1) Learning Objectives

After reading this chapter, the reader should understand

• The purpose of and regulatory basis for the DMP

• The contents and organization of the DMP

• Creation and maintenance of the DMP

2) Introduction

Although a study protocol contains the overall clinical plan for a study, separate plans such as organizational standard operating procedures (SOPs), work instructions, and study specific documentation, are necessary to fully specify study conduct, data collection, management, and analysis. Study specific details are often covered in site operations manuals, monitoring plans, DMPs, and Statistical Analysis Plans (SAPs). Compilation of necessary documentation in discipline-specific or functional plans is an approach to organizing and maintaining the essential documentation for a clinical study. A DMP comprehensively documents data and its handling from definition, collection, and processing to final archival or disposal. A thorough DMP provides a road map for handling data under foreseeable circumstances and also establishes processes for dealing with unforeseen issues.

Plans for data management have been variously named and composed since their early uses. Common variations include DMPs, data handling plans or data handling protocols. Likewise, specific components of data management have been described in more narrowly scoped documents including research data security plans, data sharing plans, manuals of procedures, and manuals of operations, that cover some but not all aspects of the data lifecycle in a clinical study. The Society for Clinical Data Management (SCDM) defines a DMP as a compilation of, or index to, comprehensive documentation of data definition, collection and processing, archival, and disposal, sufficient to support reconstruction of the data handling portion of a clinical study. Reconstruction may involve tracing data values in result tables, listings or figures back to their origin or vice versa.

Although not focused on data management, the Greenberg report (1967) first highlighted the need for monitoring and controlling performance in large multi-center clinical studies.¹ A 1981 article was the first noted call for “a detailed procedures manual describing all aspects of data intake and processing procedures” and description of such a document serving the multiple purposes of a manual for personnel to increase consistency of work, a guide to evaluate the procedures and a tool to assess adherence to the procedures.² The Association for Clinical Data Management (ACDM), in 1996, published the first resource for data management planning titled ACDM Guidelines to Facilitate Production of a Data Handling Protocol.³ In 1995, a collection of five review papers documenting current practice in collection and management of data for clinical studies was published as a special issue of Controlled Clinical Trials (now Clinical Trials). This compendium was the first focused attention in the literature on data collection and management methodology including procedures and documentation.^4,5,6,7,8,9 In recognition of most industry sponsors approaching comprehensive data documentation through compilation in documents called DMPs, SCDM published the initial version of the Data Management Plan chapter in the GCDMP in 2008.

In the past two decades, pressure to share research data and results has increased, as has focus on research reproducibility and replication. Accordingly, public and private research sponsoring of, and regulatory interest in, data management planning and associated documentation has increased. Correspondingly, review and synthesis of DMP requirements in various disciplines and sectors have appeared in the literature.^10,11,12,13 Most notably, Brand et al.,¹² reviewed DMPs from several therapeutic development companies and academic research institutions and published a guideline for writing an SOP for DMP creation and maintenance. Williams, et al.¹³, on the other hand, broadly reviewed research sponsor DMP requirements with an emphasis on data definition, collection, processing and traceability. Today, most industry sponsors, and many federal and foundation funders, of clinical studies require DMPs in some form. DMPs and an associated data management report are required by the Chinese FDA.¹⁴

The DMP itself is not always a required document. However, the DMP, as defined by the SCDM, contains information that “individually and collectively permit evaluation of the conduct of a trial and the quality of the data produced” (ICH E6 R2 section 8.0).¹⁵ Documents containing this information are considered essential documents (ICH E6 R2 section 8.0).¹⁵ As such, in audits and inspections the compliance of the described procedures and the degree to which they were followed are commonly assessed.

3) Scope

ICH E6 R2 states that trial sponsors should “implement a system to manage quality throughout all stages of the trial process” and goes on to specify that quality management includes tools and procedures for data collection and processing (ICH E6 R2, section 5.0).¹⁵ The documentation describing those tools and procedures are a main component of a DMP. This chapter presents the DMP as an approach to organizing and maintaining comprehensive data management documentation for a clinical study. Such documentation generally specifies the following: data definition and formatting; how data are collected, processed, and stored; computer systems used to collect, process, and store data; defines technical and procedural controls through which data integrity and traceability are realized; and provides documentation supporting further data use. The DMP itself may contain the aforementioned elements or serve as a central point of reference to relevant documentation.

Initiated during study planning, the DMP spans the data lifecycle from collection to archival or disposal. The documentation comprising the DMP is frequently updated during a study, and serves as documentation for the data upon completion of the study. As such, the chapter defines the contents of a DMP as well as maintenance of DMP contents as controlled documents.

The scope of this chapter does not include foundational knowledge or skills for making data management design decisions or documenting them in the DMP for a study. Operations and information engineering and design skills, such as ensuring that all aspects of the trial are operationally feasible; avoiding unnecessary complexity, procedures, and data collection; and ensuring human subject protection and the capability of data to support trial results are the culmination of the highest level of data management practice. These processes require deep knowledge and command of the underlying theories, principles, concepts, and methods from the multiple disciplines informing clinical data management practice. Data management skills and experience may be obtained through formal education, experience in the practice of clinical data management, relevant professional development, or some combination thereof.

This chapter outlines topics currently considered necessary for a DMP or equivalent documentation. Each DMP topic is named, defined and labeled with the level of evidence supporting its necessity. Further, each topic states the data manager’s level of professional responsibility. For example, is the Data Manager responsible for designing and implementing the technical and procedural controls described in the topic? Is the task accomplished collaboratively with other clinical study functions, or is it the data manager’s role to ensure that procedures created by others are in place and escalate gaps? In addition, each section describes in what stage of the study the documentation should be available and the clinical study functions to which the documentation should be available.

It is difficult and often not feasible to consolidate all data documentation for a study into one document. Thus, as the comprehensive documentation of data collection and management for a study, the DMP often: (1) references, and may briefly summarize, higher level procedures such as organizational SOPs that apply to all studies; (2) may contain or reference study-specific procedures for data collection and handling; or (3) may contain or reference procedures describing how objective evidence of data collection and processing is generated and maintained. The latter indicates the degree to which data collection and handling procedures were followed during a study. The recommendations in the DMP Contents section of this chapter explicitly state which of the following is recommended.

Where organizational procedures governing processes across all projects do NOT exist, all procedures in the organization are study-specific. In this case, study-specific procedures including the DMP bear the burden of documenting all data collection and handling procedures for a study, including specification of the objective evidence documenting to what degree those procedures were followed during a study (Figure 1). The scenario where organizational procedures governing data collection and handling processes across all projects DO NOT exist is expected to occur in organizations that do not conduct many studies or at organizations at low Capability Maturity Model Integration (CMMI^™) levels with respect to data collection and handling for clinical studies.

On the other hand, where organizational procedures exist and govern processes across all projects, two scenarios exist. In scenario one, organizational procedures exist and DO NOT allow for study-specific modifications (Figure 1). In this case, all data collected and managed by the organization is handled uniformly by the same processes. Organizational procedures bear the burden of documenting all data collection and handling procedures for a study including specification of the objective evidence documenting to what degree those procedures were followed during a study. Also in this case, study-specific procedures are not allowed or may require documented deviations from organizational procedures. In scenario two, organizational procedures also exist and DO allow for study-specific modification (Figure 1). In this situation, the DMP references and may briefly summarize in a few sentences organizational procedures AND the DMP either contains or references study-specific procedures including specification of the objective evidence documenting to what degree those procedures were followed during a study.

The documentation enumerated in this chapter as contained in, or referenced by, the DMP are those considered required by regulation, by guidance, or by the chapter writing group to ensure that data are capable of supporting study conclusions and that their documentation will support reconstruction of data handling (ICH E6 R2 8.0).¹⁵ Consolidation of such documentation in, or as, a DMP is one of multiple possible approaches to meet these requirements. The documentation should be considered required; use of the DMP as an approach to such, except in countries such as China where explicitly required, is merely a recommendation. The intent of ICH E6 can certainly be met with other approaches.

4) Minimum Standards

In regions where required by regulation such as China, existence of a Data Management Plan is a minimum standard.¹⁴ SCDM since 2008 and the DIA Clinical Data Management Community (CDMC) since 2015 have advocated compilation of (such) documentation in a DMP. While the intent and required documentation in a DMP are similar, many country regulations and regulatory guidances require the component documentation without specifying that they be compiled in a DMP. In such regions, the required component documentation are the minimum standards. In addition to local requirements, documentation should be compiled that consider the requirements of the regulatory bodies of the regions where study results will be submitted.

The International Council for Harmonisation (ICH) E6 addendum contains several passages particularly relevant to the documentation of data collection and management.¹⁵

Section 2.8 states that “Each individual involved in conducting a trial should be qualified by education, training, and experience to perform his or her respective tasks.”

Section 2.10 states that “All clinical trial information should be recorded, handled, and stored in a way that allows its accurate reporting, interpretation, and verification.”

Section 4.9.0 states that “The investigator/institution should maintain adequate and accurate source documents and trial records that include all pertinent observations on each of the site’s trial subjects. Source data should be attributable, legible, contemporaneous, original, accurate, and complete. Changes to source data should be traceable, should not obscure the original entry, and should be explained if necessary (e.g., via an audit trail).”

Section 4.9.2 states that “Data reported on the CRF, that are derived from source documents, should be consistent with the source documents or the discrepancies should be explained.”

Section 5.0 in the following passage recommends use of quality management systems and advocates risk management.

“The sponsor should implement a system to manage quality throughout all stages of the trial process.

Sponsors should focus on trial activities essential to ensuring human subject protection and the reliability of trial results. Quality management includes the design of efficient clinical trial protocols, tools, and procedures for data collection and processing, as well as the collection of information that is essential to decision making.

The methods used to assure and control the quality of the trial should be proportionate to the risks inherent in the trial and the importance of the information collected. The sponsor should ensure that all aspects of the trial are operationally feasible and should avoid unnecessary complexity, procedures, and data collection. Protocols, case report forms (CRFs), and other operational documents should be clear, concise, and consistent.

The quality management system should use a risk-based approach.”

Section 5.0.1 further advocates a process-oriented quality management system approach stating that, “During protocol development the Sponsor should identify processes and data that are critical to ensure human subject protection and the reliability of trial results.”

Section 5.1.1 further states that “The sponsor is responsible for implementing and maintaining quality assurance and quality control systems with written SOPs to ensure that trials are conducted and data are generated, documented (recorded), and reported in compliance with the protocol, GCP, and the applicable regulatory requirement(s).”

Section 5.1.2 protects access to source data and documents; “The sponsor is responsible for securing agreement from all involved parties to ensure direct access (see section 1.21) to all trial-related sites, source data/documents, and reports for the purpose of monitoring and auditing by the sponsor, and inspection by domestic and foreign regulatory authorities.”

Section 5.1.3 states that “Quality control should be applied to each stage of data handling to ensure that all data are reliable and have been processed correctly.”

Section 5.5.1 refers to qualifications of study personnel and states that, “The sponsor should utilize appropriately qualified individuals to supervise the overall conduct of the trial, to handle the data, to verify the data to conduct the statistical analyses, and to prepare the trial reports.”

Section 5.5.3 concerns validation of computerized systems and states that “When using electronic trial data handling and/or remote electronic trial data systems, the sponsor should, a) Ensure and document that the electronic data processing system(s) conforms to the sponsor’s established requirements for completeness, accuracy, reliability, and consistent intended performance (i.e., validation).”

Section 5.5.3 states that validation of computer systems should be risk-based. “The sponsor should base their approach to validation of such systems on a risk assessment that takes into consideration the intended use of the system and the potential of the system to affect human subject protection and reliability of trial results.” b) “Maintains SOPs for using these systems.”

Section 5.5.3 The addendum introductory statement enumerates topics that should be covered in SOPs. “The SOPs should cover system setup, installation, and use. The SOPs should describe system validation and functionality testing, data collection and handling, system maintenance, system security measures, change control, data backup, recovery, contingency planning, and decommissioning.”

Section 5.5.4 concerns traceability and states that “If data are transformed during processing, it should always be possible to compare the original data and observations with the processed data.”

Section 8.0 states that documents that “individually and collectively permit evaluation of the conduct of a trial and the quality of the data produced” are considered essential documents (ICH E6) and shall be maintained as controlled documents.

Title 21 CFR Part 11 also states regulatory requirements for traceability, training and qualification of personnel, and validation of computer systems used in clinical trials.¹⁶ Requirements in 21 CFR Part 11 Subpart B are stated as controls for closed systems (§ 11.30), controls for open systems (§ 11.30), Signature manifestations (§ 11.50), Signature/record linking (§ 11.70). Requirements for electronic signatures are stated in in 21 CFR Part 11 Subpart C.¹⁶

Medicines and Healthcare products Regulatory Agency (MHRA) ‘GXP’ Data Integrity Guidance and Definitions guidance provides considerations and regulatory interpretation of requirements for data integrity,¹⁷ such as:

Section 3.4. “Organisations are expected to implement, design and operate a documented system that provides an acceptable state of control based on the data integrity risk with supporting rationale. An example of a suitable approach is to perform a data integrity risk assessment (DIRA) where the processes that produce data or where data is obtained are mapped out and each of the formats and their controls are identified and the data criticality and inherent risks documented.”

Section 5.1 “Systems and processes should be designed in a way that facilitates compliance with the principles of data integrity.”

Section 6.4 “Data integrity is the degree to which data are complete, consistent, accurate, trustworthy, reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, so that they are attributable, legible, contemporaneously recorded, original (or a true copy) and accurate”

Section 6.9 “There should be adequate traceability of any user-defined parameters used within data processing activities to the raw data, including attribution to who performed the activity.”

The General Principles of Software Validation; Final Guidance for Industry and FDA Staff (2002) points out a few relevant guidelines regarding proper documentation expected of software utilized in a clinical trial,¹⁸ such as:

Section 2.4 “All production and/or quality system software, even if purchased off-the-shelf, should have documented requirements that fully define its intended use, and information against which testing results and other evidence can be compared, to show that the software is validated for its intended use.”

Section 4.7 (Software Validation After a Change), “Whenever software is changed, a validation analysis should be conducted not just for validation of the individual change, but also to determine the extent and impact of that change on the entire software system”

Section 5.2.2 “Software requirement specifications should identify clearly the potential hazards that can result from a software failure in the system as well as any safety requirements to be implemented in software.”

Good Manufacturing Practice Medicinal Products for Human and Veterinary Use (Volume 4, Annex 11): Computerised Systems¹⁹ provides the following guidelines when using computerized systems in clinical trials:

Section 1.0 “Risk management should be applied throughout the lifecycle of the computerised system taking into account patient safety, data integrity and product quality. As part of a risk management system, decisions on the extent of validation and data integrity controls should be based on a justified and documented risk assessment of the computerised system.”

Section 4.2 “Validation documentation should include change control records (if applicable) and reports on any deviations observed during the validation process.”

Section 4.5 “The regulated user should take all reasonable steps, to ensure that the system has been developed in accordance with an appropriate quality management system.”

Section 7.1 “Data should be secured by both physical and electronic means against damage. Stored data should be checked for accessibility, readability and accuracy. Access to data should be ensured throughout the retention period.”

Section 7.2 “Regular back-ups of all relevant data should be done. Integrity and accuracy of backup data and the ability to restore the data should be checked during validation and monitored periodically.”

Section 9.0 “Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated “audit trail”). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed.”

Section 10.0 “Any changes to a computerised system including system configurations should only be made in a controlled manner in accordance with a defined procedure.”

GAMP 5: A Risk-based Approach to Compliant GxP Computerized Systems²⁰ suggests scaling activities related to computerized systems with a focus on patient safety, product quality, and data integrity. It provides the following guidelines relevant to GxP regulated computerized systems including systems used to collect and process clinical trial data:

Section 2.1.1 states that “Efforts to ensure fitness for intended use should focus on those aspects that are critical to patient safety, product quality, and data integrity. These critical aspects should be identified, specified, and verified.”

Section 4.2 states, “The rigor of traceability activities and the extent of documentation should be based on risk, complexity, and novelty, for example a non-configured product may require traceability only between requirements and testing.”

Section 4.2 states, “The documentation or process used to achieve traceability should be documented and approved during the planning stage, and should be an integrated part of the complete life cycle.”

Section 4.3.4.1 states, “Change management is a critical activity that is fundamental to maintaining the compliant status of systems and processes. All changes that are proposed during the operational phase of a computerized system, whether related to software (including middleware), hardware, infrastructure, or use of the system, should be subject to a formal change control process (see Appendix 07 for guidance on replacements). This process should ensure that proposed changes are appropriately reviewed to assess impact and risk of implementing the change. The process should ensure that changes are suitably evaluated, authorized, documented, tested, and approved before implementation, and subsequently closed.”

Section 4.3.6.1 states, “Processes and procedures should be established to ensure that backup copies of software, records, and data are made, maintained, and retained for a defined period within safe and secure areas.”

Section 4.3.6.2 states, “Critical business processes and systems supporting these processes should be identified and the risks to each assessed. Plans should be established and exercised to ensure the timely and effective resumption of these critical business processes and systems.”

Section 5.3.1.1 states, “The initial risk assessment should include a decision on whether the system is GxP regulated (i.e., a GxP assessment). If so, the specific regulations should be listed, and to which parts of the system they are applicable. For similar systems, and to avoid unnecessary work, it may be appropriate to base the GxP assessment on the results of a previous assessment, provided the regulated company has an appropriate established procedure.”

Section 5.3.1.2 states, “The initial risk assessment should determine the overall impact that the computerized system may have on patient safety, product quality, and data integrity due to its role within the business processes. This should take into account both the complexity of the process, and the complexity, novelty, and use of the system.”

The FDA guidance, Use of Electronic Health Record Data in Clinical Investigations, emphasizes that data sources should be documented and that source data and documents be retained in compliance with 21 CFR 312.62(c) and 812.140(d).²¹

Section V.A states that “Sponsors should include in their data management plan a list of EHR systems used by each clinical investigation site in the clinical investigation” and that, “Sponsors should document the manufacturer, model number, and version number of the EHR system and whether the EHR system is certified by ONC”.

Section V.I states that “Clinical investigators must retain all paper and electronic source documents (e.g., originals or certified copies) and records as required to be maintained in compliance with 21 CFR 312.62(c) and 812.140(d)”.

Similarly, the FDA’s guidance on electronic source data used in clinical investigations recommends that all data sources at each site be identified.²²

Section III.A states that “A list of all authorized data originators (i.e., persons, systems, devices, and instruments) should be developed and maintained by the sponsor and made available at each clinical site. In the case of electronic, patient-reported outcome measures, the subject (e.g., unique subject identifier) should be listed as the originator.”

As such, we state minimum standards for the creation, maintenance, and implementation of Data Management Plans in Table 1.

5) Best Practices

Best practices were identified by both the review and the writing group and are presented in Table 2. Best practices do not have a strong requirement based in regulation or recommended approach based in guidance, but do have supporting evidence either from the literature or consensus of the writing group. As such best practices, like all assertions in GCDMP chapters, have a literature citation where available and are always tagged with a roman numeral indicating the strength of evidence supporting the recommendation. GCDMP Levels of Evidence are outlined in Table 3.

6) Purpose of the DMP

The DMP serves multiple purposes. First and foremost, the DMP comprehensively documents the collection and handling of the data such that every operation performed on data from the time it is collected until finalized as part of a dataset for analysis is attributable and can be reconstructed.^12,13 The documentation in conjunction with the SAP enables others to follow a data point in a clinical study report all the way back to the source. As comprehensive documentation of data collection and processing, the DMP may be audited to determine regulatory compliance and adherence to the documented processes. Such audits or inspections usually include review of SOPs, training records, and the DMP²⁴ as well as review of actual data.

Procedures for data collection and processing also serve as a reference and job aid for personnel performing data collection and management tasks to promote consistency of the work. As a reference or job aid, the DMP should be clear, concise and consistent. Further, creation, review, and approval of the DMP can help build consensus on processes as well as serve as a reference for those depending on, but not directly performing, data collection and management tasks.

Organizational procedures for creation and maintenance of the DMP help ensure that the organizational interpretation of regulation is translated into processes and daily work practices. As such, the DMP is an instrument to ensure compliance with regulations and sponsor requirements. Similarly, the DMP supplements organizational SOPs with documentation of study-specific processes.

Processes describe the method by which data are collected and managed; procedures comprising the DMP are the mechanism by which data quality is achieved. Through stated roles and responsibilities for data management tasks, the DMP establishes accountability and attribution for actions taken on the data. It is therefore critical that the DMP is agreed upon by appropriate study team members on data management processes and procedures to be followed from study initiation until the end of the study conduct.

7) Creation and Maintenance

The DMP is the documented result of decisions about data definition, collection, processing, and storage that have been made as the study workflow and data flow were designed. This section assumes that these operational design decisions have been made. Likewise, because availability of resources, (e.g., skills, technology, timeline and budget constraints, and design decisions) have impact on a number of project-related components, they must be fairly well characterized early in the design process.

8) DMP Contents

9) Role of the DMP in Audits

DMP as documentation that “individually and collectively permit evaluation of the conduct of a trial and the quality of the data produced” ICH E6 R2 section 8.0 is commonly in the focus of audits and inspections. Organizations are expected to demonstrate compliance and the degree to which procedures defined or referenced in the DMP are followed (see Table 7). Deviations of the defined procedures may be reported as non-compliant and incur audit or inspection findings.

10) Recommended SOPs

ICH E6 R2 section 5.0.1 states that, “During protocol development, the sponsor should identify processes and data that are critical to ensure human subject protection and the reliability of trial results.”¹⁵ This implies that organizations should map out the processes involved in study design, start-up, conduct, and closeout and make explicit decisions about which are considered to impact human subject protection and the reliability of trial results. Organizational processes may be partitioned differently leading to different scope and titles for SOPs. Though organizations may differ in how the processes are covered in their SOPs, below is a list of processes commonly considered to impact human subject protection and the reliability of trial results:

• Data Management Plan Creation and Maintenance

• Document Control (ICH E6 R2 section 8.0)¹⁵

• System validation and functionality testing (ICH E6 R2 section 5.5.3 b)¹⁵

• Data collection (ICH E6 R2 section 5.0)¹⁵

• Data processing (ICH E6 R2 section 5.0)¹⁵

• System maintenance (ICH E6 R2 section 5.5.3 b)¹⁵

• System change control (ICH E6 R2 section 5.5.3 b)¹⁵

• System security measures (ICH E6 R2 section 5.5.3 b)¹⁵

• Data backup and recovery (ICH E6 R2 section 5.5.3 b)¹⁵

• Contingency planning (ICH E6 R2 section 5.5.3 b)¹⁵

• System decommissioning (ICH E6 R2 section 5.5.3 b)¹⁵

11) Literature Review details and References

This revision is based on a systematic review of the peer-reviewed literature indexed for retrieval. The goals of this literature review were to (1) identify published research results and reports of evaluation of new methods regarding Data Management Planning and to (2) identify, evaluate, and summarize evidence capable of informing the practice of data management plan creation and maintenance.

The following PubMed query was used:

“data management plan” OR “data management plans” OR “data management procedures” OR “data quality assurance”) AND (“clinical trial” OR “clinical study” OR registry OR “observational study” OR “interventional” OR “phase 1” OR “phase 2” OR “phase 3” OR “phase 4” OR “phase I” OR “phase II” OR “phase III” OR “phase IV” OR “first in man” OR “clinical research” OR “device study” OR “interventional trial” OR “phase 1” OR “phase 2” OR “phase 3” OR “phase 4” OR “phase I” OR “phase II” OR “phase III” OR “phase IV ” OR RCT OR “randomized clinical trial” OR “non-interventional” OR “post authorization” OR “adaptive trials” OR “feasibility study” OR “phase 2/3” OR “phase II/III” OR “phase 2a” OR “phase 2b” OR “phase IIa” OR “phase IIb”

The search query was customized for, and executed on, the following databases: PubMed (34 results); CINAHL (7 results); EMBASE (88 results); Science Citation Index/Web of Science (27 results); PsychINFO (1 result); Association for Computing Machinery (ACM) Guide to the Computing Literature (267 results); the Institute of Electrical and Electronics Engineers (IEEE) (109 results). A total of 532 works were identified through the searches. The searches were conducted on January 13, 2017. Search results were consolidated to obtain a list of 482 distinct articles. Because this was the first review for this chapter, the searches were not restricted to any time range. Literature review and screening details are included in the PRISMA diagram for the chapter.

Two reviewers used inclusion criteria to screen all abstracts. Disagreements were adjudicated by the writing groups. Twenty articles meeting inclusion criteria were selected for review. Two individuals reviewed each of the twenty selected articles and the eight additional sources identified through the review. Each was read for mention of explicit practice recommendations or research results informing practice. Relevant findings have been included in the chapter and graded according to the GCDMP evidence grading criteria in the table below. This synthesis of the literature relevant to data management planning and support transition of this chapter to an evidence-based guideline.

12) Revision History

Competing Interests

The authors have no competing interests to declare.

Organization. review, and administration of cooperative studies (Greenberg Report): a report from the Heart Special Project Committee to the National Advisory Heart Council, May 1967. Control Clin Trials. 1988; 9(2): 137–48. DOI:  http://doi.org/10.1016/0197-2456(88)90034-7

Knatterud GL. Methods of quality control and continuous audit procedures for controlled clinical trials. Control Clin Trials. 1981; 1(4): 327–332. DOI:  http://doi.org/10.1016/0197-2456(81)90036-2

Association for Clinical Data Management (ACDM). Data Handling Protocol Working Party, Guidelines to facilitate Production of a Data Handing Protocol. 1996. Accessed March 11, 2017, Available from http://www.acdm.org.uk/assets/DHP_Guidelines.pdf

Blumenstein BA, James KE, Lind BK, Mitchell HE. Functions and organization of coordinating centers for multicenter studies. Control Clin Trials. 1995; 16: 1s–3s. DOI:  http://doi.org/10.1016/0197-2456(95)00092-U

Gassman JJ, Owen WW, Kuntz TE, Martin JP, Amoroso WP. Data quality assurance, monitoring, and reporting. Control Clin Trials. 1995; 16: 1s–3s. DOI:  http://doi.org/10.1016/0197-2456(94)00095-K

Hosking JD, Newhouse MM, Bagniewska A, Hawkins BS. Data collection and transcription. Control Clin Trials. 1995; 16: 1s–3s. DOI:  http://doi.org/10.1016/0197-2456(94)00094-J

McBride R, Singer SW. Introduction to the 1995 clinical data management special issue of Controlled Clinical Trials. Control Clin Trials. 1995; 16: 1s–3s. DOI:  http://doi.org/10.1016/0197-2456(95)90409-7

McBride R, Singer SW. Interim reports, participant closeout, and study archives. Control Clin Trials. 1995; 16: 1s–3s. DOI:  http://doi.org/10.1016/0197-2456(94)00096-L

McFadden ET, LoPresti F, Bailey LR, Clarke E, Wilkins PC. Approaches to data management. Control Clin Trials. 1995; 16: 1s–3s. DOI:  http://doi.org/10.1016/0197-2456(94)00093-I

Jones C, Bicarregui J, Singleton P. JISC/MRC Data Management Planning: Synthesis Report. Sciences and Facilities Technology Council (STFC). Open archive for STFC research publications. 2011. Accessed April 30, 2016. Available from http://purl.org/net/epubs/work/62544

Knight G. Funder Requirements for Data Management and Sharing. Project Report: London School of Hygiene and Tropical Medicine; 2012; London, UK. Accessed April 30, 2016. Available at http://researchonline.lshtm.ac.uk/208596/

Brand S, Bartlett D, Farley M, et al. A model data management plan standard operating procedure: results from the DIA clinical data management community, committee on clinical data management plan. Ther Innov Regul Sci. 2015; 49(5): 720–729. DOI:  http://doi.org/10.1177/2168479015579520

Williams M, Bagwell J, Nahm-Zozus M. Data management plans: the missing perspective. J Biomed Inform. 2017; 71: 130–142. DOI:  http://doi.org/10.1016/j.jbi.2017.05.004

China cFDA registration application documents for class 5.1 imported innovative drugs ( 2016 version) accessed March 10, 2018. Available from http://www.sfdachina.com/info/200-1.htm

Food and Drug Administration. US Department of Health and Human Services. ICH E6(R2) Good Clinical Practice: Integrated Addendum to ICH E6(R1), March 2018. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/e6r2-good-clinical-practice-integrated-addendum-ich-e6r1.

Food and Drug Administration. US Department of Health and Human Services. Code of Federal Regulations Title 21, available at https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm

Medicines & Healthcare products Regulatory Agency (MHRA). ‘GXP’ Data Integrity Guidance and Definitions. Revision 1: March 2018. Accessed June 2, 2018. Available at https://www.gov.uk/government/publications/guidance-on-gxp-data-integrity.

U.S. Department of Health and Human Services Food and Drug Administration. General Principles of Software Validation Guidance for Industry and FDA Staff, January 2002, available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-principles-software-validation.

European Commission Health and Consumers Directorate-general. EudraLex The Rules Governing Medicinal Products in the European Union Volume 4 Good Manufacturing Practice Medicinal Products for Human and Veterinary Use (2011) Chapter 4: Documentation. Commission Européenne, B-1049 Bruxelles/Europese Commissie, B-1049 Brussel – Belgium. Available at https://ec.europa.eu/health/documents/eudralex/vol-4_ga.

GAMP® 5 A Risk-based Approach to Compliant GxP Computerized Systems. North Bethesda, MD: International Society for Pharmaceutical Engineering (ISPE). 2008.

Food and Drug Administration. US Department of Health and Human Services. Guidance for industry: Use of Electronic Health Record Data in Clinical Investigations. July 2018. Accessed August 8, 2018. Available from https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM501068.pdf

Food and Drug Administration. US Department of Health and Human Services. Guidance for Industry: Electronic Source Data in Clinical Investigations. September 2013. Accessed August 8, 2018. Available from https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM328691.pdf

De Leeuw N, Wright A, Cummings SW, Amos JC. Data management techniques applied to the Scandinavian simvastatin survival (4S) mega-trial. Drug Inf J. 1999; 33: 225–236. DOI:  http://doi.org/10.1177/009286159903300125

Prokscha S. The data management plan. Practical guide to clinical data management. 3^rd ed. Boca Raton, FL: 2012: 3–8. DOI:  http://doi.org/10.1201/b12832

Quality management systems — Requirements (ISO 9001:2015(en)) 5^th ed. Geneva: International Organization for Standardization; 2015. Available from https://www.iso.org/obp/ui/#iso:std:iso:9001:ed-5:v1:en.

Zozus MN. Data management planning. The data book: collection and management of research data. 2017; 67–82. Boca Raton, FL: Taylor and Francis. DOI:  http://doi.org/10.1201/9781315151694

A guide to the project management body of knowledge, 6^th edition. (PMBOK guide). Newtown Square, PA: Project Management Institute, Inc.; 2017.

Yourdon E. Just Enough Structured Analysis. 2006. Available from https://docs.google.com/file/d/0B42Cu1mD9Z7seVVHLUdqb1Q1SlU/preview.

Information processing — Documentation symbols and conventions for data, program and system flowcharts, program network charts and system resources charts, last reviewed and confirmed in 2019. Available at https://www.iso.org/standard/11955.html

Pinol A, Bergel E, Chaisiri K, Diaz E, Gandeh M. Managing data for a randomised controlled clinical trial: experience from the WHO Antenatal Care Trial. Paediatr Perinat Epidemiol. 1998; 12(Suppl 2): 142–55. DOI:  http://doi.org/10.1046/j.1365-3016.12.s2.2.x

Food and Drug Administration. US Department of Health and Human Services, Center for Drug Evaluation and Research (CDER), CDER Data Standards Program. Accessed March 11, 2018. Available from the U.S. FDA at https://www.fda.gov/Drugs/DevelopmentApprovalProcess/FormsSubmissionRequirements/ElectronicSubmissions/ucm249979.htm.

Food and Drug Administration. US Department of Health and Human Services, Center for Drug Evaluation and Research (CDER), CDER Data Standards Program. Accessed March 11, 2018. Available from the U.S. FDA at FDA Data Standards Catalog https://www.fda.gov/ForIndustry/DataStandards/StudyDataStandards/default.htm.

Food and Drug Administration. US Department of Health and Human Services, Study Data Technical Conformance Guide, 2017 available from https://www.fda.gov/downloads/forindustry/datastandards/studydatastandards/ucm384744.pdf.

US Department of Health and Human Services. Code of Federal Regulations, Title 45 CFR Health Insurance Portability and Accountability Act (HIPAA) security rule: Part 160: General Administrative Requirements, 2005, available at https://www.govinfo.gov/content/pkg/CFR-2005-title45-vol1/pdf/CFR-2005-title45-vol1-part160.pdf, Part 162: Administrative Requirements, 2002, available at https://www.govinfo.gov/content/pkg/CFR-2016-title45-vol1/xml/CFR-2016-title45-vol1-part162.xml, and Part 164: Security and Privacy, 2004, available at https://www.govinfo.gov/content/pkg/CFR-2004-title45-vol1/pdf/CFR-2004-title45-vol1-part164.pdf.

U.S. Department of Health and Human Services Title 45 Public Welfare (the Common Rule) CFR Part 46, 2009. available at https://www.hhs.gov/ohrp/sites/default/files/ohrp/humansubjects/regbook2013.pdf

Calvert WS, Ma JM. Introduction to research data management. Concepts and case studies in data management. Cary, NC; 1996.

Calvert WS, Ma JM. The importance of planning. Concepts and case studies in data management. Cary, NC; 1996.

Calvert WS, Ma JM. Establishing the RDM system. Concepts and case studies in data management. Cary, NC: 1996.

Calvert WS, Ma JM. Basic RDM system management. Concepts and case studies in data management. Cary, NC: 1996.

Shen T, Xu LD, Fu HJ, et al. Infrastructure and contents of clinical data management plan. Yao Xue Xue Bao. 2015; 50(11): 1388–92.

Stiles T, Lawrence J, Gow N, Rammell E, Johnston G, Joyce R. A Guide to Archiving Electronic Records. Shenfield, Essex UK: Scientific Archivists Group Ltd.; 2014. Accessed April 12, 2018. Available from https://the-hsraa.org/wp-content/uploads/2017/12/AGuidetoArchivingElectronicRecordsv1.pdf