The TrialKit platform is a product of Crucial Data Solutions, a U.S. corporation. TrialKit is used as a pharmaceutical and device data collection tool around the globe in all phases of research, post-market studies, and registries. In ongoing efforts to protect the integrity of data and maintain robust up-to-date security, Crucial Data Solutions follows several regulatory guidelines and modern scalable cloud environments for its data.
Regulatory Guidelines
US Food and Drug Administration US 21 CFR:
Part 11 – Electronic Records; Electronic Signatures
Part 312 – Investigational New Drug Applications
Part 820 – Quality System Regulations
HIPAA - Health Insurance Portability and Accountability Act of 1996
European Medicine Agency:
EudraLex, Volume 4, cGMP Medicinal Products for Human and Veterinary Use:
Annex 7 – Outsourced Activities
Annex 9 – Self Inspection
Annex 11 – Computerized Systems
Annex 15 – Qualification and Validation
International Standards:
GAMP 5 – A Risk-Based Approach to Compliant GxP Computerized Systems
GDPR – General Data Protection Regulations – EU Directive 95/46/EC
ICH E6 R1 - Guideline for Good Clinical Practice – CPMP/ICH/135/95
ICH E6 R2 - Guideline for Good Clinical Practice - Integrated Addendum
ICH Q9 – Quality Risk Management
ICH Q10 – Pharmaceutical Quality System
ISO 9001:2015 – Quality Management Systems
ISO/IEC 27001:2013 – Information Security Management
SOC Type 2 – Service Organization Controls
Storage
TrialKit Cloud networking and data storage employ 3rd party services provided by Amazon Web Services (AWS) around the globe, for both primary hosting and data backup/recovery.
Location of data hosting location is determined at the time of study licensing and is indicated on the agreement along with any applicable contracts and addendums required by the client or regulatory authorities.
As of August 2020, Crucial Data Solutions (CDS) is contracted with the following AWS facilities:
EU West - Ireland
EU West - Paris
US East - Ohio
US West - Oregon
Processing, Security, and Reliability
AWS is a well-known and reliable provider of SOC and HiTrust-certified hosting and networking services. Read more about compliance programs here.
The sub-services configured by CDS within the AWS VPC boundaries are:
RDS for PostgreSQL databases
Ec2 virtual servers
S3 for backups and logs
SNS for notifications
Data connections and storage are encrypted using the healthcare industry-standard AES 256/TLS 1.2 SSL and 2048-bit RSA public keys. VPN and Firewall ACLs control access at the cloud level. Network vulnerability assessments and penetration testing are performed routinely.
Client data on the TrialKit cloud is stored in isolated schemas within the database. Access to the data within a schema is managed directly by the named client Administrators or other user-defined permission role levels. Audit trails display the history of user roles and permissions along with the last access.
User-based Application-level security uses 2-factor authentication and optional Oauth2 single sign-on tools.
Private cloud environments configured and managed by CDS are available.