Approval Process

The below process is provided simply to give HGSE researchers a better sense of what a path to research data/project approval and acquisition generally looks like at HGSE--many projects may deviate from this outline.

Similarly, you will see the names of and links to three primary online applications below: ESTR-IRB, the Data Safety Application, and the Agreements-DUA Application. If your work potentially requires submissions in more than one of these systems, know that there’s no wrong place to start! The trio of applications allows the initiation and connection of reviews at any time that makes sense for your project and research team. Always start where the most information is known for proposal and review, and just proceed from there. If more than one or all requirements are known at the same time, initiate reviews in tandem. Be sure to check out the Researcher Data Management group's Summary of Relationships with Order of Reviews which briefly describes and charts options for where to start when seeking these reviews, when required.

Harvard’s Research Administration and Compliance Systems team has done an amazing job developing a summary of these reviews, and their website provides helpful guidance on using each of the applications if you’ve not done so already.

General HGSE Research Approval Process

1.) Researcher (faculty member or student with faculty mentor) negotiates data access with an organization, be it through the planned utilization of preexisting data/datasets or the anticipated collection of new data. Often a Data Use Agreement (DUA) must accompany data collection, whether it initiated on the data provider's end (preexisting data) or the researcher's end (collection of new data). As such, any HGSE researcher who needs to process an agreement covering the transfer of data can start that process directly in the Agreements-DUA Application. This system is designed to give HGSE researchers a more efficient way to route legal agreements, greater transparency into the review/negotiation process, and improved compliance for handling these agreements University-wide. HGSE researchers should use the Agreements-DUA Application to do the following:

  • To request the drafting of new DUA (incoming or outgoing);
  • To request a review of a DUA received from another entity;
  • To correspond with the DUA reviewer (normally a Harvard University Office of Sponsored Programs (HU-OSP) negotiator);
  • To track the status of the review and eventual approval of the DUA, which includes visibility into local IT review of DUA’s data security requirements; or
  • To manage active DUAs (including extension requests)

If you have any questions or need support in using the Agreements-DUA Application, view the University's DUA process guidance on the Office of the Vice Provost for Research (OVPR) website and the Agreements-DUA Submission Guide on how to create and submit materials for review. Alternatively, please contact HGSE's Senior Director of Research Administration, Tiffany Blackman, or your HGSE’s Office of Sponsored Projects (HGSE-OSP) portfolio owner directly. HGSE-OSP is happy to provide support, facilitate training, and ensure that you and your research teams can fully and easily utilize the Agreements system.

2.) Researcher submits any applicable drafted/unsigned DUAs from Step #1 to the Agreements-DUA Application for HU-OSP/HGSE-OSP review, their research protocol to the Institutional Review Board (IRB) via the Electronic Submission Tracking and Reporting (ESTR)-IRB for review, and their data management plan to the Data Safety Application for local HGSE data security review. While a researcher may submit to ESTR-IRB, the Data Safety Application, and the Agreements-DUA Application concurrently, please note that a DUA cannot be signed and officially executed without both a completed review in ESTR-IRB and an approval from HGSE's Director of Security Operations (DSO) for the researcher's data management plan within the Data Safety Application.

For additional assistance on the new Data Safety Application, researchers are encouraged to visit Research Administration and Compliance Systems for system and policy information, review the Safety Submission Guide for detailed instructions on developing your submission and sending it for review, or attend an upcoming informational session to answer your questions and help you get started in the new application. If you are unable to attend one of the listed informational sessions and would like to schedule a personalized session, or if you have any other questions about the system, please contact: rshelp@harvard.edu

3.) Once the IRB has reviewed all materials submitted by the researcher, they will make a "Sensitive" or "Non-Sensitive" binary data determination for the project. HGSE researchers with 1.) Projects determined to be sensitive by the IRB, 2.) Research data that appears to be DSL 3, 4, or 5 based on HUIT guidance, is not managed via a DUA, and is Not Human Subjects Research, or 3.) Data that is subject to a DUA, the University requires the researcher to submit a request for security review in the University’s Data Safety Application. All requests listing HGSE as the researcher’s primary affiliation will automatically be routed to HGSE's DSO for review, and a follow-up consultation may be scheduled. This consultation allows the DSO to assist the researcher with the implementation of any data security tasks required according to the project's data classification level (assigned by HGSE's DSO based upon the type(s) of data the researcher is anticipated to work with) and/or by any accompanying DUAs. The basic principle behind this data classification process is that the greater the sensitivity of the data collected by the researcher, the higher the classification level assigned. As the classification level increases, so do the number or type of security requirements.

4.) Once HGSE's DSO completes their security review of the data management plan with the researcher, the DSO will submit an Ancillary Review within ESTR-IRB and the Data Safety Application to serve as the project's official documentation/confirmation of security review. Similarly, once HGSE's DSO completes their review of any notable security requirements within a researcher's DUA (if applicable), the DSO will submit an Ancillary Review within the Agreements-DUA Application to serve as the project's official documentation/confirmation of security review. Following these submissions, the researcher's package is sent to University SPA/OSP for final review and execution if a DUA is involved.

NOTE: Researchers conducting human subjects research are required to submit their proposed research activities to their affiliated IRB prior to starting the research at HGSE. In most cases specific approval from an IRB is required before the research can begin. Some types of research are exempt from the approval requirement, but researchers should contact their IRB for additional guidance on any exemption determinations.

Other Resources