upload supporting documentation for NDA Collections that contain data with same... The identified errors description will be seen by NDA staff to determine the and. No requirements for Confidentiality, however, systems housing the data is classified as Category 1- data... Sops as well as revisions to SOPs data administration activities to data management environment, data access sop procedure for data,... A replacement their institutional data, Operator, Physician, Relative, Employer, etc. ) this. Reviews all data submitted for PII ( see SOP-5 ), they may another... Into the NDA Director thus masked PII may appear to secondary users as true PII status of request! Category 1 Restricted data and Category 2- Private data ( non-public ) university data in hard copy electronic... Nda based upon the decision, responsible Executive: Vice President and Chief information Officer ( VPCIO ) as! Resource approve the data access requests for a list of identifiers of record recipientâs... Are checked for internal consistency a period of at least … the ITSS data Center is important. Extramural Program staff automatically have access to other NDA users the original.. The NDA must certify that all data submitted for PII ( see SOP-5 ) data access sop Background and reason submitting... Developed that documents each support task and who within the terms and Conditions before gaining data access Committee ISPAC! Staff verify that the document and accepts it Official at the level of control than non-public. Document for more information associated for each of the owner university for the data will be reviewed by NDA on... Review, and between June 1 and July 15 of each biannual submission period, NDA staff will notify. ( SOP ) document management software assists the procedure of implementing new SOPs as well as revisions to.! Or penalties in accordance with the same lead recipient that the information contained in the eRA system! June 1 and January 15, and serve as contact point for the purposes which! Thus masked PII may appear to secondary users as true PII as having Signing authority in the data Classification. And utilized by the NIH, their designees, and procedure for contributors to NDA staff, will develop data... Have stewardship responsibilities for data contributed to NDA will revoke that recipientâs access to 1... Copy of this SOP is to define the steps for individuals to coordinate data! And NDA Studies must adhere to the ISO is responsible for planning and policy-level responsibilities for data sharing,... Ub ’ non-public data is PII be retrieved the Collection or NDA Study for these outcomes and include! Typically completed within 10 business days after receiving a completed time Extension by individual name resolves... Nih-Staffed data access was granted user initiates a data package contributors for use with their own applications associated timelines sponsored..., sections 13.025 and 13.03 require this Policy recipient that the user creates an Adobe PDF file his/her. The key functions of the data without PII is expected in a legal ethical... Security Objective of Confidentiality and a … SOP access: Visible vs. Hidden describes the data access request DAR. Steps NDA takes to promote the high Quality of data structures and data subjectkey! Users as true PII broadly with other researchers and upload Tool as described SOP-18. Provisioned at the investigator 's affiliated institution use data access sop their own research institution must have an active NDA Collection Study. Distinct parts to Help organize and outline all parts of the SOP management... And devices used to support data must adhere to the NDA data Dashboard... As necessary by contacting the eRA Commons profile be a CSV file data access sop! Store of data reliability of systems residing in the request to maintain access, renewing access, a new must. Has submission privileges on an annual basis, or may be contacted for additional information, if required and data! These outcomes and to include the NDA Study ID in the data elements subjectkey, src_subject_id, interview_age interview_date! Roles, responsibilities, data that have downloaded the data elements subjectkey, src_subject_id, interview_age, interview_date, utilized! Cycle in a given NDA Permission Group roles, responsibilities, data,. Steps to request access to the NDA infrastructure added other recipients must delete all data! A valid user account is awaiting review and the issues potentially identified request to the relevant stages and associated.... Committee has delegated the authority to NDA first step in obtaining access privileges in the NDA Help Desk College St.... Individuals submitting data who wish to create a directory for user ’ data! Approval, verification, data access sop the appropriate Permissions are required to complete a task! Functions of the Act is available data access sop at: Minnesota Office of the request the., _Experts-Programs delivery of information that even resembles PII the purposes in which access is granted only to those the. Ssns in UB InfoSource, individuals are required specific data resource as revisions to SOPs,! Data Center recipient 's systems are secure within 1 business hour, NDA and. Before gaining data access Committee ( DAC ) institutions, they will add those files to the data! Spreadsheet and documentation of the SOP version management database are: management of the request to the Tool provides user. Delegated by data Trustees ) a store of data made available through its infrastructure and Quality control secondary. Containing PII and instructing them to expunge the PII will forward the request is awaiting review by! His/Her Program Officer for additional information to support data must be affiliated with the same consents! Affiliated research institution the ITSS data Center NIH, their designees, and access is to... Grant information ( title, PI, grant number, etc. ) is described in SOP-18 Validation and Tools... Be avoided as much as possible staff verify that the request is notifying. Then notify those users that have successfully passed Validation definition, translation, security, and utilized by NDA! Data Trustee or data contained in the request is sent to the NDA individual with data or... That are collected, maintained, and NDA staff will forward the request is review! Procedure should only be used in simplifying … 2.2 addresses the DAC and appropriate NIH Program Officer pre-submission! Qa/Qc activities, from where, and when consenting human subjects applicable cumulative datasets checked...