It is very nice to visit Lambda facility and thanks to warm welcome provided by all the teams. I can easily say one of the best CRO I ever visited. People here are wonderful and doing great job

Reputed Client of Israel

Awesome hospitality & fantastic office. All the best!

Reputed Client of Japan

Excellent hospitality and cooperation received throughout the audit. People are knowledgeable and extremely transparent. Looking for long time relation

Reputed Client of Asia

Facility is too good to conduct the BABE studies and adherence to protocol and quality assurance in conducting studies are meeting sponsor expectations and requirements.

Reputed Client of India

Facility is good, people r trained well and know the subject on which they r working. All the best.

Reputed Client of USA

Highly innovative and advanced research centre that possess bright future for the development of the country.

Reputed International Government Body

It is one of the best facility in India for BA/BE

Reputed Regulatory Authority

Lambda is a very professional CRO. All the staff here are experienced and very knowledgeable. I'm grateful for their accommodations and hospitality. The future, if we want to carry out BE study, we will ask Lambda help again.

Reputed Client of Europe

It was a really pleasant meeting with the PV department, and I am looking forward to the next visit.

Reputed Client of Europe

Amazing and best CRO I ever seen

Reputed Client of China



Home / Blog

Data security

01 Feb 2019

In the current global scenario, the Clinical Research industry has adopted online data acquisition methods using EDC clinical data management systems (CDMS), IVRS/IWRS, ePRO, etc. Sponsor pharmaceutical companies or CROs are mainly involved in conducting trials, gathering the research data from sites and patients/subjects, and processing the data. Because these research data are highly confidential and subjects’ data privacy rights are also involved, appropriate data security measures must be taken to protect the data from loss and theft.

To meet the data security measures to protect the research data, multiple levels of access control should be in-place like physical access of data storage and logical access control.


Physical and logical access of data storage (Data servers)

All computerized systems used for data acquisition and processing should be installed on servers located at secured locations where physical access to the server(s) are access controlled (by lock and key or by logical access controls like access card or biometrics) and only authorized personals should be able to access the server area. Logs for all admissions to such area should be maintained because network security starts at the physical level. All such server rooms should also be equipped with environmental factor controllers (i.e., extensive heat, dust, fire, power, etc.), and environment sensors should also be in-place to trigger alarm if there is any significant change in the controlled environment.

Data servers should be equipped with anti-virus and fire-wall protections to nullify external threats. If there are any attempts for data theft or accessing the data from hackers, it should trigger firewalls and all such incidents must be analysed further.


Data back-up

Backing up important data is an essential element in disaster recovery, and data must be backed up as per the defined frequency. It is recommended to keep a set of backups off-site at a secured location and one must take care to ensure that the backup servers are secured at the offsite location.  Periodic review of the backup data is also essential to ensure required data recovery.


Validated computerized system

The computerized system used in data acquisition and processing must be validated and should have all measures to comply with 21 CFR PART 11 requirements. All transactions in the system must be audit trailed and all the data transactions should be re-producible at any point of time. Appropriate documentation of system validation must be ensured. If any significant changes are made (update) in the computerized system, they must be released after proper validation which ensures data security that is already available in the system. The system should be able to provide role based access to the users where-in users can only perform activities which they are intended to do. Access rights for each role should be pre-defined and appropriately documented.


Data security at user level

In order to achieve data security at the user level, several procedural controls are also needed. Procedural controls include providing access to only trained individuals involved in the activity/process and maintaining confidentiality of the user credentials (user ID and password).

User access management (it includes creation of user profile, modification of profile, and revocation of the user) should be handled by an authorized individual or an authorized group of people. And creation, modification and revocation of the user profile should be performed upon receiving the request from the designated authority.

All users should understand that their electronic signatures (ID and password) are equivalent to their hand written signatures and they are responsible for the data. Users of the system must not share their user ID and password with anyone in any case. If at any point of time they feel that their password is compromised, the system administrator should be immediately informed and the password changed. If any individual leaves the organization, his/her access to the system must be revoked immediately upon departure from the organization.

Overall, considering the importance of patient privacy and criticality of scientific research, data security is considered an essential element of clinical research.

Looking for a Globally Proven Research Partner?

Contact Us