What is the Role of JAF Consulting in REDCap Validation?

“Reducing risk while strengthening research electronic data capture (REDCap) processes for institutional organizations and teams.”

The fundamental goal of JAF Consulting Inc. is to provide a risk-based approach to the validation of REDCap’s Electronic Informed Consent (eIC) module, Electronic Data Capture (EDC), eDocs (21 CFR Part 11 file upload feature), all other REDCap core functionalities to ensure compliance with current FDA regulations and guidelines per Good Clinical Practices.

Validation Approach:

The JAF risk-based validation approach provides a very cost effective solution for the implementation of  eIC, EDC, and eDocs (file upload) for the REDCap system. Risk-based validation includes as-built configuration verification along with validation testing of user / functional / configuration requirement specifications.  The current installation of REDCap v 10or higher has the eIC, EDC, and eDocs (file upload) included as part of the installation file.  Industry accepted Software Development Life Cycle (e.g., Agile, Waterfall, Rapid Application Development, Lean, Iterative, Spiral) model is adopted to implement the REDCap system at each client site. Based on the software development lifecycle model, risk assessment is performed on  project and functional levels. Having direct impact on patient safety this system falls in the GxP major category. Functional risk assessment is performed on critical business requirements, 21 CFR part 11 requirement(s), data integrity requirements infrastructure, security and non-functional requirements.  Based upon the outcome of the assessment, all identified risks are mitigated through validation testing.

JAF deliverables provided for the validation effort include:

1) GxP Assessment
2) Validation Master Plan
3) System Requirements Specification (includes URS/FRS/CS)
4) Installation Qualification
5) Operational Qualification
6) Performance Qualification
7) Requirements Traceability Matrix
8) Operation and Administration Standard Operating Procedures (SOPs)
9) Validation Summary Report
10) Release Memo

What makes JAF a perfect partner for your REDCap implementation and validation?

JAF has implemented the REDCap application at various client sites utilizing numerous use cases. The JAF team has been involved with :

Fully validating eConsent, EDC and REDCap core functionality modules.
Identifying and resolving any implementation issues prior to system handover to a client.
Provided Quality Assurance to all REDCap implementations that resulted in the application meeting regulatory compliance.
Worked closely with the client to ensure they achieved a smooth validation knowledge transfer after project delivery.
Worked with clients on identifying training requirements and training plan for the site.
Worked with clients on developing a Quality Management System (QMS) to ensureREDCap stays compliant, post hand over.
Worked with clients in identifying and validating custom built functionalities for the REDCap application.

Possible Risks and Threats of not validating REDCap found by JAF:

A non-validated product can result in not meeting the expectations of regulatory agencies.Following are examples of frequently observed compliance gaps:

1. Incorrect segregation of duties.
2. Business processes are not optimized.
3. Data Access groups were not properly configured for the application of different sites.
4. Creating non-validated custom build features for production use.
5. Information has not been backed up at an encrypted secondary location.
6. There is no disaster recovery plan in place.
7. There is no training plan in place for the REDCap system’s operation and administration.
8. Upgrades and changes that are not documented to ensure continuance of business processes.

How does JAF ensure system integrity:

We meet the ALCOA+ guidelines, through

Extensive system testing,
Implementing procedural controls for system operation, administration and maintenance, Providing quality assurance oversight
Establishing Business Continuity and Disaster Recovery Process for the application.