Revision Date: 2023.11.09
Table of Contents
I. Description
This SOP identifies and describes the processes used by Sage Governance to support the 1kD Program funded by Wellcome Leap.
II. Objectives
Understand the steps involved in reviewing and processing 1kD Data Access Requests, which includes:
Reviewing and Processing 1kD Access Requests: Steps for processing 1kD Program Access Requests including ACT Review of Access Request, supporting and managing PI review of the Access Request, and supporting and managing further discussion to facilitate approval. This section serves as guidance for ACT Access Request coverage.
Managing the list of Authorized Individual
Managing Access Requirements
Governance Activity Audit Reporting
Project Closures:(*to be added* / As projects are closed, details of the project closure plan including data disposition, agreement dissolution, and Synapse access revocation will be added. This will also help to inform a general Governance RM for project closure guidance.)
III. Scope
The procedures within this document apply to Sage Governance Analyst working on the 1kD Program and any ACT member who may provide coverage support when the dedicated 1kD Governance Analyst is unable to do so.
IV. 1kD Program and Definitions
The 1kD Program (syn26133760) is a private data coordination center funded by Wellcome Leap for the "The First 1000 Days: Promoting Healthy Brain Networks" Program.
Sharing Data in the 1kD Data Repository encourages formation of a broad, diverse, and collaborative international community of 1kD Researchers. Due to the terms of consent and the local laws and regulations, we have instituted governance structures that balance sharing this data for secondary research with commensurate privacy protections for participants.
1kD Program Data in Synapse is visible only to 1kD Program Researchers, Leap, and selected members of Sage Bionetworks.
Sage has executed a Data Sharing and Use Agreement with each of the "Performers" (Institutions / Lead Researchers) who are contributing data to the 1kD Program. Each Performer has a team of Authorized Individuals working with them on their project.
The data contributing Performers are each assigned their own individual project folders within the 1kD Program. Within a project's data folders, the project team uploads data to the project's private "Staging" folder. Access to the Staging folder is limited to the project's team with few exceptions in which an institutional agreement exists between Performers allowing named persons access to their Staging folder for administrative purposes.
Once data has been curated and validated, Sage's 1kD Program Data Curator then moves the data from the project's Staging folder to the project's "Data Release" folder making the data available to the 1kD Authorized Individuals.
The Restricted Data tier is reserved for Data considered not sensitive by the Data Contributor.
1kD Researchers wishing to access 1kD Restricted Data must select the 1kD Restricted Data they wish to access and agree through a click-wrap to abide by the 1kD community norms.
The Controlled-Access Data tier is reserved for Data considered sensitive by the Data Contributor. The terms for data access can only be modified by the Data Contributor. Accessors are encouraged to discuss your research with the Data Contributor prior to requesting access to the Controlled-Access Data. Access to Data in this tier requires submission of an Access Request to the Data Contributor and is granted upon approval by the Data Contributor. 1kD Researchers wishing to access 1kD Controlled-Access Data must select the 1kD Controlled-Access Data they wish to access, agree through a click-wrap to abide by the 1kD community norms, and initiate an Access Request using the Synapse Data Access system.
For the 1kD Program, Wellcome Leap has expressed preference for the following terminology in the 1kD Program:
Usa “Leap” as a short form of reference to the funding source Wellcom Leap. Do not use “Wellcome” as a short form. Use "Wellcome Leap" as the first reference within a document, but use "Leap" for any subsequent references.
Use “Performer” instead of “PI”, “Principal Investigator”, “Investigator”, etc.
Use “1kD Program Team” or “Program Team” to refer to the collective community of 1kD Performers. Do not use “consortia”, “collaborative”, “network”, or other similar words.
Wellcome Leap funds via “contract” not “grant” - never refer to the funding as a grant. “Contract” or “statement of work” both are suitable alternatives.
Performer goals are called “deliverables” or “milestones”:
A “deliverable” is associated with a key scientific result or outcome
A “milestone” is more of an achievement such as IRB approval or 50% of data collected.
The following is a list of 1kD Program definitions as they appear in the 1kD Program Data Sharing and Use Agreement(s):
“1kD Data Repository” or “Repository” refers to the Data warehouse maintained by Sage for the 1kD Program.
“1kD Program Team” refers to the collective of 1kD Researchers.
“1kD Researcher” is any institution investigator contracted or subcontracted in the 1kD Program who is collecting, contributing, and/or receiving Data and is expected to collaborate to achieve the goals of the 1kD Program. Employees of Sage are not considered 1kD Researchers in the context of this Agreement.
“Anonymized Data” refers to Personal Data that has been rendered anonymous in such a manner that the Data Subject is no longer identifiable. ​​Where the Personal Data is subject to the GDPR, Anonymized Data means the Data that cannot be re-identified by using any of the means reasonably likely to be used, such as singling out, either by the Controller or by another person to identify the natural person directly or indirectly.
“Authorized Individual” includes any individual employed or contracted by the lead 1kD Researcher’s Institution and is actively working on a 1kD contract. In the context of this agreement an Authorized individual may be authorized by the Controller to Contribute, Process and/or receive Data in the 1kD Data Repository to advance the 1kD Program goals, pursuant to this Agreement or a Data access agreement substantially similar to this Agreement.
“Controlled-Access Data” is Data that has specific legal or ethical restrictions associated with its distribution within the 1kD Data Repository. These Data must only be shared with those members of the 1kD Program Team meeting specific conditions as set out in informed consent, institutional practice or ancillary contracts and will be provided by the Data Contributor at the time of contribution to the 1kD Data Repository.
“Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For the avoidance of doubt a Controller can act as a Data Contributor or Data Accessor.
“Data” refers to any Personal Data, information, measurements, metadata, clinical data, artifacts, analysis and visualization tools, experimental methods and protocols, computational methods, models, insights, confidential information, software, and code shared as part of participation in the 1kD Program. For the avoidance of doubt, Data includes Personal Data, Deidentified Data, Controlled-Access Data and Institution Personal Data.
“Data Accessor” is a 1kD Researcher or their Authorized Individual(s) who accesses Data from the 1kD Data Repository pursuant to this Agreement.
“Data Contributor” is a 1kD Researcher or their Authorized Individual(s) who contributes Data to the 1kD Data Repository pursuant to this Agreement.
“Data Subject” refers to the identified or identifiable natural person.
“Deidentified Data” refers to Personal Data (1) from which all directly identifiable elements (e.g., name, street address, date of birth, government identity number, etc.) have been removed and the individual is solely identified by a random, unique reference number or code that is not derived from or related to the individual’s personal information; (2) that are provided, stored, and transmitted separately from the key that would make reidentification possible; and (3) that are subject to a binding contractual or other legal obligation not to attempt to reidentify the Data except as authorized by law.
“Informed Consent” refers to the permission given by a Data Subject or Legal Authorized Representative (“LAR”) to participate in a research project after the Data Subject or LAR has been advised of the risks or hazards that could influence a reasonable person in deciding whether to give permission.
“Institution Personal Data” means any Personal Data that Sage Processes on behalf of Institution in connection with the Agreement.
“Institutional Review Board” (or “IRB”) is an institutional review board, organizational ethics committee, or similar panel responsible for overseeing the ethical conduct of research.
“International Data Transfer” means any transfer of Institution Data to a country outside of the country where the Institution Data was collected.
“Legally Authorized Representative” (or “LAR”) means an individual who possesses the full power and authority under applicable law to consent on behalf of another person to that person’s participation as a Data Subject in the 1kD Program.
“Personal Data” means any information relating to a Data Subject which may be used to identify the Data Subject directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. For the avoidance of doubt, Institution Personal Data includes Personal Data.
“Privacy and Data Protection Law” means any law, statute, legislation, order, ordinance, regulation or rule (as amended and replaced from time to time) which relates to the protection of individuals with regards to the Processing of Personal Data to which the Parties are subject, including but not limited to: security breach notification laws; laws imposing minimum security requirements; laws governing the portability or cross-border transfer of Personal Data; and all other similar international, federal, state, provincial, and local requirements; each as applicable.
“Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller. In the context of this Agreement, the Processor is Sage.
“Subprocessor” means a third-party Processor engaged by Sage to carry out Processing on behalf of a Controller.
V. Procedures
A. Reviewing and Processing 1kD Data Access Requests
Processing a 1kD Access Request involves accessing ACT Dashboard, updating the 1kD Program Access Request JIRA, updating the 1kD Access Request Tracking Spreadsheet, and if the submitted Access Request is complete, also emailing the 1kD Project Approver.
Access Requests are found on the Synapse ACT Dashboard. Check the dashboard daily for submission of new 1kD Access Request(s). There are 100 Access Requirements for the 1kD Program and all are named “1kD-[projectname]_[datatypefolder]”. To identify a new 1kD Access Request, look for Access Requirements with names starting with “1kD”.
When a new Access Request is received, a 1kD Program Access Request JIRA ticket is also automatically generated:
Once a new 1kD Access Request is visible on the ACT Dashboard, please follow the steps below to process and record the Access Request.
- ACT Review of the 1kD Access Request (“Governance Triage”)
Timing: ACT must complete these steps within 2 business days of receiving the Access Request.
Update 1kD Program Access Request JIRA Ticket Status:
Go to the 1kD Program Access Request JIRA and move the new ticket from “Open” to “Governance Triage” to indicate that this new Access Request has been identified by ACT and will now be reviewed by ACT.
Update the 1kD Data Access Request Tracking Spreadsheet.
The 1kD Access Request Tracking Spreadsheet is used for tracking Access Requests and reporting Governance Activity. It captures basic information about the Access Requests and is fairly easy to complete using the information in the ACT Dashboard and the 1kD Data Access Conditions Table (for SynID and AR ID).
At this point in the process, columns A through P can be completed. For “ACT Analyst” (column B), add your name as ACT Analyst reviewing the Access Request.
Review the contents of the Access Request in the ACT Dashboard.
During “Governance Triage”, ACT reviews the 1kD Access Request for completeness. This step is very important to the funder, Wellcome Leap. Sage ACT is expected to ease the Lead 1kD Researcher’s approval burden by rejecting incomplete requests and insufficient IDU Statements.
Access the contents of the Access Request by click on the Request # in the ACT Dashboard.
To be considered “complete”, a 1kD Access Request must include the name of the Project Lead, name of institution, and a well-written IDU statement which is:
1-3 paragraphs in length.
submitted in English
serves as an explanation for the Data Contributor detailing the1kD Researcher/Team's interest in the Data and a description of the pilot analyses / modeling they hope to perform on the Data addressing the following points:
What do you want to do?
Why are you doing it?
How do you want to do it?
For further insight into determining acceptable IDU statements, you can view the submitted 1kD Program IDU Statements.
For Accessors wishing to be granted access to their own team’s data, an abbreviated IDU statement is acceptable, but must still be sent to the Lead 1kD Researcher for access approval. An example of this type of IDU is: “This Access Request is submitted for the purpose of giving the KHULA Project Team access to their own project's Data Release folders”.
For some 1kD Program projects additional information must be included for the Access Request to be considered “complete”, these projects and additional conditions include:
Infant Natural Statistics (York) [closed November 2023] - If the Data Accessor is requesting access to a “personal data” folder, then they must have a completed Transfer Impact Assessment (TIA) on file in Synapse and they must also upload a completed Standard Contractual Clause (SCC) form as an attachment to their Access Request. The folders that require a completed TIA and SCC include InfantNaturalStatistics_parentChildInteraction (syn43669610) or InfantNaturalStatistics_sleep (syn43669620).
Confirm that the Institution submitting the Access Request has a Transfer Impact Assessment (TIA) on file by checking this folder. If not, this Access Request cannot be approved. Respond to the Data Accessor with reason for Rejection and move Jira Issue from “Governance Triage” to “ACT Rejection” to close the ticket.
Confirm that the Data Accessor has attached a completed Standard Contractual Clause (SCC) form as part of their Access Request. If not, this Access Request cannot be approved. If not, this Access Request cannot be approved. Respond to the Data Accessor with reason for Rejection and move Jira Issue from “Governance Triage” to “ACT Rejection” to close the ticket.
If you confirm that the Data Accessor has a TIA on file and has included a completed SCC form, then this Access Request is “complete”.
If the Access Request is complete, do not approve in Synapse, instead proceed to step 4.
If the Access Request is incomplete or the IDU Statement appears to be insufficient:
Reject the request in Synapse providing detail so the Accessor may address issues and resubmit their request. If the IDU Statement is insufficient, please include the link to the 1kD Program IDU Statements for the Accessor to use as reference.
Go to the 1kD Program Access Request JIRA and move the new ticket from “Governance Triage” to “ACT Rejection” and when prompted select the resolution label “done”.
Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision” and “Reason for Rejection” columns.
Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.
Check if Data Accessor has pre-approval for requested data as a “Super-User”
If ACT determines that the Access Request is complete, before preparing an email for PI Approval, the ACT reviewer should first refer to the list of Super-Users to check if the Accessor has been pre-approved for access to the requested data. 1kD Program Super-Users were introduced into the Program in July 2023 as an effort to expedite data access through pre-approval of certain trusted users for certain data types. All individuals named in the list of Super-Users have received pre-approval for the data types associated with their name.
In the screenshot below, you will see that Berit Hartjen has been pre-approved for access to 5 different named ARs (“EEG Bundles” for five projects) and at the time of this screenshot has only requested access to one of those ARs. Sage is still awaiting an Access Request from Berit to grant access to the remaining four ARs for which they have been pre-approved for access.
If the Access Request in question is from a named Super-User for a named AR for which they have been pre-approved, then ACT may give the Accessor access in Synapse and should then update the list of Super-Users. Please note:
The Access Request must include an acceptable IDU Statement.
The Access Request must include ONLY Accessors who have been pre-approved in order to receive this expedited Synapse approval. If the Access Request includes additional names of persons not included in the list of Super-Users, then the Access Request must be sent to the PI for approval.
Following giving access, ACT reviewer should then skip down in this process to “PI Review of the 1kD Access Request (“PI Review”)” and follow the steps for “If Approver(s) approves the Access Request” in order to finalize all reporting documentation.
Preparation of the 1kD Access Request email for PI Review
If the Accessor is not listed as a Super-User for the requested data, then an email must be prepared to send to the Approver for their review and access decision. The 1kD Program Access Request JIRA ticket will include an automatically generated email for the Approver. This template language can be copied and pasted into an email:
To complete the email:
Copy the “Email Subject:” text to the subject field and add the deadline for review which is four days from the day this email is being sent to Approver.
In the intro paragraph, add the deadline for review which is four days from the day this email is being sent to Approver (same as subject line).
For “Note from ACT”, add any additional insight for the Approver or delete this text.
Refer to the 1kD Data Access Conditions Table and locate the associated “Data Access Conditions Form". Open the associated Data Access Conditions Form. Note: Please note: The screenshots below show an actual Data Access Conditions Form (for the 1kD Project called “BRAINRISE”) since the Test Access Request used in previous screenshots (Wellcome Leap Test Project) does not have an associated Data Access Conditions form.
Add the Approver(s) name(s) to the salutation.
Add the email addresses listed in the “Data Access Conditions Form” including the Approver(s), any CC’s, and 1kD Governance Analyst, Lisa Pasquale (lisa.pasquale@sagebase.org). Include Lisa in all related emails.
Here’s what an outgoing 1kD Access Request typically looks like:
Once the email has been sent:
Go to the 1kD Program Access Request JIRA and move the new ticket from “Governance Triage” to “PI Review”.
Go to the 1kD Access Request Tracking Spreadsheet and update the “Approver”, “Sent to PI Approver(s)” and “Decision Due” columns.
Upon completion of steps a and b this Access Request is now awaiting Approver response / decision. No further action needed from ACT until an email response is received from the Approver, or in lieu of response, the response deadline has passed.
- PI Review of the 1kD Access Request (“PI Review”)
Timing: Approver(s) must review and return a decision to Sage within 4 days of email.
During “PI Review”, the Data Contributor receives and reviews the email sent by Sage to review and then issue their decision whether to Approve or Reject access.
The Approver is the person(s) responsible for issuing the decision to approve or reject the request. For most 1kD projects, only one person has this authority to approve Access Requests. For a few 1kD projects multiple person(s) may have this authority and for those with multiple Approvers the approval requirement may vary to require approval by both or approval by either. For the appropriate Approver requirements, refer to the associated 1kD project’s Data Access Conditions Form.
Only the person(s) listed on the Data Access Conditions Form as “Approver” in the 1kD Project’s Data Access Conditions Form may reply with a decision to “approve” or “reject” a request.
Once a response email is received from the Approver(s), please follow the steps below to finish processing the Access Request:
If Approver(s) approves the Access Request:
Go to ACT Dashboard and click “Approve” to allow access to the data.
Go to the 1kD Program Access Request JIRA and move the new ticket from “PI Review” to “PI Approved” and when prompted select the resolution label “done”.
Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision Date”, “PI Review (Days)” and “Decision” columns.
Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.
If Approver(s) does not approve the Access Request:
Forward the entire Access Request email thread to Wellcome Leap 1kD Program Director, Holly Baines (hbaines@wellcomeleap.org), and her assistant, Peter Kant (pkant@wellcomeleap.org). The Wellcome Leap team will schedule a meeting for further conversation between the Data Contributor(s), Data Accessor(s), and other relevant parties to help facilitate approval for data access. The parties will have a discussion to reach a final decision which will result in either approval of this Access Request or submission of a new Access Request.
Go to the 1kD Program Access Request JIRA and move the new ticket from “PI Review” to “Rejection Discussion”. Add a comment stating “Response to this Access Request was delayed pending further discussion Accessor and Contributor” and add any other relevant detail.
Go to the 1kD Access Request Tracking Spreadsheet and skip the “Decision” and Reason for Rejection” columns blank. Update the “Notes” column with “Response to this Access Request was delayed pending further discussion Accessor and Contributor” and add any other relevant detail.
Upon completion of steps a, b, and c this Access Request is now awaiting further discussion. No further action needed from ACT until an email response is received from the Approver or from Holly Baines (Wellcome Leap).
If Approver(s) does not respond to the Access Request by the deadline:
Reply all to the Access Request email thread adding to the cc: Wellcome Leap 1kD Program Director, Holly Baines (hbaines@wellcomeleap.org), and her assistant, Peter Kant (pkant@wellcomeleap.org). Include the following message:
Hi [Approver name(s)], A response to this Access Request was requested by [response deadline date]. We are still awaiting your response. Per the review process set out in the Collaboration and Coordination Policy, you have four days to review an Access Request and return to Sage an approval decision or request for clarification. If you could please review this Access Request today, it would be greatly appreciated. If you have any hesitations, questions, or concerns - please let me know. [Your Name] Access and Compliance Team |
b. Go to the 1kD Access Request Tracking Spreadsheet and update the “Past Due Notice” date with the date that this follow-up email is sent to the Approvers, their cc’s, and Wellcome Leap.
- Data Contributor and Accessor Discussion (“Rejection Discussion”)
Timing: Discussion and final Approver(s) decision expected as soon as possible.
During “Rejection Discussion”, the Wellcome Leap team will schedule a meeting for further conversation between the Data Contributor(s), Data Accessor(s), and other relevant parties to help facilitate approval for data access. The parties engage in further discussion to reach a final decision which will result in either approval of this Access Request or submission of a new Access Request.
If Approver(s) approves the Access Request:
Go to ACT Dashboard and click “Approve” to allow access to the data.
Go to the 1kD Program Access Request JIRA and move the ticket from “Rejection Discussion” to “Governance Triage” to “PI Review” to “PI Approved” and when prompted select the resolution label “done”. You will need to cycle through these labels in the order described due to the set-up of the JIRA workflow.
Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision Date”, “PI Review (Days)” and “Decision” columns.
Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.
If a clear approval is not reached during discussion, follow further instructions from Wellcome Leap:
Wellcome Leap expects all data access issues to be resolved via further discussion, if the conversation does not lead to approval of the existing Access Request, it is likely that the Program Director will ask for the existing Access Request to be “cancelled” and for a new Access Request to be submitted.
Reject the request in Synapse and provide reasoning to the Accessor based on feedback from Wellcome Leap.
Go to the 1kD Program Access Request JIRA and copy your ACT rejection message into the ticket comments. Move the ticket from “Rejection Discussion” to “Cancelled”.
Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision” and “Reason for Rejection” columns.
Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.
B. Managing the list of Authorized Individuals
In order to access the 1kD Program Synapse space and view/request data, users must be listed as Authorized Individuals on a 1kD Project Team.
In accordance with Sage’s 1kD Program Scope of Work, Sage 1kD Governance Analyst is responsible for maintaining the 1kD Program’s List of Authorized Individuals. As defined in the DSUA, an “Authorized Individual” includes “any individual employed or contracted by the lead 1kD Researcher’s Institution and is actively working on a 1kD contract”.
Note that not all Authorized Individuals create an account in Synapse. However, anyone on the Authorized Individuals list may create an account and gain access to the 1kD Synapse space without additional approval from the Lead PI.
- Adding a new Authorized Individual to the 1kD Program
When a new Authorized Individual is identified by a Lead 1kD Researcher, the Authorized Individual is then:
Added to the 1kD Program’s List of Authorized Individuals
Added to the 1kD Program Google Group
Sent an invitation to join the 1kD Lead Researcher’s Synapse Team for access to the private 1kD Program Synapse space
To add a new Authorized Individual, follows these steps:
Confirm new Authorized Individual: If the request to add the new Authorized Individual was submitted by a person other than the Lead 1kD Researcher, Sage must confirm by email to the Lead 1kD Researcher that the named individual has been authorized by the Lead 1kD Researcher before proceeding.
Draft an email to the Lead 1kD Researcher:
“At the request of [team member] I am adding [name of new team member] as an Authorized Individual to the [name of project] team. Per Sage and 1kD policy I am notifying you as you are the Lead 1kD Researcher for this project. Please let me know if you have any questions or concerns.”
Send this email to the Lead 1kD Researcher, copy the email to the team member who suggested the addition and when possible copy the name of the new team member.
Add new Authorized Individual to the 1kD Program List of Authorized Individuals: If the request to add a new Authorized Individual was submitted by (or subsequently confirmed by) the Lead 1kD Researcher, then the new team member may be added to the List of 1kD Program Authorized Individuals.
To add a new Authorized Individual to the list, add a row to the appropriate team’s list and then populate all fields for this new team member. Add information to the “Date Added” and the “Add Notes” columns for reporting purposes. Note: Information may not yet be available for all fields at this time, but information should be populated as it becomes available (i.e. - Synapse user name).
Add new Authorized Individual to the 1kD Program Google Group: Add the new Authorized Individual to the 1kD Program Google Group to ensure that the new Authorized Individual receives the “1kD Program Monthly Digest” and any other important updates from Sage and Wellcome Leap. Click “Add Members”, then add the person’s email address in the “Group Members” field and use the following as the “Welcome Message” and click “Add Members” when complete:
“You have been added to the 1kD Google Group so that you will receive the monthly 1kD email digests and other important updates. This is notification that you have been added to an email list. No further action is necessary.”
Send invitation to Authorized Individual to join the 1kD Lead Researcher’s Synapse Team: Locate and open the appropriate 1kD Synapse project team. Click “Project Tools” and “Invite User” to send an invite to the new Authorized Individual to join the team. Add the new Authorized Individual’s email address or Synapse user name and an “Invitation Message” (“Please accept this invitation to join the 1kD [Project Name] Synapse team”) and then click “Send Invitation(s)”. Once the user receives and accepts the invitation, the new Authorized Individual will have access to the private 1kD Program space on Synapse.
You may complete the process by sending a follow-up email to the new Authorized Individual confirming that they have been added as an Authorized Individual:
“Hi [new Authorized Individual] - [Lead 1kD Researcher] has confirmed you as an Authorized Individual on the [Project Name] 1kD Project Team. You have been added to the 1kD Authorized Individuals list and to the Google Group. I have also sent you an invite to join the [Project Name] Synapse Team. If you have any trouble accessing Synapse or accepting the invitation, please let me know”.
At this time it can also be helpful to ask how they intend to use Synapse so you can identify whether additional training is needed
- Removing a former Authorized Individual from the 1kD Program
When an Authorized Individual is identified for removal by a Lead 1kD Researcher, the Authorized Individual is then:
Removed from the Synapse Team to revoke access to the private 1kD Program Synapse space
Removed from the 1kD Program Google Group
Made inactive in the 1kD Program’s List of Authorized Individuals
To remove a de-Authorized Individual, follows these steps:
Confirm removal of Authorized Individual: If the Authorized Individual is named for removal by a person other than the Lead 1kD Researcher, Sage must confirm by email to the Lead 1kD Researcher that the named individual has been deauthorized by the Lead 1kD Researcher before proceeding.
Revoke Authorized Individual’s access to the Lead 1kD Researcher’s Synapse Team: Locate and open the appropriate 1kD Synapse project team. When viewing the Project’s team members, locate the Authorized Individual, click the three dots to the right of their name, and then click “Remove” to remove as a Synapse Team member and revoke access to the private 1kD Program space on Synapse. On the List of 1kD Program Authorized Individuals, update their status in the Google Group as “no” to show them as inactive.
Remove former Authorized Individual from the 1kD Program Google Group: Remove the former Authorized Individual from the 1kD Program Google Group to unsubscribe them from the mailing list. When viewing the Google Group’s members, locate the former Authorized Individual, select by clicking the box to the left of their email address, and then click “Remove Member” to complete removal. On the List of 1kD Program Authorized Individuals, update their status in the Google Group as “no” to show them as inactive.
Document removal of Authorized Individual from the 1kD Program List of Authorized Individuals: To remove an Authorized Individual from the List of 1kD Program Authorized Individuals. select the row with the name of the Authorized Individual to be removed, change the row color to pink and move the row to the “Removed” section to show that the name is now inactive. Next update the fields related to the removal of an Authorized Individual, which includes the “Date Removed” and “Removal Notes” and change status in The information provided in these columns are used for reporting purposes.
You may complete the process by sending a follow-up email to the Lead 1kD Researcher confirming that the Authorized Individual has been removed as an Authorized Individual and no longer has access to the 1kD Program private Synapse space.
- Quarterly Confirmation of 1kD Program Authorized Individuals List
To ensure the 1kD Program Authorized Individuals List is kept current, all Lead 1kD Researchers are contacted quarterly to confirm the status of their listed individuals. Confirmation of the list is scheduled to take place in early March, June, September, and December following the completion and submission of the quarterly 1kD Program Governance Activity Audit Report.
To confirm the 1kD Program Authorized Individuals List, follow these steps for each of the 1kD Program’s Project Teams:
Contact Lead 1kD Researcher(s) to confirm status of listed team members: Using the 1kD Program Authorized Individuals List, choose a 1kD Team (listed in the black rows) and copy the listed names, email addresses, and institutions of the individuals listed for that team. Do not include any inactive names which are highlighted in red. Paste the copied information into an email with the following guidance:
Subject Line: 1kD - Quarterly Confirmation of Authorized Individuals [INSERT PROJECT NAME]
Dear [1kD Project Lead Name],
As part of our ongoing effort to ensure all persons who have access to 1kD Data are properly authorized, we are sending each team a list of their current Authorized Individuals. The people currently on this list are allowed to access your team's Data on the Synapse platform (though not all have taken the proper steps to do so at this time).
Please let us know if anyone should be added to, or removed from, this list.
[INSERT LIST OF AUTHORIZED INDIVIDUALS, EMAILS, INSTITUTIONS]
The email will be sent to the 1kD Project Lead whose name and email address can be found next to the Project Team’s name (listed in the black rows):
Here’s what an outgoing 1kD Program Authorized Individuals Confirmation email typically looks like:
Add date of confirmation email to 1kD Program Authorized Individuals List: Record the date the confirmation email is sent to the 1kD Project Lead in the column labeled as “Last PI Review”.
*Repeat steps 1 & 2 for each 1kD Program Project Team.
As email responses are received, the following will need to be updated accordingly:
Update the 1kD Program Authorized Individuals List by removing departing Authorized Individual(s) and/or adding new Authorized Individual(s). Note: For governance activity audit reporting purposes, please record the date that an individual is added/removed as an Authorized Individual.
Update the Project Team in Synapse by removing departing Authorized Individual(s) and/or sending a Project Team invite to new Authorized Individual(s).
Update the “1kD Program” Google Group by removing departing Authorized Individual(s) and/or adding new Authorized Individual(s).
C. Managing Access Requirements
Performers are each assigned their own individual project folders within the 1kD Program. Within a project's data folders, the project team uploads data to the project's private "Staging" folder. Through sharing settings access to the Staging folder is limited to the project's team with few exceptions in which an institutional agreement exists between Performers allowing named persons access to their Staging folder for administrative purposes.
Once data has been curated and validated, Sage's 1kD Program Data Curator then moves the from the project's Staging folder to the project's "Data Release" folder making the data available to the 1kD Authorized Individuals.
Access to all 1kD Program Data Release folders requires agreement to abide by the 1kD community norms by accepting clickwrap access requirement “AR 9605598”. This click-wrap restriction is applied to all 1kD Program Data Release folders
If a new 1kD Program Data Release folder is created, then AR 9605598 must be applied prior to any data being moved by the Data Curator.
For many 1kD Program Data Release folders additional controls are required at the request of the Lead 1kD Researcher and require the application of managed Access Requirements. The 1kD Access Conditions Table is a table of 1kD Program projects, data types, and data access conditions as determined by the project's Lead 1kD Researcher in their Data Access Conditions Form. This table also lists the Synapse folder IDs and Access Requirement IDs.
If a new 1kD Program Data Release folder is created, then in addition to AR 9605598, the Governance Analyst must also use the Leap-approved template language to create and apply a managed AR to the folder:
You are requesting access to Controlled-Access Data that is only to be used by 1kD Researchers to make progress together towards the goals of the 1kD Program. Click the Request Access button below to start your application.
You will be prompted to enter:
- Name of the PI (“Project Lead”) and Institution submitting this Data Access Request.
- Your Intended Data Use Statement serving as an explanation for the Data Contributor detailing the 1kD Researcher/Team's interest in the Data and a description of the pilot analyses / modeling that you hope to perform on the Data. Please address the following points: What do you want to do? Why are you doing it? How do you want to do it? For examples, please refer to this page: 1kD Intended Data Use Statements
- Synapse IDs of additional 1kD Researchers from the Institution who need access to these Controlled-Access Data to perform the proposed research.
Within two business days of receiving this Access Request, your request will be reviewed for completion by Sage Access and Compliance Team (ACT). If the conditions for making the request are met, Sage ACT will route the completed Access Request to the Data Contributor for review.
Data Contributors will have four days to respond to the request with approval or a valid reason for further discussion.
At the discretion of the Data Contributor, the 1kD Researcher's Intended Data Use Statement may be sent to other relevant approval bodies (IRB, DAC, etc).
If you have questions about the 1kD Data Repository please post them to the 1kD Data Repository Discussion Forum.
This approved managed AR language should not be altered, though additional information, requirements, or restrictions may be added as needed. Additional click-wrap ARs may also be added to a Data Release folder to ensure that the folder is restricted according to the wishes of the Data Contributor.
New click-wrap ARs and managed ARs should be added to the 1kD Access Conditions Table and to the Synapse Access Requirements List wiki.
D. Governance Activity Audit Reporting
In accordance with Sage’s Scope of Work governance deliverables, the Governance Analyst must conduct 1kD Governance Activity Audit Reports which are typically delivered to Leap in late February, May, August, and November.
The 1kD Governance Activity Audit Report Template can be accessed and copied into a new document to create a new report. The template contains guidance on how to gather and generate the information required for this report. Creation of a new report involves both quantitative and qualitative analysis of three months of governance activities, including changes to the 1kD Authorized Individuals List, data upload and availability, and processing Access Requests.
These reports to the funder provide valuable performance indicators which reflect the effectiveness and efficiency of Sage and the individual Performers.
E. Project Closures (to be added)
VI. Associated Documents and Resources
1kD Program (syn26133760): This is the 1kD Program space in Synapse. The 1kD Program Synapse project is private and accessible only to the 1kD Performers (PIs) and their Authorized Individuals.
1kD Access Request Tracking Spreadsheet: Spreadsheet tracking 1kD Program Access Requests for the purpose of tracking responses and reporting governance activity to Wellcome Leap. All Synapse Access Requests are tracked using this spreadsheet.
1kD Program Access Request JIRA: JIRA board for tracking 1kD Program Access Requests
1kD Access Conditions Table: Table of 1kD Program projects, data types, and data access conditions as determined by the project's Lead 1kD Researcher in their Data Access Conditions Form. This table also lists the Synapse folder IDs and Access Requirement IDs.
1kD Admin Team: Current list of Sage employees working on the 1kD Program.
1kD Authorized Individuals: Current list of individuals authorized to access the 1kD Program space in Synapse.
1kD Program IDU Statements: List of all Intended Data Use Statements submitted for access to 1kD Program data.
VII. Revision History
Revision Date | Description |
January 6, 2023 | Document Development (Lisa Pasquale) |
April 27, 2023 | Version 1 Complete (Lisa Pasquale) |
July 07, 2023 | Adapt RM to Document Control RM template (Lisa Pasquale) |
August 4, 2023 | Updated Access Request Processes to include new “Super-Users” |
September 13, 2023 | Add content for additional processes related to 1kD Governance |
November 3, 2023 | Add content for Authorized Individual Management, Managing Access Requirements, and Governance Activity Audit Reporting |