A draft guideline on computerized systems and electronic data in clinical trials! It was issued on Friday, June 18th. It is a 47- page pdf which you can access by visiting the EMA website, clicking on News & Events and then the ‘What’s new’ link and scrolling down to June 18th. I can also e-mail it to you if you wish.
It certainly is comprehensive. It replaces the reflection paper on expectations for electronic source data issued in 2010 and addresses among other things cloud solutions, eConsent, Contracts, Computer Systems validation, User Management and security and requirements related to specific types of systems like IRT and ePRO.
The expectations for both Sponsors and Investigators are greater. For example, the guideline recommends that an Investigator receive an introduction on how to navigate audit trails of their own data so that they can review changes made. Risk-based audit trail review, focused on critical data, is expected of Sponsors.
Other guidelines can be linked to MHRA inspection findings. All data generated at the clinical trial site relating to the trial participants should be always available to the investigator during and after the trial. The sponsor should not have exclusive control of the data entered in a computerised system at any point in time. All data held by the sponsor that has been generated in a clinical trial should be verifiable to a copy of these data that is not held (or that has not been held) by the sponsor.
In the situation where an independent third party is hosting the data. the copy should not be provided via the sponsor, as this would temporarily provide the sponsor with exclusive control over the data and thereby jeopardise the investigator’s control. Copies should not be provided in a way that requires advanced technical skills by the investigators (my bolding!).
Contractual obligations with a cloud solution provider should be detailed and explicit and refer to all GCP relevant topics and to all relevant legal requirements (see Annex 1 of the guideline). Data jurisdiction may be complex given the nature of cloud solutions and services being shared over several sites, countries, and continents; however, any uncertainties should be addressed and solved by contractual obligations prior to the use of a cloud solution.