eSRA eSource Readiness Assessment

Für viele klinische Studien ist ein eSRA (eSource Readiness Assessment) erforderlich. Bei den technischen Fragen bezüglich Systemspezifika, die vom Studiencenter bzw. der dortigen IT möglicherweise nicht beantwortet werden können, bieten wir hier eine unverbindliche Hilfestellung an.

Wichtige Hinweise:  Die im folgenden aufgeführten Antworten und Beschreibungen gelten vollumfänglich nur 

  • für die neuen EMIL Plattform Systeme (EMIL 5/RheMIT) ab Version 3.10.15 mit Plus-Erweiterung
  • für EMIL 4  ab Version 4.14.2.7 mit Studienmodul

Weiterhin gelten die Angaben vorbehaltlich einer korrekten Systemkonfiguration, für die der Kunde sorgen und die dieser testen/prüfen muss.

Frage 3:   Does the system have an audit trail recording date, time, and originator of any patient data creation, change, or deletion?

EMIL Platform:  Yes - the System has an audit trail on item level that can be viewed by any user having access to the corresponding item.

EMIL4:  Yes - the System has an audit trail on item level that can be viewed by any user having access to the corresponding item.

Frage 4:   Does the audit trail include the reason for changes / deletions?

EMIL Platform:  Yes - A reason for changes and deletion can be supplied on an item level. Optionally supplying a common reason for all changed items without an individual reason can be forcibly requested on save.

EMIL4:  Yes - A reason for deletion is directly requested, Reasons for any other change can be appended. Both operate on item level.

Frage 5:   Is audit trail information readable and readily available?

EMIL Platform:   Yes -Complete audit trail of an item can be viewed by any user having access to the corresponding item by right clicking on the item.

EMIL4:   Yes - Complete audit trail of an item can be viewed by any user having access to the corresponding item by right clicking on the item.

Frage 6:   Does the system prevent new audit trail information from over-writing previous information such that previous data can be accessed if data are changed or deleted?

EMIL Platform:   Yes - Audit trail entries can only be appended and the mechanism operates on lowest database level. This is forced by database triggers and constraints.

EMIL4:   Yes - Audit trail entries can only be appended and the mechanismoperates on lowest database level. This is forced by database triggers and constraints.

Frage 7:   Do controls exist to ensure users cannot change and/or turn off the system standard settings (e.g., change the system time and date) including the audit trail? 

EMIL Platform:  Yes - as the mechanisms are server/database based by triggers and make use of the server timestamps. Users can neither disable triggers nor change the server time from the client. 

EMIL4:   Yes - as the mechanisms are server/database based by triggers and make use of the server timestamps. Users can neither disable triggers nor change the server time from the client. 

Frage 8:  Does the system and/or processes adequately provide for identifying the local time of patient events?

EMIL Platform:   N/A - The system is currently only used in one time zone.

EMIL4:   N/A - The system is currently only used in one time zone.

Frage 9:   Are users, who create/modify/delete records, provided a unique access method (i.e.,.usernames and passwords, access keys, or biometric access) that is provided to only one person, and restricts access permissions and capabilities to only those system, functions and data that are appropriate to their job?

EMIL Platform:   Yes - The system allows fine granulated access rights in a role based password secured access control. Implementation of course is site specific and requires a SOP.

EMIL4:   Yes - The system allows fine granulated access rights in a role based password secured access control. Implementation of course is site specific and requires a SOP.

Frage 11:   Are monitors, auditors, or inspectors provided with a means to review electronic health records of patients who have consented to the clinical trial (via system or documented process)?

EMIL Platform:   Yes - The system provides a study specific password secured study specific CRM read only access to the patient files enrolled.

EMIL4:   Yes - The system provides a study specific password secured study specific CRM read only access to the patient files enrolled.

Frage 13:   Does the system limit the number of unsuccessful log-in attempts? If "yes", please indicate in the comment block the number of unsuccessful attempts allowed.

EMIL Platform:   Yes - After 5 failed login attempts the program is terminated. Additionally logon process is delayed 2*attempts seconds after every failed attempt. 

EMIL4:   Yes - After 6 failed login attempts the program is terminated. Additionally logon process is delayed 1*attempts seconds after every failed attempt. 

Frage 14:   Does the system keep a log of unauthorized access attempts? 

EMIL Platform:   Yes - All failed login attempts are recorded along with computer name, user and IP address.

EMIL4:   Yes - If the number of allowed failed login attempts is exeeded the event is recorded along with computer name, user and IP address.

Frage 15:   Does the system require users to change their password at established intervals; or, is there  a documented manual process to ensure periodic change of passwords? If "yes", please indicate in the comment block the established interval or explain the documented manual process?

EMIL Platform: Yes - Password changes on a on a configurable time base can be forced by a system setting.

EMIL4:  No - has to be forced by a site SOP.

Frage 16:   Is there an automatic log-off or other data lock (e.g., password protected screen saver) after a 
period of inactivity? If "yes", please indicate in the comment block the period of inactivity before the automatic logoff.

EMIL Platform:   Yes - Automatic system lock requiring the current users password to unlock can be confiured  for a given time of inactivity.

EMIL4:   Yes - Automatic logoff on a on a configurable time of inactivity can be forced by a system setting.

Frage 17:   Can a list be produced, if requested, of all users, including past users, their access level/rights and the start and end date of these access rights?

EMIL Platform:   Yes - This data is available everytime as user records are never deleted and audit trail also covers system tables like users, roles and rights.

EMIL4:   Yes - This data is available everytime as user records are never deleted and audit trail also covers system tables like users, roles and rights.

Frage 26:   Does the site maintain a record of system version and dates, and documented and auditable validation of system changes made during clinical trial conduct?

ITC as the developer provides a fine granulated change record (Example for EMIL4) of all systems including patches and enhancements. The site does not need to apply all updates as changes are always cumulative and updates with irrelevant changes can be skipped. Also, ITC can assist in creating a GxP system validation of the site specific installation. As ITC systems are very widely configurable and adoptable to the site specific needs, a general validation cannot cover the complete system with site specific apects. So a site specific validation always applies.

Frage 29:    If this computerized system is provided by a third pary (e.g. suppliers, service providers), are there formal agreements in place to clearly  define responsibilities of each party (site and third party)?

Such agreements have to be made based on the site specific needs and requirements along with a GDPR agreement.