Validated Cloud operations and validation practices are in alignment with the European Medicines Agency’s (EMA) Guideline on computerized systems and electronic data in clinical trials.

Re: EMA/INS/GCP/112288/2023 Good Clinical Practice Inspectors Working Group (GCP IWG) and https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/guideline-computerised-systems-electronic-data-clinical-trials_en.pdf

This guideline is a very prescriptive approach to compliance and the expectations of service providers, data handling and computerized systems. Key takeaways include (but are not limited to) alignment with ICH E6 (R2) for all involved parties, version control and audit trails, geographic disaster recovery for data protection, quality management systems being in place with sponsors and service providers, and validation that aligns with intended use and business processes.

For life science companies that plan to market or are already marketing products in the EU, it is imperative your company aligns with the guideline and verifies all service providers involved in the clinical data handling also align with the guideline. The EMA inspectors are highly skilled when it comes to auditing computerized systems and identifying the gaps in a sponsor’s knowledge of service providers’ validated solutions and data stewardship.

The most welcome part of the guideline is the carveout for GDPR data that is part of clinical trials. The idea of pulling GDPR data out of active and/or completed clinical trials made no sense. The guideline is heavy on security expectations, and these sections should be evaluated in-depth for all parties handling clinical data.

EudraLex Annex 11 was a very high-level directive. This guideline puts the much-needed detail on the intent of Annex 11. A strong example of this is periodic review. Validated Cloud as a service provider is accustomed to periodic vendor requalification. Few customers have engaged us for periodic reviews of their validated systems.

The guideline becomes effective six months from the March 7, 2023 issuance date. This is not a lot of time to make sure all parties handling clinical data align with this guideline.

About Validated Cloud:

Validated Cloud is 21 CFR Part 11/820, EU Annex 11 compliant and hosted in an SSAE SOC Type 2 Datacenter. Validation Cloud provides compliance and IT support, which takes the burden off of our customers’ daily to-do lists. Our customers are free to focus on working with Empower and data. Validated Cloud is the regulatory inspection insurance, as it defends and will defend everything we do to regulatory authorities.