Castor EDC allows researchers to collect and manage data in accordance with the Good Clinical Practice (GCP) guidelines . Because it can prove difficult for researchers to figure out how those rules and regulations operate, we will provide you with a detailed outline. First, we will explain what GCP is, which organisations are involved, when you are required to work in accordance with GCP, what the implications are for the researcher with regards to data management, and finally, we will answer some Frequently Asked Questions.
What is GCP?
Good Clinical Practice (GCP) is an international ethical and scientific quality standard for designing, conducting, recording and reporting trials that involve the participation of human subjects. 
Who makes the GCP rules?
The International Conference on Harmonisation for Technical Requirements for the Registration of Pharmaceuticals for Human Use (ICH) set up the worldwide GCP rules. These rules have remained the same since 1996 . Subsequently, the rules are turned into guidelines by local registration authorities.
When does your study have to meet GCP criteria?
Strictly speaking, only intervention studies in which medicine is administered have to meet GCP criteria. Regardless, it is advisable to follow GCP guidelines for all intervention studies.
Who has to meet GCP criteria?
The GCP guidelines apply to the sponsor (the person authorising or initiating the study) and the researcher who is executing the study. In investigator initiated studies the sponsor and researcher are one and the same person, which means that this person has to follow the guidelines for both roles.
In terms of data management, what should you pay attention to?
GCP only has data management requirements for the sponsor, not for the researcher. The researcher is, however, required to abide by the rules set by the sponsor. When electronic systems are being used for entering research data, the sponsor must make sure that:
- A “validated” system is being used. This is a system that meets the demands of the sponsor in terms of completeness, accuracy, reliability, and consistent intended performance;
- Standard Operating Procedures (SOPs) for the use of the systems are maintained;
- All initially entered data and all the changes are saved (audit trail, data trail and edit trail);
- There is a security system in place that prevents unauthorised access to the data;
- A list is maintained of all individuals who are authorised to make data changes;
- Data are adequately backed up and can be retrieved from the archive;
- The randomization blinding is safeguarded;
- An unambiguous identification code is used for subjects;
- A reason is always indicated when changes are made in a patient’s CRF;
- The data are stored for at least 2 years (or more depending on local laws).
Castor EDC meets all these requirements, which has been confirmed by Profess Medical Consultancy, the company that audited Castor EDC. We offer detailed information about how Castor EDC fulfills these requirements on the Good Clinical Practice page.
Frequently Asked Questions (FAQs)
Many research institutions have other rules besides the GCP guidelines. Moreover, it is not always entirely clear what GCP means and what its consequences are for data management. To make the various rules and regulations as transparent as possible, we will answer some Frequently Asked Questions (FAQs).
FAQ 1: can personal details be stored ‘with’ medical data?
Officially, data do not have to be separated, as long as they are properly secured. In principal, Castor EDC does not save personal details. It is the researcher’s responsibility to keep a record of these in a local linkage file, which refers to the anonymous record IDs in Castor EDC. Patients’ email addresses that can be used when sending out surveys form an exception to this rule. These email addresses are encrypted before storage, so they are properly protected and inaccessible to unauthorized persons.
FAQ 2: do the data have to be saved ‘within the walls’ of the institution?
GCP does not prescribe where data should be stored. The most important thing is that the data are properly protected.
The Castor EDC servers are managed by TRUE, which is a data centre that is ISO27001 and ISO9001 certified by Lloyd’s Register Quality Assurance. However, if storage within the research institute is required, we are open to discussing how we can set this up.
FAQ 3: can a data collection system, which is renewed as often as Castor EDC, continuously meet the GCP validation requirements?
It isn’t necessary for the sponsor to validate an electronic system every time it is updated to a newer version. However, the sponsor must be satisfied with the supplier’s quality processes. Profess Medical Consultancy audited Castor for GCP, and proved that all these processes are in order. The audit is repeated yearly. Through manual and automated tests we execute the validation for our users, with sophisticated (automated) processes that are technically very difficult for a sponsor to replicate.
FAQ 4: can an eCRF be used as a source document?
If the research findings were initially recorded in an eCRF, the eCRF can be used as a source document. A certified copy of the eCRF (signed with the date and signature of the researcher) can be recorded in the status, saving researchers from having to type up the eCRF data in the patient’s status later. Castor EDC covers this through the Electronic Signing and Lock Record features.