Part 1: Access-related requirements
In this blog, the requirements of the Dutch Clinical Research Foundation (DCRF) for electronic Trial Master Files (eTMF), electronic Investigator Site File (eISF), and electronic Sponsor Trial Master Files (eSponsorTMF) will be contrasted against the features of ResearchManager. The different requirements per segment (Access, Security, Archiving, and Document Management) will be discussed and emphasized how the software of ResearchManager complies with these requirements. This blog will cover the requirements for Access. For the other 3 subjects, please consult the respective blog.
The first requirement is “Unique ID/Password to access the system needs to be provided.” Within ResearchManager a unique username and password are generated for each user. When a user is created for each site, they will get a private username and password to access the designated files/program.
The second requirement is “Access only for delegated site staff, based on role and permission description.”. All of the tools ResearchManager offers to provide Role-Based Access Management. This ensures only designated users can access certain sections of the software.
The third requirement is ‘Access via a guest account based on role and permission description (traceable to who had used the account and when). Use of a personal account is recommended.’
ResearchManager offers accounts that can register personal account information to ensure that the account is only for the designated user.
The fourth requirement from the DCRF is that “Access to be inactivated when no longer required, checked at least every year.” When using our software, it is possible for accounts to be deactivated manually. Also, an option is provided when an account will be deactivated on a set date. This provides full control and no unauthorized users in the system. It is also possible to connect via Identity Access Management to your HR system, to secure inactive accounts.
Another requirement is the “Restricted access to the backup file (preferred only vendor/host of the system).”. This is very sensitive information and therefore a very strict requirement. In our software, access to backup files is restricted to ResearchManager only. A backup file can only be requested at the written request of the application manager. This way we ensure maximum control of the access.
The sixth requirement for an appropriate eTMF/eISF or eSponsorTMF is “In case of blinded study data, access should be restricted to unblinded staff and unblinded third party only.” As referred to in the second requirement, ResearchManager works with a Role-Based Access Management. This will only provide access to authorized users to visualize certain data. Randomization data can only be viewed by two-step access.
The last two requirements are stated as recommendations to ensure the safety of the access points.
The first recommendation being “conduct and track adequate training on the electronic site file system used.” This is one of the most important aspects to provide a safe system. When all the users possess the knowledge on how to appropriately use the system, it becomes much safer and reliable. For this reason, ResearchManager offers training, consultancy, functional management, and support on request.
The second recommendation of the DCRF is “the electronic site file should be remotely accessible (including guest access) within the limits as defined by local data protection law and guidance.” Since ResearchManager is a web-based application, the users can access the software everywhere.
As can be concluded in this blog, ResearchManager offers all the access-related requirements from the DCRF to function as eTMF/eISF/eSponsorTMF for clinical research.
In our next blog, the Security, Archiving, and Document Management requirements will be reviewed.
If you have any questions or comments, please contact us!