Why Sites Must Own the eISF

Tell me if this sounds familiar: a sponsor needs remote access to their sites, so they buy electronic Investigator Site Files (eISFs) and distribute them to their sites. Now the sponsor has access, and the sites have new platforms to hopefully speed up their work. 

However, some eISFs give sponsors unlimited access to sites’ documents and data. This can cause problems, because ICH Good Clinical Practice (GCP) standards state that the investigator and site must maintain control of all essential site documents. 

In other words, a site must own roles and permissions for their eISF and decide which documents and data monitors can see. Otherwise, the site and sponsor will end up violating GCP. 

So what’s the solution? Sponsors and sites need to choose the right kind of eISF: an eISF that gives sites control over who views their documents and data. A site-owned eISF will still give sponsors remote access, but it will also follow ICH GCP guidelines. 

The information presented here is for informational purposes only and is not for implementation in operations. Please consult official documents for operational use.

How Sponsors Can Choose the Right eISF for Their Sites

The FDA uses ICH E6(R2) guidelines to describe how sites and sponsors should handle source documents and trial records. 

Sec 8.1 of the ICH E6(R2) document states: “The investigator/institution should have control of all essential documents and records generated by the investigator/institution before, during, and after the trial.”

This means that the Principal Investigator (PI) and the site they work for must control all of the documents in the electronic Investigator Site File. But sponsors can still help sites with their eISFs. They just have to choose eISFs that are site-controlled.

What does this mean? 

  • Sites must determine which documents and data sponsors can access in the eISF.
  • Sponsors must never take data from the eISF without sites’ permission. 

When searching for an eISF system, sponsors should ask the software vendor to work directly with sites to set up their eISFs. The site should have complete control over roles, permissions, and which documents their monitors can see. 

In the past, sponsors have sometimes used non-compliant software that gave them too much access to sites’ data. This practice doesn’t just violate GCP guidelines–it can also damage the trust between sites, sponsors, and software vendors. 

Giving sites control of the eISF, even when sponsors are the one buying it, helps to build strong relationships and to ensure all teams follow GCP guidelines. Sites can then give their sponsors permission to access the eISF so sponsors can build reports and engage in remote monitoring

How Sites Can Ensure Their eISF Meets GCP Regulations

Under GCP regulations, investigators and site teams are responsible for the contents of the eISF. The regulations require the investigator to “maintain adequate and accurate source documents and trial records” (Sec 4.9.0.) that follow ALCOA-C guidelines.  

Fortunately, eISFs can help investigators maintain attributable, legible, contemporaneous, original, accurate, and complete documents just as well–or better–than paper electronic Investigator Site Files. But the site must ensure the eISF is a true eISF with features like Part 11-compliant eSignatures, certified copies, and version control, not just a document portal or online drive. 

The investigator must also maintain all of the essential trial documents for as long as regulatory agencies require, and they must ensure that they can track what documents were changed, when, and by who (Sec 4.9.0). 

Therefore, before accepting an eISF, sites must ask

  • Does this eISF give me all of the features I need to follow ALCOA-C guidelines, like certified copies and Part 11-compliant eSignatures? 
  • Does this eISF have long-term storage or archiving? 
  • Does this eISF offer audit trials and version controls so I can see who has made changes and when? 

Sites also need to ask questions about access, ownership, and control. Even if the sponsor pays for the software, the site still needs to own it. 

Site teams should ask their sponsor: 

  • Do we have control over all our essential documents created before, during, and after the trial? 
  • Can we control your access to the system? 

If the site controls the system and can grant access and permissions to the sponsor, they have both chosen a compliant eISF. 

The Future of Sponsor-Purchased, Site-Owned eISFs

When sponsors buy electronic Investigator Site Files for their sites, they gain the ability to monitor sites and check on their documents and data remotely. Meanwhile, sites benefit from an efficient, compliant platform where they can store their documents and data. 

However, this system only works if sites still own the eISF. Sponsors owning the eISF violates ICH GCP guidelines and increases the risk of sponsors using data without site permission. Sites must have control over the roles and permissions of their eISF and decide which documents and data their sponsor can access. 

Want to learn more about site-controlled, compliant eISFs? Check out our Complete Guide to the eISF + Remote Site Access, available for free to all clinical trial professionals.