Information Governance requirements

If I export data from REDCap what are the Information Governance requirements?

Any data exported from REDCap should be stored and processed in line with University of Manchester RDM policy on University approved systems in a manner appropriate to its security classification.

Contractual funder, or data provider requirements may specify additional requirements which will need to be met.

How do I archive my survey in alignment with RDM requirements including retention periods?

In general if data within REDCap supports published research or is needed to reproduce findings or considered to have long term value then it should be retained in line with University RDM Policy. Local arrangements, contractual funder or data provider requirements may specify a longer retention period.

Is an IGRR required for REDCap?

The version of REDCap relaunched as part of the Research Lifecycle Programme has undertaken an Information Governance Risk Review (IGRR)

If your research is likely to involve high risk processing the relevant researcher or PI may need to complete an Information Governance Risk Review which may ultimately lead to a full Data Protection Impact Assessment being carried out. This will be done in consultation with the Information Governance Office. For more information as to what constitutes ‘high risk’ processing read the following ICO guidance and examples.