The Repository Management

Description of the repository management system, managing the metadata associated with the clinical trials.

Objectives of the management system

Manage repository content and its associated metadata.

Set up users with the necessary roles and monitoring their actions.

Track the transfer of data objects into the repository, including ensuring that all requirements relating to access control have been specified.

Support the quality control processes applied to uploaded data objects.

Handle data requests, in particular tracking the responses of the repository to those requests.

Data Transfer and Data Usage

There are two main processes that need to be tracked within the repository, corresponding to the two main functions of storing data objects and allowing access to them: the Data Transfer Process (DTP) and the Data Use Process (DUP).

They link users and objects together, in the context of either depositing or accessing data objects, and allow progress to be recorded within the system (e.g. recording that QC checks have been carried out).

These two processes include the drafting and signing of their accompanying legal agreements, the Data Transfer Agreements (DTAs) and Data Use Agreements (DUAs).

The metadata describing the studies and their connected Data Objectst is publicly available via the repository, the actual clinical data submitted is stored in the secure environment. The clinical data can only be accessed by authorised users.

Note that the metadata is of two types: there is the system independent discovery-access-provenance metadata provided by the ECRIN metadata schema, for both data objects and the source studies, and there is the system specific metadata that describes the access requirements, (type, pre-requisites, embargo periods, etc.) and specific object status, within this particular repository.

The diagram below is a high level schematic of the repository, as a whole, and in particular the main entities within the repository management.

Roles and security

All active users require initial authentication.

1. Repository managers: their functions would include setting up Data Transfer Processes (DTPs) and Data Use Processes (DUPs) within the system. This includes ensuring that the correct users, objects, agreements etc. are linked to each process.

2. Data Provider external users: these are all the staff from a data provider organisation that are involved in one or more DTPs. It is also possible to add people to the system who are not direct users of the system: e.g. a legal representative who signed the DTA and whose basic details should be recorded.

3. Data Requester external users: these are all the staff from a data requester organisation that are involved in one or more DUPs. The role has analogous features to the Data Provider one, but general the access is read-only, as little or no direct input is required.