Document Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0
|
|
- Gwendoline Mills
- 8 years ago
- Views:
Transcription
1 Standard Operating Procedures (SOPs) Research and Development Office Title of SOP: Computerised Systems for Clinical Trials SOP Number: 7 Version Number: 2.0 Supercedes: 1.0 Effective date: August 2013 Review date: August 2015 Author: Approved by: Alison Murphy, Research Manager Endorsed by Paul Carlin Dr David Hill Signed: Date: 01 August 2013 Document Number: SOP/RAD/SEHSCT/007 Page 1 of 17
2 Version History: Version No. Date Author Reason for Change 1.0 Oct 2007 Katrina Hughes N/A 2.0 Aug 2011 Alison Murphy Updated to new SOP format. Added guidance on validation, functional testing, management of data, security and the use of Microsoft Excel for recording trial data Document Number: SOP/RAD/SEHSCT/007 Page 2 of 17
3 Table of Contents 1. Introduction 2. Objective 3. Scope 4. Procedure 4.1 Evaluation and Purchasing 4.2 Validation and Functional Testing 4.3 Management of Electronic Data 4.4 Security 4.5 Use of Microsoft Excel for Clinical Trial Data 5. Regulations, Guidelines, References, SOP Links etc. 6. Appendices 6.1 Guidance for Validation and Functional Testing of Computerised Systems 6.2 Procedure for Data Management Using Microsoft EXCEL Document Number: SOP/RAD/SEHSCT/007 Page 3 of 17
4 1. INTRODUCTION ICH Guidelines for Good Clinical Practice (GCP) require that an electronic database should be fit for purpose; provide a clear audit trail; have security of access and be protected against deletions. The Data Protection Act 1998 requires data to be accurate and up to date, secure against loss, destruction, unlawful use or disclosure and to be processed fairly and lawfully. Research Data should be collected, recorded and managed in accordance with the principles of GCP, the Data Protection Act and the appropriate Trust procedures. All personal data and sensitive personal data must be managed in accordance with the principles of the Data Protection Act In particular, all personal data should be kept securely and not transmitted in a way that could cause loss of data or allow interception by unauthorised parties. All persons dealing with personal data are responsible for ensuring the security and safety of these data. Validation of computerised systems demonstrates that it is fit for purpose, performs consistently and the changes are effectively controlled. The validation will produce documentation that demonstrates that a system has indeed been validated and that the results of that validation were satisfactory. It is important that CIs make adequate provision for validating computerised systems and support of these systems after release in the funding arrangements for CTIMPs. It is the responsibility of the Chief Investigator (CI) in the clinical trial to ensure that any computerised system used during the study complies with the principles of ICH GCP, The Data Protection Act, Trust policies as well as EU and UK directives. 2. OBJECTIVE The objective of this Standard Operating Procedure (SOP) is to describe the procedure for validation and functional testing of computerised systems, and data collection, data management and security procedures for data held in trial databases in Clinical Trials of an Investigational Medicinal Product (CTIMPs). 3. SCOPE This Standard Operating Procedure (SOP) applies to all Clinical Trials of an Investigational Medicinal Product (CTIMPs) where the South Eastern Health and Social Care Trust (SEHSCT) is acting as the sponsor or co-sponsor, and are responsible for the computerised systems used to hold trial data. Document Number: SOP/RAD/SEHSCT/007 Page 4 of 17
5 4. PROCEDURE 4.1 Evaluation and Purchasing It is the CI s responsibility to ensure that any computerised systems that are used for clinical trial research are compliant with SEHSCT ICT evaluation and purchasing policies. 4.2 Validation and Functional Testing The CI must ensure when using electronic trial data and/or remote electronic trial systems that the system conforms to established requirements for completeness, accuracy, reliability and consistent intended performance. A description for the computerised system to be used in a CTIMP should be produced and retained in the Trial Master File (TMF), or other appropriate file. This document is the User Requirement Specification (URS). The validation and functional testing of the computerised system should be done against the documented description, User Requirement Specification for the computerised system. This document is the System Specification. The process of validation and functional testing should be recorded each time that it is carried out. Evidence of such testing should be retained in the TMF or other appropriate file. As modifications to the system are made, these should be functionally tested and validated. If necessary, updates to the User Requirement Specification and validation and functional testing regimes should be carried out. The validation status of a computerised system, both software and hardware, should be reviewed at least once every two years. Guidance on validation and functional testing of computerised systems can be found in appendix Management of Electronic Data The study protocol or other study document should clearly specify the data to be stored electronically and which data elements are to be retained upon archiving. Electronic data should be accurate and reliable. The computerised system should safeguard study blinding where this exists. Blinding should not be broken through day to day use of the computerised system. The system should provide protection against unintentional unblinding but support, where appropriate, any blinding procedures described in the protocol. Document Number: SOP/RAD/SEHSCT/007 Page 5 of 17
6 There will be an unambiguous and unique identifying ID for each participant. The code or file linking participant s names with their IDs should be kept secure and separate from the data used for trial analysis. Identifiable data should not be retained for longer than is necessary to meet the requirements described in the study protocol and to meet requirements set by grant awarding bodies, Research Ethics Committee and regulatory authorities, this is at least 5 years after the conclusion of the trial. Electronic data should be archived in a way that it is secure and which uses media with the appropriate longevity for the required storage time. If application software is required to read the archived data, this software should be archived together with the data. Deleting data may require the physical destruction of digital media. Following the archiving period permission should be sought from the sponsor before deleting or destroying any data. 4.4 Security Electronic data should only be stored on devices that are backed up in a secure and timely manner. Data should not be held on devices that do not participate in a backup regime. In practical terms this will generally mean: Liaising with Trust ICT Department to confirm that the server upon which the CTIMP database is stored is regularly (eg daily) backed-up onto remote and/or removable disk storage, the latter of which are then placed into a secure fire safe, and existence of disaster recovery procedures. The SEHSCT IT service has a data backup service that provides a reliable means of protecting data held on departmental file servers. ICT does not backup files on local desktop machines. Not using systems where the data are stored on the hard-disk of a PC or laptop unless secure backup arrangements are in place. Personal data must not be stored or transmitted on removable media or laptops without encryption. Any machines used to enter or access trial data should have up-to-date operating system patches installed together with appropriate security software (e.g. antivirus, antispyware, firewall) Data used for trial analysis should be anonymised. Date used for trial management should use the minimum number of personal identifiers necessary for study conduct and ensuring patient safety. Access to the data should be limited to authorised personnel and each user of the system should have an individual account. A record should be kept of authorised users and the access levels that apply to each user. The list of authorised users should be kept in the Trial Master File. Document Number: SOP/RAD/SEHSCT/007 Page 6 of 17
7 Accounts must never be shared, nor should there be guest accounts. Individual users should login with their own usernames and passwords. Individual users should not login so as to provide access to another user. Datasets should be encrypted prior to transmission or transfer. department can provide advice on encryption. The Trust ICT The study database should ideally have an audit trail for any changes made to electronic data after initial entry. For example, if a laboratory result is changed, the original value ought to remain in the database together with the date of the change, a brief explanation of why the change was made and who made the change. At the end of a trial, data should be locked to prevent further additions or changes to the data using the data management system s file-locking facility if such a facility exists, otherwise a snapshot of the data should be taken for analysis and access limited to authorised personnel. 4.5 Use of Microsoft Excel for Clinical Trial Data In a certain proportion of small-scale clinical trials, owing to their size and constraints on funding, there is little technical support for researchers in the design of databases in which to store clinical data. These trials will typically be trials where a small number of subjects are being recruited. In these trials commonly data are entered from Case Report Forms (CRF) into spreadsheets such as Microsoft Excel prior to transfer for statistical analysis. As EXCEL does not have an inbuilt audit trail of who has access to the data, or who can enter or amend the data specific procedures need to be followed to optimise compliance with the principles of The Medicines for Human Use (Clinical Trials) Regulations 2004 and GCP. The procedure to follow when using Microsoft Excel can be found in appendix REGULATIONS, GUIDELINES, REFERENCES, SOP LINKS etc. Statutory instrument 2004/1031: The Medicines for Human Use (Clinical Trials) regulations Statutory instrument 2006/1928: Amendment Regulations The Medicines for Human Use (Clinical Trials) ICH (1996). Guidelines for Good Clinical Practice ICH Harmonised Tripartite Agreement, Section 8. Gold A, Wells H, Tucker J et al. Computerised Systems Validation in Clinical Research. A Practical Guide. CR-CSV Working Party, Association for Clinical Data Management; 2004, 2 nd edition.) Data Protection Act 1998 Document Number: SOP/RAD/SEHSCT/007 Page 7 of 17
8 6. APPENDICES 6.1 Appendix 1 - Guidance for Validation and Functional Testing of Computerised Systems 6.2 Appendix 2 - Procedure for Data Management Using Microsoft EXCEL Document Number: SOP/RAD/SEHSCT/007 Page 8 of 17
9 6.1 Appendix 1 Guidance for Validation and Functional Testing of Computerised Systems Steps to consider 1. The Chief Investigator (CI) and other users of the computerised system should produce a User Requirements document, which describes the requirements of the system from their point of view. The user is free to include anything that is important and should not be constrained by considering how these needs will be met technically (see next point). 2. The User Requirements document should be version-controlled with a document history on the front page listing changes, who made them and when. 3. The User Requirements should be signed-off by the CI. 4. The System Specification takes the User Requirements and describes in detail the behaviours and properties of the system to be provided. These behaviours and properties should be testable, which should in turn enable the User Requirements to be achieved. 5. The System Specification document should be version-controlled with a document history on the front page listing changes, who made them and when. 6. The System Specification should be signed-off by the CI. 7. The User Requirements and System Specification documents should be kept in the Trial Master File (TMF), or other appropriate file. 8. A validation planning meeting should be held early in the planning of the CTIMP, which involves the IT team developing the system, the CI and other relevant staff. The key outcome of this meeting will be a validation plan listing the actions needed and documents required to demonstrate that the computerised system as specified in the System Specification meets the requirements listed in the User Requirements. A suggested validation plan is below. 9. To be validated, a system needs to demonstrate that it functions as expected. Functional testing of a computerised system should be done against a predefined test plan, both during and on completion of development. Test data should include (but need not be limited to): Representative data Extreme but realistic values Boundary values (ie. values just above or below a valid threshold for, say, a blood pressure measurement) Document Number: SOP/RAD/SEHSCT/007 Page 9 of 17
10 Missing values Incorrect values 10. At least two, suitably qualified people should manage, run and report the functional testing process (eg. the person who developed the system and a second person who tests it). 11. Test documentation should be signed-off by the person running the test. 12. The process of functional testing and validation should be recorded each time it is done. Documentary evidence of such testing should be retained in the TMF or other appropriate file. 13. The group involved in developing the validation plan should agree when the computerised system has been successfully validated. When validation is complete, the system should be signed-off by the CI and lead developer. 14. Computerised systems should not go live until validation is complete and the system has been signed-off 15. Changes to the computerised system and/or the User Specification may be required after release, either to correct an error, or to support an enhancement or modification in functionality, access, performance or regulatory requirement. In all cases the reason for any change should be identified and documented. When changes to the system are made, these should also be validated. 16. Version control should be used to track changes made to the system and its associated documentation. 17. The validation status of a computerised system, both software and hardware, should be reviewed at least once every two years. Document Number: SOP/RAD/SEHSCT/007 Page 10 of 17
11 Validation Plan Contents (This list is taken from Gold A, Wells H, Tucker J et al. Computerised Systems Validation in Clinical Research. A Practical Guide. CR-CSV Working Party, Association for Clinical Data Management; 2004, 2 nd edition.) The following summarises the broad areas that a validation plan should address: 1. Document Control A document control indicating the current version of the plan together with the revision history of the document 2. Approval of Plan A sheet indicating the signatories, with definition of scope of authorisation, for approval of the validation plan. 3. Introduction and Objective A brief statement as to what system is being developed, the business/regulatory case and the purpose of the document. 4. Description of System A brief description of the system, its use, and the hardware, operating system and network software on which it will run. 5. Risk Assessment A list of the risks to the validated state of the system and the extent to which they are addressed by the plan. 6. Scope of Validation A description of the extent of the validation exercise including: Constraints on the validation activities Assumptions made for the successful execution of the validation plan Boundaries to the validation activities, i.e a description of the points beyond which the validation testing will not run Exclusions of any specific areas within the scope with reasons why 7. Validation Process A detailed description of how the validation will be carried out (this may be in a separate document referenced from the Validation Plan) including: Validation approach/rationale, Validation SOPs to be followed, Operational use of system, e.g SOPs, for technical and end users, Document Number: SOP/RAD/SEHSCT/007 Page 11 of 17
12 Security and access, Training, Acceptance testing, Configuration management, Incident management, Change control, Support, 8. Tasks and Responsibilities A checklist of tasks and who is responsible for their execution, review and approval. 9. Documentation A list of the documentation that will be collated during the validation exercise including details of authors, reviewers and approvers of such documentation. The level of documentation required should be based on a risk assessment. 10. Quality Control Process A description of how the validation project will be managed, including key milestones and the review process. 11. Time-scales Relevant time-scales and dependencies 12. Validation Completion A definition of the requirements to be achieved for the system to go live. 13. Validation Maintenance A statement as to how the validated system will be maintained thereafter. This may refer to other procedures in place and should cover: Security and access, Training, Configuration Management, Incident Management, Support, Change control, Business continuity, Document Number: SOP/RAD/SEHSCT/007 Page 12 of 17
13 Periodic review, 14. Referenced Documents A list of documents, procedures and other supporting documentation referenced in the Validation Plan. Document Number: SOP/RAD/SEHSCT/007 Page 13 of 17
14 6.2 Appendix 2 Procedure for Data Management Using Microsoft EXCEL 1. Creation of data fields A Microsoft Excel file should be designed using Microsoft Excel to ensure that it captures all the information that is required according to the protocol. It should directly reflect the content of the Case Report Form (CRF) or other source data. 1.1 Worksheet identification Create sufficient worksheets within the Excel file to cover each visit. Enter the name of the visit on the worksheet tabs. Create additional worksheets to cover adverse event collection, concomitant medications etc. as applicable to the study. 1.2 Data field identification Within each visit worksheet, and through reference to the CRF, enter a heading for each variable as it appears on the CRF visit page. Each column should represent one variable. 1.3 Subject identification Each row should represent one subject. 1.4 Optional advanced settings To ensure that data added is accurate levels of validation can be added to the spreadsheet. Within certain fields, it is possible to restrict the type of data that can be added to a cell. Document Number: SOP/RAD/SEHSCT/007 Page 14 of 17
15 For example, if the column on the spreadsheet represents date of birth, selecting the date option form the validation criteria will only allow dates to be entered into that column. Furthermore, if the inclusion criteria of the study have a restriction on age range, a start and end date can be added. If the value is outside the settings, an error alert can be generated. To set validation criteria, select the cells to be affected; choose Data, Validation and set your criteria under Input, Settings and Error Alert. Example 2. Validation of Spreadsheet Once the spreadsheet design is considered to be complete, a validation process should be undertaken to ensure that it is fit for purpose, as below. 2.1 Create a sample CRF Enter data for a hypothetical participant, ensuring that all data boxes are complete. Include data entry on Adverse Events and Concomitant Medications pages. 2.2 Transfer data to database. Using the completed CRF, transfer all the data onto the Excel spreadsheet. Make a note of any difficulties involved in this process. Review each worksheet for errors or omissions. Document Number: SOP/RAD/SEHSCT/007 Page 15 of 17
16 2.3 Document validation Once the spreadsheet is considered to be fit for purpose the sample CRF and the printed spreadsheet should be filed as documentation of this process. 3. Creating and Using an Audit Trail 3.1 Preparing Read Only access. Once development of the spreadsheet is complete, create a folder to store the worksheets. Right click on the folder. Select Properties. Select General tab. Tick Read Only box and select OK. 3.2 Creating the trail Once data entry commences, the file will require saving as a new file on every occasion it is accessed. To save files chronologically and record the identity of the member of the team adding to data, save with the date reversed, the time, and initials. This method will automatically file the workbooks in chronological order. Example: AM AM AM 3.3 Restricting Access Access should be restricted to the minimum number of personnel. A folder should be established within which all the trial spreadsheet files should be stored. The ICT department can advise you how to restrict access as this depends on what type of access you require for which staff members. 4. Quality Checks Unless you wish to undertake double data entry, it is important that periodic quality checks are conducted. You should form a plan for these prior to the study start and document this. It is good practice to check at least 10% of Case Report Forms against entries on the database. This involves a simple comparison of the data for accuracy of transcription. Ideally, someone other than the person entering the data should undertake this. These quality checks should be documented and filed within the study file. Queries are to be recorded by the Insert Comment facility available on EXCEL which also includes the name of the person raising the query. All queries must be clarified with the CI/PI and any actions recorded. Any changes to the paper CRF must be made by a single line drawn through, initialled and dated. The original data must be clearly visible. Data checking should continue until all missing data and/or inconsistent values have been corrected or clarified. Document Number: SOP/RAD/SEHSCT/007 Page 16 of 17
17 5. Confidentiality The participants will be identified in the database only by initials and a participant ID number. The study will comply with the Data Protection Act which requires data to be anonymised as soon as it is practical to do so. Names and any other identifying detail will NOT be included in any study data electronic file. Document Number: SOP/RAD/SEHSCT/007 Page 17 of 17
SOP Number: SOP-QA-20 Version No: 1. Author: Date: 1-9-15 (Patricia Burns, Research Governance Manager, University of Aberdeen)
Standard Operating Procedure: SOP Number: SOP-QA-20 Version No: 1 Author: Date: 1-9-15 (Patricia Burns, Research Governance Manager, University of Aberdeen) Approved by: Date: 1-9-15 (Professor Julie Brittenden,
More informationManaging & Validating Research Data
Research Management Standard Operating Procedure ISOP-H02 VERSION / REVISION: 2.0 EFFECTIVE DATE: 01 03 12 REVIEW DATE: 01 03 14 AUTHOR(S): CONTROLLER(S): APPROVED BY: Information Officer; NBT Clinical
More informationThis is a controlled document. The master document is posted on the JRCO website and any print-off of this document will be classed as uncontrolled.
This is a controlled document. The master document is posted on the JRCO website and any print-off of this document will be classed as uncontrolled. Researchers and their teams may print off this document
More informationDATA MANAGEMENT IN CLINICAL TRIALS: GUIDELINES FOR RESEARCHERS
Reference Number: UHB 139 Version Number: 2 Date of Next Review: 14 Apr 2018 Previous Trust/LHB Reference Number: N/A DATA MANAGEMENT IN CLINICAL TRIALS: GUIDELINES FOR RESEARCHERS Introduction and Aim
More informationGCP INSPECTORS WORKING GROUP <DRAFT> REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS
European Medicines Agency London, 17 October 2007 Doc. Ref. EMEA/505620/2007 GCP INSPECTORS WORKING GROUP REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS
More informationStandard Operating Procedures
Standard Operating Procedures 5.5.1 Electronic Data Handling History Version Date Author Reason 1.1 18 th July 2007 B Fazekas New procedure 1.2 18 th August B Fazekas Changes ratified by MAB 2007 1.3 16
More informationStandard Operating Procedure on Training Requirements for staff participating in CTIMPs Sponsored by UCL
Page 1 of 10 Standard Operating Procedure on Training Requirements for staff participating in CTIMPs Sponsored by UCL SOP ID Number: Effective Date:01/08/2012 Version Number & Date of Authorisation: V02,
More informationArchiving of Research Documentation
Suspension, Termination & Completion Standard Operating Procedure VERSION / REVISION: 2.0 EFFECTIVE DATE: 28 05 12 REVIEW DATE: 28 05 14 AUTHOR(S): CONTROLLER: APPROVED BY: Clinical Trials Manager; Recruitment
More informationRD SOP17 Research data management and security
RD SOP17 Research data management and security Version Number: V2 Name of originator/author: Dr Andy Mee, R&I Manager Name of responsible committee: R&I Committee Name of executive lead: Medical Director
More information1.0 Scope. 2.0 Abbreviations. 3.0 Responsibilities
1.0 Scope This Standard Operating Procedure (SOP) has been written in order to conduct clinical studies according to the International Conference on Harmonisation of Technical Requirements for Registration
More informationUNIVERSITY OF LEICESTER, UNIVERSITY OF LOUGHBOROUGH & UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST JOINT RESEARCH & DEVELOPMENT SUPPORT OFFICE
UNIVERSITY OF LEICESTER, UNIVERSITY OF LOUGHBOROUGH & UNIVERSITY HOSPITALS OF LEICESTER NHS TRUST JOINT RESEARCH & DEVELOPMENT SUPPORT OFFICE STANDARD OPERATING PROCEDURES University of Leicester (UoL)
More informationComputerised Systems. Seeing the Wood from the Trees
Computerised Systems Seeing the Wood from the Trees Scope WHAT IS A COMPUTERISED SYSTEM? WHY DO WE NEED VALIDATED SYSTEMS? WHAT NEEDS VALIDATING? HOW DO WE PERFORM CSV? WHO DOES WHAT? IT S VALIDATED -
More informationROLES, RESPONSIBILITIES AND DELEGATION OF DUTIES IN CLINICAL TRIALS OF MEDICINAL PRODUCTS
ROLES, RESPONSIBILITIES AND DELEGATION OF DUTIES IN CLINICAL TRIALS OF MEDICINAL PRODUCTS STANDARD OPERATING PROCEDURE NO SOP 09 DATE RATIFIED 4/7/13 NEXT REVIEW DATE 4/7/14 POLICY STATEMENT/KEY OBJECTIVES:
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationArchiving Study Documents
This is a controlled document. The master document is posted on the JRCO website and any print-off of this document will be classed as uncontrolled. Researchers and their teams may print off this document
More informationCONTROLLED DOCUMENT. Uncontrolled Copy. RDS014 Research Related Archiving. University Hospitals Birmingham NHS Foundation Trust
University Hospitals Birmingham NHS Foundation Trust CONTROLLED DOCUMENT RDS014 Research Related Archiving CATEGORY: CLASSIFICATION: PURPOSE Controlled Document Number: Version Number: 1 Controlled Document
More informationThis SOP may also be used by staff from other NHS areas, or organisations, with prior agreement.
Standard Operating Procedure: SOP Number: SOP-QA-32 Version No: 1 Author: Date: (Gary Cooper, Named Sponsor Archivist, NHS Grampian and University of Aberdeen) 1-9-15 Approved by: Date: 1-9-15 (Professor
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationWorking Instruction Template. Instructions for Archiving of Essential Trial Documents at Datatron Off Site Facility
Working Instruction Template WI number: WI full title: WI-JRO-001 Instructions for Archiving of Essential Trial Documents at Datatron Off Site Facility WI effective: 28 th October 2013 Review date: 28
More informationData Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International
Data Management and Good Clinical Practice Patrick Murphy,, Family Health International 1 What is GCP? Good Clinical Practice is an international ethical and scientific quality standard for designing,
More informationStandard Operating Procedure for Archiving Essential Documentation relating to Clinical Trials of Investigational Medicinal Products (CTIMPs)
archiving\spon_s21_sop_for_archiving V02.doc Page 1 of 13 Standard Operating Procedure for Archiving Essential Documentation relating to Clinical Trials of Investigational Medicinal Products (CTIMPs) SOP
More informationStandard Operating Procedure. UoM/ComputerisedSystems/SOP/1.0 Computerised Systems for Clinical Trials - Site Set Up and Initiation
APP Standard Operating Procedure Number: Title: UoM/ComputerisedSystems/SOP/1.0 Computerised Systems for Clinical Trials - Site Set Up and Initiation Version: 1.0 (11/02/2011) Effective Date Author: Lee
More informationReflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials
09 June 2010 EMA/INS/GCP/454280/2010 GCP Inspectors Working Group (GCP IWG) Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical
More informationData Security Policy
Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationSTANDARD OPERATING PROCEDURE FOR RESEARCH. Management of Essential Documents and Trial Folders
STANDARD OPERATING PROCEDURE FOR RESEARCH Management of Essential Documents and Trial Folders Author Linda Ward Author s Job Title QA Coordinator Division Department Version number 2 Ref SOP/CLN/001/2
More informationTopics. From paper to EDC. From paper to EDC. From paper to EDC. From paper to EDC
Topics Infermed MACRO - Electronic Data Capture according to GCP Dipl. Inf. A. Fischer I. II. Requirements by GCP III. IV. Heidelberg / January 28, 2008 2 History Idea born in 1970s 1980 - early 1990s:
More informationComputer System Validation for Clinical Trials:
Computer System Validation for Clinical Trials: Framework Standard Operating Procedure (F-SOP) Author: Tim Cross Version History: 0.1di DRAFT 24-April-2013 0.2 DRAFT 12-June-2013 Current Version: 1.0 17-June-2013
More informationTRIAL MASTER FILE- SPONSORED
gsop-06-04 - Management of TMF for ENHT/ WHHT Sponsored CTIMPs Page 1 of 16 Hertfordshire Hospitals R&D Consortium Incorporating West Herts Hospitals NHS Trust and East & North Herts NHS Trust TRIAL MASTER
More informationIT Data Security Policy
IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...
More informationResearch Study Close-down and Archiving Procedures
Title: Outcome Statement: Research Study Close-down and Archiving Procedures To inform researchers of the process for closing down research studies, retaining and storing research materials in the Trust.
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationMSD IT High Compliance system Fact sheet
MSD IT High Compliance system Fact sheet The MSD IT High Compliance system is a service for Clinical Trials Units (CTUs) and Medical Division Departments or Units who need to securely access critical applications,
More informationGuidance for Industry Computerized Systems Used in Clinical Investigations
Guidance for Industry Computerized Systems Used in Clinical Investigations U.S. Department of Health and Human Services Food and Drug Administration (FDA) Office of the Commissioner (OC) May 2007 Guidance
More informationNHS Business Services Authority Records Management Audit Framework
NHS Business Services Authority Records Management Audit Framework NHS Business Services Authority Corporate Secretariat NHSBSARM019 Issue Sheet Document Reference Document Location Title Author Issued
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationJRO RMG RSS SOP 12. Standard Operating Procedure (SOP) for Study Closedown and Archiving Royal Free site specific SOP
Office Location: 1 st Floor Maple House 149 Tottenham Court Road London W1T 7DN Joint Research Office Tel No. 0845 1555 000 Web-sites: www.uclh.nhs.uk; www.ucl.ac.uk/jro Postal Address: UCL, Gower Street
More informationCONTROLLED DOCUMENT- DO NOT COPY STANDARD OPERATING PROCEDURE. STH Investigator
Research Department STANDARD OPERATING PROCEDURE STH Investigator Archiving of Essential Documentation Generated During Clinical Research SOP Number A127 Version Number V1.3 Effective Date Author Zoe Whiteley
More informationThe Study Site Master File and Essential Documents
The Study Site Master File and Essential Documents Standard Operating Procedure Office of Health and Medical Research Queensland Health SOP reference: 002 Version number: 1 Effective date: 01 June 2010
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationJoint Research Office
Office Location: 1 st Floor Maple House 149 Tottenham Court Road London W1T 7DN Joint Research Office Postal Address: UCL, Gower Street London WC1E 6BT Email: hameedah.bogle-dawoud@nhs.net Tel No. 020
More informationEssential Documentation and the Creation and Maintenance of Trial Master Files
This is a controlled document. The master document is posted on the JRCO website and any print-off of this document will be classed as uncontrolled. Researchers and their teams may print off this document
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationACDM GUIDELINES TO FACILITATE PRODUCTION OF A DATA HANDLING PROTOCOL
ACDM GUIDELINES TO FACILITATE PRODUCTION OF A DATA HANDLING PROTOCOL BACKGROUND The need was identified by the Electronic Data Transfer Special Interest Group (SIG) for each company or organisation to
More informationResearch Governance Standard Operating Procedure
Research Governance Standard Operating Procedure The Management and Use of Research Participant Data for Secondary Research Purposes SOP Reference: Version Number: 01 Date: 28/02/2014 Effective Date: Review
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationIntroduction to the NHS Information Governance Requirements
Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationData Management Unit Research Institute for Health Sciences, Chiang Mai University
Data Management Unit Research Institute for Health Sciences, Chiang Mai University Clinical Data Management is the process of handling data from clinical trials. The inherent goal of any clinical data
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationDocument Title: Project Management of Papworth Sponsored Studies
Document Title: Project Management of Papworth Sponsored Studies Document Number: SOP009 Staff involved in development: Job titles only Document author/owner: Directorate: Department: For use by: RM&G
More informationClinical Data Management (Process and practical guide) Dr Nguyen Thi My Huong WHO/RHR/RCP/SIS
Clinical Data Management (Process and practical guide) Dr Nguyen Thi My Huong WHO/RHR/RCP/SIS Training Course in Sexual and Reproductive Health Research Geneva 2012 OUTLINE Clinical Data Management CDM
More informationClinical Data Management (Process and practical guide) Nguyen Thi My Huong, MD. PhD WHO/RHR/SIS
Clinical Data Management (Process and practical guide) Nguyen Thi My Huong, MD. PhD WHO/RHR/SIS Training Course in Sexual and Reproductive Health Research Geneva 2013 OUTLINE Overview of Clinical Data
More informationStandard Operating Procedures (SOP) Research and Development Office
Standard Operating Procedures (SOP) Research and Development Office Title of SOP: Undertaking Risk Assessment of a Research and Development Project SOP Number: 33 Version Number: 1.0 Supercedes: N/A Effective
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationTrial Delivery SOP 05 Trial Archiving
Gloucestershire Research and Development Consortium Standard Operating Procedure R&D SOP TD 05Trial Archiving Trial Delivery SOP 05 Trial Archiving IT IS THE RESPONSIBILITY OF ALL USERS OF THIS SOP TO
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationgsop-32-02 - Vendor Assessment SOP page 1 of 10
gsop-32-02 - Vendor Assessment SOP page 1 of 10 Hertfordshire Hospitals R&D Consortium Incorporating West Herts Hospitals NHS Trust and East & North Herts NHS Trust VENDOR ASSESSMENT Research & Development
More informationMarie-Claire Rickard, GCP & Governance Manager Rachel Fay, GCP & Governance Manager Elizabeth Clough, R&D Operations Manager
Standard Operating Procedures (SOP) for: Monitoring SOP 28 Version 7.0 Number: Number: Effective Date: 29 th November 2015 Review Date: 6 th January 2017 Author: Reviewer: Reviewer: Authorisation: Name
More informationSOP Number: SOP-QA-34 Version No: 1. Version Description of Changes Date Effective. Change of number for Q-Pulse (Replaces UoA-NHSG-SOP-051 V1)
Standard Operating Procedure: SOP Number: SOP-QA-34 Version No: 1 Author: Date: 1-9-15 (Carole Edwards, Lead Research Nurse, NHS Grampian) Approved by: Date: 1-9-15 (Professor Julie Brittenden, R&D Director,
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationClinical database/ecrf validation: effective processes and procedures
TITOLO SLIDE Testo Slide Testo Slide Testo Slide Clinical database/ecrf validation: effective processes and procedures IV BIAS ANNUAL CONGRESS Padova September, 26 th 2012 PQE WORKSHOP: What's new in Computerized
More informationUniversity of Kent Information Services Information Technology Security Policy
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
More informationIntroduction 2. 1. The Role of Pharmacy Within a NHS Trust 3. 2. Pharmacy Staff 4. 3. Pharmacy Facilities 5. 4. Pharmacy and Resources 6
Index Index Section Page Introduction 2 1. The Role of Pharmacy Within a NHS Trust 3 2. Pharmacy Staff 4 3. Pharmacy Facilities 5 4. Pharmacy and Resources 6 5. Prescription Charges 7 6. Communication
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More informationBACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January
More informationArchiving of Clinical Trial Data and Essential Documentation JCTO/CT/SOP 4.0. Joint Clinical Trials Office. Stuart Hatcher, JCTO Archivist
Archiving of Clinical Trial Data and Essential Documentation Policy Details Document Type Standard Operating Procedure Document name Change History Date Version Number JCTO/CT/SOP 4.0 Version Final v 2.0-09/11/2010
More informationDAIDS Appendix 2 No.: DWD-POL-DM-01.00A2. Data Management Requirements for Central Data Management Facilities
DAIDS Appendix 2 No.: DWD-POL-DM-01.00A2 Data Management Requirements for Central Data Management Facilities The following clinical trial data management requirements must be met in order to ensure the
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationREGULATIONS COMPLIANCE ASSESSMENT
ALIX is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. REGULATIONS COMPLIANCE ASSESSMENT BUSINESS
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationRemote Data Extraction Policy and Procedure
Remote Data Extraction Policy and Procedure Prepared by PRIMIS June 2015 The University of Nottingham. All rights reserved. Contents 1. Introduction... 3 2. Purpose and scope... 3 3. Policy Statement...
More informationTEMPLATE DATA MANAGEMENT PLAN
TEMPLATE DATA MANAGEMENT PLAN ICRIN (QM sub group) Version: XX Date: XXXXXXX Page 1 of 6 1.0 Document Ownership The Data Management Plan (DMP) will be initiated and subsequently owned by the Data Manager
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSchool of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy
School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3
More informationIT Security Procedure
IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure
More informationPersonal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.
Background The Data Protection Act 1998 i came into force in March 2000 and is followed by all NHS employed staff via their policies and procedures. The act applies to all personal, identifiable information
More informationR&D Administration Manager. Research and Development. Research and Development
Document Title: Document Number: Patient Recruitment SOP031 Staff involved in development: Job titles only Document author/owner: Directorate: Department: For use by: RM&G Manager, R&D Administration Manager,
More informationResearch & Development Directorate
Research & Development Directorate Type of Document Standard Operating Procedure Name SOP10: Routine Audit Version 3.0 Author Miss Jennifer Boyle (Research Governance Co-ordinator) Version Superseded 2.4
More informationU. S. Department of Energy Consolidated Audit Program Checklist 5 Laboratory Information Management Systems Electronic Data Management
U. S. Department of Energy Consolidated Audit Program Checklist 5 Laboratory Information Management Systems Electronic Data Management Revision 4.0 February 2014 Use of this DOECAP checklist is authorized
More informationLife Cycle of Records
Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible
More informationRemote Deposit Terms of Use and Procedures
Remote Deposit Terms of Use and Procedures Use of American National Bank Fox Cities (Bank) Remote Deposit service is subject to the following Terms of Use and Procedures. Bank reserves the right to update
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationDocument Management Plan Preparation Guidelines
Document Management Plan Preparation Guidelines TABLE OF CONTENTS 1. Purpose of Document 1 2. Definition of Document Management 1 3. Objectives of Document Management 1 4. Terms, Acronyms and Abbreviations
More informationRECOMMENDATION ON THE CONTENT OF THE TRIAL MASTER FILE AND ARCHIVING
RECOMMENDATION ON THE CONTENT OF THE TRIAL MASTER FILE AND ARCHIVING July 2006 TABLE OF CONTENTS Page 1. Introduction 2 2. Scope 2 3. Documents to be archived 2 4. Quality of essential documents 10 5.
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More information