What is it? Why is it important?

A server is used as a central storage device for study data. It should run continuously in order to guarantee:

  • Ongoing functionality:
    • Update of network security
    • Automatic data back-up
    • Protection against server break-down
    • Existence of emergency data recovery procedures

 

  • Security:
    • Strictly monitored access and user control with ongoing audit trail that documents any changes to the data and other functionalities of the database (e.g. access management)
    • Restricted access to server presmises in order to protect against theft, accidental server damage, data disclosure, alteration or destruction

 

  • Storage infrastructure:
    • Ongoing temperature- and humidity surveillance
    • Fire-, extensive dust-, and vibration protection
    • Protection against rodent infestation

More

Means to protect your server and the security of your study data include to:

  • Keep any firewall, security-related upgrades, and virus protection up-to-date
  • Allow only delegated, and knowledgeable staff handle problems within the operating system
  • Install an electronic recording system able to document access to server storage premises
  • Install an alarm system that monitors and alerts when storage conditions become unfavourable
  • Have procedures and equipment ready in order to responds to unfavourable conditions (e.g. air-conditioner, humidifier)
  • Only have password protected access to servers, computers and study eCRF
  • Encrypt any forwarded sensitive data. Define a secure method of data transfer
  • Prevent any unnecessary server relocation

What do I need to do?

Study data should be stored centrally on a protected server and not on a laptop, desktop, hard drive or any removable storage device.

Server acquisition should be planned carefully in order to ensure functionality and security requirements can be met.

In addition:

  • Access to server storage premises should be documented and traceable
  • Server access codes should be kept in a secure place
  • Server access codes should only be available to staff who need them for the completion of their task(s)

More

Even when a server is not kept at the study site, but is under the administration of an institutional computer department, the responsibility of server functionality and data security remains with the SP-INV.

Where can I get help?

Your local CTU can support you with experienced staff regarding this topic

References

ICH GCP E6(R2) – see in particular guideline

  • 5.5. Trial Management, data handling, and record-keeping
Abbreviations
  • CTU – Clinical Trials Unit
  • eCRF – electronic Case Report Form
  • SP-INV – Sponsor-Investigator
Concept ↦ Data Handling ↦ Server ↦ Data Storage
Study
Basic

Provides some background knowledge and basic definitions

Basic Protocol
Basic Statistics
Basic Monitoring
Basic Drug or Device
Basic Biobanking
Concept

Starts with a study idea

Ends after having assessed and evaluated study feasibility

Concept Protocol
Concept Statistics
Concept Drug or Device
Concept Biobanking
Development

Starts with confidence that the study is feasible

Ends after having received ethics and regulatory approval

Development Protocol
Development Statistics
Development Drug or Device
Development Biobanking
Set-Up

Starts with ethics and regulatory approval

Ends after successful study initiation

Set-Up Protocol
Set-Up Ethics and Laws
Set-Up Statistics
Set-Up Drug or Device
Set-Up Biobanking
Conduct

Starts with participant recruitment

Ends after the last participant has completed the last study visit

Conduct Protocol
Conduct Statistics
Conduct Drug or Device
Conduct Biobanking
Completion

Starts with last study visit completed

Ends after study publication and archiving

Completion Protocol
Completion Statistics
Completion Drug or Device
Completion Biobanking
Current Path (click to copy): Concept ↦ Data Handling ↦ Server ↦ Data Storage

Please note: the Easy-GCS tool is currently under construction.