Intake24 information security and data management FAQ's
Below are frequently asked questions about information security and data management for Intake24 hosted by Cambridge University.
Intake24 (https://intake24.org/) is hosted and provided by the University of Cambridge, under the responsibility and management of the Institute of Metabolic Science (IMS) Epidemiology (IMS Epidemiology).
FAQ | Arrangements for Intake24 (hosted by University of Cambridge) | Further details regarding University of Cambridge IT infrastructure and information security |
How is access to the Intake24 platform and project data controlled for administrative or support staff?
| The Intake24 system and relevant data are made accessible to researchers by the Intake24 system Admin Team. Intake24 system accounts require strong passwords (min 10 mixed (lower/upper/number) characters) and are protected by mandatory multi-factor authentication. | Access to IT systems underpinning and relevant to Intake24 is logged and only specific users in specific groups are permitted access for specific functions and permissions. Complex passwords e.g. minimum of 8 characters and associated complexity rules are used. |
Where are Intake24 servers located? | Intake24 (https://intake24.org/) is hosted and provided by the University of Cambridge, under the responsibility and management of the Institute of Metabolic Science (IMS) Epidemiology (IMS Epidemiology). | IMS Epidemiology is a user of the University of Cambridge virtual IT infrastructure. |
Where are Intake24 data stored? | Data collected via Intake24 are stored in databases held at the University of Cambridge. The system is hosted on UIS VMWare VSphere Foundation (VVF) service with vHosted for networking/firewall or UIS IaaS platform, and are subject to automated replica copy creation. The underlying virtual servers have backup copies taken nightly onto UIS-managed AES-256 encrypted storage – 30 copies are retained. | Data collected via Intake24 are stored in databases held in the University of Cambridge data centers. Data are regularly backed up to separate storage systems within the University of Cambridge data centers managed by the University of Cambridge Information Centres.
|
Who has access to Intake24 and to my research study data? | IMS Epidemiology staff (at the University of Cambridge) are responsible for the development, maintenance and management of Intake24 and have full access to the Intake24 system. This includes all survey dietary intake data for the purposes of user management, monitoring, system improvement, issue resolution and maintenance purposes. |
|
What researcher details are stored in Intake24? | Study researchers’ names and email contact details are input and retained in Intake24 for the purposes of facilitating access to their specific study. This information is necessary to manage study setup and ongoing administration and access to download survey dietary data. The University of Cambridge Intake24 Admin Team also use these contact details to communicate with researchers using Intake24 , such as to notify about any system issues and provide general updates on relevant Intake24 developments. | The University of Cambridge Privacy Policy and Information Compliance policies apply to users of Intake24. |
How long is my research study data stored within Intake24? | Data are stored on Intake24 servers at the University of Cambridge for the running period of the study. Access for data collection will cease when the study is concluded and is closed to further data collection from study participants. The Study PI and named researchers will continue to have access to the Intake24 study data for at least 3 months after the end of the study. |
|
Will my Intake24 study data be deleted? | Surveys and the respective intake data are retained on the Intake24 servers for a minimum of 3 months after data collection is complete. Study data may be retained beyond this period, however, the University of Cambridge does not commit to store and provide researcher access to collected data through Intake24 indefinitely. At the University’s discretion, researcher access to studies may be closed after study completion, at which time researcher access to the collected dietary data will no longer be possible. At least 1 months’ notice will be given (by email) to named study researchers ahead of closing researcher access to a specific study. |
|
Can I request deletion of my Intake24 survey data?
| Researchers can request their survey data are permanently deleted from Intake24 University of Cambridge servers. The researcher will need to request this specifically and will be required to complete a Data Destruction and Disposition notice. Data that has been removed from the Intake24 live server storage may still exist in a snapshot of copies and/or replica/mirror copies for a short time (currently a maximum of 3 months). | IMS Epidemiology Policy on Destruction and Disposition (DDN) applies. Upon receipt of a DDN from a data provider, all copies of “live” data (whether read-only or read-write) are deleted administratively, overseen by the IMS Epidemiology IT team. |
Is Intake24 data encrypted? What are the standards used?
| Data entered into Intake24 are encrypted in transit and access to dietary intake data is restricted and controlled to Intake24 survey-specific named researchers. All servers which support Intake24 are hosted on UIS VMWare VSphere Foundation (VVF) service with vHosted for networking/firewall or UIS IaaS platform, and are subject to automated replica copy creation. |
|
Data Protection Officer | Institute of Metabolic Science (IMS) Epidemiology Data Protection named contact: Tony Webb | University of Cambridge Information Compliance https://www.information-compliance.admin.cam.ac.uk/
|