Safe Computing Guidelines

The following are guidelines to help you keep AMP PD participant data safe. Some guidelines are intended to help you keep your account and systems safe while others are intended to help you avoid sharing participant information with unauthorized individuals.

Keep your account safe

Your access to AMP PD data is through a Google Account that you have provided. Google has a set of instructions to help Make your account more secure. We encourage you to review those instructions and follow the steps provided.

Of note, be sure that 2-Step Verification for your Google account is enabled and that you keep it enabled.
 

Keep your machine(s) safe

Follow the safe computing guidelines of your organization, such as these NIH IT General Rules of Behavior.
 

Understand the AMP PD two tier access model (and abide by it)

AMP PD study data is controlled access data. Only individuals who have been approved for access by the program should have access. If you have been granted access to AMP PD data, do not share it with others who have not been authorized. If you have been granted access to a higher tier (more restricted) data, do not share the more restricted data with individuals who have not been granted access to the higher tier.

The following describes AMP PD's two levels of data access for researchers:

  • Tier 1: Clinical data and some omics sample metadata

    This group has access to participant-level clinical data, along with limited information about genomic and transcriptomic samples. Such information today includes lists of participant samples and can include aggregated information about genomic mutations.

    Terra group: amp-pd-clinical-access
    Data explorer: https://clinical-data-explorer.amp-pd.org/
     
  • Tier 2: Clinical, genomic, and transcriptomic data

    This group has access to the full range of data, including participant-level clinical, genomic, and transcriptomic data.

    Terra group: amp-pd-researchers
    Data explorer: https://data-explorer.amp-pd.org/

 

Use Terra Authorization Domains

Access controls for data and Terra workspaces are structured around two groups:

  • amp-pd-clinical-access (Tier 1)
  • amp-pd-researchers (Tier 2)

Note: the name amp-pd-researchers is not meant to imply that people in the amp-pd-clinical-access group are not "researchers". The naming of amp-pd-researchers group dates back to before the existence of the two-tiered model. The term “access” was added to the new group to help everyone avoid inadvertent, inappropriate data sharing. 

Access to tier 1 AMP PD managed data is controlled by the amp-pd-clinical-access group. Access to tier 2 AMP PD managed data is controlled by the amp-pd-researchers group.

Researcher accounts in amp-pd-researchers are implicitly in the amp-pd-clinical-access group.

When researchers create workspaces in Terra, they should apply the appropriate group as an Authorization Domain on the workspace. Setting an authorization domain on a workspace prevents future sharing of that workspace with researchers outside of that authorization domain. Thus:

  • If the workspace contains any tier 2 AMP PD data (participant-level genomic or transcriptomic information), the Authorization Domain should be amp-pd-researchers.
  • If the workspace contains any tier 1 AMP PD data (participant-level clinical data), the Authorization Domain can be either amp-pd-clinical-access or amp-pd-researchers.

When researchers save cohorts from Data Explorer, the list of workspaces will be automatically restricted to the Authorization Domain configured for that Data Explorer: 

  • Tier 1: Clinical data and some omics sample metadata

    Data explorer: https://clinical-data-explorer.amp-pd.org/
    Authorization Domain: amp-pd-clinical-access
     
  • Tier 2: Clinical, genomic, and transcriptomic data

    Data explorer: https://data-explorer.amp-pd.org/
    Authorization Domain: amp-pd-researchers


     

Trusted Sources

AMP PD Terra Assets
 
Terra publishes a set of Community Guidelines that discourages (and includes enforcement against) malicious software or other content being added to the platform. However it is good practice to verify the source of tools you use.
 
To help you with this, note:
•    AMP PD published workspaces and workflows are owned by admin@amp-pd.org.
•    AMP PD published workspaces are in the billing project amp-pd-release-v1.
•    AMP PD Communications
 
Official AMP PD email communications should only come from @amp-pd.org, @fnih.org, and @nih.gov addresses. However, email addresses can be spoofed, so do not respond to unexpected requests for private or privileged information. If you have any concerns or questions about the authenticity of an email received, please contact admin@amp-pd.org.