Compliance
Overview
Tasks Manager integrates with Flywheel's Validated Instance features to support compliant clinical trial workflows. When the Validated Instance module is enabled on your Flywheel site, tasks benefit from enhanced compliance capabilities including audit trails, electronic signatures, and project locking.
These features ensure data integrity and regulatory compliance throughout your clinical imaging study, supporting 21 CFR Part 11 requirements and Good Clinical Practice (GCP) standards.
Compliance Features
Audit Trail
The audit trail automatically captures all task-related activities when Validated Instance is enabled:
- Form submissions (field-level detail coming soon)
- Annotation creation events
- Electronic signature application
- User identity for all actions
All audit trail entries are immutable and retained permanently, providing complete traceability for regulatory submissions.
Learn more: Audit Trail
Electronic Signatures
When protocols require electronic signatures, tasks capture authenticated user identity at completion:
- Multi-factor authentication (MFA) verification required
- Signature reason selection from protocol-defined list
- Timestamp and user identity recorded
- Audit trail integration for complete documentation
E-signatures ensure non-repudiation and support regulatory requirements for clinical trial data integrity.
Learn more: E-Signature Verification
Project Locking
Project locking preserves task data integrity during study closeout and regulatory submission:
- Prevents new task creation in locked projects
- Makes all task data read-only (tasks, forms, annotations)
- Maintains data accessibility for viewing and reporting
- Supports audit readiness and regulatory compliance
Understanding project locking impacts helps coordinators plan study closeout timing appropriately.
Learn more: Project Locking Impact on Tasks Manager
Regulatory Standards Support
21 CFR Part 11
Tasks Manager supports key requirements of 21 CFR Part 11 for electronic records and signatures:
- §11.10(e) - Audit Trails: Complete record of task-related activities with who, what, when, and why
- §11.10(k) - Data Integrity: Immutable task data after completion, cryptographic controls
- §11.50-200 - Electronic Signatures: MFA-verified signatures with signer identity and timestamp
- §11.300 - Record Retention: Permanent retention of audit trails and completed task data
Validated Instance Setup
Prerequisites
To use Tasks Manager with Validated Instance features:
- Validated Instance Module: Must be enabled on your Flywheel site
- User MFA Configuration: Users completing e-signature tasks must configure MFA
- Protocol Configuration: Protocols must specify when e-signatures are required
Enabling E-Signatures for Protocols
To require electronic signatures for tasks:
- Edit the protocol JSON definition
- Use the
esignature_configsection withrequired: true - Define the list of valid signature reasons
- Publish the protocol
All tasks created with this protocol will require e-signatures at completion.
Example protocol configuration:
Best Practices for Compliance
Protocol Design
- Document protocol rationale and design decisions
- Version protocols appropriately when requirements change
- Download published protocol versions to retain for audit trail before publishing a new draft.
- Train readers on protocol requirements before study start
User Management
- Require MFA for all users completing e-signature tasks
- Document user training on compliance procedures
- Review audit trails regularly for quality assurance
- Maintain current user access controls
Study Closeout
- Complete all tasks before locking projects
- Document project lock dates and reasons
- Preserve audit trail reports with submission packages
Documentation
- Maintain study-specific procedures for task workflows
- Document deviations from planned procedures
- Retain validation documentation for Flywheel version used
- Include task audit trails in regulatory submission packages