Frequently Asked Questions (FAQs)
Data Safe Haven FAQs
Can I store and process data that is subject to Export Controls in the DSH?
Yes
Can I egress data from the DSH before I have completed my analysis on that data?
Yes, any data can be egressed as long as that egress has been approved by the project’s IG Lead.
Can the DSH be costed into projects that involve work with external companies?
Yes, although our cost model was calculated on the assumption that academic researchers would be using the service. For commercial work, the costs are likely to be higher.
Are there any limits on data types or size of files that can be stored in the DSH?
In principle no, however we would need to ensure that we could create a DSH workspace for the software that you need to use.
Can industrial research data be stored and analysed in the DSH?
Yes, almost any type of research data can be stored and analysed in the DSH, including industrial data. However, our cost model was calculated on the assumption that academic researchers would be using the service. So if the industrial data is also being used for commercial purposes, the costs are likely to be higher.
Where is the data physically stored?
The data stored in DSH cloud is physically located in the London region.
The data stored in DSH local is physically stored, in a University data centre, in the Manchester region.
Is the data in the DSH cloud encrypted?
DSH cloud data is encrypted at rest using AES-256-GCM. Cryptographers consider this algorithm to be quantum resistant. Theoretically, future, large-scale quantum computing attacks on ciphertexts created under 256-bit AES-GCM keys could reduce the effective security of the key to 128 bits. But, this security level is sufficient to make brute force attacks on AWS KMS ciphertexts infeasible.
DSH cloud data is encrypted in transit using SSL.
How does the HRDS team confirm who has authority to act as the IG Lead and approve the egress of data from a DSH?
The HRDS team can refer to the IG Masterfile (Information Governance Masterfile) to confirm who is authorised to act as the IG Lead. The IG Masterfile is an auditable Quality Assurance and Compliance System that ensures third party data providers’ requirements are met. Research Governance are the owners of the IG Masterfile process.
Can I choose to have my DSH data automatically deleted after a certain date or once my project has ended?
You cannot delete the data yourself, but you can request that the HRDS team carry out the deletion for you.
Where can I find definitions of what constitutes Very Sensitive, Highly Restricted and Restricted data?
Have a look at these Information Security Classification Examples provided by our Information Governance Office (IGO).
What's the difference between the Data Safe Haven (DSH) and Research Data Storage (RDS)?
Research Data Storage (RDS) and Data Safe Haven (DSH) are both services provided by Research IT for the storage of research data.
- RDS provides data storage, but the DSH offers a secure storage and compute environment.
- The DSH offers enhanced monitoring, auditability and support, appropriate for NHS Digital data.
- Data stored on the RDS is automatically encrypted once it reaches the RDS, but is not automatically encrypted when being transferred to or from the RDS. This means that restricted data should be encrypted locally before transferring it to the RDS to ensure it is encrypted during transit. The processes surrounding use of the DSH ensure that data stored in the DSH is encrypted at all times, including during transit.
- RDS data can be downloaded from a ‘storage share’ by anyone who has been given appropriate access to that share. DSH data can only be downloaded by the project’s IG Lead with approval from the HRDS team.
- Charges for DSH use are higher than for RDS, but for certain types of data, RDS will not be an option because of data owner requirements.
SafePod FAQs
How do I book the University of Manchester SafePod?
You need to visit this SafePod Network page.
Who can use the SafePod?
The SafePod is available to all researchers, including postgraduate researchers, at The University of Manchester and other local institutions.
How is access to dataset(s) provided?
Researchers can remotely access datasets via the SafePod Network’s secure VPN connection to a data centre’s web portal. Researchers must then enter their project credentials to gain access to their datasets. Statistical disclosure control procedures will be agreed between the researchers and the data centre.
Can new/additional datasets be made available via our SafePod?
Yes they can. Please email hrds@manchester.ac.uk with details of the dataset that you need to access.
Obviously, the data provider would need to consent to SafePod access.
All parties (i.e. researcher, national SafePod Network, data provider, UoM) would need to reach agreement on questions such as, whether the data would be accessible from every SafePod or just the UoM SafePod, and how the technical connection to the data would be implemented.
Would I be able to access Turing Tier 4 data from the University's SafePod?
In a 2020 presentation, the Alan Turing Institute summarised Tier 4 data as “Very sensitive personal, commercial or government data” and the access requirements as “Access only from known dedicated secure rooms. Stricter package whitelist”. The SafePod Network (SPN) have advised us that a SafePod does satisfy this access requirement.
Currently, on their web site, the Alan Turing Institute state that their “suggested default controls for Tier 4 environments are still under development”.
Our University Information Governance Office (IGO) have a definition of Very Sensitive data which closely aligns to the Turing Tier 4 data definition.
If you have a requirement to access ‘Tier 4’/’Very Sensitive’ data, then please discuss it with our IGO and Highly Restricted Data Service (HRDS) team. Additional datasets can be made available via the SafePod as long as you have approval from the data owner and our IGO.
What if I've made a mistake?
A mistake (e.g., erasing data) can be rolled back if the project is in Production Mode – you can extract the data instrument from a previous data dictionary under Project Setup->data revision history.
Once a project is fully tested and ready to begin collecting real data, it is moved from development mode to production mode. The benefit of being in production mode is that it helps prevent users from making changes to their data collection instruments that might result in accidental data loss.
REDCap projects can continue to change structurally and grow as study needs change, but in production mode, some changes don’t take affect immediately, so users have a safety net to double check how the changes might affect saved data before committing them.
Can different users of my survey have different access levels? How?
Yes. An owner of a project can assign each user a role (e.g., Project Manager, Data Entry) on a per project basis. This is done by navigating to the “User Rights” tab on the project homepage where users can be added to a project and their role defined.
Can I conduct a longitudinal survey?
Yes. A longitudinal project is created by selecting the “Longitudinal / repeating forms” collection format for data entry forms when creating or requesting a new project. A longitudinal project is similar to a traditional data collection project in that multiple data entry forms are defined. However unlike the traditional model, forms in a longitudinal project can be completed repeatedly for a single record. The longitudinal model allows any data entry page to be repeated any given number of times across pre-defined time-points, which are specified by the user before data is collected. So rather than repeating a data entry form multiple times in the Data Dictionary, it can exist only once in the Data Dictionary but be repeated N number of times using the longitudinal model.
The longitudinal project also lets you define “events” for your project that allow the utilisation of data collection forms multiple times for any given database record. An “event” may be a temporal event in the course of your project such as a participant visit or a task to be performed. After events have been defined, you will need to designate the data entry forms that you wish to utilise for any or all events, thus allowing you to use a form for multiple events for the same database record. You may group your events into “arms” in which you may have one or more arms/groups for your project. Each arm can have as many events as you wish. You may use the table provided to create new events and/or arms, or modify existing ones. One arm and one event will be initially defined as the default for all databases.
Can I lock my survey?
Yes. Once a project is moved into “analysis/clean up” mode then no new records can be added.
Instruments are locked once the project is in “production mode”. They can only be changed if the changes are submitted as a draft version and reviewed and approved by a REDCap administrator. There are no real-time changes made to a survey in production mode.
Projects can be moved to “inactive” or “archive” status if data collection has been completed.
It is also possible to lock records and instruments. It is important to note that instrument level locking and record level locking are independent features that are governed by separate user privileges. You must have explicit permission for either one in order to perform that specific locking action. Also, record locking is a higher-level locking than instrument locking, which means that an entire record may be locked or unlocked while one or more instruments are currently locked, but an instrument cannot be locked or unlocked while the entire record is locked.
Can I send mobile text messages from REDCap to subjects?
Although REDCap has the option to use Twilo for voice and SMS calls, this module is not enabled at the University of Manchester. This is because there are concerns about data protection as Twilo is a commercial service which is not based in the UK.
Can I send emails from REDCap to subjects?
Yes. Email invitations with a link to the survey can be sent to potential participants by clicking on the “Survey Distribution Tools” link on the project homepage. Then click on “Participant List” tab and add their email addresses. Once they have been added click on the “Compose Survey Invitations” button to write your invitation, specify a time when it should be sent, and whether a reminder email should be sent if a participant has not responded by a specified time. Then click on the “Send Invitations” button to invite them to complete the survey.
How do I audit and track changes?
REDCap’s logging module automatically logs all changes made to a project, including data exports, data changes, and the creation or deletion of users.
How do I access REDCap’s logging module?
Logging is not available to all users of REDCap, although the owner of a project does have the ability to view logs by default. It has to be enabled for other users on a per-user basis as the logs contain potentially sensitive data. Once logging is enabled for a user then a menu item titled “logging” will be visible on the left-hand menu of your project page.
How do I export the data from REDCap?
To export data from REDCap, click on the “Data Exports, Reports, and Stats” link on the Applications panel on your project page. This allows you to easily view reports of your data, inspect plots and descriptive statistics of your data, as well as export your data to Microsoft Excel, SAS, Stata, R, or SPSS for analysis.
Only users identified within a project as the Information Guardian can export full deanoymised data sets from REDCap The Information Guardian is required to complete an investigator agreement on the project when that project is created within REDCap If the person listed as the Information Guardian leaves the research team, the research group are required to contact the REDCap admin and nominate a new member of staff
How can I export my data to SPSS?
Select Data Export in the applications menu of your REDCap project.
Select which fields/forms you wish to export and click Submit.
Next to the SPSS option there are three files.
Download ALL THREE to your desktop.
From your desktop, double-click the “spss_pathway_mapper.bat”.
Follow the instructions and double-click (only once) on the downloaded “.sps” file on your desktop.
The file should look like: “EXPORT_PROJECT_USER_DATE.SPS”.
Wait for SPSS to open. A syntax file will appear in SPSS.
At the top menu, click on run and then “run all”.
After the syntax has completed running, close the syntax file and a new (untitled) dataset will appear with the data you downloaded.
Save it.
How do I embed audio and video?
The Online Designer will allow users to supply a video URL for a Descriptive field on a form or survey, where it will provide a button that, when clicked, will play the embedded video inline or inside a popup dialogue. The Online Designer can also take an attached audio file (e.g., MP3, WAV) for a Descriptive field and display it in an embedded audio player on the data entry form or survey page.
What plugins are provide with the University of Manchester REDCap service and do they cost anything?
The following optional modules supplied with a standard REDCap installation are enabled:
- Biomedical ontologies
- e-consent framework ( for electronic signatures)
- Computer adaptive tests (CATs) and Auto-scoring instruments
- Embedded Video
- XML export for project backup
- Graphical Data View & Stats Module
These external modules are installed:
- Multilingual – Allows surveys and data entry forms to be translated
- Field Notes Display – Provides alternative display modes for field notes
- Image Map – This module replaces an input, radio, or checkbox field with an interactive image where users can click on image regions to select one or more field options
- Instant Field Concatenation – This module concatenates fields and places the result in another field instantly
- REDCap CSS Injector – Allows project owners to inject CSS into surveys and data entry forms
There are no charges for the use of the plug-ins.