Clinical Trial Management System
Reply to Thread
To those with experience in implementation of a CTMS, how would one go about deciding if the system is compliant? What considerations would you include in your assessment? And what information would one require from the system administrator/vendor?
CTMS in question is an on-line platform, serves in the US.
*servers not serves
This question should be asked to RQA Computing Committee - DIGIT Discussion Forum
It seems to be sitting in the correct area now.
Could you share your thoughts please? Is there a moderator for this particular section of the fora?
To assess a web hosted system you would need to look at a number of factors around the security and ERES controls associated with 21 CFR Part 11 and Annex 11. Ideally, we would recommend involving a CSV specialist auditor.
- How do users access the system (username / password)
- Are password rules in place?
- How are lost of compromised passwords recovered?
- What security roles are defined to restrict users access to particular functions or sites within the system
- How is the CTMS configured / managed by users?
- Is there an audit trail for who entered, updated or deleted data within the system?
- How is that linked to the record?
- Who can edit the audit trail?
- Is access to the system secure (i.e. secure http) to ensure data is encrypted in transit?
- What is the relationship between the CTMS vendor and the hosting organisation (do they outsource to a data centre provider?)
- What administrative activities and support do data centre and/or vendor personnel perform?
- What access to data does this potentially allow?
- What backup or replication of the data exists?
- What failover and disaster recovery mechanisms are in place?
- What intrusion detection, anti virus and vulnerability scanning and management tools are in place?
- Is the data centre and the vendor periodically performing penetration testing?
- How are the servers and the application Patched?
- What Service Level agreements are in place for problem / issue resolution, disaster recovery and business continuity?
- What Installation Qualification and Operational Qualification has the vendor done?
- Is the platform dedicated to you , or shared with multiple customers? How does that impact patching and revalidation of the system for multiple clients?
- What do the licence agreements stipulate about data ownership, transfer of data on cessation of contract etc.
This is by no means exhaustive these are more focussed on the web hosting aspects, and would need to be complimented with the standard vendor and Computer System Validation assessments as for an internal CTMS implementation.
This is really helpful, thanks very much!
A set of standard operating procedures for clinical trials is absolutely vital for ensuring the effectiveness of the study for a number of reasons. Standard operating procedures for clinical trials are a very potent means to help researchers, principals or sponsors ensure the accuracy and consistency of the procedures needed for the clinical trial.For more info visit
Thanks for your great and helpful presentation. That is very interesting I love reading and I am always searching for informative information like this.
Get health services: www.panaceapgx.com
Looking great work dear, I really appreciated to you on this quality work.help me for future.
I am working in research for me this information and presentation you shared with us is really helpful.
thanks once again!!
Hello all, i could not see the presentation you all are talking about. can some one help me to get the same