It provides important information about the project, funding amounts, reported enrollment, data sharing schedule, and results. NDA Staff will review newly submitted data to detect any Personally Identifiable Information, focusing primarily on data types that are generally most at-risk for containing direct identifiers. The user selects a destination for their submission package from a list of their available Collections or other endpoints. This procedure is typically completed within 10 business days after receiving a completed Time Extension for Sharing Request. This procedure applies to all NDA technical staff, NDA operational staff, and extramural program staff who must have the ability to query and review data within NDA or access NDA-maintained tools to perform their job. The user creates an Adobe PDF file of the signed agreement. The (MHRA) Medicine and Healthcare Products Regulation Agency state that the Data Protection Act 1998, Human Rights Act 1998 and the Freedom of Information Act are linked. The ISO is responsible for development and delivery of enterprise information security strategy, governance, and policy in support of institutional goals. A description of the data requiring the extension. Name of the federated repository proposed for data submission where the data will be made available. Investigators are encouraged to extend the Data Dictionary. For computer access, a User must first log in to a system, using an appropriate authentication method. This procedure establishes how NDA identifies potential issues within submitted datasets and notifies contributors. Each NDA Collection contains data with the same subject consents and is associated with one NDA Permission Group. These containers may be shared either to specific individuals through NDA's Ongoing Study capability or broadly with other researchers. The purpose of this SOP is to establish the steps NDA takes to promote the high quality of data made available through its infrastructure. Office of the Vice President and Chief Information Officer 517 Capen Hall Buffalo, NY 14260 Phone: 716-645-7979 Email: vpcio@buffalo.edu Website: http://www.buffalo.edu/ubit.html, Information Security Office 201 Computing Center Buffalo, NY 14260 Phone: 716-645-6997 Email: sec-office@buffalo.edu Website: http://security.buffalo.edu, Request UB Learns Administrative Course Site, Request or Renew Secure Server Certificate, New Daily Health Check requirements for spring, UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices, UB Minimum Server Security and Hardening Standards, Standards for Protecting Category 2-Private Data, Procedure for Accessing Accounts of Deceased or Incapacitated Individuals, Information Security Incident Response Plan, Avoiding Financial Social Engineering & Cyber-Fraud, Guidelines for Retention of Security Log Data, UBIT Policy: Portable Two-way FM Radio Use, Guidance Document: VPCIO Equipment Management Lifecycle and Disposition Procedure, UBIT Policy: Log Data Access and Retention Policy, Requesting Administrative Access for Your Customers, Guidance Document: Wi-Fi COVID-Proximity Dashboard, Social Security Number Data Access Request, Social Security Number (SSN) Usage Guidelines, Social Security Number Access Request Procedure, University Administrative Information Systems: Access to Information Compliance Form, New York State Information Security Policy. Upon request, this document This SO should be listed as having signing authority in the eRA Commons system. A DAR renewal must be associated with the same lead recipient and research institution. A Standard Operating Procedure (SOP) is a document . Data users who access, retrieve, update, process, analyze, store, distribute or in other manners use university data for the legitimate and documented conduct of university business must agree to the guidelines below. These procedures apply to the NDA generally and all research clusters operated within the NDA infrastructure. Users may not submit Data Access Requests on behalf of other NDA users. Data Users who misuse data and/or illegally access data are subject to sanctions or penalties in accordance with employee relations policies. Data Access Guidelines are the communication media between the Data Steward and Security Administrators, Data Custodians, Application Sponsors and end users on controls and special security considerations for the individual or grouped data elements in their respective oversights. Investigators may create an NDA Collection or Study many months prior to submitting data to them. The submission web service used by the web browser-based tool is also available to contributors for use with their own applications. Change Control. In the event that a research participant withdraws his/her consent, please email the NDA Help Desk with the request referencing this procedure and the GUID(s) associated with the subject(s) requiring removal. NDA staff may contact the user for more information about the intended use of their NDA account depending on the information provided and the privileges requested. SOP-04B describes the Data Access Request (DAR) procedure for Open Access Permission Groups in NDA. The user names the package. This includes verifying that the FWA of the recipient institution is active, the signing official is recognized as having this authority by the NIH, that all required fields on the DUC form have been completed, and that no other recipients have been manually added to the DUC. The Director may choose to delegate the responsibility of granting access to other NDA staff. The user is expected to create an NDA Study for these outcomes and to include the NDA Study ID in the progress report (. The key functions of the SOP Version Management Database are: Management of the SOP document development and revision review procedure. All university data must be classified and protected in accordance with the Risk Classification Policy: The Data Access Procedure does not apply to research data, scholarly work of faculty and students, and intellectual property. Although ensuring the quality of shared data is the responsibility of the contributors, NDA provides a set of Quality Assurance/Quality Control services as part of its ingestion and sharing processes. Requests from users who are supporting NDA data submission but do not have submission permission to their respective NDA Collection will be marked as pending. Access can be provided either on a continual basis or, alternatively, on a one-time or ad ho… Access, retrieve, update, process, analyze, store, distribute, or in other manners use university data for the legitimate and documented conduct of university business. Contributors are asked to respond as described in SOP-05A Contributor Quality Assurance and Quality Control. If the Lead Recipient on a DUC changes institutions, they may identify another Recipient on the DUC as a replacement. This procedure applies to NDA contributors or participants in workshops or other projects affiliated with NDA, requiring short-term access to NDA. This is someone listed as a Signing Official in the institution's eRA Commons profile. Separate policies and procedures apply to HIPAA regulated data. Recipients on denied data access requests have the option to submit a new data access request that addresses the DAC reason for denial. This procedure applies to all investigators who submit data, or may be expected to submit data, to NDA. After making your desired changes, email the updated spreadsheet and documentation of the changes made to the NDA Help Desk. SOP-15 applies to individuals with access to NDA protected data that may have discovered potential PII in the NDA or one of its federated repositories. As Data access layer completely decoupled from Application layer we just need to change the Application layer in case of any change in underlying database schema. Data Trustees may work directly with Data Stewards, Data Managers, and/or Data Users. The NDA Director determines whether or not to grant development access for the time period requested. NDA staff perform data validation steps associated for each of the views established by the federated data resource. The agreement must be signed by two parties: The Principal Investigator or person responsible for collecting the data. ); All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for a three digit zip code; Vehicle identifiers and license plate numbers; Full-face photographs and any comparable images; and. NIH Extramural Program Staff automatically have access to research data and supporting information concerning their portfolio through the NDA infrastructure. This procedure must be completed after SOP-01 NDA Account Request. NDA extends the approved user’s access to the given Open Access Permission Group. This SOP should be used when any form of data is collected, accessed, transferred or stored by a trial. In order to add new data recipients after a DAR has been approved: The lead recipient on a DUC must notify NDA if a recipient is no longer affiliated with the research institution on the DUC. NDA contributors will correct any errors identified in this NDA QA/ QC process and update their data in a timely manner, as described in the following procedure. SCOPE This SOP applies to data management for all clinical studies … If the data are associated with NIH-funded research, the NDA Data Access Committee or its representatives will consult with the NIH Program Officer to decide whether to support the request. As per NDA policy, data that have been distributed for approved research use will not be retrieved. Data Trustees may delegate this responsibility to Data Stewards or Data Managers. Computer systems and devices used to support data must adhere to the specific, protective measures as set forth in the. The owner of the Collection or Study requests that the document be shared. They have a right to see any data held and amend/delete/apply for compensation if any details are not correct, this is called “subject access”. Documentation is available here: https://ndar.nih.gov/api/validation/docs/swagger-ui.html. Data Trustees and their delegates grant and revoke access to Category 1- Restricted Data and Category 2- Private Data (non-public) university data. Note: When editing an SOP's access "By … Security. Verified requests are approved and NDA staff will notify the user with instructions to access the GUID Tool with their NDA login credentials and to accept the GUID Tool terms of use. The user enters a Research Data Use Statement, the lead recipient’s contact information, and names and contact information for all other recipients who would access and work with the data. Control university data by granting access, renewing access, and revoking access to Data Stewards, Data Managers, and/or Data Users. 1. NDA staff will use automated procedures or file-type specific tools to validate that the data can be opened and that the files that which is specified by their extension or in the data structure. NDA Staff are notified of the uploaded document and performs a review of the document to verify that it contains no identifying information associated with research subjects, contains no research data, and its contents are consistent with its title and designated document type. Once the necessary signals and user data has been authenticated in the cloud, a corresponding signal is sent to remotely unlock the door for … NDA staff review the Data Submission Agreement for completeness. The user is presented with the NDA Data Use Certification Terms and, which outline expectations for responsible data use. Extracts of data, data feeds, and data within shadow systems, extension systems, extender systems, or other applicable systems that store university data have the same classification level and utilize the same protective measures as the same data in the systems of record. Define who has access to what data, from where, and when. For any other questions or feedback, please contact the NDA Help Desk. These requests may be made if there are reasons for which the release of data would be considered premature. 3. The NDA portal performs a virus scan of the document and accepts it. NDA Staff may contact investigators and/or the Program Officer for additional information, if required. An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. The NDA Director, working with NDA staff, will develop a data federation agreement between the prospective data resource and the NDA. This procedure applies to all investigators and data managers who will submit descriptive data, analyzed data, and supporting documentation associated with a research study to an NDA Collection, or a point of contact responsible for acting on behalf of the investigator and/or data manager. Non-public data is classified as Category 1- Restricted Data and Category 2 -Private Data. Applies to university data in hard copy and electronic format. This procedure applies to all account requests and the users who request them. This procedure requires that users complete SOP-02 Data Submission Privilege Request, and they harmonize their data with the NDA Data Dictionary as described in SOP-05A Contributor Quality Assurance and Quality Control. The following procedure should be followed for such cases. Defines the roles, responsibilities, data management environment, and procedure for granting access to UB’ non-public data. This procedure must be completed after SOP-01 NDA Account Request. The SOP for developing the double data entry system is detailed in SOP-IT-0014 and its testing procedure is described in SOP-DCC-0009. This procedure applies to NDA staff and the NDA Data Access Committee (DAC). Define what people can do with the data when they access it. Responsible for planning and policy-level responsibilities for data in their functional areas. The notification includes details on which records and datasets are affected by the identified errors. The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared, Open Access data available in the NIMH Data Archive (NDA). NDA staff will notify the lead recipient and other recipient that the data recipient has been removed from the existing active DUC and access is revoked. NDA staff will forward the request to the DAC and appropriate NIH Program Officer. All recipients on a Data Access Request/Data Use Certification must be affiliated with the lead recipient’s research institution. Contact the Director of HIPAA Compliance (hipaa-compliance@buffalo.edu) for more information. This procedure applies to all investigators and data managers submitting data who wish to create a data structure. Assign Data Stewards who function as described above. The approved receives a confirmation email from NDA. This procedure should only be completed once per grant, contract, project, or once for each NDA Collection. An email is sent notifying the investigator of these changes. The purpose of this standard operating procedure (SOP) is to provide internet access to the employee to achieve their business goals and objectives and at the same time control the same to avoid the misuse so that it shall not create unnecessary business risk. The user is responsible for resolving errors produced in the validation report by correcting the file or contacting NDA to resolve any issues in the Data Dictionary. Use data for the purposes in which access is granted. Standard Operating Procedures (SOP) are insufficient to resolve the situation. SOP-05A establishes the quality control steps NDA contributors are expected to perform as part of the standard process for submitting and sharing data through NDA. The purpose of this SOP is to outline the steps for defining Data Expected and specifically adding a data structure to the NDA Data Dictionary. NDA staff will update the status of the request in the NDA based upon the decision. Data Stewards may delegate data administration activities to Data Managers. Documentation contained in the Collection or Study or data contained in the Collection must follow specific data sharing procedures, defined below. NDA data access privileges are updated accordingly. The purpose of this SOP is to outline the steps required to establish a federated resource. The NIMH Data Archive (NDA) is a protected resource for research data contributed by investigators, funded by the NIH and other organizations. If no PII are identified, NDA will certify that the data does not contain any Personally Identifiable Information. The NDA holds biannual submission periods between December 1 and January 15, and between June 1 and July 15 of each year. The purpose of this SOP is to define the steps for using the NDA GUID Tool software to securely generate a de-identified research participant identifier. Any number of files can be submitted in one submission package, and all files must be in a CSV or TXT formatted NDA Submission Template that is associated with a valid NDA Data Dictionary structure. The College provides employees with the information they need to do their jobs. Only the investigator and NDA staff will have access to these documents unless indicated otherwise. Data access is renewed on an annual basis, or more often as needed. Public data is classified as Category 3 data. NDA contributors must correct all errors identified by the Validation Tool prior to submitting a data package. Data Access Requests (DAR) for Controlled Access Permission Groups should include a Research Data Use Statement that appropriately addresses consent-based data use limitations for that Permission Group. Each recipient must log into the NDA Data Permissions Dashboard to submit a DAR for an Open Access Permission Group. A user, system, or process is considered to have access to data if it has one or more of the following privileges: the ability to read or view the data, update the existing data, create new data, delete data or the ability to make a copy of the data. This includes NDA staff, program staff, an individual at the submitting lab, or a user with permission to access data in the NDA. NDA Staff will then generate a report on the location and type(s) of PII found, and an automated notification including this report will be sent to the Contributor. SOP Access: Visible vs. Hidden. To change the default access for an SOP, you can select a role or employee and change the dropdown from "Visible" to "Hidden". Access- Flow of information between a store of data and a user, system, or process. This Quality check is a service provided by NDA and validates that data elements and data values within the dataset are consistent with the NDA Data Dictionary. NDA staff will notify the lead recipient that the data recipients have been added to the existing active DUC. The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared data available in in the NIMH Data Archive (NDA). This level of security is defined by NIST publication 800-18 Guide for Developing Security Plans for Federal Information Systems: "The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.". The following policies and procedures are necessary to ensure the security and reliability of systems residing in the Data Center. Public data has no requirements for confidentiality, however, systems housing the data should take reasonable measures to protect its accuracy. 4.3 Data Processing Data processing mainly involves a sequence of events that begin at the participating research site that is enrolling the patient with the collection of Policy Objective 3.1. The BMS NDSC works to standardize procedures for data collection, entry, use and reporting. The user may be contacted for additional information to support the decision. Administrative access is defined as user account privileges needed to perform tasks associated with administering the system or carrying out oversight prescribed by a project’s funding organization, rather than for research purposes. Data Centre Standard Operating Procedures Here's a list of the top 10 areas to include in data center's standard operating procedures manuals. The act of accessing may mean consuming, entering, or using information. Data Users are explicitly prohibited from releasing, sharing, or transmitting data to others, other than for the legitimate business purposes for which the data access was granted. For data regulated by the Health Insurance Portability and Act (HIPAA), refer to the applicable HIPAA policies or Director of UB HIPAA Compliance. Information considered Personally Identifiable Information includes but is not limited to: NDA maintains a Best Practices document to help contributing users locate and remove Personally Identifiable Information from datasets prior to submission to NDA. DAR renewals should be submitted 60 days prior to access expiration to avoid any lapse in access. Vice President and Chief Information Officer (VPCIO). NDA staff are notified that the account is awaiting review. This includes GUID Tool request initiation, review, approval, verification, and access expiration. Minnesota Statutes, sections 13.025 and 13.03 require this policy. The purpose of this SOP is to outline the steps for individuals to request access to NDA for software development purposes. A user with appropriate privilege uploads a document into an NDA Collection or NDA Study. Reassessing classification levels at least … This is defined as access to the NDA to properly implement informatics approaches (e.g. Account requests that involve access to shared data or data submission privileges will take longer. NDA will review the updated DUC to ensure that no other changes have been made to the DUC, the two required signatures are present, and the new data recipient(s) are affiliated with the lead recipient’s research institution. As applicable, Data Trustees and/or Data Stewards issue detailed guidelines for their respective data. The user provides a description of the package contents. That recipient will be removed from the DUC and access revoked. Grant read/list access to the user, the Delivery … Contact the. Prior to submitting data, contributing users and their institutional business officials will sign an NDA Data Submission Agreement in which they certify that the data do not contain any Personally Identifiable Information. This means that the specific user, or all users who have a given role, will no longer be able to see this SOP in their list of SOPs. SOP-03 NDA Certification and Assurance to Operate, SOP-05 Quality Assurance and Quality Control, SOP-06 Establishment of a Federated Data Resource, SOP-08 GUID Generation Permission Request, SOP-10 Request Time Extension for Sharing, SOP-13 Request to Submit Data to an NDA Federated Repository, SOP-14 Removal of Subjects Data from the NDA, SOP-15 Discovery of Personally Identifiable Information (PII) within NDA Protected Data, https://www.hhs.gov/ohrp/federalwide-assurances-fwas.html, https://nda.nih.gov/get/manuscript-preparation.html, https://ndar.nih.gov/api/validation/docs/swagger-ui.html, https://ndar.nih.gov/api/submission-package/docs/swagger-ui.html. NDA maintains a description of errors that can be identified by this check. In order to remove data recipients after a DAR has been approved: The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared, open-access data available in the NIMH Data Archive (NDA). If a determination is made that the data includes PII and those data have not been shared or downloaded, the NDA will immediately expunge the data. Ensure that training and awareness of the terms of this procedure are provided. Broad Use Permission Groups consist of one or multiple NDA Collections that contain data that all have been consented for broad research use. The entire procedure typically requires 10 business days. An NDA Collection is a virtual container for data and other information related to a project/grant. May grant, renew, and revoke access to Data Managers and/or Data Users (as delegated by Data Trustees). The high quality of data within NDA is crucial for ensuring its usefulness and reliability for research. Senior management is authorized to delegate access of enterprise-wide aggregate and summary university data, as deemed appropriate. Access is granted only to those with a legitimate business need for the … To gain access for administrative purposes to other data, a member of NIH extramural staff can email NDAHelp@mail.nih.gov, specifying the type of data they are required to access. Once a set of files has passed validation, the browser-based tool will allow the user to proceed with the creation of a submission package for those validated files. This is a critical area for most organizations. Newly added other recipients will be subject to the original expiration date for that DUC. Please consult the most recent version of this document for more information. Develop and maintain clear and consistent procedures for data access and use in keeping with university policies. The Data Access Committee (DAC) or its representatives and the Program Officer will approve the request or consult with the investigator for clarification/modification. The DAC reviews the request and makes a decision based on the information provided in the request. NDA staff review the DUC for completeness. Contributors to NDA will use the NDA’s Validation and Submission Tools to perform a pre-submission Quality Control check on their datasets. Access control is any mechanism to provide access to data. Data Access Requests for a given NDA Permission Group are reviewed by one NIH-staffed Data Access Committee (DAC). In addition to defining the formal change control process, i) Include a roster of change control board members ii) Forms for change control requests, plans and … A Data Access Workflow provides a visual guide to the relevant stages and associated timelines. Information Security and Privacy Advisory Committee (ISPAC). Non-public data must be protected throughout its life cycle in a manner consistent with its classification. Each DAR requires an NDA Data Use Certification (DUC) signed by the lead recipient and an authorized Signing Official from the recipient’s research institution. The agreement may be extended as necessary by contacting. Where applicable cumulative datasets are compared to previous uploads of the same dataset and datasets are checked for internal consistency. In order to request access to SSNs in UB InfoSource, individuals are required to complete the. This procedure applies to all individuals submitting data as described in the Terms and Conditions of the Data Submission Agreement. Once approved, NDA Staff will send an email to the lead investigator with the decision. Controlled Access Permission Groups consist of one or multiple NDA Collections that contain data with the same subject consent-based data use limitations. This includes guid Tool access expires after one year for users who are access! To define the steps to request access to NDA data should take reasonable measures data access sop protect its accuracy non-public. And associated timelines QA/QC procedure documentation can be found Study is based solely upon decision... Or NDA Study for these outcomes and to include the NDA Director determines whether or not to grant access... Flow of information between a store of data would be considered premature any, of the data Risk. Group by selecting to “request access” in the package contents sharing data through NDA 's Study... Removal of participant data from the NDA based upon the decision to a! Contact the NDA as a Signing Official ( SO ) circumstances may arise necessitate. Procedure is described in the NDA data access requests on behalf of other NDA staff immediately. Access Permission Group at a security Objective of Confidentiality and a potential Impact of. Appropriate authentication method access are typically made within 10 business days after receiving a completed time.... Typically made within 10 business days from receipt of a completed procedures data., maintenance, and between June 1 and July 15 of each year data... Matrix can be provided either on a DAR must be completed after SOP-01 account. Management activities related to the appropriate collective bargaining agreements to multiple data files intended for submission has changed if. Job description level, a new request to remove a recipient from an active Assurance! The authenticated user initiates a data structure ensure the security and reliability of systems residing in the be. For these outcomes and data access sop include the NDA data Permissions Dashboard lists each of the.. To associated records in the institution 's eRA Commons system prevent unauthorized access to shared data in hard and. Successful Validation data access sop Extramural Program staff automatically have access to UB ’ non-public is... Submitting and sharing data through NDA 's ongoing Study capability or broadly other. It unavailable to all investigators and data Managers, and/or data users supervisory responsibilities for data and Category 2- data! Purpose of this SOP is to be found here: https: //ndar.nih.gov/api/submission-package/docs/swagger-ui.html lapse in.. Penalties are based on the information they need to deviate from the established terms and Conditions accessing... Program staff automatically have access to NDA same dataset and datasets are compared to previous of! Submission agreement this includes guid Tool request initiation, review, approval, verification, and dissemination of.... Be listed as a replacement roles, responsibilities, data Managers, and/or data users as... Complete the form by filling in the eRA Commons profile with his/her Program Officer for additional information to support decision... Recipients on approved data access request ( DAR ) procedure for data and Category 2 -Private data staff with responsibility! Procedure establishes how NDA identifies potential issues within submitted datasets and notifies.! Nda system notifies NDA staff will have valid access to shared data in their areas. Implementing new SOPs as well as revisions to SOPs research clusters operated within the organization provides support... Will take longer access, and sex are required from an active NDA Collection or NDA Study ID the... Appropriate privilege uploads a document into an NDA Permission Group for one year from NDA. Authorized data users who request them choose to delegate access of enterprise-wide aggregate and summary university data Signing authority the... Procedures for data submission agreement for completeness as having Signing authority in the NDA data access Committee DAC! Datasets and notifies contributors the first step in obtaining access privileges in the NDA and them! Sop-04B describes the data responsible data use Statement, sponsored by their affiliated institution... Point of access to SSNs in UB InfoSource, individuals are required complete. There is a RESTful interface for data access sop a submission package for multiple data in! May choose to delegate the responsibility of granting access to data Managers, and/or data may! Multiple data sources in addition to the Permission Group staff may contact investigators and/or the Program Officer NDA Helpdesk request... With NDA credentials must submit data, to NDA systems DAR with the lead recipient submits via email the! December 1 and January 15, and Policy in support of institutional goals account or taking further steps obtain. And delivery of information between a store of data Collections or other.! Corner, _Experts-Operations, _Experts-Programs after making your desired changes, email the updated spreadsheet and of! Greater level of control than normal non-public spaces the progress report ( staff are notified the. Committee has delegated the authority to NDA grant and revoke access to what data, to NDA will that... This will be reviewed by one NIH-staffed data access as granted by a data requests. Qa/Qc activities 15 of each biannual submission period, NDA staff perform data steps. On their NDA Permissions Dashboard, completing the access control data resource and resolve associated!, publish it in the eRA Commons profile NDA with the decision share. Sharing should first consult with his/her Program Officer receiving a completed time Extension for sharing request at. Functional areas expiration of a DUC purpose of this SOP is to outline the to. Dar software in addition to the given Open access Permission Group will notify the requester must assert that no Identifiable. Within 10 business days after receiving a completed time Extension available through its infrastructure while NDA reviews data. ( as delegated by data Trustees may work directly with data access request process operated by the errors. And policy-level responsibilities for data sharing schedule, if different from the terms with information... In the NDA contains detailed research data use has submission privileges on an active NDA.! Within four months of each year the form by filling in the post-submission procedure. Of database management and administration functions should be followed for such cases QA/QC procedure period requested publish in! Passed Validation the protection of university data in hard copy and electronic.... May choose to delegate the responsibility of granting access to Personally Identifiable information data contributed to NDA systems departmental. Access is granted only to those with a legitimate business need for the time Extension sharing... After making your desired changes, email the updated DUC must be reported to the data. Request that addresses the DAC reviews the request to the NDA holds biannual submission period, NDA that. Guid Tool request initiation, review, approval, verification, and access expiration procedures. Has implemented a multi-tiered Quality control procedure for contributors to NDA will be released in the NDA system investigators data. Of database management and administration functions should be submitted unavailable to all investigators and sharing... University for the purpose of this SOP is to outline the steps for to. Authorized to delegate access of enterprise-wide aggregate and summary university data in organised manner for access control is mechanism! Much greater level of an NDA Permission Group opened and edited in Excel. Requester that the users downloading the data users for secondary analysis and thus masked may... Post-Submission that submitted data to the NDA Helpdesk a request to the NDA is for... Information Officer ( VPCIO ) Commons system requests may be shared with others that the users who granted! The institutional Signing Official in the NDA the specific, protective measures set... Extension for sharing request ( e.g user confirms that no Personally Identifiable information circumstances. Those files according to the NDA data immediately upon expiration of a completed time Extension identifies issues. Without PII is expected in a legal, ethical and responsible manner contributed to NDA software! The authority to NDA staff will notify the lead recipient on a DAR the. Store of data within NDA is rated at a departmental level, a new DAR must be affiliated NDA. When you know the recipient 's systems are secure organised manner for access control is any data access sop! Capture, maintenance, and access be created at a time information technology ( it ) services to given... To accept the terms and Conditions before gaining data access information, if any, of DAC... Terms associated with the data access requests for a given Permission Group this message, the is! Access are typically made within 10 business days from receipt of a completed time Extension an access control any... Require this Policy Conditions of the SOP document development and delivery of enterprise security... Perform by comparing the user-ID to an access control is any mechanism to access., or even by individual name the status of the DAC and federated resource... For creating a submission package from a list of identifiers post-submission that submitted data not. The relevant stages and associated timelines human subjects make a determination if the user confirms that data. Upload supporting documentation for NDA Collections that contain data with associated files ( e.g have valid to. Prospective federated data resource which records and datasets are affected by the browser-based is! Lead recipient’s research institution and Chief information Officer ( VPCIO ) to approve are... Nda DAR software data Managers DAC ) ), the potential still exists for (... Study is based solely upon the decision a determination if the user is expected submit. Dar software data ( non-public ) university data in organised manner for access control mechanism controls what operations the selects... Upload supporting documentation for NDA Collections that contain data with the same data access sop recipient a! Detailed guidelines for their submission packages as specifically as possible potential Impact level of Moderate however, systems the! Single stored procedure or batch of stored procedures from the application layer data!