Data Safety Submission Guide
4. Will any of the data be received via physical media such as paper, CD, or external Drive?
If yes, describe the format, method of transfer, and storage location: Provide information to
consider as part of the review, including any security measures in place.
5. *Do you have a contract for use of the data?
Mark yes if the data is covered under a data use agreement or other contract. Include the
provider number, if there is one.
Mark no if data will be obtained via other collection methods. Describe the methods, including
the use of any survey tools or collection methods.
6. *Data type description: Include the type of data being stored, including for example, if it is
survey or medical record, as well as the years covered by the data.
7. Will all of this data be stored or managed at Harvard or otherwise using Harvard resources
(e.g. physically on the premises or in Harvard Cloud Storage)? Mark yes if all data associated
with this entry will be stored at Harvard, using Harvard resources, or managed by Harvard
researchers.
8. Harvard Data Security Level: See https://policy.security.harvard.edu/view-data-security-level
for definitions of the Harvard Data Security Levels (DSL). If you are unsure what to select, leave
this question blank and work with your assigned School Security Officer to determine the
appropriate DSL.
9. *Places where data will be collected, stored, or analyzed, including tools and locations:
Choose one or more Level-appropriate options from a set of Harvard pre-reviewed tools and
locations. Level-appropriate options meet minimum requirements for a Data Security Level
(DSL) at or higher than the DSL for the data set(s). Choose "other" if other locations will be
written in below. Your School Security Officer will review the appropriateness of your
selections for your data set(s).
• If “other” is indicated, write in all other locations for review.
• If “other” is indicated OR if the data set DSL is higher than the DSL of one or more chosen
places, please also explain any compensating controls or security measures planned.
10. Will all listed locations be accessed behind HarvardKey or another Harvard-provided
authentication? Mark yes to verify. Mark no if any one of the locations can be accessed in
another way.
11. Are you using encryption to protect the data? If yes, describe the encryption methods.
12. Anticipated storage requirements (if available): Special considerations may need to be made
for exceptionally large data sets.
13. Will data be shared with a third party? Select yes if any third party may handle, store, collect,
transcribe, host the data or application, or otherwise have access to the data, including under a
vendor contract for management of the data.
14. For those doing data analysis, how will output be shared? Provide a brief description of the
ways in which data or results will be shared.
15. Provide other relevant information about the data.: Include any details that will support the
review or locally required metadata to support data management.
SmartForm Section: Data Access
1. Methods of data access and collection (mark all that apply) Select the type of devices the
protocol team will use to access the data and whether security on those devices is managed by