REDCap is an electronic data capture system that gives users control over their data and is more powerful, flexible and secure than other options. It securely stores data in encrypted databases and has various access controls, passwords, and logging features to track user activity. REDCap automatically logs all user actions to allow administrators to review the activity and data accessed by any given user. While it has strong security, some audit departments may see disadvantages compared to paper-based systems. The document provides instructions on registering and logging into REDCap for a clinical trial launch event.

1. REDCap Data System
STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

2. STARSurgII : DISCOVER Protocol Launch
Research
Electronic
Data
Capture
16th September 2014, Royal College of Surgeons of England

3. Why use REDCap?
• REDCap gives you control of the data
• REDCap is more powerful and flexible
STARSurgII : DISCOVER Protocol Launch
• REDCap is more secure
16th September 2014, Royal College of Surgeons of England

4. How secure?
“At rest” encryption is in place on the database server. Access control is achieved by directly administered usernames
and passwords, with limitation of collaborator access to institution-specific data. Passwords are stored as an encrypted
one-way hash of the password. Accounts are disabled after 5 failed login attempts. Users are auto logged out after 30
minutes of no activity. Users are forced to change password after 90 days. Daily audit tracking of users is in place.
Data is protected by being stored in MySQL databases on a separate server. This server is behind a firewall and can only
be accessed from the IP address of the web server. An SSL-tunnel encrypts communication between the web and
databases servers. File upload is secured between servers using the WebDAV protocol with SSL. “At rest” encryption is
in place on the database server (aes-xts-plain64:sha256 with 512-bit keys). Operating security updates are installed
automatically. Antivirus software runs to a scheduled protocol on the web server.
REDCap has a built-in audit trail that automatically logs all user activity and logs all pages viewed by every user,
including contextual information (e.g. the project or record being accessed). Whether the activity be entering data,
exporting data, modifying a field, running a report, or add/modifying a user, among a plethora of other activities,
REDCap logs all actions. The logging record can itself be viewed within a project by users that have been given
privileges to view the Logging page. The Logging page allows such users to view or export the entire audit trail for that
project, and also to filter the audit trail in various ways based upon the type of activity and/or user. The built-in audit
trail in REDCap allows administrators to be able to determine all the activity and all the data viewed or modified by any
given user.
STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

5. Disadvantages
• Audit departments
STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

6. Registration
STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

7. Logging in
STARSurgII : DISCOVER Protocol Launch
hartmannwhipple@abdomen.co.uk
16th September 2014, Royal College of Surgeons of England

8. STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

9. STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

10. www.STARSurg.org
STARSurgII : DISCOVER Protocol Launch
16th September 2014, Royal College of Surgeons of England

11. Summary
• Make sure your lead has the correct email
address
• Technical issues can be resolved easily!
STARSurgII : DISCOVER Protocol Launch
• REDCap is good
• Check your spam
16th September 2014, Royal College of Surgeons of England