About UsData Security

Data security is an important factor to consider in the data collection process. Making sure that data is secure from unauthorized changes or access is important to ensure the data’s accuracy and integrity. In this vein, the Food and Drug Administration (FDA) developed guidelines (Title 21 CFR Part 11) for electronic records to ensure the integrity and reliability of the electronic data.

The CRHC Data Center creates database systems that are compliant with the FDA’s Part 11 guidelines. We include some of our policies here.

Database Access Procedures

  • Study personnel are assigned unique login credentials to access only the data they are permitted to manage.
  • Only database programmers and statisticians assigned to a project have rights to the database, files, and directories that contain sensitive project data.
  • When a programmer or statistician leaves the Data Center, his/her user account is immediately disabled and ultimately deleted.
  • When new members are added to the study team, the PI or approved designate must email the Data Center with user information and security restrictions.

Validation Procedures

  • Use of allowable data ranges for variables, which reduces the possibility of entering an incorrect value.
  • Logical branching (skip pattern) that takes the data entry specialist to the next applicable field, form, or screen, based on the entered response.
  • Drop down boxes and lookup tables that allow only pre-determined, pre-formatted values to be entered.
  • Designation of certain fields as required; use of error messages or other feedback to alert the user when these are not completed.
  • Standardized codes for commonly used variables such as gender, race, and ethnic origin.
  • Standardized codes for fields with missing data assures field has intentionally been set as missing.
  • Implementation of automated procedures such as eligibility determination, randomization, and instrument scoring, which eliminate human error for a variety of study processes.

Data Backup/Disaster Procedures

  • Databases which reside on a CRHC Data Center server are backed up to tape every night and archived weekly. Weekly archived media is stored at an offsite secure location and maintained there for six months.
  • All servers use hardware fault tolerance methods to ensure the continued availability of data.

Version Control Procedures

  • The Data Center programmer uses version control software, TortoiseSVN, to manage changes made to databases and websites. All revisions are kept and can be accessed by the programmer.
  • In instances where new changes cause a database application to malfunction, the programmer can return to an earlier stable version of the application.
  • With projects that require multiple programmers, all programmers have access to all iterations of the project’s databases and websites.
  • Study personnel are given access to the latest approved version of the forms.

Server Security

  • The CRHC Data Center servers are located in a secure server room which contains an alarm system, temperature control, and a double lock on the main door with a tracking key card entry system.
  • Our dedicated web server utilizes 128-bit SSL security for online real time data entry.
  • Our dedicated SQL server, which is used for database and data storage, offers 128-bit SSL security and has limited access via network firewall.
  • Our dedicated web site and database development server is located behind a firewall with only developers on the intranet having access.
  • Servers are housed in a secure rack with dedicated UPS power sources to assure 24/7 uptime.
  • Production servers are scanned on a monthly schedule by Computing Services and Systems Development (CSSD) to ensure all software and hardware are running at optimal performance and systems are secure to the latest industry standard.