SliceVault comply with 21 CFR Part 11

SliceVault comply with the 21 CFR Part 11 (part 11 of title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures). In brief, this document provides guidance to persons and suppliers who, in fulfilment of a requirement in a statute or another part of FDA's regulations to maintain records or submit information to FDA. The document sets out controls for closed systems like SliceVault.


In particular, it specifies how to protect records, limit system access (each user must have a username and password to gain access), use of secure and computer-generated audit trails (sender, study ID, study type, time stamps, etc.), perform authority checks to prevent unauthorized access, how to establish and adhere to written policies such as trial protocols. 

Part 11 Section 11.10a states: “Control for closed systems are to include the validation of systems to ensure accuracy, reliability, consistent, intended performance, and the ability to conclusively discern invalid or altered records”. Validation in SliceVault is based on two principles: data integrity and standards conformance. We protect the integrity of your data through robust data encryption throughout the entire data collection and transfer process. Any change to the encrypted data will be flagged as incomplete, and rejected by the trial repository due to the potential safety breach. Standards conformance ensures that SliceVault will automatically reject any file that does not meet the DICOM conformity specification outlined in the trial protocol. This ensures that only DICOM files meeting your data requirement and submitted by investigators enrolled in your study is collected and transferred to the central trial repository.

Part 11 Section 11.10(e) states: “Audit trails must be secure, computer-generated and timestamped to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying. Audit trails should say 'who did what to your records and when.” All key operations in SliceVault are logged carefully to ensure compliance with section 11.10(e), and includes sending investigator, institution, type and size of study incl. unique ID, number of images, number of series, resolution parameters, and timestamps. All transfer logs are securely kept for future audits.