Your Easy Guide to Clinical Studies

A server is used as a central storage device for study data. It should run continuously in order to guarantee:

 

• Ongoing functionality:
  • Update of network security
  • Automatic data back-up
  • Protection against break-down
  • Existence of emergency data recovery procedures

 

• Security:
  • Strictly monitored access and user control with ongoing audit-trail that documents any changes to the data and other functionalities of the study database (e.g. access management)
  • Restricted access to server presmises in order to protect against theft, accidental server damage, data disclosure, alteration or destruction

 

• Storage infrastructure:
  • Ongoing temperature- and humidity surveillance
  • Fire-, extensive dust-, and vibration protection
  • Protection against rodent infestation

As a SP-INV familiarise yourself with server management requirements, such as to:

• Carefully plan server acquisition in order to ensure functionality and security requirements can be met.
• Ensure study data is stored centrally on a protected server and not on a laptop, desktop, hard drive or any removable storage device

 

In addition:

• Access to server storage premises should be documented and traceable
• Server access codes should be kept in a secure place, and only be available to server administrator(s)

 

Even when a server is not kept at the study site, but is under the administration of an institutional computer department, the responsibility of server functionality and data security remains with the SP-INV.

More

References

ICH GCP E6(R2) – see in particular guideline

• 5.5. Trial Management, data handling, and record-keeping