Regulatory Compliance FAQ

Question: What certifications does Trial Interactive and any service or hosting providers hold that are applicable to Trial Interactive?

Answer: AWS, the selected hosting provider, provides virtual servers in their own SSAE 16 SOC 2 (formerly SAS 70) data center that is configured per Trial Interactive specification and requirements during the deployment and configuration process. Once the software is deployed, the application is managed according to Trial Interactive policies and procedures, including the SDLC and Change Management processes.

Question: Are there any additional requirements that a customer will need to complete to remain compliant with the EU 95/46 data privacy directive?

Answer: No. Trial Interactive will continue to operate as a Data Processor and our customers will remain Data Controllers. Trial Interactive neither adds nor subtracts any requirements beyond those normally assigned to a data controller.

Question: Is Trial Interactive compatible with new European GDPR privacy regulations?

Answer: TransPerfect QA is currently looking closely at GDPR to understand the impacts on our business. At this time, we do not anticipate any major effort necessarily to ensure compliance for ourselves and our customers. When we complete our analysis we will inform customers about any impacts that we find, and provide a statement on our compliance assessment.

Question: Is the Trial Interactive implementation of Electronic Signatures compliant with Electronic Record/Electronic Signatures regulations and guidances (e.g., US FDA 21 CFR Part 11)? If yes, describe.

Answer: Yes. Trial Interactive provides system controls necessary to meet Title 21 CFR Part 11 compliance for Electronic Records and Electronic Signatures. A separate document is avaialble that provides specific discussions around this compliance, as well as any applicable GxP regulations.

Question: Besides the Trial Interactive report and acceptance of the User eSignature agreement, does Trial Interactive make it easier for customers to meet the agency requirement for eSignature agreements?

Answer: The report may be used to easily maintain these agreements with the agencies. For example, the FDA accepts one certificate from an organization (vs. requiring individual certificates from each person or User) provided the certificate makes it clear what Clinical Site Users will be covered by the certificate. The preambles to the regulation explain 21 CFR 11.100, in that the most responsible organization can submit one certificate that covers all of the external organizations where persons will use electronic signatures (http://www.fda.gov/ora/compliance_ref/part11/frs/background/11cfr-fr_03.htm) A single certification may be stated in broad terms that encompass electronic signatures of all participants, thus obviating the need for subsequent certifications submitted on a pre-established schedule. Example certification: "Pursuant to Section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that [name of organization] intends that all electronic signatures executed by our employees, agents, or representatives, located anywhere in the world, are the legally binding equivalent of traditional handwritten signatures."

Question: What will the Trial Interactive Privacy Policy be?

Answer: A privacy policy is a legal document that discloses how a party retains, processes, discloses, and purges customer's data, such as emails, personal information, credit card details, etc., and is standard fare for online websites and applications. The Trial Interactive privacy policy will be the same as TransPerfect's and delivered with the product via a link at the bottom of the screen, and will basically state that information obtained will be only used for internal business purposes, and not shared with third parties except for relevant Users/customers for the purposes of managing a quality process.

Question: What will Trial Interactive do with all this Trial Interactive User data?

Answer: Trial Interactive is deployed and managed as a multi-tenant SaaS application, providing our customers with a highly scalable and accessible platform for eTMF. Trial Interactive can use a multi-tenant architecture that allows efficient sharing of application software and hardware resources, while providing complete partitioning of each customer's data and local Trial Interactive connection.

Question: Are all uploaded documents stored in a secure and reliable location? Are they protected from attacks and theft?

Answer: Yes. All document attachments are carefully checked for virus and trojan attacks, and are encrypted in-place within Trial Interactive, and in-transit outside the Trial Interactive service.

Question: Please describe your documentation strategy related to company quality policies, Standard Operating Procedures (SOPs), guidelines (e.g., working practices, Work Instructions (WI), and policy. Documents that outline, in general terms and not step-by-step instructions, how specific GCP aspects (such as documentation, training, software development controls) are implemented. Are employees and contract staff trained on new or modified SOPs?

Answer: An SOP is a step-by-step sequence of instructions for how to perform operational processes or activities that were described in general terms in a policy statement. A Restricted Document is a document that facilitates carrying out a process and therefore needs to be readily available to personnel in the performance of their job duties, but which is not a Controlled Document and therefore not subject to the same level of control. Examples include Work Instructions, training materials, job aids, and external standards such as programming guides.

Trial Interactive requires all employees to be trained on procedures that impact their job role. Re-training is mandatory whenever applicable SOPs are updated. Some members of the staff are trained on applicable regulations as they apply to a particular job role. Trial Interactive' staff regularly attends seminars in their area of focus, subscribe to publications, utilize the internet news feeds and blogs and attend user group meetings.

As part of Trial Interactive quality system documentation, SOPs are under the direct control of our quality assurance organization. Departmental managers responsible for given procedures are the only one with the authority to approve changes to these procedures. Internal staff that are required to utilize procedures are trained as per Trial Interactive training matrix. Customers may review procedures in an audit setting only with direct supervision of the Trial Interactive Quality Assurance organization, procedural documents are not distributed out side of the Trial Interactive Application Services environment.

Question: Will Trial Interactive accommodate customers for software audits? How will this process work?

Answer: Trial Interactive will ensure the appropriate level of security and privacy measures are in place at the third party through vendor audit and formal assessment procedures. As per Trial Interactive audit policy, customers may visit the corporate office for formal audits of our policy and procedures. An audit of the remote hosting facility is accomplished primarily through standardized documentation such as the SSAE 16 SOC 2 assessment.