Fire at Iron Mountain Facility in Aprilia, Italy

A large fire struck Iron Mountain’s document storage warehouse and headquarters in Aprilia, Italy late on Friday 4th November 2011. According to news reports, the entire building was enveloped in flames causing substantial damage to the building and, presumably, to the documents and digital content stored there. Approximately 40 employees worked in the facility but nobody has been injured.

It is reported that the company had a sophisticated fire protection system in place and that the probable cause of the fire was an electrical fault. A spokesperson said “We are trying to take stock of the situation as soon as possible in order to respond to questions and concerns of our customers about the status of their documents stored at Aprilia”.

Posted in Document Storage | 2 Comments

Documentation Risk Adaptations in Clinical Trials

A paper has recently been published under the joint auspices of the UK Department of Health (DH), the Medicines and Healthcare products Regulatory Agency (MHRA) and Medical Research Council (MRC) describing risk-adapted approaches to the management of clinical trials of investigational medicinal products (see MHRA website to download the paper). Interestingly, the paper includes a section on documentation, including the content of the trial master file (TMF) and retention periods for documentation.

Given that the objective of the paper is to provide guidance in the adoption of risk adaptations to the management of trials, the guidance with regards to documentation is sadly lacking. In the area of retention periods, there is actually no guidance to risk adaptations at all. Furthermore, the paper does not even acknowledge the requirement contained in Directive 2003/63/EC for the sponsor to retain “all other documentation pertaining to the trial as long as the product is authorised“. I would have expected this document to outline the circumstances under which all documentation really needs to be retained for this extensive period and to provide guidance in the circumstances under which it might be considered acceptable to retain documentation for a shorter period of time, for example in relation to trials on established products. The option to destroy certain trial documents only 2 years following marketing approval would have been a significant step forward. Instead, the requirement still stands to retain all documents for the lifetime of the product, a period which bears little relation to patient safety and the statute of limitations.

In relation to TMF content, the paper goes a little further, identifying specific documents which might not necessarily be expected in the TMF for certain types of trials. Unfortunately, the documents cited usually form a very small percentage of the content/volume of a typical TMF so the impact is likely to be minimal. In addition, I would anticipate many sponsors preferring to have a single, consistent policy for TMF content to avoid inadvertently missing content. The paper would have had more impact if it permitted a risk adaptation for ancilliary correspondence, for project management documentation and for QC records such as the evidence of document review and approval. For some trials, these records have minimal impact in relation to verifying trial conduct and patient safety yet would have a major impact on the administrative burden of trial management.

From a records management perspective, this paper is welcomed as it acknowledges the important place that documentation has in clinical trial management. However, the content only begins to scratch the surface. I look with eagerness for an early revision of this document!

Posted in Compliance, Records management practice, Regulations, TMF | Leave a comment

Why Good Records Management Is Key

Authors: Eldin Rammell & Karen Redding (Phlexglobal Ltd)

The past year has seen significant consolidation of mid-size CROs, with many of them being bought or put up for sale. In particular, the top six or seven CROs seem to be signing
more preferred partner deals, such as Pfizer teaming with Parexel and ICON, and
Takeda’s deals with Covance and Quintiles, which is driving mid-size CROs
growth through major acquisitions. There has also been a big shift in
outsourcing services to preferred partnerships, with large CROs outsourcing
niche services to small CROs on a functional basis. Sponsors are also assessing
their current tasks and outsourcing those that require non-core expertise. One
niche area that companies do not always consider outsourcing is document control.
Document management is essential in the pharma industry but can be difficult to
optimise, so working with an outsourcing partner can be valuable.

Good records management

Good records management is crucial in the pharma industry. One of the most common
problems we see is individuals and teams retaining their own copy of documents
rather than utilising a single central source, preferably made available via an
electronic document management system (EDMS). In our highly regulated
environment, demonstrating the reliability and authenticity of documentation is
critical, so individuals making use of a central definitive source for their
records is particularly important. In addition, much time and money is wasted
through duplication and mismanagement of documents when carried out in an
uncontrolled manner.

In some industry sectors, management have introduced strict controls over where and how
documents may be saved. Some organisations, for example, prevent documents from
being saved anywhere except in an authorised EDMS. Perhaps this is one step too
far, but good document control is necessary to achieve regulatory compliance.

Another problem we often see is poor version control, particularly for draft documents. As there may be a need to demonstrate appropriate review of draft documents, it is essential that any review signatures and comments be unambiguously linked to the associated document. This requires a formal system of version control within the organisation.

Once a pharmaceutical process has been completed—whether
a clinical trial or the production of a batch of drugs—the only thing remaining
to demonstrate regulatory compliance is the documentation audit trail. This is
why adequate quality control is so important. It is not enough just to have a
record of what happened; regulatory authorities have an expectation that you
can demonstrate those records to be accurate, legible, contemporaneous,
original, attributable, complete, consistent, enduring and available when
needed (1). A well-designed quality system will ensure that documentation being
sent off to the archive is “fit for purpose”.

Poor quality control can be recognised when a sponsor is
notified of an impending regulatory inspection. All too often, there is a mad
panic as documentation is retrieved from various filing systems and hours are
spent checking files for completeness. This is wasted effort and diverts key
personnel from their core activities. A robust quality control system should
eliminate the need for these eleventh-hour activities and result in
inspection-ready files. Furthermore, quality control should ideally be embedded
within existing processes rather than being introduced as an additional
process. It is better to prevent poor quality records from being generated
rather than identifying poor quality records and having to expend effort in
fixing them.

The vast majority of regulatory requirements worldwide
actually say very little about records management, which has been a bone of
contention for years. On the one hand, records management professionals prefer
the need for explicit guidance so that there is assurance they are operating
within the permitted boundaries, but on the other hand, the lack of explicit
guidance gives freedom to define company-specific processes and systems.
However, it would be helpful for regulators to provide more specific guidelines
in areas that are troubling industry the most, particularly where they see
commonly occurring inspection deficiencies.

The bottom line is the need to have documented processes
and robust document management systems (either electronic or physical) that
permits the demonstration of the above-mentioned attributes. The most common
regulatory failures are an inability to locate requested documents (because
they have not been generated, have been lost or destroyed, or stuck in a
chaotic filing system) and poor quality records. Inspection findings related to
quality typically cite a lack of appropriate signatures, missing pages, and
missing document attributes, such as no page numbers, dates or document
reference identifiers. As previously stated, the best processes are ones where
quality is checked before a document is signed off or used; poor quality
records never find their way into the files as they are corrected before they
become final.

Meeting regulatory requirements

One of the key points to note is that few regulations
have thoroughly addressed the electronic environment that we are now working
in. As such, it is extremely important that organisations pay attention to the
predicate rules — those regulations and guidance documents that are applicable
to traditional hard-copy data and documents. Moving into the electronic arena,
perhaps the most important requirements are the need to use appropriately
validated systems (2) and to design data and document management systems that
maintain the integrity, authenticity and completeness of the content for the
full term of the retention period.

Regulations mandate that some data be retained for the
marketed life of a product. In these cases, it can be challenging to address
the potential problem of software, operating system and hardware obsolescence
(i.e., the ability to retrieve and read data in ten, twenty and thirty years’
time). One solution is data migration or the use of enduring file formats. Data
migration requires the regular transformation of data from one file format
and/or hardware platform to another across the retention period, ensuring each
data migration is complete, checked and fully validated. An alternative
approach is to choose a file format and storage medium that is likely to remain
accessible over the retention period, such as PDF/A, TIFF, ASCII or XML. This
is often a lower cost option, but can result in loss of metadata and
functionality, such as the inability to re-process data.

The challenge for industry is that whilst some guidance
on long-term electronic archiving exists (3) , guidance from the regulatory
agencies is sparse and often inconsistent. In the absence of guidance, the
recommended strategy is to adopt a risk-based approach in determining
electronic archiving solutions and processes. It is also essential that
decision-making processes are formally documented. This documentation should be
retained as part of the validation package, which may be requested in the event
of regulatory inspections.


1. EMA, “Reflection paper on expectations for electronic
source data and data transcribed to electronic data collection tools in
clinical trials” (June 2010). PIC/S, “Good Practices for Computerised Systems in
Regulated “GXP” Environments” (September 2007).

2. Guidance on the Archiving of Good Clinical Practice
Material (Scientific Archivists Group, September 2007).

First Published:

Posted in Records management practice, Technology, TMF | 1 Comment

Questions a Sponsor Should Ask a CRO

While I was browsing through my website analytics, I came across the above question that was entered into a search engine which in turn directed somebody to the website. It got me thinking what a great question it was! So, from a records management perspective, what ARE the questions that should be asked? Or put another way, what issues do you need a discussion on when contemplating outsourcing business activities? The list below is not comprehensive but might be helpful and should stimulate some discussion!

  • Do you have a written records retention schedule? Is it signed off by senior management? Is it known about across the organisation? Is it followed?
  • How are records managed whilst they are active? How is the reliability, authenticity, usability, integrity and confidentiality of records maintained?
  • How are records managed whilst they are inactive (archived)? How is the reliability, authenticity, usability, integrity and confidentiality of records maintained?
  • What rules, policies and procedures does the CRO have relating to the creation of records, including use of appropriate metadate to facilitate retrieval and retention, and avoiding the creation of records that violate laws such as tax, competition and anti-discimination laws?
  • In what format are electronic records maintained? How is their long-term accessibility guaranteed?
  • Exactly how and when will records be transferred to the sponsor? In what format? On what media? At what time points? What quality control will be undertaken to ensure transferred records are of an acceptable quality?
  • How are records transferred internally within the CRO and between the CRO and other parties? How is the reliability, authenticity, usability, integrity and confidentiality of records maintained?
  • What is the process for destruction of records? What controls ensure that records are not prematurely destroyed? How will records under Legal Hold be secured?

Can you think of any more questions?

Posted in Compliance, Records management practice | Leave a comment

eTMFs from your Contract Research Organization (CRO)

I was recently asked what happens at the end of a clinical project when the CRO managing the study wants to hand over an electronic trial master file (eTMF). The sponsor may not have an existing eTMF to take the records and sometimes the CRO offers remote access to the eTMF via a web link.

Actually, the situation is very similar to the use of an electronic data capture (EDC) system…. the same sort of questions should be asked and the same principles apply. Firstly, it is critical that pertinent questions are asked during pre-study discussions with the CRO and well before the study actually starts. The CRO and sponsor need to agree (a) in what format the documentation will be returned, (b) what medium will be used and (c) the timing of the transfer. The answers to those questions have many dependencies but one of the most important is whether or not the sponsor has a system that the eTMF data can be imported into. With the advent of the DIA TMF Reference Model, the possibility of electronic document interchange between systems is becoming a real possibility. However, for most sponsors and CROs, this is not usually possible.

Although CD-ROM or DVD are acceptable transfer media, I would not recommend them as archival storage media as their longevity is very questionable. If CD-ROM/DVD is used to transfer the eTMF between CRO and sponsor, the content should be integrated into the standard IT infrastructure of the sponsor once in-house i.e. transferred to an electronic archive store or to a secure network storage location where it will be regularly backed up.

I would not necessarily advocate relying on a web link provided by the CRO unless (a) the CRO could be relied upon to maintain the hardware/software in order to access the data across its lifetime and (b) there was a reliable internet connection. If these two requirements were satisfied, this could be an acceptable approach so long as the necessary service level agreements were in place and there was documented due diligence regarding the CRO and its systems. This really is just a form of Cloud storage.

The format of the eTMF is another important issue. If the data is not being integrated into an existing sponsor eTMF and the CRO are not providing and maintaining web access, then the eTMF needs to be transferred in a format which facilitates easy accee to the content over a long period of time. The data therefore needs to be system independent i.e. NOT saved as a docbase or database that is reliant on proprietary document management software for access but rather as a file structure of individual electronic documents, preferably saved in PDF/A format. Search portals can easily be built using products such as Microsoft’s SharePoint to access such data stores. As a last resort, the CRO could print down the content but this should really be avoided if at all possible!

Lastly the issue of timing. This is often overlooked during initial discussions between sponsor and CRO but there needs to be an agreement on when the transfer of the eTMF will take place. Also agreement on what content the CRO will remove and retain i.e. any CRO-specific content.

Make sure you have answers to these questions BEFORE your clinical trial starts…. not when you receive a CD-ROM in the mail from your CRO!!

Posted in e-records, Technology, TMF | 2 Comments

PDF/A Standard Now Uses PDF v1.7

The International Organisation for Standardisation has just released the second part of its standard for long-term digital preservation of documents, ISO 19005-2:2011. The first part of the standard (ISO 19005-1) was issued in 2005 and describes the file format PDF/A which is based upon v1.4 of the portable document format (PDF).

ISO 19005-2:2011 specifies the use of PDF 1.7, as formalised in ISO 32000-1, for preserving the static visual representation of page-based electronic documents over time. The additional features of this format include improved support for new document technologies such as JPEG2000 compression and transparency/layer effects. Importantly, it also has provision for embedding digital signatures in archived documents in accordance with the PDF Advanced Electronic Signatures standard. This will be of particular interest to organisations that need to preserve – and demonstrate – the integrity and authenticity of digitally signed documents over a long period of time for compliance or litigation purposes.

The standard is available for purchase from ISO for CHF 136.

Posted in Document Storage, e-records, Technology | 1 Comment

Are You Drowning in Email?

Whenever I chat with business colleagues, one of the most common issues that gets raised is that of email management: we’re receiving too much and spend too much time responding. Well, I just came across an “Email Charter” and thought it worth sharing with you all. It really is just common sense but as the authors point out, it needs the whole community to get behind the charter and start following the principles. I’ve listed below the 10 points of the charter but I’d encourage you to take a look for yourself at the whole content… it only takes a few minutes to read the whole charter.

  • Respect Recipient’s Time
  • Short or Slow is Not Rude
  • Celbrate Clarity
  • Quash Open-ended Questions
  • Slash Surplus cc’s
  • Tighten the Thread
  • Attack Attachments
  • Give These Gifts: EOM & NNTR
  • Cut Contentless Responses
  • Disconnect!

Must remember to start implementing! You can find the Email Charter here.

Posted in e-records, Records management practice | Leave a comment