Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Effective date: 07/16/2021
Owner: Chief Technology Officer
Available: Sage Intranet/Policies


Version
Summary

6/25/2021

Added versioning and tracking for Quality Program purposes


Changes to some Synapse tables may require strict change control procedures in order to meet agreements with data providers, regulators, or for other change control purposes. This process can be used to ensure that changes to a Synapse table are limited to approved by specific authorities.

...

  • Changes to the configuration of a Synapse project are beyond the scope of the process; auditing of configuration changes can be done by administrators and audited through reports on the Synapse data warehouse.
  • Projects in a pre-production phase, before a production release, do not need require the full documentation of this procedure. Access control must still be managed according to this procedure, however.

Process Requirements

Requests for ad-hoc data changes start with a Jira issue ticket that serves as a record of the change and approval process.

...

  1. In all cases, the change request must be formally documented and tracked as an issue in Jira to create an audit-able trail of the work to be done. This must include a description of who is performing the data change and the specifics of what the change entails. This should be detailed enough so that someone looking at the data after the fact can determine how the data was changed. A project should have an appropriate data change form template that includes the appropriate elements, such as this example.
    1. For some projects, the authoritative change request must be recorded in a partner's record system, signed by approval authorities, and link linked to the Jira issue.
    2. Determine how the change will be made, whether through the web client or programmatically. If the change requires scripting, develop and test the script first.
  2. An administrative user may temporarily assign write permission to the user who will oversee the change. This is to ensure that no user participating in the project can modify participant data unilaterally, and that we have an audit-able record of following this procedure.
  3. Perform the change:
    1. The Investigator or delegate must issue an API call, such as through the web client, to create a snapshot of the table version. The snapshot becomes an immutable record of the state of the table before the change.
      1. A label reflecting the nature of the change and referencing the explanatory Jira ticket should added be included in the version snapshot.
      2. The version comment should contain a link to a sign Jira ticket that includes the signed change request if appropriate for the project.
      3. Query the prior and new table versions to confirm that the difference is as required by the change request. Attach a screenshot of the version history noted on the prior version of the table to the Jira ticket.
    2. The appropriate project staff may apply the change with appropriate supervision as defined by the project requirements.
  4. The project investigator or other approval authority should review and validate prior and changed versions of the data and close the Jira issue that documents the change request.
  5. The administrative user must revert permissions in order to prevent further modification of the table.

...