Guidance for Industry
Computerized Systems Used
in Clinical Trials
This draft guidance, when finalized, will
represent the Food and Drug Administration's (FDA's)
current thinking on this topic. It does not create or
confer any rights for or on any person and does not
operate to bind FDA or the public. You can use an
alternative approach if the approach satisfies the
requirements of the applicable statutes and
regulations. If you want to discuss an alternative
approach, contact the FDA staff responsible for
implementing this guidance. If you cannot identify the
appropriate FDA staff, call the appropriate number
listed on the title page of this guidance.
I.
INTRODUCTION
This document provides
guidance about computerized systems that are used to create,
modify, maintain, archive, retrieve, or transmit clinical
data required to be maintained and/or submitted to the Food
and Drug Administration (FDA) These data form the basis for
the Agency's decisions regarding the safety and
effectiveness of new human and animal drugs, biological
products, medical devices, and certain food and color
additives. Because the
data have broad public health significance, they are
expected to be of the highest quality and integrity. This
guidance document addresses long-standing FDA regulations
concerning clinical trial records. It also addresses
requirements of the Electronic Records/Electronic Signatures
rule (21 CFR part 11).
Once finalized, this
document will supersede the guidance of the same name issued
in April 1999. Revisions will make it consistent with
Agency policy as reflected in the guidance for industry on
Part 11, Electronic Records; Electronic Signatures —
Scope and Application, which issued in August 2003, and
the Agency's international harmonization efforts.
FDA's guidance
documents, including this guidance, do not establish legally
enforceable responsibilities. Instead, guidances describe
the Agency's current thinking on a topic and should be
viewed only as recommendations, unless specific regulatory
or statutory requirements are cited. The use of the word
should in Agency guidances means that something is
suggested or recommended, but not required.
FDA has the authority to inspect all records
relating to clinical investigations conducted under 21 CFR
312, 511.1(b), and 812 ,
regardless of how they were created or maintained (e.g., §§
312.58, 312.68, and 812.145). FDA established the
Bioresearch Monitoring (BIMO) Program of inspections and
audits to monitor the conduct and reporting of clinical
trials to ensure that supporting data from these trials meet
the highest standards of quality and integrity, and conform
to FDA's regulations. FDA's acceptance of data from
clinical trials for decision-making purposes depends on
FDA's ability to verify the quality and integrity of the
data during FDA on-site inspections and audits. To be
acceptable, the data should meet certain fundamental
elements of quality whether collected or recorded
electronically or on paper. For example, data should be
attributable, legible, contemporaneous, original
and accurate.
This guidance addresses
how Agency expectations and regulatory requirements
regarding data quality might be satisfied where computerized
systems are being used to create, modify, maintain, archive,
retrieve, or transmit clinical data. Although the primary
focus of this guidance is on computerized systems used at
clinical sites to collect data, the principles set forth may
also be appropriate for computerized systems belonging to
contract research organizations, data management centers,
and sponsors. Persons using the data from computerized
systems should have confidence that the data are no less
reliable than data in paper form.
Computerized medical
devices, diagnostic laboratory instruments, and instruments
in analytical laboratories that are used in clinical trials
are not the subject of this guidance. This guidance does
not address electronic submissions or methods of their
transmission to the Agency,
except to the
degree to which these records comply with Part 11.
The principles in this
guidance may be applied where
supporting data or source documents
are created (1) in hardcopy and later entered into a
computerized system, (2) by direct entry by a human into a
computerized system, and (3) automatically by a computerized
system.
The Agency recommends
the following general principles with regard to computerized
systems that are used to create, modify, maintain, archive,
retrieve, or transmit clinical data required to be
maintained and/or submitted to FDA.
1. We recommend that
each study protocol identify at which steps a computerized
system will be used to create, modify, maintain, archive,
retrieve, or transmit data.
2. For each study, we
recommend that documentation identify what software and
hardware are to be used in computerized systems that create,
modify, maintain, archive, retrieve, or transmit data. We
also recommend that this documentation be retained as part
of the study records.
3. We recommend that
computerized systems be designed (1) so that all
requirements assigned to these systems in a study protocol
are satisfied (e.g., data are recorded in metric units, the
study blinded) and (2) to preclude errors in data creation,
modification, maintenance, archiving, retrieval, or
transmission.
4. It is important to
design a computerized system in such a manner so that all
applicable regulatory requirements for record keeping and
record retention in clinical trials are met with the same
degree of confidence as is provided with paper systems.
5. Under 21 CFR
312.62 , 511.1(b)(7)(ii) and
812.140, the clinical investigator must retain records
required to be maintained under part 312, § 511.1(b) and §
812, respectively, for a period of time specified in these
regulations. Retaining the
original source document or a certified copy of the
source document at the site where the investigation was
conducted can assist in meeting these regulatory
requirements. It can also assist in the reconstruction and
evaluation of the trial throughout and after the completion
of the trial.
6.
When original observations are
entered directly into a computerized system, the electronic
record is the source document.
7.
Records relating to an
investigation must be adequate and accurate in the case of
investigational new drug applications (INDs) (see § 312.57
and § 312.62), complete in the case of new animal drugs for
investigational use (INADs) (see §511.1(b)(7)(ii)),
and accurate, complete and current in the case of
investigational device exemptions (IDEs) (see § 812.140(a)
and § 812.140(b)). An audit trail that is electronic or
consists of other physical, logical, or procedural security
measures to ensure that only authorized additions,
deletions, or alterations of information in the electronic
record have occurred may be needed to facilitate compliance
with applicable records regulations. Firms should determine
and document the need for audit trails based on a risk
assessment that takes into consideration circumstances
surrounding system use, the likelihood that information
might be compromised, and any system vulnerabilities. We
recommend that audit trials or other security methods used
to capture electronic record activities document who made
the changes, when, and why changes were made to the
electronic record.
8.
We recommend that data be
retrievable in such a fashion that all information regarding
each individual subject in a study is attributable to that
subject.
9. To ensure the
authenticity and integrity of electronic records, it is
important that security measures be in place to prevent
unauthorized access to the data in the electronic record and
to the computerized system.
As described in the FDA
guidance entitled Part 11, Electronic Records; Electronic
Signatures- Scope and Application (August 2003), while
the re-examination of part 11 is underway, FDA intends to
exercise enforcement discretion with respect to part 11
requirements for validation, audit trail, record retention,
and record copying. That is, FDA does not intend to take
enforcement action to enforce compliance with these
requirements of part 11 while the agency re-examines part
11. Note that part 11 remains in effect and that the
exercise of enforcement discretion applies only to the
extent identified in the FDA guidance on part 11. Also,
records must still be maintained or submitted in accordance
with the underlying requirements set forth in the Federal
Food, Drug, and Cosmetic Act (Act), the Public Health
Service Act (PHS Act), and FDA regulations (other than part
11), which are referred to in this guidance document as
predicate rules, and FDA can take regulatory
action for noncompliance with such predicate rules.
Specific details about
the Agency’s approach to enforcing part 11 can be found in
the Part 11 Scope and Application guidance.
We recommend that
standard operating procedures (SOPs) pertinent to the use of
the computerized system be available on site. We recommend
that SOPs be established for the following:
·
System
Setup/Installation
·
Data Collection and
Handling
·
System Maintenance
·
Data Backup, Recovery,
and Contingency Plans
·
Security
·
Change Control
·
Alternative Recording
Methods (in the case of system unavailability)
To ensure that individuals have the authority
to proceed with data entry, data entry systems must be
designed to limit access so that only authorized individuals
are able to input data
(§ 11.10(d)).
Examples of methods for controlling access include using
combined identification codes/passwords or biometric-based
identification at the start of a data entry session.
Controls and procedures must be in place that are designed
to ensure the authenticity and integrity of electronic
records created, modified, maintained, or transmitted using
the data entry system
(§ 11.10).
Therefore, we recommend that each user of the system have an
individual account into which the user logs-in at the
beginning of a data entry session, inputs information
(including changes) on the electronic record, and logs out
at the completion of data entry session.
We recommend that
individuals work only under their own password or other
access key and not share these with others. We recommend
that individuals not be allowed to log onto the system to
provide another person access to the system. We also
recommend that passwords or other access keys be changed at
established intervals.
When someone leaves a
workstation, we recommend that the SOP require that person
to log off the system. Alternatively,
an automatic log off may be appropriate for long idle
periods. For short periods of inactivity, we recommend that
some kind of automatic protection be installed against
unauthorized data entry. An example could be an automatic
screen saver that prevents data entry until a password is
entered.
Section 11.10(e)
requires persons who use electronic record systems to
maintain an audit trail as one of the procedures to protect
the authenticity, integrity, and, when appropriate, the
confidentiality of electronic records. As clarified in the
Part 11 Scope and Application guidance, however, the
Agency intends to exercise enforcement discretion regarding
specific part 11 requirements related to computer-generated,
time-stamped audit trails (§ 11.10(e), (k)(2) and any
corresponding requirement in § 11.30). Persons must still
comply with all applicable predicate rule requirements for
clinical trials, including, for example, that records
related to the conduct of the study must be adequate and
accurate (§§ 312.57, 312.62, and 812.140). It is therefore
important to keep track of all changes made to information
in the electronic records that document activities related
to the conduct of the trial. Computer-generated,
time-stamped audit trails or information related to the
creation, modification, or deletion of electronic records
may be useful to ensure compliance with the appropriate
predicate rule.
In addition, clinical
investigators must, upon request by FDA, at reasonable
times, permit agency employees to have access to, and copy
and verify any required records or reports made by the
investigator (§§ 312.68, 511.1(b)(7)(ii) and 812.145). In
order for the Agency to review and copy this information,
FDA personnel should be able to review audit trails or other
documents that track electronic record activities both at
the study site and at any other location where associated
electronic study records are maintained. To enable FDA's
review, information about the creation, modification, or
deletion of electronic records should be created
incrementally, and in chronological order. To facilitate
FDA’s inspection of this information, we recommend that
clinical investigators retain either the original or a
certified copy of any documentation created to track
electronic records activities.
Even if there are no
applicable predicate rule requirements, it may be important
to have computer-generated, time-stamped audit trails or
other physical, logical, or procedural security measures to
ensure the trustworthiness and reliability of electronic
records. We recommend that any decision on whether to apply
computer-generated audit trails or other appropriate
security measures be based on the need to comply with
predicate rule requirements, a justified and documented risk
assessment, and a determination of the potential effect on
data quality and record integrity. Firms should determine
and document the need for audit trails based on a risk
assessment that takes into consideration circumstances
surrounding system use, the likelihood that information
might be compromised, and any system vulnerabilities.
If you determine that
audit trails or other appropriate security measures are
needed to ensure electronic record integrity, we recommend
that personnel who create, modify, or delete electronic
records not be able to modify the documents or security
measures used to track electronic record changes. We
recommend that audit trials or other security methods used
to capture electronic record activities document who made
the changes, when, and why changes were made to the
electronic record.
Some examples of methods
for tracking changes to electronic records include:
We recommend that controls be put in place to
ensure that the system's date and time are correct. The
ability to change the date or time should be limited to
authorized personnel and such personnel should be notified
if a system date or time discrepancy is detected. We
recommend that someone always document changes to date or
time. We do not expect documentation of time changes that
systems make automatically to adjust to daylight savings
time conventions.
We also recommend that dates and times
include the year, month, day, hour, and minute. The Agency
encourages establishments to synchronize systems to the date
and time provided by trusted third parties.
Clinical study
computerized systems are likely be used in multi-center
trials and may be located in different time zones. For
systems that span different time zones, it is better to
implement time stamps with a clear understanding of the time
zone reference used. We recommend that system documentation
explain time zone references as well as zone acronyms or
other naming conventions.
The Agency recommends
that a number of computerized system features be available
to facilitate the collection, inspection, review, and
retrieval of quality clinical data. Key features are
described here.
We recommend that
prompts, flags, or other help features be incorporated into
the computerized system to encourage consistent use of
clinical terminology and to alert the user to data that are
out of acceptable range. We recommend against the use of
features that automatically enter data into a field when the
field is bypassed.
FDA expects to be able
to reconstruct a clinical study submitted to the agency.
This means that documentation, such as that described in the
General Principles, Sections III.1, III.2 and III.5, should
fully describe and explain how data were obtained and
managed and how electronic records were used to capture
data. We suggest that your decision on how to maintain
records be based on predicate rule requirements and that
this documented decision be based on a justified risk
assessment and a determination of the value of the records
over time. As explained in the Part 11 Scope and
Application guidance, FDA does not intend to object to
required records that are archived in electronic format;
nonelectronic media such as microfilm, microfiche, and
paper; or to a standard electronic file format (such as PDF,
XML, or SGML). Persons must still comply with all predicate
rule requirements, and the records themselves and any copies
of required records should preserve their original content
and meaning. Paper and electronic record and signature
components can co-exist (i.e., as a hybrid system) as long
as the predicate requirements (21 CFR parts 50, 56, 312,
511, and 812) are
met, and the content and meaning of those records are
preserved.
It is not necessary to
reprocess data from a study that can be fully reconstructed
from available documentation. Therefore, actual application
software, operation systems, and software development tools
involved in processing of data or records do not need to be
retained.
In addition to internal
safeguards built into the computerized system, external
safeguards should be put in place to ensure that access to
the computerized system and to the data is restricted to
authorized personnel as required by 21 CFR 11.10(d). We
recommend that staff be kept thoroughly aware of system
security measures and the importance of limiting access to
authorized personnel.
SOPs should be developed
and implemented for handling and storing the system to
prevent unauthorized access. Controlling system access can
be accomplished through the following provisions of part 11
that, as discussed in the part 11 guidance, FDA intends to
continue to enforce:
·
Operational system checks (§
11.10(f));
·
Authority checks (§ 11.10(g));
·
Device (e.g., terminal) checks
(§ 11.10(h)); and
·
The establishment of and
adherence to written policies that hold individuals
accountable for actions initiated under their electronic
signatures (§ 11.10(j)).
The Agency recommends
that access to data be restricted and monitored through the
system's software with its required log-on, security
procedures, and audit trail (or other selected security
measures to track electronic record activities). We
recommend that procedures and controls be implemented to
prevent the data from being altered, browsed, queried, or
reported via external software applications that do not
enter through the protective system software.
We recommend that a
cumulative record be available that indicates, for any point
in time, the names of authorized personnel, their titles,
and a description of their access privileges. We recommend
that the record be kept in the study documentation,
accessible at the site.
If a sponsor supplies
computerized systems exclusively for clinical trials, we
recommend that the systems remain dedicated to the purpose
for which they were intended and validated. If a
computerized system being used for a clinical study is part
of a system normally used for other purposes, we recommend
that efforts be made to ensure that the study software be
logically and physically isolated as necessary to preclude
unintended interaction with nonstudy software. If any of
the software programs are changed, we recommend that the
system be evaluated to determine the effect of the changes
on logical security.
We recommend that
controls be implemented to prevent, detect, and mitigate
effects of computer viruses, worms, or other potentially
harmful software code on study data and software.
The Agency recommends
that sponsors ensure and document that all computerized
systems conform to their own established requirements for
completeness, accuracy, reliability, and consistent intended
performance.
We recommend that
systems documentation be readily available at the site where
clinical trials are conducted and provide an overall
description of the computerized systems and the
relationships among hardware, software, and physical
environment.
As noted in the Part
11 Scope and Application guidance, the Agency intends to
exercise enforcement discretion regarding specific part 11
requirements for validation of computerized systems. We
suggest that your decision to validate computerized systems
and the extent of the validation take into account the
impact the systems have on your ability to meet predicate
rule requirements. You should also consider the impact
those systems might have on the accuracy, reliability,
integrity, availability, and authenticity of required
records and signatures. Even if there is no predicate rule
requirement to validate a system, it may still be important
to validate the system, based on criticality and risk, to
ensure the accuracy, reliability, integrity, availability
and authenticity of required records and signatures.
We recommend that you
base your approach on a justified and documented risk
assessment and determination of the potential of the system
to affect data quality and record integrity. For example,
in the case where data are directly entered into electronic
records and the business practice is to rely on the
electronic record, validation of the computerized system is
important. However when a word processor is used to
generate SOPs for use at the clinical site,
validation would not be important.
If validation is
required, FDA may ask to see the regulated company's
documentation that demonstrates software validation. The
study sponsor is responsible for making any such
documentation available if requested at the time of
inspection at the site where software is used. Clinical
investigators are not generally responsible for validation
unless they originated or modified software.
As noted in the Part
11 Scope and Application guidance, the Agency intends to
exercise enforcement discretion with respect to all part 11
requirements for systems that otherwise were fully
operational prior to August 20, 1997, the effective date of
part 11, under the circumstances described below. These
systems are also known as legacy systems. The Agency does
not intend to take enforcement action to enforce compliance
with any part 11 requirements if all the following criteria
are met for a specific system:
·
The system was in operation
before the part 11 effective date.
·
The system met all applicable
predicate rule requirements prior to the part 11 effective
date.
·
The system currently meets all
applicable predicate rule requirements.
·
There is documented evidence
and justification that the system is fit for its intended
use.
If a system has changed
since August 20, 1997, and if the changes would prevent the
system from meeting predicate rule requirements, part 11
controls should be applied to part 11 records and signatures
pursuant to the enforcement policy expressed in the part 11
guidance. Please refer to the Part 11 Scope and
Application guidance for further information.
While the Agency has
announced that it intends to exercise enforcement discretion
regarding specific part 11 requirements for validation of
computerized systems, persons must still comply with all
predicate rule requirements for validation. We suggested in
the guidance for industry on part 11 that the impact of
computerized systems on the accuracy, reliability,
integrity, availability, and authenticity of required
records and signatures be considered when you decide whether
to validate, and noted that even absent a predicate rule
requirement to validate a system, it might still be
important to validate in some instances.
For most off-the-shelf
software, the design level validation will
have already been done by the company that wrote the
software. Given the importance of ensuring valid clinical
trial data, FDA suggests that the sponsor or contract
research organization (CRO)
have documentation (either original validation documents or
on-site vendor audit documents) of this design level
validation by the vendor and would itself have performed
functional testing (e.g., by use of test data sets) and
researched known software limitations, problems, and defect
corrections. Detailed documentation of any additional
validation efforts performed by the sponsor or CRO will
preserve the findings of these efforts.
In the special case of
database and spreadsheet software that is: (1) purchased
off-the-shelf, (2) designed for and widely used for general
purposes, (3) unmodified, and (4) not being used for direct
entry of data, the sponsor or contract research organization
may not have documentation of design level validation. FDA
suggests that the sponsor or contract research organization
perform functional testing (e.g., by use of test data sets)
and research known software limitations, problems, and
defect corrections.
In the case of
off-the-shelf software, we recommend that the following be
available to the Agency on request:
·
A written
design specification that describes what the software is
intended to do and how it is intended to do it;
·
A written
test plan based on the design specification, including both
structural and functional analysis; and
·
Test
results and an evaluation of how these results demonstrate
that the predetermined design specification has been met.
Additional guidance on
general software validation principles can be found in FDA’s
guidance entitled General Principles of Software
Validation; Final Guidance for Industry and FDA Staff.
FDA recommends that
written procedures be put in place to ensure that changes to
the computerized system, such as software upgrades,
including security and performance patches, equipment,
or component replacement, or new instrumentation, will
maintain the integrity of the data and the integrity of
protocols. We recommend that the effects of any changes to
the system be evaluated and a decision made regarding
whether, and if so, what level of validation activities
related to those changes would be appropriate. We recommend
that validation be performed for those types of changes that
exceed previously established operational limits or design
specifications. Finally, we recommend that all changes to
the system be documented.
The Agency recommends that appropriate system
control measures be developed and implemented.
·
Software Version Control
We recommend that measures be put in place to
ensure that versions of software used to generate, collect,
maintain, and transmit data are the versions that are stated
in the systems documentation.
·
Contingency Plans
We recommend that written procedures describe
contingency plans for continuing the study by alternate
means in the event of failure of the computerized system.
·
Backup and Recovery of
Electronic Records
When electronic formats are the only ones
used to create and preserve electronic records, the Agency
recommends that backup and recovery procedures be outlined
clearly in SOPs and be sufficient to protect against data
loss. We also recommend that records be backed up regularly
in a way that would prevent a catastrophic loss and ensure
the quality and integrity of the data. We recommend that
records be stored at a secure location specified in the
SOPs. Storage is typically offsite or in a building separate
from the original records.
We recommend that backup and recovery logs be
maintained to facilitate an assessment of the nature and
scope of data loss resulting from a system failure.
Firms that rely on electronic and paper
systems should determine the extent to which backup and
recovery procedures are needed based on the need to meet
predicate rule requirements, a justified and documented risk
assessment, and a determination of the potential effect on
data quality and record integrity.
Under 21 CFR 11.10(i),
firms using computerized systems must determine that persons
who develop, maintain, or use electronic systems have the
education, training, and experience to perform their
assigned tasks.
The Agency recommends
that training be provided to individuals in the specific
operations with regard to computerized systems that they are
to perform. We recommend that training be conducted by
qualified individuals on a continuing basis, as needed, to
ensure familiarity with the computerized system and with any
changes to the system during the course of the study.
We recommend that
employee education, training, and experience be documented.
FDA has the authority to
inspect all records relating to clinical investigations
conducted under 21 CFR Parts 312 and 812, regardless of how
the records were created or maintained (21 CFR 312.58,
312.68, and 812.145). Therefore, you should provide the FDA
investigator with reasonable and useful access to records
during an FDA inspection. As noted in the Part 11,
Electronic Records; Electronic Signatures- Scope and
Application guidance, the Agency intends to exercise
enforcement discretion with regard to specific part 11
requirements for generating copies of records (§ 11.10(b)
and any corresponding requirement in § 11.30). We recommend
that you supply copies of electronic records by:
·
Producing copies of records
held in common portable formats when records are maintained
in these formats
·
Using established automated
conversion or export methods, where available, to make
copies available in a more common format (e.g., pdf, xml, or
sgml formats)
Regardless of the method
used to produce copies of electronic records, it is
important that the copying process used produces copies that
preserve the content and meaning of the record. For example,
if you have the ability to search, sort, or trend records,
copies given to FDA should provide the same capability if it
is reasonable and technically feasible. FDA expects to
inspect, review, and copy records in a human readable form
at your site, using your hardware and following your
established procedures and techniques for accessing records.
We recommend you contact
the Agency if there is any doubt about what file formats and
media the Agency can read and copy.
As required by 21 CFR
11.100(c), persons using electronic signatures to meet an
FDA signature requirement must, prior to or at the time of
such use, certify to the Agency that the electronic
signatures in their system, used on or after August 20,
1997, are intended to be the legally binding equivalent of
traditional handwritten signatures.
As set forth in §
11.100(c)(1), the certification must be submitted in paper,
signed with a traditional handwritten signature, to the
Office of Regional Operations (HFC-100), 5600 Fishers Lane,
Rockville, Maryland 20857. The certification is to be
submitted prior to or at the time electronic signatures are
used. However, a single certification can be used to cover
all electronic signatures used by persons in a given
organization. This certification is created by persons to
acknowledge that their electronic signatures have the same
legal significance as their traditional handwritten
signatures. See the following example of a certification
statement:
Pursuant to Section
11.100 of Title 21 of the Code of Federal Regulations, this
is to certify that ___[name of organization]__
intends that all electronic signatures executed by our
employees, agents, or representatives, located anywhere in
the world, are the legally binding equivalent of traditional
handwritten signatures.
The following is a list
of definitions for terms as they are used in, and for the
purposes of, this guidance document.
Attributable Data:
Attributable data are those that can be
traced to individuals responsible for observing and
recording the data. In an automated system, attributability
could be achieved by a computer system designed to identify
individuals responsible for any input.
Audit Trail:
An audit trail is a secure,
computer generated, time-stamped electronic record that
allows reconstruction of the course of events relating to
the creation, modification, and deletion of an electronic
record.
Certified Copy:
A copy of original information
that has been verified, as indicated by dated signature, as
an exact copy having all of the same attributes and
information as the original
Computerized System:
A computerized system includes computer hardware,
software, and associated documents (e.g., user manual) that
create, modify, maintain, archive, retrieve, or transmit in
digital form information related to the conduct of a
clinical trial.
Direct Entry:
Recording data where an electronic record is the original
capture of the data. Examples are the keying by an
individual of original observations into the system, or
automatic recording by the system of the output of a balance
that measures subject’s body weight.
Electronic Record:
Any combination of text, graphics, data, audio, pictorial,
or other information representation in digital form that is
created, modified, maintained, archived, retrieved, or
distributed by a computer system.
Electronic Signature:
A computer data compilation of
any symbol or series of symbols executed, adopted, or
authorized by an individual to be the legally binding
equivalent of the individual's handwritten signature.
Predicate rule:
This term refers to underlying
requirements set forth in the Federal Food, Drug, and
Cosmetic Act, the PHS Act, and FDA regulations (other than
21 CFR part 11). Regulations governing good clinical
practice and human subject protection can be found at 21 CFR
parts 50, 56, 312, 511, and 812.
Software Validation:
Confirmation by examination and provision of objective
evidence that software specifications conform to user needs
and intended uses and that the particular requirements
implemented through the software can be consistently
fulfilled. Design level validation is that portion of
the software validation that takes place in parts of the
software life cycle before the software is delivered to the
end user.
Source Documents:
Original documents and records including, but not limited
to, hospital records, clinical and office charts, laboratory
notes, memoranda, subjects' diaries or evaluation
checklists, pharmacy dispensing records, recorded data from
automated instruments, copies or transcriptions certified
after verification as being accurate and complete,
microfiches, photographic negatives, microfilm or magnetic
media, x-rays, subject files, and records kept at the
pharmacy, at the laboratories, and at medico-technical
departments involved in the clinical trial.
Transmit:
Transmit is to transfer data within or among clinical
study sites, contract research organizations, data
management centers, or sponsors. Other Agency guidance
covers transmission from sponsors to the Agency.
.gif)