Security & Compliance FAQs

Note: Click on each question to expand and view the response.

What are the data erasure and access control mechanisms for the mobile myTI app?

The myTI app does not store data permanently on the phone. It uses:

  • Encrypted, temporary memory that is only accessible during an authenticated session
  • Data is cached temporarily while being transferred to the server and is deleted immediately afterward
  • If a device is lost or stolen, the session is destroyed and no data remains

Is myTI 21 CFR Part 11 compliant?

Yes

  • Audit Trails - Need to understand what records are auditable and where we will find these records (e.g. take a picture, and send it to eTMF)
  • Electronic Records – what records are subject to audit trails records are subject to an audit trail and are maintained in TI. The myTI uses the same APIs as TI. The app is a window to the same functionality that exists in TI.
  • Electronic Signatures – are e-signatures (equivalent of wet ink) being used anywhere or is there only an electronic approval process with True Copy Certification and with e-signature document approvals (IF room has TI signature AND user has been assigned to need e-signature for a document approval step).

Are any checks made to verify that a mobile device has not been compromised?

An authentication token is required by the API for every call, it is not cached, and static API keys are not used. The apps are signed and registered for app authenticity along with Device Check and SafetyNet for device authenticity.

Who has access to the documents/pages after they're captured on mobile?

Access is based on the same security settings as in TI.

How and where is the data stored?

No documents or images are stored on the device. They are temporarily stored in the app's memory and uploaded upon submission. For offline mode, images remain in the app's memory until submission.

Does editing scanned documents (e.g., changing lightness or contrast) affect compliance with FDA regulations or audit trails?

Editing scans for lightness or contrast does not affect compliance with FDA regulations as long as the original scan meets the minimum resolution requirement of 300 DPI. These adjustments do not alter the DPI or the content of the document and do not appear on an audit trail.

Is the data or the documents stored on the device when using myTI?

No, nothing is stored permanently on the device. Documents are temporarily cached in encrypted memory within myTI during upload to the Trial Interactive eTMF. If a connection is lost, the documents remain securely cached until reconnected. Once uploaded, the cache is cleared.

Make cache duration configurable by clients, with options ranging from zero (no cache) to 24 hours is in planning stage. The default setting will be 12 hours, and caching will ideally occur in RAM only, ensuring maximum security.

Does myTI store data or documents locally on the device?

Documents and data are temporarily cached on the device during the upload process to the server. However, they are not stored permanently. The cache may be disabled if required.

How long are documents and data cached on the device?

Documents and data are cached for up to 12 hours by default (configurable between 0 to 24 hours), ideally in RAM only. They are deleted as soon as they are successfully uploaded to the Trial Interactive eTMF service.

How does myTI ensure data is securely transferred only to Trial Interactive?

All documents are encrypted during transfer, and operational app data is encrypted at all times. The app prevents any access to cached documents while the phone is powered on. Once the phone is powered off, the documents are erased from transient memory.

Is myTI compliant with data privacy and security regulations?

Yes. MyTI is fully secure and 21 CFR Part 11 Compliant. The myTI Cloud hosting environment complies with regulatory standards for encrypted eTMF document storage. Temporary caching of data is optional and can be disabled based on client preferences.