What is it? Why is it important?
A server is used as a central storage device for study data. It should run continuously in order to guarantee:
- Ongoing functionality:
- Update of network security
- Automatic data back-up
- Protection against server break-down
- Existence of emergency data recovery procedures
- Strictly monitored access and user control with ongoing audit trail that documents any changes to the data and other functionalities of the study database (e.g. access management)
- Restricted access to server presmises in order to protect against theft, accidental server damage, data disclosure, alteration or destruction
- Storage infrastructure:
- Ongoing temperature- and humidity surveillance
- Fire-, extensive dust-, and vibration protection
- Protection against rodent infestation
What do I need to do?
As a SP-INV familiarise yourself with server management requirements, such as to:
- Carefully plan server acquisition in order to ensure functionality and security requirements can be met.
- Ensure study data is stored centrally on a protected server and not on a laptop, desktop, hard drive or any removable storage device
- Access to server storage premises should be documented and traceable
- Server access codes should be kept in a secure place
- Server access codes should only be available to staff who need them for the completion of their task(s)
Even when a server is not kept at the study site, but is under the administration of an institutional computer department, the responsibility of server functionality and data security remains with the SP-INV.
Means to protect your server and the security of your study data include to:
- Keep any firewall, security-related upgrades, and virus protection up-to-date
- Allow only delegated, and knowledgeable staff handle problems within the operating system
- Install an electronic recording system able to document access to server storage premises
- Install an alarm system that monitors and alerts when storage conditions become unfavourable
- Have procedures and equipment ready in order to responds to unfavourable conditions (e.g. air-conditioner, humidifier)
- Only have password protected access to servers, computers and study eCRF
- Encrypt any forwarded sensitive data. Define a secure method of data transfer
- Prevent any unnecessary server relocation
Where can I get help?
Your local CTU↧ can support you with experienced staff regarding this topic
Basel, Departement Klinische Forschung, CTU, dkf.unibas.ch
Lugano, Clinical Trials Unit, CTU-EOC, www.ctueoc.ch
Bern, Clinical Trials Unit, CTU, www.ctu.unibe.ch
Geneva, Clinical Research Center, CRC, crc.hug.ch
Lausanne, Clinical Research Center, CRC, www.chuv.ch
St. Gallen, Clinical Trials Unit, CTU, www.kssg.ch
Zürich, Clinical Trials Center, CTC, www.usz.ch
ICH GCP E6(R2) – see in particular guideline
- 5.5. Trial Management, data handling, and record-keeping