Researcher Attestation Form: Affirm Security Protections
Institutional Review Boards
Security Implementation Guidelines
For use by IRBs and principal investigators to ensure that security protections are adequately implemented for research using identifiable data or covered by a data use agreement.
Principal investigators please review, confirm the following security requirements, and sign where indicated.
- If your research is subject to a data use agreement (DUA) please attach the security requirements in the DUA to this document and certify that the specific requirements in the DUA can be met in your research facility or that the research will take place in a facility which has been previously certified to meet the security requirements in the DUA.
- Otherwise, your research is classified using the Harvard’s Research Data Security Policy as Level __ Data. You certify that the requirements in the Harvard Research Information Security Policy for that level information can be met in your facility or that your research will be done in a previously certified facility.
- You have provided a list of people (e.g. researchers and lab assistants) with access to the research information or facility. You have provided the categories of people (e.g. IT support, facilities maintenance) that also have access to the research information or facility.
- You agree to remove access to the research information of anyone who changes jobs or leaves the University such that they no longer require such access.
- If remote access to the research information is required, you have provided a list of the individuals who will have access from outside the University premises and the reason for their access.
- You agree to report a breach, or possible breach, in the security of the research information within 24 hours to the IRB. If the research information has been classified as Level 4 or Level 5, the report must also be made the School and University Technology Security Officer as well as the Office of General Counsel and your IRB.
- You agree to obtain the approval of the IRB prior to contracting with any vendor who will have access to the research information.
- If your research protocol includes the collection of original data in the field, you have provided to the IRB a description of the data collection and data transfer method to be used; this method had been approved by your School CIO.
- If your research information has been classified as Level 5, the physical configuration and security of your research facility has been approved by your School Security Officer, School CIO or the University Technology Security Officer.
Signature of Principal Investigator____________________________ Date_______
Received by the IRB __________________________________ Date_______
Effective date October 7, 2010