S
Greetings!
I work for an Electronic Data Capture (EDC) software company serving clinical trials. Our record retention policy for customer data collected via our system mirrors the essential requirements of QSR and ISO.
We just had a customer request that we destroy their data once the study closes and they have collected it. We would of course be willing to make an exception to our internal retention policy at customer request (with that decision documented in the contract, etc.) but I am wondering if that would put us in violation of the FDA retention policies.
What I have been able to find reading through related sections is that under most circumstances the data has to be available where it was created, and that ultimately the sponsor and CRO have responsibility for it. But this doesn't directly answer whether we can, even at customer request, destroy what amounts to our copy of their data.
Any advice on this would be gratefully accepted. Thanks for your time and consideration.
Regards,
Gareth Storm
I work for an Electronic Data Capture (EDC) software company serving clinical trials. Our record retention policy for customer data collected via our system mirrors the essential requirements of QSR and ISO.
We just had a customer request that we destroy their data once the study closes and they have collected it. We would of course be willing to make an exception to our internal retention policy at customer request (with that decision documented in the contract, etc.) but I am wondering if that would put us in violation of the FDA retention policies.
What I have been able to find reading through related sections is that under most circumstances the data has to be available where it was created, and that ultimately the sponsor and CRO have responsibility for it. But this doesn't directly answer whether we can, even at customer request, destroy what amounts to our copy of their data.
Any advice on this would be gratefully accepted. Thanks for your time and consideration.
Regards,
Gareth Storm