What is it? Why is it important?

A server is used as a central storage device for study data. It should run continuously in order to guarantee:

 

  • Ongoing functionality:
    • Update of network security
    • Automatic data back-up
    • Protection against break-down
    • Existence of emergency data recovery procedures

 

  • Security:
    • Strictly monitored access and user control with ongoing audit-trail that documents any changes to the data and other functionalities of the study database (e.g. access management)
    • Restricted access to server presmises in order to protect against theft, accidental server damage, data disclosure, alteration or destruction

 

  • Storage infrastructure:
    • Ongoing temperature- and humidity surveillance
    • Fire-, extensive dust-, and vibration protection
    • Protection against rodent infestation

What do I need to do?

As a SP-INV familiarise yourself with server management requirements, such as to:

  • Carefully plan server acquisition in order to ensure functionality and security requirements can be met.
  • Ensure study data is stored centrally on a protected server and not on a laptop, desktop, hard drive or any removable storage device

 

In addition:

  • Access to server storage premises should be documented and traceable
  • Server access codes should be kept in a secure place, and only be available to server administrator(s)

 

Even when a server is not kept at the study site, but is under the administration of an institutional computer department, the responsibility of server functionality and data security remains with the SP-INV.

More

Means to protect your server and the security of your study data include to:

  • Keep any firewall, security-related upgrades, and virus protection up-to-date
  • Allow only delegated, and knowledgeable staff handle problems within the operating system
  • Install an electronic recording system able to document access to server storage premises
  • Install an alarm system that monitors and alerts when storage conditions become unfavourable
  • Have procedures and equipment ready in order to responds to unfavourable conditions (e.g. air-conditioner, humidifier)
  • Only have password protected server access
  • Encrypt any forwarded sensitive data. Define a secure method of data transfer
  • Prevent any unnecessary server relocation

Where can I get help?

Your local CTU can support you with experienced staff regarding this topic

References

ICH GCP E6(R2) – see in particular guideline

  • 5.5. Trial Management, data handling, and record-keeping
Abbreviations
  • CTU – Clinical Trials Unit
  • eCRF – electronic Case Report Form
  • ICH GCP – International Council for Harmonisation Good Clinical Practice
  • SP-INV – Sponsor-Investigator
Concept ↦ Data Management ↦ Server Management ↦ Data Storage
Study
Basic

Provides some background knowledge and basic definitions

Basic Monitoring
Basic Drug or Device
Concept

Starts with a study idea

Ends after having assessed and evaluated study feasibility

Concept Statistic Methodology
Concept Drug or Device
Development

Starts with confidence that the study is feasible

Ends after having received ethics and regulatory approval

Development Drug or Device
Set-Up

Starts with ethics and regulatory approval

Ends after successful study initiation

Set-Up Ethics and Laws
Set-Up Statistic Methodology
Set-Up Quality and Risk
Set-Up Drug or Device
Conduct

Starts with participant recruitment

Ends after the last participant has completed the last study visit

Conduct Statistic Methodology
Conduct Drug or Device
Completion

Starts with last study visit completed

Ends after study publication and archiving

Completion Statistic Methodology
Completion Drug or Device
Current Path (click to copy): Concept ↦ Data Management ↦ Server Management ↦ Data Storage

Please note: the Easy-GCS tool is currently under construction.