Document toolboxDocument toolbox

SOP05-RM11: 1kD Program - Governance Support

Owned by Anthony Pena
Last updated: Sept 12, 2024 by Lisa Pasquale
28 min read

Revision Date: 2023.11.09

View as PDF

Table of Contents

I. Description

 

This SOP identifies and describes the processes used by Sage Governance to support the 1kD Program funded by Wellcome Leap.

 

II. Objectives

 

Understand the steps involved in reviewing and processing 1kD Data Access Requests, which includes:

  • Reviewing and Processing 1kD Access Requests: Steps for processing 1kD Program Access Requests including ACT Review of Access Request, supporting and managing PI review of the Access Request, and supporting and managing further discussion to facilitate approval. This section serves as guidance for ACT Access Request coverage.

  • Managing the list of Authorized Individual

  • Managing Access Requirements

  • Governance Activity Audit Reporting

  • Program Closure and Data Disposition

III. Scope

 

The procedures within this document apply to Sage Governance Analyst working on the 1kD Program and any ACT member who may provide coverage support when the dedicated 1kD Governance Analyst is unable to do so.

IV. 1kD Program and Definitions

The 1kD Program (syn26133760) is a private data coordination center funded by Wellcome Leap for the "The First 1000 Days: Promoting Healthy Brain Networks" Program.

Sharing Data in the 1kD Data Repository encourages formation of a broad, diverse, and collaborative international community of 1kD Researchers. Due to the terms of consent and the local laws and regulations, we have instituted governance structures that balance sharing this data for secondary research with commensurate privacy protections for participants.

1kD Program Data in Synapse is visible only to 1kD Program Researchers, Leap, and selected members of Sage Bionetworks.

Sage has executed a Data Sharing and Use Agreement with each of the "Performers" (Institutions / Lead Researchers) who are contributing data to the 1kD Program. Each Performer has a team of Authorized Individuals working with them on their project.

The data contributing Performers are each assigned their own individual project folders within the 1kD Program. Within a project's data folders, the project team uploads data to the project's private "Staging" folder. Access to the Staging folder is limited to the project's team with few exceptions in which an institutional agreement exists between Performers allowing named persons access to their Staging folder for administrative purposes.

Once data has been curated and validated, Sage's 1kD Program Data Curator then moves the data from the project's Staging folder to the project's "Data Release" folder making the data available to the 1kD Authorized Individuals.

The Restricted Data tier is reserved for Data considered not sensitive by the Data Contributor.

1kD Researchers wishing to access 1kD Restricted Data must select the 1kD Restricted Data they wish to access and agree through a click-wrap to abide by the 1kD community norms.

The Controlled-Access Data tier is reserved for Data considered sensitive by the Data Contributor. The terms for data access can only be modified by the Data Contributor. Accessors are encouraged to discuss your research with the Data Contributor prior to requesting access to the Controlled-Access Data. Access to Data in this tier requires submission of an Access Request to the Data Contributor and is granted upon approval by the Data Contributor. 1kD Researchers wishing to access 1kD Controlled-Access Data must select the 1kD Controlled-Access Data they wish to access, agree through a click-wrap to abide by the 1kD community norms, and initiate an Access Request using the Synapse Data Access system.

 

For the 1kD Program, Wellcome Leap has expressed preference for the following terminology in the 1kD Program:

  • Usa “Leap” as a short form of reference to the funding source Wellcom Leap. Do not use “Wellcome” as a short form. Use "Wellcome Leap" as the first reference within a document, but use "Leap" for any subsequent references.

  • Use “Performer” instead of “PI”, “Principal Investigator”, “Investigator”, etc.

  • Use “1kD Program Team” or “Program Team” to refer to the collective community of 1kD Performers. Do not use “consortia”, “collaborative”, “network”, or other similar words.

  • Wellcome Leap funds via “contract” not “grant” - never refer to the funding as a grant. “Contract” or “statement of work” both are suitable alternatives.

  • Performer goals are called “deliverables” or “milestones”:

    • A “deliverable” is associated with a key scientific result or outcome

    • A “milestone” is more of an achievement such as IRB approval or 50% of data collected.

 

The following is a list of 1kD Program definitions as they appear in the 1kD Program Data Sharing and Use Agreement(s):

“1kD Data Repository” or “Repository” refers to the Data warehouse maintained by Sage for the 1kD Program.

“1kD Program Team” refers to the collective of 1kD Researchers.

1kD Researcher” is any institution investigator contracted or subcontracted in the 1kD Program who is collecting, contributing, and/or receiving Data and is expected to collaborate to achieve the goals of the 1kD Program. Employees of Sage are not considered 1kD Researchers in the context of this Agreement.

Anonymized Data” refers to Personal Data that has been rendered anonymous in such a manner that the Data Subject is no longer identifiable. ​​Where the Personal Data is subject to the GDPR, Anonymized Data means the Data that cannot be re-identified by using any of the means reasonably likely to be used, such as singling out, either by the Controller or by another person to identify the natural person directly or indirectly.

Authorized Individual” includes any individual employed or contracted by the lead 1kD Researcher’s Institution and is actively working on a 1kD contract. In the context of this agreement an Authorized individual may be authorized by the Controller to Contribute, Process and/or receive Data in the 1kD Data Repository to advance the 1kD Program goals, pursuant to this Agreement or a Data access agreement substantially similar to this Agreement.

“Amazon Web Services (AWS) S3 Bucket” - a cloud computing platform storage container for digital files/data which allows the owner to control access to these files. 

Controlled-Access Data” is Data that has specific legal or ethical restrictions associated with its distribution within the 1kD Data Repository. These Data must only be shared with those members of the 1kD Program Team meeting specific conditions as set out in informed consent, institutional practice or ancillary contracts and will be provided by the Data Contributor at the time of contribution to the 1kD Data Repository.

Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For the avoidance of doubt a Controller can act as a Data Contributor or Data Accessor.

Data” refers to any Personal Data, information, measurements, metadata, clinical data, artifacts, analysis and visualization tools, experimental methods and protocols, computational methods, models, insights, confidential information, software, and code shared as part of participation in the 1kD Program. For the avoidance of doubt, Data includes Personal Data, Deidentified Data, Controlled-Access Data and Institution Personal Data.

“Data Accessor” is a 1kD Researcher or their Authorized Individual(s) who accesses Data from the 1kD Data Repository pursuant to this Agreement.

Data Contributor” is a 1kD Researcher or their Authorized Individual(s) who contributes Data to the 1kD Data Repository pursuant to this Agreement.

“Data Disposition” is the process of determining when and how data is retained, archived, or deleted. It involves making decisions about what to do with data based on factors such as its value, relevance, and legal or regulatory requirements.

“Data Disposition View” is a tool, such as a Synapse fileview or materialized view (if data spans multiple projects), .csv file, or R or Python script that enumerates synIDs, which is created by Sage to allow a Data Contributor to easily view and confirm their contributed data for data migration and/or removal from Synapse.

“Data Encryption Key” is a secret code used to unscramble encrypted data to make it readable.

“Data Migration” is a Data Disposition option which involves the retention and relocation of the Data Contributor’s data on Synapse

Data Subject” refers to the identified or identifiable natural person.

Deidentified Data” refers to Personal Data (1) from which all directly identifiable elements (e.g., name, street address, date of birth, government identity number, etc.) have been removed and the individual is solely identified by a random, unique reference number or code that is not derived from or related to the individual’s personal information; (2) that are provided, stored, and transmitted separately from the key that would make reidentification possible; and (3) that are subject to a binding contractual or other legal obligation not to attempt to reidentify the Data except as authorized by law.

Informed Consent” refers to the permission given by a Data Subject or Legal Authorized Representative (“LAR”) to participate in a research project after the Data Subject or LAR has been advised of the risks or hazards that could influence a reasonable person in deciding whether to give permission.

Institution Personal Data” means any Personal Data that Sage Processes on behalf of Institution in connection with the Agreement.

Institutional Review Board” (or “IRB) is an institutional review board, organizational ethics committee, or similar panel responsible for overseeing the ethical conduct of research.

International Data Transfer” means any transfer of Institution Data to a country outside of the country where the Institution Data was collected.

Legally Authorized Representative” (or “LAR”) means an individual who possesses the full power and authority under applicable law to consent on behalf of another person to that person’s participation as a Data Subject in the 1kD Program.

“Personal Data” means any information relating to a Data Subject which may be used to identify the Data Subject directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. For the avoidance of doubt, Institution Personal Data includes Personal Data.

Privacy and Data Protection Law” means any law, statute, legislation, order, ordinance, regulation or rule (as amended and replaced from time to time) which relates to the protection of individuals with regards to the Processing of Personal Data to which the Parties are subject, including but not limited to: security breach notification laws; laws imposing minimum security requirements; laws governing the portability or cross-border transfer of Personal Data; and all other similar international, federal, state, provincial, and local requirements; each as applicable. 

“Processing” means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller. In the context of this Agreement, the Processor is Sage.

Subprocessor” means a third-party Processor engaged by Sage to carry out Processing on behalf of a Controller.

V. Procedures

A. Reviewing and Processing 1kD Data Access Requests

Processing a 1kD Access Request involves accessing ACT Dashboard, updating the 1kD Program Access Request JIRA, updating the 1kD Access Request Tracking Spreadsheet, and if the submitted Access Request is complete, also emailing the 1kD Project Approver.

Access Requests are found on the Synapse ACT Dashboard. Check the dashboard daily for submission of new 1kD Access Request(s). There are 100 Access Requirements for the 1kD Program and all are named “1kD-[projectname]_[datatypefolder]”. To identify a new 1kD Access Request, look for Access Requirements with names starting with “1kD”.

 

When a new Access Request is received, a 1kD Program Access Request JIRA ticket is also automatically generated:

Once a new 1kD Access Request is visible on the ACT Dashboard, please follow the steps below to process and record the Access Request.

- ACT Review of the 1kD Access Request (“Governance Triage”)

Timing: ACT must complete these steps within 2 business days of receiving the Access Request.

 

  1. Update 1kD Program Access Request JIRA Ticket Status:

Go to the 1kD Program Access Request JIRA and move the new ticket from “Open” to “Governance Triage” to indicate that this new Access Request has been identified by ACT and will now be reviewed by ACT.

  1. Update the 1kD Data Access Request Tracking Spreadsheet.

The 1kD Access Request Tracking Spreadsheet is used for tracking Access Requests and reporting Governance Activity. It captures basic information about the Access Requests and is fairly easy to complete using the information in the ACT Dashboard and the 1kD Data Access Conditions Table (for SynID and AR ID).

At this point in the process, columns A through P can be completed. For “ACT Analyst” (column B), add your name as ACT Analyst reviewing the Access Request.

  1. Review the contents of the Access Request in the ACT Dashboard.

During “Governance Triage”, ACT reviews the 1kD Access Request for completeness. This step is very important to the funder, Wellcome Leap. Sage ACT is expected to ease the Lead 1kD Researcher’s approval burden by rejecting incomplete requests and insufficient IDU Statements.

Access the contents of the Access Request by click on the Request # in the ACT Dashboard.

To be considered “complete”, a 1kD Access Request must include the name of the Project Lead, name of institution, and a well-written IDU statement which is:

  • 1-3 paragraphs in length.

  • submitted in English

  • serves as an explanation for the Data Contributor detailing the1kD Researcher/Team's interest in the Data and a description of the pilot analyses / modeling they hope to perform on the Data addressing the following points:

    • What do you want to do?

    • Why are you doing it?

    • How do you want to do it?

For further insight into determining acceptable IDU statements, you can view the submitted 1kD Program IDU Statements.

For Accessors wishing to be granted access to their own team’s data, an abbreviated IDU statement is acceptable, but must still be sent to the Lead 1kD Researcher for access approval. An example of this type of IDU is: “This Access Request is submitted for the purpose of giving the KHULA Project Team access to their own project's Data Release folders”.

For some 1kD Program projects additional information must be included for the Access Request to be considered “complete”, these projects and additional conditions include:

Infant Natural Statistics (York) [closed November 2023] - If the Data Accessor is requesting access to a “personal data” folder, then they must have a completed Transfer Impact Assessment (TIA) on file in Synapse and they must also upload a completed Standard Contractual Clause (SCC) form as an attachment to their Access Request. The folders that require a completed TIA and SCC include InfantNaturalStatistics_parentChildInteraction (syn43669610) or InfantNaturalStatistics_sleep (syn43669620).

  • Confirm that the Institution submitting the Access Request has a Transfer Impact Assessment (TIA) on file by checking this folder. If not, this Access Request cannot be approved. Respond to the Data Accessor with reason for Rejection and move Jira Issue from “Governance Triage” to “ACT Rejection” to close the ticket.

  • Confirm that the Data Accessor has attached a completed Standard Contractual Clause (SCC) form as part of their Access Request. If not, this Access Request cannot be approved. If not, this Access Request cannot be approved. Respond to the Data Accessor with reason for Rejection and move Jira Issue from “Governance Triage” to “ACT Rejection” to close the ticket.

  • If you confirm that the Data Accessor has a TIA on file and has included a completed SCC form, then this Access Request is “complete”.

If the Access Request is complete, do not approve in Synapse, instead proceed to step 4.

If the Access Request is incomplete or the IDU Statement appears to be insufficient:

  • Reject the request in Synapse providing detail so the Accessor may address issues and resubmit their request. If the IDU Statement is insufficient, please include the link to the 1kD Program IDU Statements for the Accessor to use as reference.

  • Go to the 1kD Program Access Request JIRA and move the new ticket from “Governance Triage” to “ACT Rejection” and when prompted select the resolution label “done”.

  • Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.

 

  1. Check if Data Accessor has pre-approval for requested data as a “Super-User”

If ACT determines that the Access Request is complete, before preparing an email for PI Approval, the ACT reviewer should first refer to the list of Super-Users to check if the Accessor has been pre-approved for access to the requested data. 1kD Program Super-Users were introduced into the Program in July 2023 as an effort to expedite data access through pre-approval of certain trusted users for certain data types. All individuals named in the list of Super-Users have received pre-approval for the data types associated with their name.

In the screenshot below, you will see that Berit Hartjen has been pre-approved for access to 5 different named ARs (“EEG Bundles” for five projects) and at the time of this screenshot has only requested access to one of those ARs. Sage is still awaiting an Access Request from Berit to grant access to the remaining four ARs for which they have been pre-approved for access.

 

 

If the Access Request in question is from a named Super-User for a named AR for which they have been pre-approved, then ACT may give the Accessor access in Synapse and should then update the list of Super-Users. Please note:

  • The Access Request must include an acceptable IDU Statement.

  • The Access Request must include ONLY Accessors who have been pre-approved in order to receive this expedited Synapse approval. If the Access Request includes additional names of persons not included in the list of Super-Users, then the Access Request must be sent to the PI for approval.

Following giving access, ACT reviewer should then skip down in this process to “PI Review of the 1kD Access Request (“PI Review”)” and follow the steps for “If Approver(s) approves the Access Request” in order to finalize all reporting documentation.

 

  1. Preparation of the 1kD Access Request email for PI Review

If the Accessor is not listed as a Super-User for the requested data, then an email must be prepared to send to the Approver for their review and access decision. The 1kD Program Access Request JIRA ticket will include an automatically generated email for the Approver. This template language can be copied and pasted into an email:

To complete the email:

  1. Copy the “Email Subject:” text to the subject field and add the deadline for review which is four days from the day this email is being sent to Approver.

  2. In the intro paragraph, add the deadline for review which is four days from the day this email is being sent to Approver (same as subject line).

  3. For “Note from ACT”, add any additional insight for the Approver or delete this text.

  4. Refer to the 1kD Data Access Conditions Table and locate the associated “Data Access Conditions Form". Open the associated Data Access Conditions Form. Note: Please note: The screenshots below show an actual Data Access Conditions Form (for the 1kD Project called “BRAINRISE”) since the Test Access Request used in previous screenshots (Wellcome Leap Test Project) does not have an associated Data Access Conditions form.

    1. Add the Approver(s) name(s) to the salutation.

    2. Add the email addresses listed in the “Data Access Conditions Form” including the Approver(s), any CC’s, and 1kD Governance Analyst, Lisa Pasquale (lisa.pasquale@sagebase.org). Include Lisa in all related emails.

Here’s what an outgoing 1kD Access Request typically looks like:

Once the email has been sent:

  • Upon completion of steps a and b this Access Request is now awaiting Approver response / decision. No further action needed from ACT until an email response is received from the Approver, or in lieu of response, the response deadline has passed.

- PI Review of the 1kD Access Request (“PI Review”)

Timing: Approver(s) must review and return a decision to Sage within 4 days of email.

 

During “PI Review”, the Data Contributor receives and reviews the email sent by Sage to review and then issue their decision whether to Approve or Reject access.

The Approver is the person(s) responsible for issuing the decision to approve or reject the request. For most 1kD projects, only one person has this authority to approve Access Requests. For a few 1kD projects multiple person(s) may have this authority and for those with multiple Approvers the approval requirement may vary to require approval by both or approval by either. For the appropriate Approver requirements, refer to the associated 1kD project’s Data Access Conditions Form.

Only the person(s) listed on the Data Access Conditions Form as “Approver” in the 1kD Project’s Data Access Conditions Form may reply with a decision to “approve” or “reject” a request.

Once a response email is received from the Approver(s), please follow the steps below to finish processing the Access Request:

  1. If Approver(s) approves the Access Request:

    1. Go to ACT Dashboard and click “Approve” to allow access to the data.

    2. Go to the 1kD Program Access Request JIRA and move the new ticket from “PI Review” to “PI Approved” and when prompted select the resolution label “done”.

    3. Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision Date”, “PI Review (Days)” and “Decision” columns.

    4. Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.

  2. If Approver(s) does not approve the Access Request:

    1. Forward the entire Access Request email thread to Wellcome Leap 1kD Program Director, Holly Baines (hbaines@wellcomeleap.org), and her assistant, Peter Kant (pkant@wellcomeleap.org). The Wellcome Leap team will schedule a meeting for further conversation between the Data Contributor(s), Data Accessor(s), and other relevant parties to help facilitate approval for data access. The parties will have a discussion to reach a final decision which will result in either approval of this Access Request or submission of a new Access Request.

    2. Go to the 1kD Program Access Request JIRA and move the new ticket from “PI Review” to “Rejection Discussion”. Add a comment stating “Response to this Access Request was delayed pending further discussion Accessor and Contributor” and add any other relevant detail.

    3. Go to the 1kD Access Request Tracking Spreadsheet and skip the “Decision” and Reason for Rejection” columns blank. Update the “Notes” column with “Response to this Access Request was delayed pending further discussion Accessor and Contributor” and add any other relevant detail.

    4. Upon completion of steps a, b, and c this Access Request is now awaiting further discussion. No further action needed from ACT until an email response is received from the Approver or from Holly Baines (Wellcome Leap).

  1. If Approver(s) does not respond to the Access Request by the deadline:

    1. Reply all to the Access Request email thread adding to the cc: Wellcome Leap 1kD Program Director, Holly Baines (hbaines@wellcomeleap.org), and her assistant, Peter Kant (pkant@wellcomeleap.org). Include the following message:

Hi [Approver name(s)],

 

A response to this Access Request was requested by [response deadline date]. We are still awaiting your response.

 

Per the review process set out in the Collaboration and Coordination Policy, you have four days to review an Access Request and return to Sage an approval decision or request for clarification.

 

If you could please review this Access Request today, it would be greatly appreciated. If you have any hesitations, questions, or concerns - please let me know.

 

[Your Name]

Access and Compliance Team

b. Go to the 1kD Access Request Tracking Spreadsheet and update the “Past Due Notice” date with the date that this follow-up email is sent to the Approvers, their cc’s, and Wellcome Leap.

- Data Contributor and Accessor Discussion (“Rejection Discussion”)

Timing: Discussion and final Approver(s) decision expected as soon as possible.

During “Rejection Discussion”, the Wellcome Leap team will schedule a meeting for further conversation between the Data Contributor(s), Data Accessor(s), and other relevant parties to help facilitate approval for data access. The parties engage in further discussion to reach a final decision which will result in either approval of this Access Request or submission of a new Access Request.

  1. If Approver(s) approves the Access Request:

    1. Go to ACT Dashboard and click “Approve” to allow access to the data.

    2. Go to the 1kD Program Access Request JIRA and move the ticket from “Rejection Discussion” to “Governance Triage” to “PI Review” to “PI Approved” and when prompted select the resolution label “done”. You will need to cycle through these labels in the order described due to the set-up of the JIRA workflow.

       

    3. Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision Date”, “PI Review (Days)” and “Decision” columns.

       

    4. Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.

  2. If a clear approval is not reached during discussion, follow further instructions from Wellcome Leap:

    Wellcome Leap expects all data access issues to be resolved via further discussion, if the conversation does not lead to approval of the existing Access Request, it is likely that the Program Director will ask for the existing Access Request to be “cancelled” and for a new Access Request to be submitted.

     

    1. Reject the request in Synapse and provide reasoning to the Accessor based on feedback from Wellcome Leap.

       

       

    2. Go to the 1kD Program Access Request JIRA and copy your ACT rejection message into the ticket comments. Move the ticket from “Rejection Discussion” to “Cancelled”.

       

    3. Go to the 1kD Access Request Tracking Spreadsheet and update the “Decision” and “Reason for Rejection” columns.

       

    4. Upon completion of steps a, b, and c, this Access Request is complete. No further action is required.

B. Managing the list of Authorized Individuals

In order to access the 1kD Program Synapse space and view/request data, users must be listed as Authorized Individuals on a 1kD Project Team.

 

In accordance with Sage’s 1kD Program Scope of Work, Sage 1kD Governance Analyst is responsible for maintaining the 1kD Program’s List of Authorized Individuals. As defined in the DSUA, an “Authorized Individual” includes “any individual employed or contracted by the lead 1kD Researcher’s Institution and is actively working on a 1kD contract”.

 

Note that not all Authorized Individuals create an account in Synapse. However, anyone on the Authorized Individuals list may create an account and gain access to the 1kD Synapse space without additional approval from the Lead PI.

- Adding a new Authorized Individual to the 1kD Program

When a new Authorized Individual is identified by a Lead 1kD Researcher, the Authorized Individual is then:

 

To add a new Authorized Individual, follows these steps:

  1. Confirm new Authorized Individual: If the request to add the new Authorized Individual was submitted by a person other than the Lead 1kD Researcher, Sage must confirm by email to the Lead 1kD Researcher that the named individual has been authorized by the Lead 1kD Researcher before proceeding.

    1. Draft an email to the Lead 1kD Researcher:

      1. “At the request of [team member] I am adding [name of new team member] as an Authorized Individual to the [name of project] team. Per Sage and 1kD policy I am notifying you as you are the Lead 1kD Researcher for this project. Please let me know if you have any questions or concerns.”

    2. Send this email to the Lead 1kD Researcher, copy the email to the team member who suggested the addition and when possible copy the name of the new team member.

  2. Add new Authorized Individual to the 1kD Program List of Authorized Individuals: If the request to add a new Authorized Individual was submitted by (or subsequently confirmed by) the Lead 1kD Researcher, then the new team member may be added to the List of 1kD Program Authorized Individuals.

    To add a new Authorized Individual to the list, add a row to the appropriate team’s list and then populate all fields for this new team member. Add information to the “Date Added” and the “Add Notes” columns for reporting purposes. Note: Information may not yet be available for all fields at this time, but information should be populated as it becomes available (i.e. - Synapse user name).

  3. Add new Authorized Individual to the 1kD Program Google Group: Add the new Authorized Individual to the 1kD Program Google Group to ensure that the new Authorized Individual receives the “1kD Program Monthly Digest” and any other important updates from Sage and Wellcome Leap. Click “Add Members”, then add the person’s email address in the “Group Members” field and use the following as the “Welcome Message” and click “Add Members” when complete:

    “You have been added to the 1kD Google Group so that you will receive the monthly 1kD email digests and other important updates. This is notification that you have been added to an email list. No further action is necessary.”

  4. Send invitation to Authorized Individual to join the 1kD Lead Researcher’s Synapse Team: Locate and open the appropriate 1kD Synapse project team. Click “Project Tools” and “Invite User” to send an invite to the new Authorized Individual to join the team. Add the new Authorized Individual’s email address or Synapse user name and an “Invitation Message” (“Please accept this invitation to join the 1kD [Project Name] Synapse team”) and then click “Send Invitation(s)”. Once the user receives and accepts the invitation, the new Authorized Individual will have access to the private 1kD Program space on Synapse.

  5. You may complete the process by sending a follow-up email to the new Authorized Individual confirming that they have been added as an Authorized Individual:

“Hi [new Authorized Individual] - [Lead 1kD Researcher] has confirmed you as an Authorized Individual on the [Project Name] 1kD Project Team. You have been added to the 1kD Authorized Individuals list and to the Google Group. I have also sent you an invite to join the [Project Name] Synapse Team. If you have any trouble accessing Synapse or accepting the invitation, please let me know”.

At this time it can also be helpful to ask how they intend to use Synapse so you can identify whether additional training is needed.

- Removing a former Authorized Individual from the 1kD Program

When an Authorized Individual is identified for removal by a Lead 1kD Researcher, the Authorized Individual is then:

 

To remove a de-Authorized Individual, follows these steps:

  1. Confirm removal of Authorized Individual: If the Authorized Individual is named for removal by a person other than the Lead 1kD Researcher, Sage must confirm by email to the Lead 1kD Researcher that the named individual has been deauthorized by the Lead 1kD Researcher before proceeding.

  2. Revoke Authorized Individual’s access to the Lead 1kD Researcher’s Synapse Team: Locate and open the appropriate 1kD Synapse project team. When viewing the Project’s team members, locate the Authorized Individual, click the three dots to the right of their name, and then click “Remove” to remove as a Synapse Team member and revoke access to the private 1kD Program space on Synapse. On the List of 1kD Program Authorized Individuals, update their status in the Google Group as “no” to show them as inactive.

  3. Remove former Authorized Individual from the 1kD Program Google Group: Remove the former Authorized Individual from the 1kD Program Google Group to unsubscribe them from the mailing list. When viewing the Google Group’s members, locate the former Authorized Individual, select by clicking the box to the left of their email address, and then click “Remove Member” to complete removal. On the List of 1kD Program Authorized Individuals, update their status in the Google Group as “no” to show them as inactive.

     

     

  4. Document removal of Authorized Individual from the 1kD Program List of Authorized Individuals: To remove an Authorized Individual from the List of 1kD Program Authorized Individuals. select the row with the name of the Authorized Individual to be removed, change the row color to pink and move the row to the “Removed” section to show that the name is now inactive. Next update the fields related to the removal of an Authorized Individual, which includes the “Date Removed” and “Removal Notes” and change status in The information provided in these columns are used for reporting purposes.

     

     

     

  5. You may complete the process by sending a follow-up email to the Lead 1kD Researcher confirming that the Authorized Individual has been removed as an Authorized Individual and no longer has access to the 1kD Program private Synapse space.

 

- Quarterly Confirmation of 1kD Program Authorized Individuals List

To ensure the 1kD Program Authorized Individuals List is kept current, all Lead 1kD Researchers are contacted quarterly to confirm the status of their listed individuals. Confirmation of the list is scheduled to take place in early March, June, September, and December following the completion and submission of the quarterly 1kD Program Governance Activity Audit Report.

To confirm the 1kD Program Authorized Individuals List, follow these steps for each of the 1kD Program’s Project Teams:

  1. Contact Lead 1kD Researcher(s) to confirm status of listed team members: Using the 1kD Program Authorized Individuals List, choose a 1kD Team (listed in the black rows) and copy the listed names, email addresses, and institutions of the individuals listed for that team. Do not include any inactive names which are highlighted in red. Paste the copied information into an email with the following guidance:

    Subject Line: 1kD - Quarterly Confirmation of Authorized Individuals [INSERT PROJECT NAME]

    Dear [1kD Project Lead Name],

    As part of our ongoing effort to ensure all persons who have access to 1kD Data are properly authorized, we are sending each team a list of their current Authorized Individuals. The people currently on this list are allowed to access your team's Data on the Synapse platform (though not all have taken the proper steps to do so at this time).

    Please let us know if anyone should be added to, or removed from, this list.

    [INSERT LIST OF AUTHORIZED INDIVIDUALS, EMAILS, INSTITUTIONS]

     

    The email will be sent to the 1kD Project Lead whose name and email address can be found next to the Project Team’s name (listed in the black rows):

     

    Here’s what an outgoing 1kD Program Authorized Individuals Confirmation email typically looks like:

     

  2. Add date of confirmation email to 1kD Program Authorized Individuals List: Record the date the confirmation email is sent to the 1kD Project Lead in the column labeled as “Last PI Review”.

    *Repeat steps 1 & 2 for each 1kD Program Project Team.

  3. As email responses are received, the following will need to be updated accordingly:

  • Update the 1kD Program Authorized Individuals List by removing departing Authorized Individual(s) and/or adding new Authorized Individual(s). Note: For governance activity audit reporting purposes, please record the date that an individual is added/removed as an Authorized Individual.

  • Update the Project Team in Synapse by removing departing Authorized Individual(s) and/or sending a Project Team invite to new Authorized Individual(s).

  • Update the “1kD Program” Google Group by removing departing Authorized Individual(s) and/or adding new Authorized Individual(s).

 

C. Managing Access Requirements

Performers are each assigned their own individual project folders within the 1kD Program. Within a project's data folders, the project team uploads data to the project's private "Staging" folder. Through sharing settings access to the Staging folder is limited to the project's team with few exceptions in which an institutional agreement exists between Performers allowing named persons access to their Staging folder for administrative purposes.

 

Once data has been curated and validated, Sage's 1kD Program Data Curator then moves the from the project's Staging folder to the project's "Data Release" folder making the data available to the 1kD Authorized Individuals.

 

Access to all 1kD Program Data Release folders requires agreement to abide by the 1kD community norms by accepting clickwrap access requirement “AR 9605598”. This click-wrap restriction is applied to all 1kD Program Data Release folders

 

If a new 1kD Program Data Release folder is created, then AR 9605598 must be applied prior to any data being moved by the Data Curator.

 

 

For many 1kD Program Data Release folders additional controls are required at the request of the Lead 1kD Researcher and require the application of managed Access Requirements. The 1kD Access Conditions Table is a table of 1kD Program projects, data types, and data access conditions as determined by the project's Lead 1kD Researcher in their Data Access Conditions Form. This table also lists the Synapse folder IDs and Access Requirement IDs.

 

If a new 1kD Program Data Release folder is created, then in addition to AR 9605598, the Governance Analyst must also use the Leap-approved template language to create and apply a managed AR to the folder:

 

You are requesting access to Controlled-Access Data that is only to be used by 1kD Researchers to make progress together towards the goals of the 1kD Program. Click the Request Access button below to start your application.

 

You will be prompted to enter:

- Name of the PI (“Project Lead”) and Institution submitting this Data Access Request.

- Your Intended Data Use Statement serving as an explanation for the Data Contributor detailing the 1kD Researcher/Team's interest in the Data and a description of the pilot analyses / modeling that you hope to perform on the Data. Please address the following points: What do you want to do? Why are you doing it? How do you want to do it? For examples, please refer to this page: 1kD Intended Data Use Statements

- Synapse IDs of additional 1kD Researchers from the Institution who need access to these Controlled-Access Data to perform the proposed research.

 

Within two business days of receiving this Access Request, your request will be reviewed for completion by Sage Access and Compliance Team (ACT). If the conditions for making the request are met, Sage ACT will route the completed Access Request to the Data Contributor for review.

 

Data Contributors will have four days to respond to the request with approval or a valid reason for further discussion.

 

At the discretion of the Data Contributor, the 1kD Researcher's Intended Data Use Statement may be sent to other relevant approval bodies (IRB, DAC, etc).

 

If you have questions about the 1kD Data Repository please post them to the 1kD Data Repository Discussion Forum.

 

This approved managed AR language should not be altered, though additional information, requirements, or restrictions may be added as needed. Additional click-wrap ARs may also be added to a Data Release folder to ensure that the folder is restricted according to the wishes of the Data Contributor.

 

New click-wrap ARs and managed ARs should be added to the 1kD Access Conditions Table and to the Synapse Access Requirements List wiki.

 

D. Governance Activity Audit Reporting

In accordance with Sage’s Scope of Work governance deliverables, the Governance Analyst must conduct 1kD Governance Activity Audit Reports which are typically delivered to Leap in late February, May, August, and November.

 

The 1kD Governance Activity Audit Report Template can be accessed and copied into a new document to create a new report. The template contains guidance on how to gather and generate the information required for this report. Creation of a new report involves both quantitative and qualitative analysis of three months of governance activities, including changes to the 1kD Authorized Individuals List, data upload and availability, and processing Access Requests.

 

These reports to the funder provide valuable performance indicators which reflect the effectiveness and efficiency of Sage and the individual Performers.

 

E. Program Closure and Data Disposition

  1. Program Closure and Data Disposition

Data Disposition Discussion with Data Contributor

This step involves the Sage project team coordinating a conversation with the Data Contributor/ Lead PI to determine their plans for the future of their data and to review the timeline for project closure. This is the presentation deck created for the 1kD Data Disposition meetings. NOTE: For the purpose of this RM we assume that the Sage Team includes a PI, a Project Manager, a Governance Analyst, and a Data Manager.  When a Project Manager is not assigned by Sage, the Governance Analyst assumes the responsibilities of the Project Manager as described in this RM.

  1. Sage Project Manager schedules meetings with each Data Contributor / Lead PI Team. Meeting attendees include from Sage Team - the Lead PI, Project Manager, and Governance Analyst; from the Data Contributor Team - the Data Contributor / Lead PI and Data Manager; and from Wellcome Leap - the Program Coordinator (optional). 

    1. If the Sage Project Manager does not receive a response from the Data Contributor Team regarding scheduling this meeting, then the Sage Project Manager provides the Data Contributor Team access to the meeting materials outlining the options for Data Disposition (“1kD Project Closure” presentation deck) and requesting their chosen Data Disposition option by a prescribed date. 

  2. At the scheduled meeting, the Sage Project Manager will present this 1kD Project Closure deck outlining the Data Disposition options, discuss the Data Contributor / Lead PI’s needs, confirm their chosen Data Disposition option, and review the timeline for project closure. The Synapse Data Disposition options include:

    1. Data Migration: Retain data on Synapse through the Synapse plans (Basic Hosting Plan, Self-Managed Plan, or Data Coordination Plan) depending on data size and scope of desired services.

    2. Data Removal: Remove data from Synapse. NOTE: Removing data from the Synapse platform renders it inaccessible by all non-Sage Synapse users. 

Data Disposition Plan Confirmed by Data Contributor

This step involves Sage obtaining documented confirmation of the Data Contributor / Lead PI’s chosen option for Data Disposition. The Sage Project Manager will email the Data Contributor to either confirm the decision for Data Disposition as discussed at the meeting or to acknowledge receipt of their decision if instead communicated to Sage  via email. Sage Governance Analyst creates a PDF of the email and archives this communication in Sage’s internal project documentation as the record of their decision.

  1. If the Data Contributor / Lead PI’s Data Decision includes chooses Self-Managed or Data Coordination Plan, then Sage provides a quote and works the the Data Contributor  to execute a new Agreement with Sage and establish the data access and use conditions to apply to the data.

  2. A Data Disposition decision confirmed by the Data Contributor / Lead PI is preferred, but there are situations in which this decision may come to Sage from the Data Contributor’s Data Manager or other trusted Data Contributor team member. If not included in the email thread, Sage Project Manager should reply to the thread including the Data Contributor / Lead PI for visibility.  Sage Governance Analyst creates a PDF of the email and archives this communication in Sage’s internal project documentation as the record of their decision.

  1. In rare situations, a Data Disposition decision may come may also come from one Data Contributor / Lead PI on behalf of another Data Contributor / Lead PI and is ONLY  acceptable if the contributing PI is copied on the email thread or if the Sage Project Manager replies the thread  including the Data Contributor / Lead PI for visibility.  Sage Governance Analyst creates a PDF of the email and archives this communication in Sage’s internal project documentation as the record of their decision.

  2. If Sage is unable to obtain a Data Disposition decision from a Data Contributor / Lead PI’s or Institution after sending a minimum of three email reminders requesting their chosen Data Disposition option, then the Sage Project Manager emails the Data Contributor informing them of Sage’s next steps: to revoke the Data Contributor and their Team’s access to their data in Synapse on a prescribed date and to sequester their contributed data for removal from Synapse by a prescribed date.  Sage Governance Analyst creates a PDF of the email and archives this communication (including any subsequent response) in Sage’s internal project documentation as a record of Sage’s attempts to obtain a decision and our statement of action in lieu of their response.  

Data Confirmation by Data Contributor

This step involves the Sage Project Team working with the Data Contributor / Lead PI and Data Manager to identify the data for Data Disposition, Sage creating a Data Disposition View of contributed data, and the Data Contributor reviewing and confirming the data to prepare for Data Migration and/or removal from Synapse. 

  1. Sage Data Manager generates a Data Disposition View of files contributed by Data Contributor. 

  2. Sage Project Manager sends email to the Data Contributor with a link to the Data Disposition View and requests that the Data Contributor review and confirm that the Data Disposition View shows all of the Contributor’s data. 

  3. Once confirmed, the Governance Analyst creates a PDF of email and archives this communication as documentation of the Data Contributor’s confirmation of data for Data Disposition. 

Proceed with Data Disposition Plan

Unless otherwise arranged, execution of the Data Disposition Plans will commence on August 31, 2024 allowing the Data Contributors one month of access to their data following the 1kD end of Program date, July 31, 2024. Based on the Data Disposition decision captured in Step 2 and the Data Confirmation captured in Step 3, the Sage Project Team initiates the process for the Data Contributor’s chosen Data Disposition Plan (which can be a, b, or c combination of both):

Data Migration in Synapse

This step involves assisting the Data Contributor / Lead PI with the retention of their data on Synapse through a Synapse Plan: Basic Hosting Plan, Self-Managed Plan (Sage-supported), or Data Coordination Plan (Sage-supported). If the Data Contributor selects a Sage-supported plan, a new Data Ingress Agreement must be executed and Data Access Conditions must be established prior to starting the procedure outlined in this section. 

To facilitate Data Migration in Synapse, the Sage Project Team will:

  1. Contact the Data Contributor to address the following: 

    1. Desired name of the new private Synapse Project

    2. Synapse User Name(s) for the Manager(s) of the new Synapse Team (the person assuming authority to administer Synapse Users, roles, and access to the private Project.

    3. Synapse User Name(s) for the Synapse Project Administrator (the person assuming authority to control and assign data action permissions (“view”,  “edit”, “download”, and “delete”), maintain folder and table structure, and publish wikis for the private Project. This may be the same person as the Synapse Team Manager(s). 

    4. Determine desired date of Data Migration.

  2. Using this information from the Data Contributor, create a new Synapse Project. 

  3. Create a new Synapse Team with the Data Contributor / Lead PI as Team membership approver. 

  4. Add the new Team to the Project’s Sharing Settings. 

  5. Add  Sage ACT as an “Admin” on the Project. 

  6. Move the data identified for retention into the new Synapse Project. 

    1. The migrated data retains click-wraps and Managed ARs, if those click-wraps and Managed ARs are no longer required, follow the process for removing these Managed ARs which includes filing an ACT JIRA ticket for informational audit purposes. 

    2. 1kD Managed ARs are retired, not deleted, and instead assigned to a dummy entity stored in the 1kD Program “Sage Admin” Project Folder > Governance_Retired 1kD Managed AR (syn52160737).

    3. Remove ACT as “Admin” on the Project unless requested by the Data Contributor. 

  7. If migrating to a Sage-supported plan: 

    1. Retain ACT as an Admin on the Synapse Project. 

    2. Provide governance support as negotiated. 

  8. Once the chosen Synapse Plan is in place then: 

    1. If any of the Data Contributor’s remaining 1kD Program data has been designated by the Data Contributor for removal from Synapse, then proceed to 4b below to proceed with “Data Removal from Synapse”. 

    2. If all of the Data Contributor’s 1kD Program data is being retained on Synapse, then proceed to Step 5. 

Data Removal from Synapse

This step involves removal of the Data Contributor’s data from Synapse. Before proceeding, the Sage Project Team and the Data Contributor must understand the following about Data Removal: Removing data from the Synapse platform renders it inaccessible by all non-Sage Synapse users. All reference links to removed data will no longer be valid.  Reference links within datasets, tables and materialized views will resolve to ‘not found’ and Digital Object Identifiers (DOIs) will point to a page with a ‘not found’ message. Fileviews will no longer display deleted files. Removing data from the Synapse platform renders it inaccessible by all non-Sage Synapse users and remains only accessible by Sage IT personnel. Removal of Data from Synapse leads to eventual deletion from the Synapse AWS S3 Bucket if/when deemed necessary by Sage. Unless special circumstances dictate otherwise, to facilitate Data Removal from Synapse, the Sage Project Team will follow the default Data Removal process: 

  1. Project Manager creates a Jira ticket  in the 1kD Project Dashboard under the “data deletion requests” epic (ONEKD-952) tagging the Governance Analyst and assigns the ticket to the Sage Lead PI for approval. The Jira ticket must include the following information:  

    1. Date/time the data removal request was submitted to Sage

    2. Name and role of the person who submitted the request

    3. Attachment of,  or link to, the documented request and confirmation of the Data Disposition View (usually an email) 

    4. Project synID as reference and the Folder(s) or File(s) synID of the data to be removed from Synapse:

      1. If a Project SynId is specified, the entire project will be removed. 

      2. If a Folder SynId is specified, everything in the folder will be removed. 

      3. If File SynIds are specified, only the specified files will be removed. 

  2. Request for Sage Lead PI to issue approval for Data Removal. If there are any concerns or need for Governance Guidance, the Sage Chief Privacy and Compliance Officer may be engaged on the ticket. 

  3. For 1kD, as the timing of Data Removal aligns across the Program, the ticket for Approval of Data Removal may include the requests from all Data Contributors and may be approved with a single blanket approval from the Sage Lead PI. 

  4. Once the Sage Lead PI has reviewed the ticket and issued their approval for Data Removal, the Governance Analyst will remove data from Synapse by “deleting” each Study Team’s folders according to the Jira ticket. 

    1. If there are issues with deletion which require programmatic tools (for example deleting a large subset of synIDs), the Governance Analyst may re-assign to the Sage Project Manager to engage an Engineer for support. Following programmatic data removal, the Sage Project Manager will assign the Jira ticket back to the Governance Analyst.

  5. Once the data has been removed from Synapse, the Sage Project Manager confirms in the Jira ticket and the Governance Analyst sends a confirmation email to Data Contributor / Lead PI to notify of the removal of data from Synapse. Sage Governance Analyst creates a PDF of the email and archives this communication in Sage’s internal project documentation as the record of confirmation of Removal of Data from Synapse. This is a template confirmation email: 

Greetings [name],

I am writing to inform you that the 1kD files which you confirmed in the Data Disposition View [add link to view] in the [team name] project space have now been successfully removed from Synapse. If you have any questions or concerns, please let us know. 

We look forward to future opportunities to work with you and sincerely wish you all the best.

Kind regards,

[name]

[title]

  1. Governance Analyst updates the Jira ticket with confirmation that the Data Contributor / Lead PI has been notified and then changes the Jira ticket status to “Closed”. 

Closure of the 1kD Data Sharing and Use Agreement

This step involves sending the Notice of Closure email to Lead PI, Signatory, and Contract Persons included in execution of the 1kD Data Sharing and Use Agreement (DSUA). For the 1kD Program, DSUA closure emails will be sent prior to and no later than the end of Program date, July 31, 2024. 

  1. Prepare a Notice of Closure email for the DSUA between Sage and the Data Contributor. This email will include the original execution date of the DSUA and the date the Synapse team was disbanded and access to the 1kD Program space was revoked. 

  2. Send Notice of Closure email to Lead PI, Signatory, and Contract Persons included in execution of the DSUA. 

    1. Attach a copy of the executed DSUA for reference. 

    2. Save a copy of the Notice of Closure email in the 1kD Governance Internal > Closures folder.

  3. Once sent, the Governance Analyst creates a PDF of email and archives this communication as documentation of the Data Contributor’s confirmation of DSUA Closure. 

Revocation of Cross-Team Access to the 1kD Program Data in Synapse

This step effectively ends cross-team data sharing in the 1kD Program’s Synapse Project on August 1, 2024.  This will ensure that each study’s folders are accessible only to that Data Contributor’s Synapse Team. Once the Governance Analyst obtains confirmation from the Sage Lead PI that 1kD Program Sharing Settings may be changed, this is the procedure for changing the 1kD Program Synapse space’s sharing settings:

  1. Governance Analyst navigates to the 1kD Program Project (syn26133760). The Project-level will retain its current Sharing Settings. 

  2. Next navigate to the  “Files” tab to view the 1kD Program Folders and for each study’s Folder revoke access for all external study Teams. Adjust sharing settings to these Synapse Folders as outlined here in column labeled “End of Program: Sharing Settings Changes (July 31)”: 1kD_Sharing Settings - End of Program

  3. Add Sharing Settings change date in column labeled: “End of Program: Date of Changes”. 

Update Governance Program Documentation

This step involves the Governance Analyst updating Governance 1kD Program Documentation to reflect actions taken in this “Project Closure and Offboarding Process”.

  1. Update project-related documentation in Synapse

    1. 1kD Program Landing Page - If a team leaves the 1kD Program prior to the end of Program date (July 31, 2024), remove the departing Team’s name from the landing page introduction.

    2. 1kD Access Requirements List - If the associated data has been removed from Synapse, mark Access Requirements which are no longer in use as “Retired”.

  2. Update project-related documentation in Google Drive

    1. Sage's Closure Tracking - "1kD_MASTER_Governance Stage Tracking" - Add details of the project closure. 

    2. Leap's Closure Tracking - "1kD Data Close Out" - Add details of the project closure.

    3. 1kD Program - List of Authorized Individuals” - Update with access status changes and dates.  

  3. Update project-related Governance Project Management documentation

    1. 1kD Program - Google Group - Remove Authorized Individuals who have been removed from the 1kD Program. 

  4. Change access settings for shared Google Drive removing access and/or changing access to “view only” for non-Sage users.  

Revocation of access to the 1kD Program Project in Synapse

This step effectively ends external Synapse user access to the 1kD Program’s Project space shared space by August 31, 2024. This will ensure the 1kD Program Project is accessible only to Sage. Once the Governance Analyst obtains confirmation from the Sage Lead PI that 1kD Program Sharing Settings may be changed, this is the procedure for changing the 1kD Program Synapse space’s sharing settings: 

  1. Governance Analyst navigates to the 1kD Program Project (syn26133760)

  2. Next navigate to the Project Sharing Settings and revoke individual Team access to the entire 1kD Program Synapse Project. Adjust sharing settings to these Synapse Folders as outlined here in column labeled “Final Closure: Sharing Settings Changes (August 31) ”: 1kD_Sharing Settings - End of Program

  3. Add Sharing Settings change date in column labeled: “Final Closure: Date of Changes ”. 

VI. Associated Documents and Resources

Synapse Links 

1kD Program in Synapse (syn26133760): This is the 1kD Program space in Synapse. The 1kD Program Synapse project is private and accessible only to the 1kD Performers (PIs) and their Authorized Individuals.

1kD Access Request JIRA: JIRA board for tracking 1kD Program Access Requests 

1kD Admin Team: Current list of Sage employees working on the 1kD Program.

1kD IDU Statements: List of all Intended Data Use Statements submitted for access to 1kD Program data. 

Governance Project Management Documents and Resources

1kD Access Conditions Table: Table of 1kD Program projects, data types, and data access conditions as determined by the project's Lead 1kD Researcher in their Data Access Conditions Form. This table also lists the Synapse folder IDs and Access Requirement IDs.

1kD Access Request Tracking Spreadsheet: Spreadsheet tracking 1kD Program Access Requests for the purpose of tracking responses and reporting governance activity to Wellcome Leap. All Synapse Access Requests are tracked using this spreadsheet.

1kD Authorized Individuals: Current list of individuals authorized to access the 1kD Program space in Synapse.

1kD_DSUA - Tracking Spreadsheet: Spreadsheet tracking of progress of 1kD DSUAs from execution to closure. 

1kD DSUA - Notice of Closure Letter: Template letter for the closure of 1kD DSUAs

VII. Revision History

Revision Date

Description

January 6, 2023

Document Development (Lisa Pasquale )

April 27, 2023 

Version 1 Complete (Lisa Pasquale)

July 07, 2023

Adapt RM to Document Control RM template (Lisa Pasquale) 

August 4, 2023 

Updated Access Request Processes to include new “Super-Users” (Lisa Pasquale)

September 13, 2023

Add content for additional processes related to 1kD Governance (Lisa Pasquale)

November 3, 2023

Add content for Authorized Individual Management, Managing Access Requirements, and Governance Activity Audit Reporting (Lisa Pasquale)

September 12, 2024

Add content for “Project Closure and Data Disposition” guidance. Updated “PDF Link”, “Objectives”, “1kD Program and Definitions”, and “Associated Documents and Resources” (Lisa Pasquale)