Compliance FAQ

Question: What certifications does Trial Interactive and any service or hosting providers hold that are applicable to Trial Interactive?

Answer: AWS, the selected hosting provider, provides virtual servers in their own SSAE 16 SOC 2 (formerly SAS 70) data center that is configured per Trial Interactive specification and requirements during the deployment and configuration process. Once the software is deployed, the application is managed according to Trial Interactive policies and procedures, including the SDLC and Change Management processes.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Are there any additional requirements that a customer will need to complete to remain compliant with the EU 95/46 data privacy directive?

Answer: No. Trial Interactive will continue to operate as a Data Processor and our customers will remain Data Controllers. Trial Interactive neither adds nor subtracts any requirements beyond those normally assigned to a data controller.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Is Trial Interactive compatible with new European GDPR privacy regulations?

Answer: Yes. TransPerfect and Trial Interactive is fully compliant with GDPR, and several critical processes, such as the right to be forgotten and privacy breach, are part of Trial Interactive's manual of procedures.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Is the Trial Interactive implementation of Electronic Signatures compliant with Electronic Record/Electronic Signatures regulations and guidance (e.g., US FDA 21 CFR Part 11)? If yes, describe.

Answer: Yes. Trial Interactive provides system controls necessary to meet Title 21 CFR Part 11 compliance for Electronic Records and Electronic Signatures. A separate document is available that provides specific discussions around this compliance, as well as any applicable GxP regulations. In addition, Trial Interactive provides system and infrastructure controls necessary to meet Europian regulations Annex 11, as well as Japenese and global regulations commonly known as ER/ES (Electronic Records / Electronic Signatures).

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Besides the Trial Interactive report and acceptance of the User eSignature agreement, does Trial Interactive make it easier for customers to meet the agency requirement for eSignature agreements?

Answer: The report may be used to easily maintain these agreements with the agencies. For example, the FDA accepts one certificate from an organization (vs. requiring individual certificates from each person or User) provided the certificate makes it clear what Clinical Site Users will be covered by the certificate. The preambles to the regulation explain 21 CFR 11.100, in that the most responsible organization can submit one certificate that covers all of the external organizations where persons will use electronic signatures (http://www.fda.gov/ora/compliance_ref/part11/frs/background/11cfr-fr_03.htm) A single certification may be stated in broad terms that encompass electronic signatures of all participants, thus obviating the need for subsequent certifications submitted on a pre-established schedule. Example certification: "Pursuant to Section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that [name of organization] intends that all electronic signatures executed by our employees, agents, or representatives, located anywhere in the world, are the legally binding equivalent of traditional handwritten signatures."

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: What is the Trial Interactive Privacy Policy?

Answer: A privacy policy is a legal document that discloses how a party retains, processes, discloses, and purges customer's data, such as emails, personal information, credit card details, etc., and is standard fare for online websites and applications. The Trial Interactive privacy policy is the same as TransPerfect's and delivered with the product via a link and states that information obtained will be only used for internal business purposes, and not shared with third parties except for relevant Users/customers for the purposes of managing a clinical process.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: What will Trial Interactive do with all this Trial Interactive User data?

Answer: Trial Interactive is deployed and managed as a multi-tenant SaaS application, providing our customers with a highly scalable and accessible platform for eTMF. Trial Interactive can use a multi-tenant architecture that allows efficient sharing of application software and hardware resources, while providing complete partitioning of each customer's data and local Trial Interactive connection.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Are all uploaded documents stored in a secure and reliable location? Are they protected from attacks and theft?

Answer: Yes. All document attachments are carefully checked for virus and trojan attacks, and are encrypted in-place within Trial Interactive, and in-transit outside the Trial Interactive service.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Please describe your documentation strategy related to company quality policies, Standard Operating Procedures (SOPs), guidelines (e.g., working practices, Work Instructions (WI), and policy. Documents that outline, in general terms and not step-by-step instructions, how specific GCP aspects (such as documentation, training, software development controls) are implemented. Are employees and contract staff trained on new or modified SOPs?

Answer: An SOP is a step-by-step sequence of instructions for how to perform operational processes or activities that were described in general terms in a policy statement.

Trial Interactive requires all employees to be trained in procedures that impact their job role. Re-training is mandatory whenever applicable SOPs are updated. Some members of the staff are trained on applicable regulations as they apply to a particular job role. Trial Interactive' staff regularly attends seminars in their area of focus, subscribe to publications, utilize the internet news feeds and blogs and attend user group meetings.

As part of Trial Interactive quality system documentation, SOPs are under the direct control of our quality assurance organization. Departmental managers responsible for given procedures are the only one with the authority to approve changes to these procedures. Internal staff that is required to utilize procedures are trained as per the Trial Interactive training matrix. Customers may review procedures in an audit setting only with direct supervision of the Trial Interactive Quality Assurance organization, procedural documents are not distributed outside of the Trial Interactive environment.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-

Question: Does Trial Interactive accommodate customers for software audits? How will this process work?

Answer: Trial Interactive will ensure the appropriate level of security and privacy measures are in place at the third party through vendor audit and formal assessment procedures. As per the Trial Interactive audit policy, customers may visit the corporate office for formal audits of our policy and procedures. An audit of the remote hosting facility is accomplished primarily through standardized documentation such as the SSAE 16 SOC 2 assessment.



––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-Question: What is the process for Certified Copy Validation?

Answer: Each scanned record is visually inspected to ensure that the image is complete, clear, and usable. Scanned records are compared to the original paper document to ensure accuracy; as an exact copy having all the attributes and information as the original. Also, the number of original paper documents is compared to the number of scanned records to ensure that every document was scanned. The document is checked for doubled-sided pages to ensure that they are not missed.

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Is Trial Interactive ICH-EC-R2 compliant?

Answer: Yes, Trial Interactive is ICH-EC-R2 compliant. This regulation focuses are several major things with respect to the eTMF:

- Certified Copy: TI fully supports and meets all Certified Copy requirements, and TI keeps all the same document attributes as the original copy.

- Minimum List of Essential Documents: This list is reflected in the latest versions of the eTMF specification and the TI eTMF Room Configuration Standards. where this list is encoded as Required Documents in the eTMF.

- Retention Time: ICH-EC-R2 requires record retention of a minimum of 15 years, to support marketing applications. Trial Interactive meets this requirement, as all data and content records in the retired instance are retained by TP for a period of five years or longer if required by applicable law or regulation.