CT SOP version 2.0 

Main changes from CT SOP version no 1.0.: Quality control should be applied using a risk-based approach to each stage of the data handling to ensure that data are reliable and have been processed correctly, the need for data flow diagrams, validation of DATs and data processes such as export, need for training, user management, review of data and metadata

CT SOP version 1.0

Main changes from LM SOP no. 2.09: Adapted to the wording of the clinical trial regulation no 536/2014.

The sponsor has overall responsibility for ensuring that data management in clinical trials is carried out in compliance with national and international laws, regulations, ICH GCP and this SOP.

The sponsor’s responsibilities shall be described in the quality system of the sponsor institution. Tasks can be delegated, delegation of tasks must be documented.

The coordinating investigator has the responsibility for ensuring that data management for a trial is carried out according to the requirements of this SOP.

The coordinating investigator will assign data management tasks to suitably qualified and experienced personnel, who will function as data managers throughout the trial. All staff who are involved in data management tasks (for example database management, data verification and validation) must have necessary qualifications. A list of persons to whom tasks are assigned should be included in the Data Management Plan (DMP) or Data Management Personnel Log (DMPL).

The sponsor may transfer any or all of the sponsor's trial-related duties and functions to a service provider such as a Contract Research Organisation (CRO), but the ultimate responsibility for the quality and integrity of the trial data always resides with the sponsor. The sponsor should have oversight of any trial-related duties and functions carried out on its behalf. Transfer of duties shall be specified in a written agreement.

Planning Phase

Data Management Tasks

Data management will be carried out in accordance with the protocol and any protocol amendments approved by relevant authorities, see  SOP Application Process and Approvals .

Data managers should ensure the integrity and confidentiality of data generated and managed. Data should be traceable, and trial metadata should be available. Quality control should be applied using a risk-based approach to each stage of the data handling to ensure that data are reliable and have been processed correctly. 

Data protection considerations and IT security should be safeguarded in all aspects of data management.

An overview of data management tasks in a clinical trial is shown in the flowchart in Attachment 1.

Data management procedures should be described in a separate DMP.

Data Management Plan (DMP)

The data manager will prepare a DMP which will describe the overall strategy for all data management activities for the trial. The DMP should be completed before the start of the trial (first patient first visit).

The DMP will include, but not be limited to, the process and procedures for the following:

• Quality system including data management procedures
• Oversight of data acquisition tools used in the trial, including validation status.
• Data flow diagram
• Data acquisition tool (DAT) design including:
  • CRF and patient reported outcomes (PRO)
  • Annotated CRF
  • User Acceptance testing
  • Approval
• Training in the use of data acquisition tools
• Randomisation, and measures to ensure the safeguarding of the blinding.
• Systems for unblinding
• Data entry and data entry guidelines.
• Correction to data
• Risk-based data quality control including:
  • Data Verification
  • Data Validation
• Review of data and metadata
• Reconciliation of SAEs, if applicable
• Protocol deviations
• Data from external sources
• Coding of medical terms
• Database lock
  • IDMC
  • Interim analysis
  • Final analysis
• Export of data
• Retention and archiving

The DMP will be reviewed and approved by the coordinating investigator.

Case Report Form (CRF)

The CRF is a tool for data capture and reflects the protocol. The data which will be collected should be clearly stated in the protocol or other documents (eCRF specification). A description of the requirements for drafting, completion and corrections of the CRF can be found in SOP Case Report Form and Patient-Reported Outcome.

Data acquisition tools (DAT)

The system(s) and procedures used for electronic processing of clinical trial data will be described in the DMP. Electronic data processing means all processes carried out by electronic data systems in all or part of a trial.

The following specific requirements apply to the use of electronic data acquisition tools, but the underlying principles also apply to the treatment of paper CRFs.

The coordinating investigator will:

• Obtain documentation that data acquisition tools are fit for purpose and designed to capture the information required by the protocol. They should be validated and ready for use prior to their required use in the trial
• Ensure that there are written procedures in place, such as user guides for the systems
• Document the training of the study personnel and ensure that they receive instructions on how to navigate systems, data and relevant metadata for the trial participants under their responsibility
• .Audit trail – keep track of any changes to the entered data in the system, the reason for change, and by whom the data is changed, and make sure the original data will not be deleted
• Ensure that security systems exist to prevent unauthorised access
• Maintain a record of the individual users who are authorised to access the system, their roles and their access permissions
• Safeguard the blinding procedures (if any).
• Ensure that the data collected in the system matches the protocol and are consistent with the source data

User Acceptance Testing (UAT)

After setup of the data acquisition tool, an UAT should be done to make sure the DEA fulfills the requirements of the protocol and meets the need of the trial for collecting data.

An UAT is performed by entering dummy data (test data) in the DEA. Any findings made during the testing of the DEA and actions taken should be documented, see User Acceptance Testing (UAT). When the UAT process is finalised, the DAT Approval Form must be completed and signed before the study personnel can start entering real trial data.

Data Validation

Data validation is checks on the validity of the data to ensure consistency and reliability, e.g. logical checks, outliers, medical review etc. The data managers should focus their quality assurance and quality control activities, including data review, on data of higher criticality and relevant metadata. Data validation procedures should be described in detail in the DMP.

These procedures should be defined before the first participant is enrolled in the trial, but can be updated during the conduct of the trial in the Data Management Report (DMR), see section named "Data Management Report (DMR)" under "Conduct Phase" below. 

Data Management Report (DMR)

Any deviations from the finalised DMP and other data management tasks performed during the trial that should be documented, will be described in the Data Management Report.

User management

Procedures should be in place to ensure that user access permissions are appropriately assigned based on a user’s duties and functions, blinding arrangements and the organisation to which users belong. Access permissions should be revoked when they are no longer needed. A process should be in place to ensure that user access and assigned roles and permissions are periodically reviewed, where relevant.

Authorised users and access permissions should be clearly documented, maintained and retained. These records should include any updates to a user’s roles, access permissions and time of access permission being granted (e.g., time stamp).

Data verification and data validation during the trial

Data verification is the process of comparing data in two different data sets, e.g. paper CRF and the eCRF, or electronic files and the eCRF. Source data verification (SDV) is a check where data in the CRF are compared with the source documentation (original/first entry). The source data for the trial should be defined in the protocol or Source Data List. The Source Data List may be site-specific.

Ongoing data quality control, data verification and validation, will be carried out as described in the DMP.  Data quality control should be considered as required based on risk, and their implementation should be controlled and documented. Possible errors detected during verification or validation of data will require entry of correct data, and this process continues until database lock.

A final validation of the data will be carried out once all data has been entered (or imported) as described in the DMP, to ensure the trial data are valid and reliable.

Review of Data and Metadata

Procedures for review of trial-specific data, audit trails and other relevant metadata should be in place. It should be a planned activity and documented in the DMP. The extent and nature of the review should be risk-based, adapted to the individual trial and adjusted based on experience during the trial.

Coding of medical terms

Project-specific coding procedure should be defined as early as possible and documented in the DMP. The DMP should cover which clinical terms are to be coded and the dictionaries to use for the coding. The most used coding dictionaries are MedDRA and CTCAE for Adverse Events, ATC for drugs and ICD-10 for diagnosis. The dictionaries are version controlled and in case of upgrading dictionary versions during conduct of the trial, previous coded terms should be checked to identify term changes. 

Serious Adverse Event (SAE) reconciliation

Applies when SAEs are reported to an external database (e.g. safety reporting to pharmaceutical companies or when the SAEs are kept in another database than the eCRF). The variables to be reconciled and the requirement for exact match/equivalence/medically consistency should be defined in the DMP, together with timelines for when SAE reconciliation should take place during the trial. The last reconciliation will be performed immediately before database lock. The result from the SAE reconciliation process will be documented in the DMR during the trial.

Data Monitoring Committee (DMC)

Whether there is a DMC in the trial should be described in the protocol.

The coordinating investigator will ensure that there is a charter (see Data Monitoring Committee Charter) for the work of the committee. The charter should describe in detail which data are to be delivered and by whom, and the appropriate format (tables, listings etc.) for DMC meetings, and if the data should be verified/validated/coded before the meetings. If not stated in the DMC charter, timelines for assuring delivery of data in due time should be discussed with the coordinating investigator. The data management deliveries and timelines should be described in the DMP.

Changes to the DAT(s)

Changes to DAT(s) may be required from time to time due to e.g. protocol amendments or data requirements. Substantial protocol amendments need approval from the competent authorities (e.g. Norwegian Medical Products Agency (DMP) and/or Independent Ethics Committees (e.g. Regional Committees for Medical and Health Ethics (REK)) before the changes can be made to the DAT(s), see SOP Modifications after Trial Start.

The data manager should do a risk assessment and consider the potential impact of the foreseen changes to the DAT(s) and the already entered data in the database. The impact of the changes must be discussed and approved by the coordinating investigator before any changes are done to the DAT(s). It is recommended to discuss the changes with the study statistician.

Any changes done to the DEA during the trial should be documented in a DAT Change Log  and described in the data management report (DMR) at the end of the trial. The CRF, the DAT(s) and the data records should have version control corresponding to the DAT(s) Change Log.

Database Lock

After data collection is finalised and data validation processes defined in the DMP have been carried out (data validated, queries resolved, final coding and possible SAE reconciliation has been performed) a database lock meeting should be arranged.

Listings of all trial subjects and their allocation to the different populations according to the protocol/Statistical Analysis Plan (SAP) (e.g. intention-to-treat (ITT), per protocol (PP) and safety) must be finalised before database lock. When the database is locked, all write privileges must be removed from all users. The database lock will be documented on the Database Lock Form. The data sets will be exported and made available for the analyses defined in the SAP.

The data exchange/transfer process to the statistical software should validated and documented to ensure traceability, and data reconciliation should be implemented as appropriate to avoid data loss and unintended modifications.

Tables, Listings and Figures (TLFs)

The TLFs defined in the SAP will be prepared either by the data manager or the statistician, and the coordinating investigator will ensure the quality checks are carried out on all the TLFs by a review of a sample of the data and comparisons with raw data listings.

Database Unlock

The database may be unlocked if data errors are detected which either:

1. Have a significant impact on the statistical outcome of the analysis, or
2. Affects the safety profile of the investigational product.

To unlock the database, a formal written request from both the data manager and the study statistician must be approved by coordinating investigator, and should be documented on Database Unlock Form.

The reason for unlock and details of the data which will be corrected must be clearly stated on the request. Once the approval is granted, the data manager will grant write privileges to designated person(s) (e.g. investigator/study nurse), who will enter the corrections. Once the corrections have been made, the data manager will remove the write privileges to the database again and the database will be relocked. The correction of the relocked database will be confirmed on Database Lock.

The changed datasets will be exported and made available for analysis. The data exchange/transfer process to the statistical software should be documented to ensure traceability, and data reconciliation should be implemented as appropriate to avoid data loss and unintended modifications. 

Data Management Report

The DMR should be finalized when the close out is completed for the trial.

Storage/archiving of data and code lists

The completed CRFs should be kept secure and access restricted to authorised persons during the archiving phase of the trial. The completed CRFs should be kept separate from the identification and enrollment log and other documents with participant identity (e.g. signed informed consent forms, IMP requisitions).

Electronic data must be stored securely and in compliance with requirements from independent ethics committee (e.g. REK in Norway) and in Norway, the Norwegian Directorate of Health’s guideline: "Personvern og informasjonssikkerhet i forskningsprosjekter innenfor helse- og omsorgssektoren (PDF)".

Procedures for export of data (e.g. in multicentre trials) should be described in the DMP and should be performed according to the current regulatory requirements.

At the end of the trial, the data, metadata and essential documents, including any code list and audit trails, must be archived. For further description of the requirements for archiving data and essential trial documents refer to the SOP Study Files and SOP Completion, Reporting and Archiving.

• Data Management Plan - Template
• Data Management Report - Template
• DAT Approval Form - Template
• Database Lock Form - Template
• Database Unlock Form - Template
• Data Management Personnel Log - Template
• User Acceptance Testing (UAT) - Template
• DAT Change Log - Template
• Data Monitoring Committee Charter - Template