Harvard's Research Data Security Policy requires all research that receives a data security level (DSL) assignment of 3, 4, or 5 be reviewed by a School Security Officer (SSO). Historically, DSL 3 has been reviewed within a one-year time frame, while SSO review of DSL 4 and DSL 5 has been required prior to IRB approval. With the recent changes to the federal regulations governing human subject protections, many studies that received a DSL 3 used the continuing review timepoint as a “due date” for the DSL 3 review. As continuing review is no longer a requirement for many studies, a working group has been thinking about ways to revisit this practice.
Starting June 1, 2019, and lasting through the summer, a pilot of a revised SSO-practice will take place. Studies that receive a DSL 3 will follow the review practice of DSL 4 and DSL 5 – SSO review will be required before IRB approval. When SSO review is required, IRB staff will notify the appropriate SSO through ESTR and monitor the review.
The good news is that this revised practice will provide greater monitoring, better documentation, improve the timing of consultation and access to necessary tools for all SSO reviews. After a few months with the adjusted requirement in place, the IRB and SSO teams will assess the adjusted practice to identify any further possible improvements.
To learn more about the IRB and Data Security Review processes, along with the status of this pilot, visit the following Harvard resources or reach out to your local IRB: