The guideline has been adopted by the GCP Inspectors Working Group (GCP IWG) on 6th Dec, 2018, published on the EMA website on 18th Dec, 2018 and will come into effect in 6 months time - on 18th June, 2019.
According to the agency, the "guideline is intended to assist the sponsors and investigators/institutions in complying with the requirements of the current legislation (Directive 2001/20/EC and Directive 2005/28/EC), as well as ICH E6 Good Clinical Practice (GCP) Guideline ('ICH GCP guideline'), regarding the structure, content, management and archiving of the clinical trial master file (TMF)". The guidance also applies to legal representatives and contract research organizations (CROs), including any third party such as vendors and service providers to the extent of their assumed sponsor trial-related duties and functions.
To ensure continued guidance once the Clinical Trials Regulation (EU) No. 536/2014 (CTR) comes into application, this guidance already prospectively considers the specific requirements of the CTR with respect to the TMF.
Regarding Data Integrity, the guideline states the following:
Sponsor/CRO electronic TMF (eTMF)
eTMFs should enable appropriate security and reliability, ensuring that no loss, alteration or corruption of data and documents occur. The primary eTMF is a system for managing documents that should contain the controls listed below:
secure passwords for users;
a system in place locking/protecting individual documents or the entire eTMF (e.g. at time of archiving) to prevent changes to documents;
periodic test retrieval or restores to confirm the on-going availability and integrity of the data;
an audit trail in place to identify date/time/user details for creation and/or uploading deletion of and changes to a document;
role-based permissions for activities being undertaken, such as restricted access to files/documents (e.g. randomization codes and unblinded adverse event data);
the suitability of the system for archiving purposes should be appropriate;
the principles above should also apply to any electronic systems defined as part of the TMF (e.g. SOP management system, e-mail central repository).
The eTMF systems should be validated to demonstrate that the functionality is fit for purpose, with formal procedures in place to manage this process. All staff members involved in the conduct of the trial and using the system should receive appropriate training. Metadata (e.g. audit trails) should be archived so that the contained metadata can be retrieved as usable datasets. Any migration of data and documents should be verified to ensure longterm readability and to maintain integrity. PDF files generated from dynamic data files in other systems (e.g. IMP shipping and monitoring visit reports) might be uploaded to the primary TMF system; if so, the original dynamic file should be retained in the original system (i.e. IRT, CTMS).
If an investigator/institution eTMF is used, the following requirements should be taken into consideration:
A complete investigator TMF should be available before, during and after a trial, and accessible under the control of the investigator/institution, independent from the sponsor.
The documentation in the investigator TMF includes some source documents containing personal data that enable the data subjects to be directly identified (i.e. direct identifiers of trial subjects).
The uploading of any investigator/institution-generated essential documents onto a sponsor/CRO maintained eTMF system bears the risk that the investigator has no control of and no continuous access to its documents. If an eTMF is to be used for such documents, the contractual arrangements for the system and the hosting of the data should identify the investigator/institution as owner of/responsible party for these documents.
The investigator/institution is responsible for the suitability of the investigator TMF. Regardless of what arrangements are put in place for an eTMF, they should ensure that this responsibility can be fulfilled and that the investigator/institution maintains continuous access to and control of the files and their documents. If a third party eTMF is used, there should be assurance that the investigator/institution can fulfil their responsibility.
Many documents within the investigator TMF are those provided by the sponsor (e.g. protocol, IB, procedural manuals, etc.). Access to these documents as a part of the sponsor eTMF could be archieved by providing access to a web portal, or by the sponsor uploading them to the investigator/institution eTMF directly. In this situation, there should be procedures and controls in place that demonstrate at all times when versions of documents were made available and when these documents were accessed (e.g. through an audit trail) and implemented by the investigator/institution.
All agreements should include provisions for the situation that any of the parties mentioned above are going out of business and how the integrity and accessibility of the complete investigator TMF will be maintained throughout the required archiving period.
Remote access by sponsor or CRO personnel to the investigator TMF should only be possible to documents in which personal data that enable the data subjects to be directly identified (i.e. direct identifiers of trial subjects) is not present or has been pseudonymized.
Quality of TMF
The CTR states "The clinical trial master file shall at all times contain the essential documents". The sponsor and/or investigator/institution should implement risk-based quality checks (QCs) or review processes to ensure the TMF is being maintained up-to-date and that all essential documents are appropriately filed in the TMF. Areas to consider during QCs and review include the following:
all essential documents generated available in the TMF;
documents filed in the appropriate locations;
documents added to the TMF in a timely manner;
documents correctly indexed;
documents only accessible according to the assigned roles and permissions;
audit trail review (for eTMF);
adequate risk-based document-level QC, for certified copies;
routine QA measures, e.g. system audits of TMF-management processes (sponsor);
ensure the TMF is readily available and directly accessible to the competent authority, e.g. for inspection purposes (sponsor).