Indiana University Research Electronic Data Capture (IU REDCap) is a secure, web-based platform designed to support data collection and management for a variety of projects, including research, operations support, and quality improvement projects. Through its user-friendly interface, IU REDCap makes it possible for non-programmers to build their own secure, reliable data entry systems with functions tailored to their needs. However, while IU REDCap can assist with a wide array of data entry and analysis workflows, it can’t do everything…yet.
In the interest of continually making the platform as valuable as possible, the IU REDCap team seeks to add new, user-requested features through external modules. Such modules, though, come with potential risks, which the team mitigates through a careful vetting process, screening for security risks, functionality issues, and unplanned maintenance efforts.
The vetting process includes three broad areas of screening: 1) developer service level expectations, 2) technical review, and 3) testing. The team begins the process by contacting the external module’s developer to learn about how it will be maintained in terms of updates and fixes. Once the IU REDCap team establishes that the developer will continue to maintain the external module, the technical review, which includes a code review, penetration scanning, and a static code analysis, begins. Static code analysis is accomplished through the Software Assurance Marketplace (SWAMP), which provides a broad test of software’s reliability while pointing out specific bugs. During the testing phase, the team creates a formal test plan to exercise the external module’s functionality, executes that plan, and records its results. After collecting data from these three screening areas, the team presents the results to the Center for Applied Cybersecurity Research (CACR), which provides feedback on the risks they see in the module. Based on the results of CACR’s feedback, the IU REDCap team decides whether or not to install the external module.
The IU REDCap team recently undertook this process with stakeholders from Riley Hospital for Children and the Indiana University School of Medicine in order to create a faster, more efficient workflow around its use of the Tableau Web Data Connector. The Riley Maternity and Newborn Health Quality Innovation Group and the Pediatric Research Network used Tableau Desktop for reporting and visualizations, but in order to get data there, they first had to export it from IU REDCap to a second secure location and then import it into Tableau Desktop, with a further step of publishing these reports to a Tableau Server for sharing. This tedious multi-step, multi-site process had to be repeated each time users wanted updated information.
The IU REDCap team vetted and installed the Tableau Web Data Connector external module, simplifying the process dramatically. Now, through that external module, data can be drawn from IU REDCap directly into Tableau Desktop, and published to the IU Tableau Server just once, at which point real-time REDCap data will transfer automatically via the external module to the Tableau server as needed. Thanks to the robust external module vetting process, the team at Riley and IU School of Medicine can trust that this workflow will remain secure and viable in the future.