Revised Harvard Research Data Security Policy Effective July 15, 2020

July 8, 2020

The University, working with stakeholders, has revised the Harvard Research Data Security Policy (HRDSP), which will be effective as of July 15, 2020. The updated HRDSP better reflects current roles and practices, and importantly, requires use of the existing applications (e.g. ESTR-IRB, Agreements-DUA, and Data Safety and Security) to provide easy access to all stakeholders.

A ’soft launch’ of the HRDSP took place in mid-May, so you are already aware of some of the great aspects of the revised policy, for example, the IRB now issues a sensitive or non-sensitive data determination.

The new Data Safety Application will allow for more efficient access to support and expertise for researchers working with research data as well as increased transparency of research compliance processes University-wide. Going forward, researchers that need to manage sensitive data or data that is subject to special requirements under a contractual obligation (such as a sponsored award or Data Use Agreement), will be required to use the Data Safety Application, which will facilitate:

  • submission of data security review requests to the cognizant information security reviewer (the reviewer will be automatically assigned);
  • correspondence with the assigned information security reviewer;
  • tracking the status of reviews; and
  • managing active data uses & agreements (including research team updates and extension requests).

The Data Safety Application is currently available for use and can be accessed on the Research Administration and Compliance Systems (RACS) Data Safety System support site. You can also visit the RACS site to register for training sessions or to access guidance materials on any of the applications. Additionally, the Research Data Management site will be kept up to date with useful resources.