Standard Operating Procedure. UoM/ComputerisedSystems/SOP/1.0 Computerised Systems for Clinical Trials - Site Set Up and Initiation



Similar documents
Document Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0

Research & Development Directorate

SERVER, DESKTOP AND PORTABLE SECURITY. September Version 3.0

Data Access Request Service

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

HIPAA Security. assistance with implementation of the. security standards. This series aims to

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

Cyber Self Assessment

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

A practical guide to IT security

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Bring Your Own Device Policy

Data Encryption Policy

Frequently Asked Questions About WebDrv Online (Remote) Backup

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

HIPAA Privacy and Security Risk Assessment and Action Planning

Newcastle University Information Security Procedures Version 3

31 Ways To Make Your Computer System More Secure

UNC School of Dentistry Personally-Owned Computing Device Policy (BYOD)

Computer Security at Columbia College. Barak Zahavy April 2010

Ohio Supercomputer Center

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Client Security Risk Assessment Questionnaire

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

Certified Secure Computer User

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Protection of Computer Data and Software

Supplier Security Assessment Questionnaire

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

HIPAA ephi Security Guidance for Researchers

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

HIPAA Security Training Manual

HIPAA Security Alert

Information Security

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

PII Compliance Guidelines

Network Security Policy

RD SOP17 Research data management and security

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

1.0 Scope. 2.0 Abbreviations. 3.0 Responsibilities

HIPAA RISK ASSESSMENT

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Research Information Security Guideline

Web Site Download Carol Johnston

Server Security Checklist (2009 Standard)

Information Security Policy. Policy and Procedures

Wellesley College Written Information Security Program

System Security Plan University of Texas Health Science Center School of Public Health

MSD IT High Compliance system Fact sheet

Policy Document. Communications and Operation Management Policy

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Introduction. PCI DSS Overview

The User is Evolving. July 12, 2011

Identity Theft Prevention Program Compliance Model

Saf April Saf Helping your business reach further with hosted at UK based, ISO 27001, Tier 4 data centres.

Managing & Validating Research Data

Version: 2.0. Effective From: 28/11/2014

Chapter 8: Security Measures Test your knowledge

Supplier Information Security Addendum for GE Restricted Data

How To Write A Health Care Security Rule For A University

Karen Winter Service Manager Schools and Traded Services

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Encryption Policy Version 3.0

Network Security Policy

Encryption Security Standard

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

UoM/Archiving/SOP20/2.0

Validating Enterprise Systems: A Practical Guide

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

If you have used Outlook Web Access then you will find Zarafa Webaccess very familiar.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

How To Ensure Network Security

Merthyr Tydfil County Borough Council. Information Security Policy

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

ABERDARE COMMUNITY SCHOOL

Transcription:

APP Standard Operating Procedure Number: Title: UoM/ComputerisedSystems/SOP/1.0 Computerised Systems for Clinical Trials - Site Set Up and Initiation Version: 1.0 (11/02/2011) Effective Date Author: Lee Moffatt Reviewed by : Mike Taylor Approved By: Position: Head of IS, MHS Signature: Position: Signature: This document supersedes the following None document(s): Relevant regulations/legislation/guidelines: European Clinical Trials Directive 2001/20/EC and any other relevant European regulations or guidelines The Medicines for Human Use (Clinical Trials) Regulations 2004 and all its subsequent amendments All relevant professional guidance on the matter, including that provided by the University of Manchester Version Date Reason for change 0.1 27.1.10 Creation 0.2 27.1.10 1 st review 1.0 02.02.11 SOP standardised When using this document please ensure that the version you are using is the most up to date either by checking on the Research Office website (http://www.campus.manchester.ac.uk/researchoffice/governance/) for any new versions or contacting the author to confirm the current version. UoM/ComputerisedSystems/SOP/1.0 Page 1 of 10

1.0 Background In order to be compliant with the European Directive on Good Clinical Practice in Clinical Trials (2001/20/EC) organisations conducting Clinical Trials of Investigational Medicinal Products must have clearly documented Standard Operating Procedures covering all aspects of conducting Clinical Trials. The SOPs also apply to all other projects that fall under the Research Governance Framework for Health and Social Care, 2 nd Edition, Department of Health 2005. A Standard Operating Procedure (SOP) is defined by ICH Harmonised Tripartite Guideline for Good Clinical Practice as Detailed, written instructions to achieve uniformity of the performance of a specific function. These SOPs are written instructions and records of procedures agreed and adopted by the University of Manchester. 2.0 Purpose This Standard Operating Procedure (SOP) describes the process of setting up computerised systems to assist with the capture and processing of data relating to Clinical Trials of Medicinal Products (CTIMP) This SOP is underpinned by the University of Manchester s IT Security Policies (see the references section for links), based on UCISA best practice, which, in turn, draws heavily on the standards BS7799 and ISO 27001. 3.0 Procedure When designing a Clinical Trial it is important to consider how trial-related data will be collected, stored, processed for the duration of the trial. This is likely to include the design of any computerised systems that will be required to assist with the management of trial data. Paramount in the design will be the security of the data management system and the data itself. See: SOP Data Management See: SOP IT Security and Encryption The IT Security Checklist (Appendix 1) should be completed initially and returned to the Faculty Research Office to ensure that some fundamental aspects of data management and IT Security are being considered. Examples of areas which should be addressed are: data processing data transmission computer and data security physical security data archiving IT and information security awareness, procedures and training Faculty Information Services can arrange a site visit if required to audit existing IT systems and working processes and provide guidance around best practice in data handling, IT and information security best practices. Faculty IS will also work with trial staff to implement and support trial related computer systems. Visit arrangements can be made via the University s IT Service Desk (see the contact list section for details). UoM/ComputerisedSystems/SOP/1.0 Page 2 of 10

4.0 Related Procedures and references SOP for Data Management SOP for IT Security and Encryption SOP for Developing and Implementing a System Level Security Policy UoM Secure-IT website: http://www.itservices.manchester.ac.uk/secure-it/ UoM IT Security Policies (last updated January 2009) http://www.itservices.manchester.ac.uk/secure-it/policies/#d.en.118690 Data Protection section of the MHS Faculty intranet http://www.mhs.manchester.ac.uk/intranet/dataprotection/ Contact list The University s IT Service Desk t: 0161 306 5544 e: mailto:it-servicedesk@manchester.ac.uk w: http://www.manchester.ac.uk/mhs/fis MHS Faculty Research Office http://www.mhs.manchester.ac.uk/intranet/admingroups/research/ UoM Research Office http://www.campus.manchester.ac.uk/researchoffice/ UoM/ComputerisedSystems/SOP/1.0 Page 3 of 10

Appendix 1 The University of Manchester IT and Information Security Checklist for Clinical Trials Throughout this document the use of the term data means clinical trial data or other sensitive data stored or processed in an electronic format. 1. Background Information Title of the Trial Chief or Principal Investigator Data Custodian Primary site / building Other sites / buildings Do you maintain an inventory of IT equipment? If so, please provide brief details. Is your IT equipment connected to the University s network? Who provides support with respect to IT equipment used within the Trial? Do you maintain documented standard operating procedures (SOPs) with respect to IT and Information Security and data handling within the Trial Master File? UoM/ComputerisedSystems/SOP/1.0 Page 4 of 10

2. Data Processing Where do staff store, process and backup data? Have you considered the security implications of storing, processing and backing up data in these locations? Shared network storage store process backup security considered - comments Personal network storage (p-drive) Email inbox/folders External hard drive Local drive (pc/laptop) USB pen drive Optical media (CD/DVD) Non-University provided equipment (pc/laptop, external drive) Non-University provided storage (personal email account) Non-University provided storage (cloud-based, eg MS Sky-Drive) Mobile devices (eg Blackberrys, iphones, other PDAs UoM/ComputerisedSystems/SOP/1.0 Page 5 of 10

3. Data Transmission Do staff send (/receive) data to (/from) colleagues or 3 rd parties by the following means? Have you considered the security implications of sending/receiving by these means? University email system send receive security considered - comments Other university email system NHS email system Other email system (eg Googlemail, Hotmail) Secure File Transfer over the Internet Postal/Courier service to send/receive USB/CD/DVD media UoM/ComputerisedSystems/SOP/1.0 Page 6 of 10

4. Computer and Data Security Do you employ the following IT security measures to protect against equipment/data loss or theft? Antivirus: do you have antivirus software installed and enabled on all computers and laptops? Is it configured to receive updates on a frequent and regular basis? Automatic updates/patches: are your computers and laptops (and installed software applications) configured to automatically download and install patches, updates and security fixes, as and when they become available (eg from Microsoft, Apple and other software application vendors)? Firewall: do you have a software firewall installed, active and properly configured on all computers and laptops? Block remote access: are your computers and laptops accessible via Remote Desktop from outside the University s network? Encryption: do you have disk/file level encryption tools installed on your computers, laptops, external drives and other removable media and do you use them? Note: please specify the encryption tools you use in the comments section. Passwords: are all your accounts protected by strong, secure passwords that are not written down or shared with others? Data backup: do you have a data backup policy and a standard operating procedure (SOP)? Data restore: do you regularly test that data backups can be restored? Is restored data tested for integrity? yes no / don t know comments UoM/ComputerisedSystems/SOP/1.0 Page 7 of 10

5. Physical Security Do you employ the following physical security measures to protect against the loss or theft of IT equipment and data? Is your IT equipment located in areas that are not easily accessed by visitors and other non-authorised staff? Is your IT equipment kept behind doors that have adequate locks? Are doors/windows locked at lunchtimes, evenings and other times when staff are absent? Are your computers, especially laptops, protected by anti-theft devices (eg security cables)? Are laptops locked away at night? Do you use specially-designed laptop safes? Are monitors/screens positioned so that data cannot be viewed casually by visitors or other non-authorised staff? Do you have a clear-desk policy to ensure the security of sensitive and confidential files when you are not working on them? Are desktops and laptops protected by a password-based screen saver? yes no / don t know comments UoM/ComputerisedSystems/SOP/1.0 Page 8 of 10

6. Data Archiving Have you considered the following issues with respect to the long term storage and archiving of data? Do you have an archiving/retention policy and a suitable archiving solution for the long term storage of (and access to) data? Does your archiving solution ensure long term access to data stored on intermediate storage media (eg tape, floppy disks, CDs/DVDs etc)? Does your archiving solution ensure data will be locked down once the trial is formally closed? Will someone (the archivist ), who is independent of the Trial, be responsible for the archive and will that person have appropriate control over the data? yes no / don t know comments UoM/ComputerisedSystems/SOP/1.0 Page 9 of 10

7. IT and Information Security Awareness, Procedures and Training The primary goal of a security awareness and training programme is to reduce security vulnerabilities and promotion good security practices. Are you familiar with the University s IT Security Policies and Guidance at: www.its.manchester.ac.uk/secure-it/ Do you fully understand your responsibility for IT and Information Security? Do you have standard operating procedures (SOPs) in respect of IT and Information Security and are they reviewed regularly? Do staff engaged on the trial understand their responsibilities with respect to IT and Information Security? Do staff know how to report an IT or Information Security incident or breach? yes no / don t know comments UoM/ComputerisedSystems/SOP/1.0 Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information