The Secure Access User Agreement is an important and compulsory document in the application process – it must be fully executed and in place before the UK Data Service can give you access to SecureLab.

Below we’ve provided some guidance on when you should complete it and who you should approach at your organisation to countersign it.


What is the Secure Access User Agreement?

The User Agreement is a legally binding contract between you, your organisation and the University of Essex, which is the legal entity for the UK Data Service. It ensures that you and your organisation are both aware of your legal responsibilities surrounding your access to controlled data in Secure Lab – this is particularly important for your organisation, because penalties, such as a loss of ESRC funding, may be levied at an organisational level in the event of a data breach. The User Agreement was written by the University of Essex’s legal team, so we are not a signatory party to the Agreement and we are unable to accept edited versions of the Agreement. The Agreement outlines the terms and conditions of use of Secure Lab and includes:

  • Agreement that you will complete our training
  • Information about your security responsibilities, e.g. not sharing your password, nor disclosing or compromising any Personal Information
  • Information about penalties and breaches, set out in our Licence Compliance Policy
  • Our outputs release policy
  • Our citation and copyright requirements

The Agreement is a per person, per organisation agreement. You therefore only need to complete it once whilst you are at your current institution – if you were to move organisation and still require access to Secure Lab, then you would need to complete and submit a new Agreement.


Where can I find a copy of the Agreement?

You will be able to download the Agreement from within your request for Secure Access data on your project – you will see that there is a step called ‘Complete Secure Access User Agreement’ within the workflow for your request and the form is available to download there.


Whom should I ask to countersign the Agreement at my organisation?

Your Agreement must be countersigned by someone who can accept legal responsibility for your data access on behalf of the entire organisation. You should therefore approach your organisation’s Research and Contracts Office or equivalent, to arrange for an appropriate person to countersign your Agreement. Line managers, PhD supervisors, Heads of Department/School are not acceptable signatories, so we are unable to accept User Agreements signed by any of these. The exception to this is researchers from the University of Essex, who should ask their Head of Department to countersign their Agreement, as the University’s legal team cannot countersign their own Agreement.


Does the Agreement need to be physically signed?

Ideally, yes. We can only accept PDF versions of the Agreement, so most researchers arrange for the form to be physically signed and then provide us with a scan of that hard copy. However, we do also accept Agreements that have been DocuSigned and the signatures verifiable. We do not accept Agreements where ‘signatures’ are typed without using DocuSign, even if they’re typed in a handwriting font.


When should I submit my Agreement?

To avoid any confusion with multiple emails, we recommend that you hold off sending your project application documents to us until your Agreement is fully executed, then submit all required documents attached to one email. However, we recognise that it can sometimes take a number of weeks for an Agreement to be signed off at an organisational level and as the Agreement is between you, your organisation and us, we do not send it to the data owners alongside the project application forms. It can therefore be sent later in the process if needed, but the sooner you can get it to us, the better, and please don’t send it before you’ve completed and submitted the rest of the application documents.