About Institutional Certifications

Institutional Certifications are expected for the submission of large-scale human genomic data under the NIH Genomic Data Sharing Policy. Understand the responsibilities of the investigator, the institution, and the institutional review board (IRB) in preparing an Institutional Certification.

What is an Institutional Certification?

The Institutional Certification, provided by the submitting investigator and a signing official (SO) at the investigator's institution, assures NIH that submission of large-scale human genomic data to an NIH-designated data repository is consistent with the NIH GDS Policy, the informed consent of the original study participants, and/or the preferences of the original study population. The certification also states whether, after IRB review, research use limitation is deemed necessary.

View and download Institutional Certification forms

When & How Should an Institutional Certification Be Submitted?

The responsible SO of the submitting institution should provide an Institutional Certification to the program officer at the funding NIH Institute or Center (IC). Questions about the certification may be directed to a Genomic Program Administrator (GPA).

Extramural (Grants & Contracts)
  • The Institutional Certification will be requested as part of the Just-in-Time (JIT) process and is required for award. The Institutional Certification, or in some cases, a provisional Institutional Certification, must be submitted and accepted before the award can be issued.
  • Note that applicants are asked to anticipate genomic data sharing in their Data Management and Sharing (DMS) Plan, which is submitted at the time of application. The DMS Plan should reflect the anticipated assurances and any limitations outlined in the Institutional Certification. If the Institutional Certification reflects more updated information, applicants should update their DMS Plans and contact their Program Officers.
  • Applicants’ Data Management and Sharing Plans should reflect the assurances and any limitations anticipated in the Institutional Certification.
NIH Intramural (NIH Staff Only)
  • Institutional Certifications should be submitted to the funding IC at the time of scientific review. 
Non-NIH Funded
  • In order for a non-NIH funded dataset to be submitted to dbGaP, it needs to be sponsored by a NIH Institute or Center (IC). Non-NIH funded submitters should directly contact the IC that most closely aligns to the project. Please contact the GPA for that IC.
  • If the request is approved, Institutional Certifications should be provided by the institutional SO of the submitting institution for any human genomic data sets being submitted to NIH-designated data repositories.
  • See How to Submit A Non-NIH funded Study to dbGaP for instructions on how to register and submit data. 

What is the Role of an Institutional Review Board (IRB) in Reviewing an Institutional Certification?

The IRB works with the investigator to determine if the Institutional Certification accurately reflects the terms of the participants' informed consent as well as the adequacy of the consent process for the generation and sharing of data for secondary research use, and that it is consistent with the NIH GDS Policy. To assist with the process, NIH provides Points to Consider for Institutions and IRBs to help guide review of the Institutional Certification.

For more information on what NIH considers informed consent, consult NIH Guidance on Consent for Future Research Use and Broad Sharing of Human Genomic and Phenotypic Data Subject to the NIH Genomic Data Sharing Policy.

What are Institutions Expected to Certify? Elements of an Institutional Certification

By signing an Institutional Certification, an institution and its IRB, privacy board, or similar body assure NIH that:

  • The study submission is consistent with relevant (e.g., local, state, federal, Tribal, and/or institutional) laws and policies;
  • The certification states the data use limitations, if any, on secondary research performed with the data;
  • The participants' identities will not be disclosed to NIH-designated data repositories; and
  • An IRB or equivalent body has reviewed the proposal and assures NIH that:
    • The data collection protocol appropriately protects the research participants; 
    • The submission and sharing of the data are consistent with the informed consent of the study's participants; and
    • The risks associated with genomic data sharing have been considered.

See the Institutional Certification form for a complete list of all assurances.

Who Signs the Institutional Certification?

After the IRB's review, the submitting PI and their Institutional Signing Official (SO) must both sign the completed Institutional Certification form before submission.

An institutional signing official (SO) is a senior official at an institution who is credentialed through the NIH eRA Commons and is authorized to enter the institution into a legally binding contract. For an intramural research project, the SO is the IC's scientific director or their designee.

For questions about who may serve as the SO for the purposes of the GDS Policy, please contact GDS Policy staff.

How Are Institutional Certifications Submitted for Multi-site Projects?

For a multi-site project, with samples collected at several institutions, there are two options:

  • Submit an Institutional Certification from each site contributing samples, or 
  • Submit an Institutional Certification from one site on behalf of multiple sites
    • The submitting institution assures NIH that, based on either its own review or assurance from other institutions, the expectations and conditions of the Institutional Certification(s) are met for the entire multi-site project.

How Do I Prepare and Complete an Institutional Certification Form?

Refer to Completing an Institutional Certification for step-by-step guidance on completing an Institutional Certification.