3.1.3 Data security
A. Background & Definitions
This item refers to one of the Core Requirements (Core Requirement 7 - "Data storage must be secured at least for as long as required by legal, contractual or other obligations or business needs") and is, therefore, considered as essential.
Data Security: The degree to which data sets are protected from
- the risk of accidental or malicious alteration or destruction, and/or
- from unauthorized access or disclosure.
The user is responsible to follow security processes aiming to protect the integrity of research data.
B. Guidance & Expectations
- Check whether there are guidelines to data security at your parent organisation. IT department is a good starting point. Make sure to implement the security measures of your parent organisation.
- Data should be stored safely for as long as required by legal, contractual or other obligations or business needs. Make sure to implement appropriate calendar reminders that includes key personnel.
- Paper-based documentation and data sets:
- If bound-paper laboratory notebooks are used to complete the experimental record, entries should be made in permanent ink. All experimental records should be kept in a safe environment (fireproof, locked cabinet) during the course of the activity and thereafter archived and systemically filed for long-term storage. Make sure user restrictions apply to storage areas.
- Electronic documentation and data sets:
- Electronic data should be safely stored right after data creation and data store locations and long term archiving locations should be specified. Data should be stored on systems, which should be access restricted, regularly backed up and transferred to an archive server, which is managed to ensure long-term storage and data retrieval upon request.
- Data Access management process:
- A list of people, who may need to access archived data sets and experimental records, should be created and updated when needed.
- For paper bound archived data, a data access log book is a possibility to record data access.
The EQIPD template "Documentation Plan" located in folder 3.1 in the Dossier (and below in Section C) provides a central space to describe this Core Requirement. The document is also used for the Toolbox items 2.3.1 Generation, recording, handling and archiving of raw data and 188.8.131.52 Traceability of data and any person having impact on data.
EQIPD Documentation Plan template - 3.1 Documentation Plan.docx
Organising, storing and securely handling research data 
back to Toolbox
Next item: 3.2.1 General guidance on training