Under the federal regs we are required to ensure that there are adequate protections for privacy of individuals and confidentiality of data (45 CFR 46.111(a)(7). I’m assuming most of us are not equipped nor trained to evaluate this (e.g., which software are being used, how data are being stored electronically).  In addition to requiring things like cybersecurity training, and PI attestations that they will maintain the data in a secure fashion, how do you ensure this reg is followed? 

What is your protocol for when amendment activities involve new software/data storage?

And if you use attestations, can you kindly share them?