Submitted by on
Home> Guides> Life Sciences> Controlled External File Sharing for Contract Research Organizations

Home > Controlled External File Sharing for Contract Research Organizations

Controlled External File Sharing for Contract Research Organizations

Share this Page

Comply with Critical Regulations

Nearly all countries where clinical trials will be conducted have laws that govern clinical trials. Following is a summary of a few critical regulations for clinical trials that necessitate external file sharing solutions for CRO. These regulations are in place to ensure the quality and reliability of data submitted to the FDA in support of research or marketing applications and protect subjects’ safety, rights, and welfare.

Federal Drug Administration  

Title 21 of the Code of Federal Regulations (21 CFR) includes most of the regulations that require the use of external file sharing solutions for CRO. Several of the most pertinent are as follows.

21 CFR Part 312 Subpart D Section 52 

The Food and Drug Administration (FDA) defines and regulates contract research organizations (CROs). 21 CFR 312.52 Subpart D, transfer of obligations to a CRO, specifies that the FDA may hold a CRO directly responsible for any sponsor obligations it assumes under an investigational new drug application.

The best external file sharing solutions for CRO enable users on both sides to securely upload, download, share, and collaborate on content.

21 CFR Part 11

Regulations that cover electronic records, electronic signatures, and the personnel who use electronic records and signatures are covered in 21 CFR 11. Included in 21 CFR 11 are the specific rules that detail how digital solutions can be used in lieu of or in addition to paper records. 21 CFR 11 is one of the primary drivers for external file sharing solutions for CROs as it specifies the requirements for the retention, submission, integrity, and confidentiality of digital records used by life sciences organizations and CROs.  

21 CFR Part 820

21 CFR Part 820 is a part of the FDA’s current good manufacturing practice (CGMP) guidelines for developing medical devices. It governs the methods, facilities, and controls used for medical device design, manufacturing, packaging, labeling, storage, installation, and service. 21 CFR 820 details document controls requirements for approval, distribution, and changes, which are best managed with an external file sharing solution for CRO.

21 CFR Part 515

Under 21 CFR Part 515, Class III medical devices (i.e., ones that sustain or support human life, are important in preventing the impairment of human health, or present a potentially unreasonable risk of injury or illness ) must undergo a stringent Premarket Approval Application (PMA) process.

A PMA is the process of scientific and regulatory review outlined by the FDA to assess the safety and effectiveness of Class III medical devices. This requires strict documentation and protection of the related records to provide “sufficient valid scientific evidence to assure that the device is safe and effective for its intended use(s).” External file sharing solutions for CRO support the PMA process.


The International Conference for Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH) issued the ICH Guidelines Guideline for Good Clinical Practice (ICH-GCP) to provide an international standard for good clinical practice guidelines.

ICH-GCP was created by representatives of authorities and pharmaceutical companies from Australia, Canada, the European Union (EU), Japan, the Nordic countries, the United States, and the WHO. The FDA has also adopted the ICH-GCP. Three parts of ICH-GCP necessitate external file sharing solutions for CRO. First, “all clinical trial information should be recorded, handled, and stored in a way that allows accurate reporting, interpretation, and verification.” Second, “Systems with procedures that assure the quality of every aspect of the trial should be implemented.

Aspects of the trial that are essential to ensure human subject protection and reliability of trial results should be the focus of such systems.” And, any alteration to the content of the electronic trial master file (eTMF) shall be traceable.” The eTMF should provide for document identification, version history, search, and retrieval1, and it must be archived to ensure that it is readily available and directly accessible upon request to the authorities of the Member States.

European Medical Devices Regulation (EMDR)

European Medical Devices Regulation (EMDR) has increased the requirements for clinical research related to medical devices. External file sharing solutions for CRO help manage the required recordkeeping, reporting, and compliance audits.

How to Create a Common Data Environment?

Common data environment (CDE) requirements vary by organization, but the following are some best practices and considerations. These guidelines for how to create a common data environment will help regardless of the size or complexity of the implementation.

Build a Team 

Before beginning to create a common data environment, assign an information manager. A common data environment will require vast amounts of data to be gathered from many different sources. Then, as projects progress, the data will need to be kept current, and data fidelity will need to be maintained. Having a dedicated information manager will ensure data quality and make it easier to support integration with other applications and systems.  

A team should be built to support the development of the common data environment. Team members should possess strong management and technical skills as well as the ability to work collaboratively.  

Define Roles and Responsibilities

Taking time to define roles and responsibilities clearly will help get the most out of the team. Specificity is important both for tasks and functions. It is also important for security purposes, as this process should include the assignment of access privileges.  

Establish Conventions 

ISO 19650 requires the use of a standard naming convention. In addition to meeting compliance mandates, establishing a naming convention simplifies and streamlines the organization and storage of information. With standard naming conventions in place, users of the common data environment are able to find and share information more quickly. When defining naming conventions, it is worth the extra time to align them with those of partners and others in the ecosystem. 

As part of establishing conventions for the common data environment, the data architecture, such as file formats, needs to be included. It should also cover the file structure protocols. 

Create Workflows 

Every step for using the common data environment should be clearly defined and documented, with particular attention paid to the approval and sign-off process. Templates can be used to lay out requirements and make it clear what information is required for each phase of a project and which team owns each phase. This helps streamline handoffs between phases.  

Implement Access Controls and Data Security

To protect sensitive information, granular access controls should be used for a common data environment. Users should be granted access to the information that they need and nothing more. In addition, access should have a time limit. That is, access privileges should be revoked when they are no longer required for the project.

Data security is also a must for a common data environment. This should include encryption and data recovery.

Integrate with the Building Information Modeling (BIM) System

The common data environment acts in a BIM as the single source for project-related data. From here, architecture, engineering, and construction (AEC) stakeholders involved in the project can store, manage, and modify the information.

Enhance Your Organization’s CRO Exchanges

Controlling how data is shared is critical for successful CRO-sponsor engagements. The large volumes of data generated during any clinical trial create challenges for remote collaboration, with much of the data collected being highly sensitive. 

CROs are tasked with collecting and managing large datasets and making them available for external stakeholders to access, review, analyze, modify, and approve the data. To do this, they need visibility into the version history of each file to ensure that stakeholders are working with the most up-to-date material. When work is complete, the CRO must be able to send the data back to the sponsor securely. 

This is only possible with the right technology and processes. Without it, the integrity and security of the data are at risk, putting the CRO in jeopardy of falling out of compliance or falling victim to a security breach during data exchanges.  

External file sharing solutions for CRO help meet expectations for taking responsibility to be a reliable partner to the sponsor in executing a clinical trial, ensuring security and compliance as data is passed between CRO and sponsor stakeholders.

External file sharing solutions for CRO also help with various important functions, such as writing the study protocol, collecting and submitting data to the FDA, and documenting the monitoring sites throughout the study. Using external file sharing solutions for CRO ensures that the right tools are in place to share trial data and collaborate with the sponsor securely.

Having an external file sharing solution for CRO helps answer questions when selecting a clinical trial partner. These questions include:

  • Can stakeholders quickly and easily locate, securely access, review, and share data from remote locations?
  • Can the CRO share data with the distributed stakeholders easily, quickly, and, most importantly, securely?
  • How is data exported?
  • How will the systems help prepare the data for transfers, reporting, and audits?
  • How will these systems be used to facilitate a secure end-of-study transfer?
  • What controls are available to ensure data quality?
  • What data can be extracted from the system (e.g., file types, audit trails, metadata)?
  • What systems are used to support collaboration with stakeholders?


An electronic master file or eTMF is a trial master file in electronic or digital format. It is used to digitally capture, manage, share, and store those documents and content from a clinical trial. It is incumbent on the CRO to own and manage the eTMF for the duration of the clinical trial. An external file sharing solution for CRO is ideal for this as it gives sponsors the assurance that they need, during the clinical trial, that all data is being effectively and securely collected, shared, and managed.

At the conclusion of the clinical trial, an external file sharing solution for CRO can be used to validate that all documents and content have been successfully uploaded to the eTMF. And, because an external file sharing solution for CRO includes data quality controls, the sponsor can be assured that the content is accurate.  

External file sharing solutions for CRO support all of the elements of an eTMF, including:

  • Content
    This is all the files that were uploaded and stored in the eTMF, such as PDFs, Word documents, Excel spreadsheets, and emails).
  • Audit trail
    Every bit of content uploaded to the eTMF must have an audit trail that documents all actions carried out on each file, including:
    • When it was uploaded
    • When it was viewed
    • Who viewed it
    • Changes made and by whom
  • Metadata
    A description of each item in the eTMF should be included using metadata, which makes it easy to filter, search, identify, and categorize it

Collaboration and Communication

An easy way to enhance CRO exchanges and overall communication is to improve collaboration systems. External file sharing solutions for CRO provide the collaboration capabilities needed for effective communication during clinical trials. Using an external file sharing solution for CRO can help with all areas of communication, such as:

  • Define roles and responsibilities for everyone on the team
  • How often to send updates 
  • Overall expectations 
  • What will happen if there’s a problem 
  • Whom to talk to regarding different aspects of the project and their preferred methods of communication

Improve Quality Management

External file sharing solutions for CRO can provide systems and processes that improve quality management. When evaluating options, there are many considerations. Following are several questions that should be included in the due diligence process.

These will help to identify systems that can improve quality management as well as those that have potential risks and weaknesses that could cause problems, such as data breach vulnerabilities.  

  • How does the vendor stay updated about changes to regulations?
  • What controls are in place to protect sensitive data?
  • How does the vendor train their staff on cybersecurity best practices?
  • What controls are built into the solution to ensure data quality?
  • What audit capabilities

Once an external file sharing solution for CRO is selected and implemented, processes should be implemented to review the solution continually. The objective of these reviews is to identify any weaknesses or gaps and ensure that the solution meets changing regulatory requirements.

eTMF management

  • Access detailed reports down to the country and site level
  • Automate eTMF imports and archival
  • Make eTMF management easy
  • Tracl trial milestones from a central dashboard  
  • Use customizable CDISC for quick and easy set-up

GxP standards

  • Adhere to GxP Standards
  • Leverage robust access controls for regulated data
  • Provide a regulated environment accessible only to credentialed employees and external partners
  • Support for audit trails and checksums for data integrity
  • Validate systems with FDA 21 CFR Part 11-compliant documents

Managed controlled documentation

  • Have a central location for effective documentation
  • Manage Controlled Documentation
  • Generate native FDA 21 CFR Part 11-compliant e-signatures
  • Support multi-step reviews and approval workflows
  • Use date-based auto promotion and archival of effective documents

Manage data

  • Access instrument data from anywhere on any device
  • Automate alerts to stakeholders when data is submitted, processed, and deployed
  • Collect large volumes of data collection and transfer it to the cloud
  • Generate rich audit reporting on user activity and checksums
  • Manage Data From the Lab to the Cloud


  • Eliminate the risk of deterioration and file format obsolescence  
  • Enable secure access to data by authorized users from anywhere in the world 
  • Provide record preservation across the entire study 
  • Record clinical data and audit trails to meet regulatory requirements  
  • Retain discoverability via metadata applied during the study 
  • Use appropriate (and industry-standard) methods of content navigation

Secure file links

  • Eliminate the use of email attachments, which are among the least secure ways to collaborate
  • Exchange data through secure, shareable links that are GxP- and FDA 21 CFR Part 11-compliant
  • Gain visibility into any suspicious or unusual behavior or breaches that occur  

Sharing Controls

Leverage a broad suite of features that give them complete control over how both internal and external collaborators manage and share and unlock myriad capabilities for collaborators, such as: 

  • Ensuring that only those with Egnyte licenses can receive the link 
  • Password-protecting the link
  • Provisioning different levels of access, such as edit or view-only
  • Restricting recipients from downloading the linked document

External File Sharing Solutions for CRO Ensure Compliance and Smooth Trials

In clinical trials, file sharing and collaboration are at the heart of CRO-sponsor relationships. Selecting the right external file sharing solution for CRO is critical to ensuring that this vital collaboration is secure and compliant and meets sponsors’ needs.

The best external file sharing solutions for CRO enable users on both sides to securely upload, download, share, and collaborate on content. In addition, the right external file sharing solutions for CRO allows sponsors to retain control of their records while providing authorized users access to the information they need with the security required to protect this highly sensitive information.

Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 16,000 customers with millions of customers worldwide.

Last Updated: 15th June, 2023

Share this Page

Get started with Egnyte.

Request Demo