What is Institutional Certification?

Institutional Certification is a way for external entities to ensure that the primary research institution of investigators they are working with is aware of the nature of the relationship with that external entity, and any related responsibilities.

There are many types of situations which call for institutional certification, and Duke has different individuals responsible for facilitating the process depending on the nature of the request. For grants-related sign-offs access the Authorized Organizational Representative page.


Certification For Downloading Data

If you are requesting data from an external database or data archive, they may require an Institutional Signing Official (SO) to sign off on the application.

Downloading from external databases (NIH Data Archive, BioLINCC, FITBIR, etc):

  • Many databases will require that an institutional signing official sign off before being approved to download data. 
    • Investigators will submit the form requiring signature for review, as well as other information to aid in Duke’s review, via the REDCap form provided below.
    • All researchers who will have access to the controlled-access data will e-sign the Compliance Certification Form, sent once the Controlled-Access Data Request REDCap form is submitted, which acknowledges the researchers responsibilities in protecting the data they download.
    • If relevant, Duke will verify that the proper IRB documentation is present before signing off on external data downloads.

Downloading from NCBI’s database of Genotypes and Phenotypes (dbGaP):

  • In addition to the requirements of the above for external databases, Principal Investigators requesting dbGaP access and any Internal Collaborators will need to complete or update their completion of an online training module.

Click here to access the REDCap form to request Controlled-Access-Data Download or Yearly Renewal

  • For this form, you will need your study’s IRB number as well as the netID and email addresses of anyone who will be accessing the raw data.


Certification for Uploading Data

If you are required to upload data to an NIH or other external repository, these entities may also require an Institutional Signing Official (SO) to sign off, confirming that the data you wish to share can in fact be shared. This process typically involves review any related consent forms that were/are involved in the collection of human subjects data, and thus involves a review by a liaison from Duke’s Institutional Review Board.

Click here to access the REDCap form to request a signature for Uploading Controlled-Access Data

  • Please note that you will need your study's IRB number for this request to be reviewed.
  • The study's consents will be reviewed to ensure that the data requesting to be shared was collected with sharing to the repository in mind. 
    • You can find standard consent language on the IRB's English Standard Language page.
      • Most studies will use language from the "DNA/Genetic Banking/GWAS Language" section, particular section i, if data will be uploaded to an NIH repository. 
    • If consenting language is specific to the type of research (ex. "Your de-identified data may be shared for use by cancer researchers...") then this will need to be honored by the repository to which you share the information. Many will have an option for controlled-access if consents do not reflect broad-use sharing language.
  • If Duke was not the consenting institution for the data you wish to share, you will likely need to obtain Institutional Certification from the primary research entity responsible for collection of the data. 
  • If you are requesting a signature for a Genomic Data Sharing form, please review the NIH's information about this form here.
    • Note that there was a policy change in 2015. If you have data to share from samples that were collected before 2015, you will need to submit the 2015 form. If you have samples from both before and after 2015, then you will need to submit both forms for that study.