Authoring the Data Management Plan: Structure, Controls, and Reconciliation That Scale

Composition of a regulator-ready DMP. A practical table of contents includes: study overview and data flow; system inventory and validation status; eCRF design principles; edit-check strategy; medical review and coding; external data pipelines; discrepancy and query management; data review plan (centralized rules and key risk indicators); safety reconciliation; protocol deviation collection; data privacy and de-identification; role-based access and training; interim deliverables; database lock plan; and archival/TMF mapping.

EDC and eCRF design principles. Build forms that follow the visit schedule and operational reality. Use controlled picklists, required fields only for CtQ items, and context-sensitive help. Avoid duplicate entry for values that originate elsewhere (e.g., IWRS treatment codes). Include hard stops for protocol-defining elements (eligibility, primary endpoint timestamps), soft warnings for plausibility (e.g., diastolic > systolic), and form-level checks for completeness at sign-off. Document each rule with rationale, severity (hard vs. soft), and who is paged on failure.

Edit-check and review strategy. Focus checks on what protects safety/rights and endpoint integrity: eligibility thresholds; primary endpoint dates/windows; dosing/administration; AE/SAE timing and relatedness; concomitant medication start/stop; pregnancy/contraception rules; device configuration/version for device trials; and imaging timing for adjudicated end points. Pair automated checks with centralized data review rules (outlier detection, missingness patterns, protocol deviation trending). Publish a defect taxonomy and close-out criteria so findings are resolved consistently.

Medical coding and dictionaries. Specify MedDRA version for AEs/indications and WHODrug version for concomitants. Define who codes, when queries are issued, how upgrades are handled, and who signs off on dictionary version changes. Record the “meaning of signature” for medical reviewer approvals (e.g., “Clinical accuracy approval—AE/relatedness verified”).

External data and reconciliations. Map inbound feeds (safety case system, IWRS/IRT, central lab, ECG vendor, imaging core, eCOA, wearables/telemetry). For each, define transport, file format, frequency, control totals, and error handling. Reconcile: (1) SAEs between safety and EDC (case IDs, dates, outcomes); (2) dispensation/accountability between IWRS and EDC; (3) central lab criticals and EDC vitals/dosing; (4) imaging timepoints and EDC visits; (5) eCOA compliance and visit completion. Document exception handling and escalation timings.

Decentralized and device-rich studies. For home health, tele-visits, and sensors, define identity checks, time-sync (device vs. server), sampling frequency, data thinning (epoching), and filters for implausible values. For diagnostic or device trials, record firmware/software versions, calibration events, and how mid-study updates are permitted or locked. Store mapping tables that link telemetry variables to clinical concepts in analysis datasets.

Privacy and security. Clarify how personal data are minimized and protected across systems: role-based access, two-factor authentication, encryption in transit and at rest, immutable audit trails, and breach reporting. For public disclosures and data sharing packages, the DMP should reference the anonymization approach, including small-cell suppression and date shifting rules.

Interim analyses and database locks. Describe interim cut logic (information fraction or calendar), unblinded statistician firewall, and file segregation. For lock: define prerequisite reports (open query aging, outstanding reconciliations, coding completeness, deviation review), sign-off chain with meanings, and a dry-run timeline. Include rules for partial (“soft”) locks when DMC or regulatory submissions require staged deliverables.

Metrics and governance. Track the indicators that predict control: first-pass query resolution, percent of critical fields verified, SAE reconciliation lag, device data completeness, eCOA compliance, and five-minute retrieval pass rate. Run weekly risk huddles on red indicators; escalate persistent items to the study governance body.

Writing eCRF Completion Guidelines: Field-Level Rules Sites Can Execute the Same Way

Purpose and audience. CCGs are site-facing, task-level instructions that remove ambiguity. They explain what data to enter, where to find it in the source, who may enter it, how to handle unknowns, and how to correct errors. CCGs should be short, searchable, and paired with annotated CRFs (aCRFs) that show the mapping from each field to analysis or operational use.

Field conventions that prevent chaos. Standardize date/time formats (ISO-like), partial dates (e.g., “UNK” month/day rules), units (SI vs. conventional), rounding, and how to handle below-limit results. Provide a “Not Done/Unknown/Not Applicable” guide with examples so missingness is classified consistently. For numeric ranges, define when to enter “0” vs. leave blank. For free text, minimize use; when necessary, instruct on grammar (avoid names/locations to protect privacy) and limit characters.

Eligibility and baseline. Create a one-page eligibility grid listing each criterion, the required source (lab report, ECG trace, imaging), threshold, and where it is captured in the eCRF. Add explicit rules for windowing (“Baseline labs must be within X days before randomization”) and who confirms eligibility at the site. For screen failures, instruct on closing the loop (reasons coded, consent version recorded, subject status updated in IWRS).

Visit schedule and windows. Mirror the protocol’s schedule of activities. For each visit, list mandatory forms, optional forms, who performs the entry, and the visit window. Provide “if missed, then” logic (e.g., how an unscheduled visit can satisfy assessments) and define when to create protocol deviation records. Clarify how tele-visits and home health events are recorded, including identity verification and who documents device malfunctions.

Adverse events and medications. Define start/stop date handling, ongoing flag logic, coding expectations (avoid abbreviations in verbatim term), relatedness/severity rules, and pregnancy/contraception prompts. For concomitants, state the level of detail (generic name, dose, route, frequency, indication) and how titrations are recorded. Provide examples to reduce back-and-forth queries.

Primary endpoint and CtQ fields. Highlight the fields that drive the primary analysis and safety protection. Include screenshots with callouts (“Capture the earliest of symptom onset or positive test”). For device/diagnostic endpoints, specify reference method fields, specimen types, and cut-point selection records. Lock these fields behind hard checks and require PI sign-off at the form or visit level.

Corrections and audit trails. Teach staff how to correct errors: who can make changes, how to provide a contemporaneous reason, and how to avoid overwriting. Clarify the difference between investigator sign-off and data manager verification. Emphasize that neither deletes the audit trail; both are required steps.

Queries and communication. Define expected query response times, escalation paths, and the content of a good response (source location, corrected fields, rationale). Provide templated responses for common issues (partial dates, unit conversions, screen failures). Instruct sites to reply once per query thread to avoid duplicate resolutions.

Training and localization. Keep a concise slide deck for site initiation and refresher training after amendments. For non-English sites, ensure translations are back-checked, a controlled glossary is used, and screenshots match localized EDC. Record attestations and completion logs in the TMF/ISF.

Implementation Roadmap, Common Pitfalls, and a Ready-to-Use Checklist

30–60–90-day rollout. Days 1–30: publish DMP/CCG templates; confirm system inventory and validation status; define edit-check catalogue and centralized review rules; draft aCRFs and field conventions; configure signature blocks with the meaning of approval (“Clinical accuracy approval,” “Statistical verification,” “PV concurrence,” “Quality review—ALCOA++”). Days 31–60: build the EDC against the aCRFs; run user acceptance testing (positive/negative cases); pilot reconciliations with safety, IWRS, and labs; dry-run the lock checklist on a synthetic dataset; rehearse a five-minute retrieval drill from protocol line → CCG rule → audit trail → analysis shell. Days 61–90: roll out to sites; monitor KRIs (query aging, SAE lag, endpoint window misses, eCOA compliance); hold weekly risk huddles; tune rules that generate noise; and finalize interim cut procedures.

Common pitfalls—and durable fixes.

• Everything is a hard check. Leads to workarounds and data entry delays. Fix: reserve hard stops for CtQ fields; convert others to soft warnings with rationale.
• Duplicate entry across systems. Causes inconsistency. Fix: integrate feeds (IWRS, labs, imaging) and use one source of truth; suppress duplicate fields in eCRF.
• Unclear partial date rules. Creates analysis risk. Fix: publish examples in CCGs and align with SAP imputation rules.
• Late safety reconciliation. Surprises at lock. Fix: weekly SAE reconciliation report with aging thresholds and escalation.
• Telemetry without context. Sensor data unusable. Fix: define sampling/epoch/filter rules; map variables to clinical concepts; document time-sync assumptions.
• Translation drift. Field meanings change. Fix: controlled glossary; back-translation; localized screenshots.
• Query ping-pong. Wastes time. Fix: templated responses, single thread per issue, monitor query quality KPIs.

Ready-to-use DMP/CCG checklist (copy into your SOP).

• System inventory complete (EDC, eCOA, IWRS, labs, imaging, safety, adjudication) with owners, access, validation status.
• aCRFs finalized; CCGs published with field conventions (dates/units/rounding/unknown codes) and examples.
• Edit-check catalogue approved with risk-based severities and rationale; centralized review rules documented.
• Medical coding plan (MedDRA/WHODrug versions) and review workflow defined; meanings of approval captured.
• External data feeds mapped with formats, frequencies, control totals, and exception handling; SAE and IWRS reconciliations scheduled.
• Decentralized/device rules documented (identity, time-sync, sampling/epoching, firmware/software version control).
• Privacy/security controls active (RBAC, MFA, encryption, immutable audit trails); breach reporting pathways defined.
• Interim cut and lock procedures rehearsed; prerequisite reports and sign-offs defined; soft lock rules documented.
• KRIs live (query aging, reconciliation lag, eCOA compliance, endpoint window misses); weekly risk huddles scheduled.
• TMF/ISF mapping complete; five-minute retrieval drill passed from protocol line → CCG rule → audit trail → analysis shell/TFL.

Bottom line. Clean, credible data are engineered—not hoped for. When the DMP defines a risk-based system, the CCGs give sites executable rules, reconciliations run on a clock, and locks are rehearsed, sponsors generate datasets that are analysis-ready, inspection-ready, and ethically sound—study after study, region after region.