EMA’s Guideline on Computerized Systems and Electronic Data in Clinical Trials: Contractual Agreements

Next in our series on EMA’s Guideline on Computerized Systems and Electronic Data in Clinical Trials:  Contractual Agreements.

Contracts are important in clinical trials because they frequently serve as documentation of transfer of regulatory obligations, and also because they establish requirements against which we measure execution.  The guidance covers some standard truisms about contracts – for example, vendors should be appropriately qualified; contracts should be in place before work is undertaken; contracts should clearly outline roles and responsibilities; permissible subcontracting should be detailed in agreements; responsibilities for complying with audits and inspections should be detailed; agreements should specify steps for decommissioning and contingency plans for down-time.

Below are additional points from the guidance to consider for future vendor agreements:

• No agreement, no use.  If a vendor is reluctant to comply with requirements for auditing, inspection, and data privacy, the sponsor should not utilize their system. Note that the guidance doesn’t specify that privacy language must be included in agreements, but we know from recent inspections that EMA inspectors look for this language in contracts.
• Agreements should specify timeframes for escalating potential serious breaches from vendor to sponsor, so sponsors can comply with serious breach reporting requirements.  Again, inspectors will look specifically for this language.
• Agreements that relate to computerized systems don’t need to specify individual trials for which a system will be used “if a product is purchased and used as intended without the manufacturer of the system,” assuming that the user has determined that the system is fit for its intended use.  This statement suggests that systems such as Trial Master Files and safety databases that are used across studies don’t require a separate contract for each study.
• Roles and responsibilities regarding electronic records should be documented in the protocol, and Ethics Committees and Institutional Review Boards should be informed. This may be a heavy lift for sponsors using multiple electronic systems for a study (e.g., EDC, IRT, ePRO, eCOA, eConsent, RTSM, site portals, eTMFs). Furthermore, wording in agreements should be consistent with wording in the protocol.
• If a vendor is contracted to host data, the location of the data storage (the data center) should be described, even for cloud systems. For example, most cloud computing services will disclose which country and region they are using to store data.
• Agreements with investigators must specify how investigators’ “access to and control over data re ensured during and after the trial,” including how and when investigators’ access will be revoked, what outputs investigators will receive, and in which formats.  Section 6.6 specifies that investigators must have control of their data at all times, and the sponsor should not have exclusive control of data “at any point in time” (more on this later).  Thus, the agreement should show how the investigator will maintain that control.

This section also includes a few points about the sponsor/vendor relationship:

• Oversight of trial-related responsibilities undertaken by vendors should be achieved via review of Key Performance Indicators or “reconciliations.” The guidance doesn’t define what is meant by “reconciliations”; we will hazard a guess that it refers to reconciling sources of data between systems, which might indicate issues with data capture or transformations (e.g., reconciling safety data in the clinical and safety database, or comparing data pre- and post-transfer to verify that it did not become corrupted in transit).
• Sponsors should ensure that vendors follow up on findings from audits and inspections.