Castor EDC offers Electronic Data Capture for medical researchers. Founded by healthcare professionals who’d experienced problems with data management and a lack of user-friendly tools, Castor EDC is an easy-to-use cloud solution for capturing medical research data and running clinical trials: eCRFs, ePRO, eCOA, ePROMs, randomization and more.
- User-friendly form builder for eCRF construction
- ePRO patient surveys
- Centralized advanced user rights management
- Source Data Verification
- Monitoring module with query management and audit trail
- Multicenter trial management
- Stratification & variable block randomisation
- API available for integration with devices & systems
- ISO 27001 and ISO 9001 certified
- Compliant with GCP, 21 CFR Part 11 and Annex 11
- Easily create advanced electronic Case Report Forms (eCRFs) yourself
- Reuse eCRFs created by others
- Conduct advanced calculations directly in the system
- Capture high quality data with real-time edit checks
- Store unlimited fields and data points
- Capture patient directly via ePRO surveys
- Manage your study team and their authorisations easily
- Automatically schedule triggers and events to automate your trial
- Randomise patients using variable weighted block randomisation
- Keep track of progress with real-time dashboarding
£0 to £4000 per licence per year
- Education pricing available
0031 (0)20 3374 095
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||There are no service constraints.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Contact us with questions via our online form and receive a response within an hour.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Basic Support: free email support during working hours (9-5) | Additional Support options (at extra cost): Personal consultations when you start building your study, A technical check on your study before you go “Live”, Premium Support (priority email support & phone support).
Site licenses: yearly training included in base-package. Additional support can be included in contract, or can be purchased per training or per study basis.
|Support available to third parties||Yes|
Onboarding and offboarding
Yearly training for researchers within base-package. Online or on-site training and workshops available, depending on contract. Additional support can be agreed upon per license. Webinars available for all users.
Our one-hour workshop is made up of concise how-to videos, from setting up your study to managing survey automation, to help you get started. We also offer an online support manual, filled with useful content that explains each and every feature on the platform. Free email support is also available during working hours. Frequent webinars are available for all users.
Study building, on-site training, personal consultations, pre-live technical check, priority email- and phone support are available at an additional price.
|Other documentation formats||
|End-of-contract data extraction||Users can export their data at any point in their study. Castor stores study data free of charge for 15 years. Data will be deleted on request and we can include a certificate of removal.|
|End-of-contract process||After the termination of the Agreement Client may choose one of the following options: Castor deletes the Data, Castor transfers the Data to Client and deletes the Data in its possession (Castor is entitled to charge reasonable costs for such transfer), Castor will keep all Data for fifteen years on the servers (during this period Castor shall provide Client with access to the saved Data).|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There are no major differences between the mobile and desktop versions of Castor EDC.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The current interface is not optimised for disabled users but our new interface that we are currently designing will be fully support disabled users.|
|Accessibility testing||This is on our roadmap for our new User Interface that we are rolling out in 2019|
|What users can and can't do using the API||
Users can use our API for almost all Castor EDC functionality including Importing and Exporting of data and the creation of Records (Cases) and Surveys (Questionnaires).
Device data can be imported for medical device trials. Benefit from Castor EDC’s advanced functionality while using your own interface. Retrieve, add, and analyse study data with full Castor compliance and security, while maintaining your own branding and image.
API documentation is available here: https://data.castoredc.com/api
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
Our system features are modular. Users choose which features they want to use on a per study basis (Basic EDC + Monitoring, Surveys, Randomisation). For site licenses, all additional features are normally included. The study admin can customise the study structure. There are over 20 available data fields that can be selected and customised.
Layout customization is limited to structuring the CRF with remark fields and limited HTML styling on Summary Fields.
|Independence of resources||
Continuous monitoring of service loads is performed by both our managed hosting companies and Castor. In case of increasing load, we detect this early and increase our server capacity.
For site license, responsibility lays on the institute if billing code is restricted or not. Castor sends out recurring reports with number of studies using billing code. Studies above number of agreed studies, will be billed at a fixed price.
|Service usage metrics||Yes|
|Metrics types||The system generates basic study statistics (inclusions per center, number of randomised patients, etc). We are developing a Premium Module that will enable you to run advanced reports in the browser, contact us for more information.|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||We support SPSS, Excel, CSV, HTML. We export everything, including a code book. This means you can also easily import this into SAS, Stata, or R.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||The SLAs with our hosting companies guarantee us of the server- and networking hosting and redundancy. As data is our main asset, we have all our database servers configured in a redundant server set up with master / master replication so we can always failover to another fully up to date db server. If both fail we have backups readily available that are created 4 times per day and stored for 28 days. One backup a month, stored for 1 year. In the event of failure of one the main servers, a response team will be immediately notified, with the lead developer assisting in diagnosing the issue. Our technical team will assess the problem in tandem with the hosting providers.|
|Approach to resilience||Information available on request.|
|Outage reporting||Currently through e-mail alerts, a public dashboard for status updates is on our roadmap.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||2-factor authentication can be enabled.|
|Access restrictions in management interfaces and support channels||
We apply Privacy by Design in both our main application, Castor EDC, as well as the support tooling. For example only a select number of support staff have access to the patient data level and our support ticketing system is divided into departments that restrict the access level of each employee.
All employees with access to patient data sign an additional agreement indicating that they treat this data with the utmost care.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Lloyd's Register Quality Assurance Ltd|
|ISO/IEC 27001 accreditation date||19/12/2017|
|What the ISO/IEC 27001 doesn’t cover||Unsure|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||We are ISO 27001 certified and have an internal information security procedure available to all employees.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Our processes are defined through ISO 27001.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Server infrastructure is fully managed by G-Cloud vendor Pulsant and ISO 27001/ISO 9001 Dutch hosting company TRUE. We follow our ISO 27001 Secure Development Policy, that explains how we integrate security into our SDLC. Additionally we have quarterly external security audits performed. Vulnerabilities get resolved as quickly as possible.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Pen-tests are performed every quarter by an external party. Vulnerabilities are remediated as soon as possible. There are a minimum of 2 code reviews for each commit made onto our production codebase and a strong engineering culture where finding vulnerabilities is rewarded with a weekly prize. We have a responsible disclosure clause on our website. We respond to incidents within two working hours.
ISO 27001: Secure development policy, can be reviewed upon request.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Questions/issues can be raised by email or by submitting a ticket online. The customer support team aims to respond within an hour for any question (business hours). Most issues are resolved within 24 hours.
Questions are answered on a rolling basis, except for premium support questions (which are prioritized).
In case of urgent issues (incidents, application problems etc.), these assume the highest priority.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£0 to £4000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Researcher can set up study for free themselves. Users pay once the study is set to 'Live' and data collection begins. Small trials for non-profit organisations are entirely free with unlimited users. Additional modules are not included in the free trial. See our pricing page for more information.|
|Link to free trial||https://uk.castoredc.com/register|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|