CT SOP version no 1.0.

Main changes from LM SOP no. 2.09: Adapted to the wording of the clinical trial regulation no 536/2014.

The sponsor has overall responsibility for ensuring that data management in clinical trials is carried out in compliance with national and international laws, regulations, ICH GCP and this SOP.

The sponsor’s responsibilities shall be described in the quality system of the sponsor institution. Tasks can be delegated, delegation of tasks must be documented.

The coordinating investigator has the responsibility for ensuring that data management for a trial is carried out according to the requirements of this SOP.

The coordinating investigator will assign data management tasks to suitably qualified and experienced personnel, who will function as data managers throughout the trial. All staff who are involved in data management tasks (for example database management, data verification and validation) must have necessary qualifications. A list of persons to whom tasks are assigned should be included in the Data Management Plan - Template (DMP) or Data Management Personnel Log - Template (DMPL).

The sponsor may transfer any or all of the sponsor's trial-related duties and functions to a third-party vendor such as a Contract Research Organisation (CRO), but the ultimate responsibility for the quality and integrity of the trial data always resides with the sponsor. The sponsor should have oversight of any trial-related duties and functions carried out on its behalf. Transfer of duties shall be specified in a written agreement.

Planning Phase

Data Management Tasks

Data management will be carried out in accordance with the protocol and any protocol amendments approved by relevant authorities, see Application Process, Approvals - SOP1.9.a.

Data managers should ensure that data in a clinical trial are accurate, secure, credible and ready for analysis. Data should be traceable, and an audit trial should be available. Data protection considerations and IT security should be safeguarded in all aspects of data management. An overview of data management tasks in a clinical trial is shown in the flowchart in Attachment 1.

Data management procedures should be described in a separate DMP.

Data Management Plan (DMP)

The data manager will prepare a DMP which will describe the overall strategy for all data management activities for the trial. The DMP should be completed before the start of the trial (first patient first visit).

The DMP will include, but not be limited to, the process and procedures for the following:

• Electronic data management systems.
• Data Entry Application (DEA) design including:
  • CRF and patient reported outcomes (PRO).
  • Annotated CRF.
  • User Acceptance testing.
  • Approval.
• Randomisation, if applicable.
• Data entry.
• Data Quality Control including:
  • Data Verification.
  • Data Validation.
• Reconciliation of SAEs, if applicable.
• Data from external sources.
• Coding.
• Data base lock.
• Archiving.

The DMP will be reviewed and approved by the coordinating investigator.

Case Report Form (CRF)

The CRF is a tool for data capture and reflects the protocol. The data which will be collected should be clearly stated in the protocol or other documents (eCRF specification). A description of the requirements for drafting, completion and corrections of the CRF can be found in SOP Case Report Form and Patient Reported Outcome - SOP 1.12.a.

Electronic Data Management Systems

The system(s) and procedures used for electronic processing of clinical trial data will be described in the DMP. Electronic data processing means all processes carried out by electronic data systems in all or part of a trial.

The following specific requirements apply to the use of electronic data capture systems, but the underlying principles also apply to the treatment of paper CRFs.

The coordinating investigator will:

• Obtain documentation showing that the data processing system meets the requirements for completeness, accuracy, reliability and stability (validation).
• Ensure that there are written procedures in place, such as user guides for the systems.
• Document the training of the study personnel.
• Audit trail – keep track of any changes to the entered data in the system, the reason for change, and by whom the data is changed, and make sure the original data will not be deleted.
• Ensure that security systems exist to prevent unauthorized access.
• Maintain a list of the people who have the authority to change the data (DMPL).
• Ensure the adequate back-up of data.
• Safeguard the blinding procedures (if any).
• Ensure that the data collected in the system match the protocol and paper CRF if applicable, and are consistent with the source data.

User Acceptance Testing (UAT)

After setup of the DEA, an UAT should be done to make sure the DEA fulfills the requirements of the protocol and meets the need of the trial for collecting data.

An UAT is performed by entering dummy data (test data) in the DEA. Any findings made during the testing of the DEA and actions taken should be documented, see User Acceptance Testing (UAT) - Template. When the UAT process is finalised, the DEA Approval Form - Template must be completed and signed before the study personnel can start entering real trial data.

Data Validation

Data validation is checks on the validity of the data to ensure consistency and reliability, e.g. logical checks, outliers, medical review etc. Data validation procedures should be described in detail in the DMP. These procedures should be defined before the first patient is enrolled in the trial, but can be updated during the conduct of the trial in the Data Management Report - Template (DMR), see section named "Data Management Report (DMR)" under "Conduct Phase" below. 

Data Management Report (DMR)

Any deviations from the finalised DMP and other data management tasks performed during the trial that should be documented, will be described in the Data Management Report - Template.

Data verification and data validation during the trial

Data verification is the process of comparing data in two different data sets, e.g. paper CRF and the eCRF, or electronic files and the eCRF. Source data verification (SDV) is a check where data in the CRF are compared with the source documentation (original/first entry). The source data for the trial should be defined in the protocol or Source Data List - Template. The Source Data List may be site-specific.

Ongoing data verification and validation will be carried out as described in the DMP. Possible errors detected during verification or validation of data will require entry of correct data, and this process continues until database lock.

A final validation of the data will be carried out once all data have been entered (or imported) as described in the DMP, to ensure the trial data are valid and reliable.

Coding

Project-specific coding procedure should be defined as early as possible and documented in the DMP. The DMP should cover which clinical terms are to be coded and the dictionaries to use for the coding. The most used coding dictionaries are MedDRA and CTCAE for Adverse Events, ATC for drugs and ICD-10 for diagnosis.

Serious Adverse Event (SAE) reconciliation

Applies when SAEs are reported to an external database (e.g. safety reporting to pharmaceutical companies or when the SAEs are kept in another database than the eCRF). The variables to be reconciled and the requirement for exact match/equivalence/medically consistency should be defined in the DMP, together with timelines for when SAE reconciliation should take place during the trial. The last reconciliation will be performed immediately before database lock. The result from the SAE reconciliation process will be documented in the DMR during the trial.

Data Monitoring Committee (DMC)

Whether there is a DMC in the trial should be described in the protocol.

The coordinating investigator will ensure that there is a charter (see Data Monitoring Committee Charter - Template) for the work of the committee. The charter should describe in detail which data are to be delivered and by whom, and the appropriate format (tables, listings etc.) for DMC meetings, and if the data should be verified/validated/coded before the meetings. If not stated in the DMC charter, timelines for assuring delivery of data in due time should be discussed with the coordinating investigator. The data management deliveries and timelines should be described in the DMP.

Changes to the DEA

Changes to the DEA may be required from time to time due to e.g. protocol amendments or data requirements. Substantial protocol amendments need approval from the competent authorities (e.g. Norwegian Medical Products Agency (DMP) and/or Independent Ethics Committees (e.g. Regional Committees for Medical and Health Ethics (REK)) before the changes can be made to the DEA, see Modifications after Trial Start – SOP 1.9.c.

The data manager should do a risk assessment and consider the potential impact of the foreseen changes to the DEA and the already entered data in the database. The impact of the changes must be discussed and approved by the coordinating investigator before any changes are done to the DEA. It is recommended to discuss the changes with the statistician.

Any changes done to the DEA during the trial should be documented in a DEA Change Log - Template and described in the data management report (DMR) at the end of the trial. The CRF, the DEA and the data records should have version control corresponding to the DEA Change Log.

Database Lock

After data collection is finalised and data validation processes defined in the DMP have been carried out (data validated, queries resolved, final coding and possible SAE reconciliation has been performed) a database lock meeting should be arranged.

Listings of all trial subjects and their allocation to the different populations according to the protocol/Statistical Analysis Plan (SAP) (e.g. intention-to-treat (ITT), per protocol (PP) and safety) must be finalised before database lock. When the database is locked, all write privileges must be removed from all users. The database lock will be documented on the Database Lock Form - Template. The data sets will be exported and made available for the analyses defined in the SAP.

Tables, Listings and Figures (TLFs)

The TLFs defined in the SAP will be prepared either by the data manager or the statistician, and the coordinating investigator will ensure the quality checks are carried out on all the TLFs by a review of a sample of the data and comparisons with raw data listings.

Database Unlock

The database may be unlocked if data errors are detected which either:

1. Have a significant impact on the statistical outcome of the analysis, or
2. Affects the safety profile of the investigational product.

To unlock the database, a formal written request from both the data manager and the statistician must be approved by coordinating investigator, and should be documented on Database Unlock Form - Template.

The reason for unlock and details of the data which will be corrected must be clearly stated on the request. Once the approval is granted, the data manager will grant write privileges to designated person(s) (e.g. investigator/study nurse), who will enter the corrections. Once the corrections have been made, the data manager will remove the write privileges to the database again and the database will be relocked. The correction of the relocked database will be confirmed on Database Relock Form - Template.

The changed datasets will be exported and made available for analysis.

Data Management Report

The DMR should be finalized when the close out is completed for the trial.

Storage/archiving of data and code lists

The completed CRFs should be kept secure and access restricted to authorised persons during the archiving phase of the trial. The completed CRFs should be kept separate from the identification and enrollment log and other documents with patient identity (e.g. signed informed consent forms, IMP requisitions).

Electronic data must be stored securely and in compliance with requirements from independent ethics committee (e.g. REK in Norway) and in Norway, the Norwegian Directorate of Health’s guideline: "Personvern og informasjonssikkerhet i forskningsprosjekter innenfor helse- og omsorgssektoren (PDF)".

Procedures for export of data (e.g. in multicentre trials) should be described in the DMP and should be performed according to the current regulatory requirements.

At the end of the trial, the data and essential documents, including any code list and audit trails, must be archived. For further description of the requirements for archiving data and essential trial documents refer to the SOP Study Files – SOP 1.6.a and Completion, Reporting and Archiving – SOP 1.6.b.

• 
• Data Management Plan - Template
• Data Management Report - Template
• DEA Approval Form - Template
• Database Lock Form - Template
• Database Unlock Form - Template
• Database Relock Form - Template
• Data Management Personnel Log - Template
• User Acceptance Testing (UAT) - Template
• DEA Change Log - Template
• Source Data List - Template
• Data Monitoring Committee Charter - Template