Electronic Data Capture for regulated trials

Accelerate your
clinical development.

Draft your eCRF from the protocol with AI, build it without code, and capture at the bedside — online or offline. Every value still keeps its full provenance and stays provable to a regulator years later.

CRF VITAL_SIGNS · subj A007 · visit 2 var sbp
Systolic blood pressure
128 mmHg
09:41:07captured by lisa.sc · site GE-GALcaptured
09:58:22corrected 132 → 128 · reason loggedamended
14:02:10source-verified by nike.craSDV ✓
16:20:44e-signed by dr. rossi · re-authenticatedsigned
16:20:44record locked · content hash boundfrozen
audit_log · append-onlysha256 3f9a…c1e8
Built for IVD & device performance studies Database-enforced tenant isolation Runs offline on the bedside iPad Every write is attributable
One record, three duties

Capture it. Verify it. Prove it.

Sites enter data; monitors and data managers review it; an inspector may one day ask you to defend it. The same record has to answer all three — so the system, not the paperwork, keeps them honest.

01
Capture

Enter data where care happens

A designer-built eCRF that validates as you type and keeps working when the network doesn't.

  • Offline-capable; edits are never lost
  • Server-authoritative validation
  • Per-study, per-site access
02
Verify

Review with duties kept apart

Source-data verification, queries, and DM/CRA review — separation of duties enforced by the system.

  • Field & form SDV, risk-based monitoring
  • Editing a value voids its verification
  • The reviewer can't be the editor
03
Prove

Defend every value, later

An append-only trail and a frozen, hashed signature make the record independently verifiable.

  • Immutable, trigger-backed audit log
  • Part 11 e-signature with re-auth
  • SDTM / CSV / PDF casebook export
The study register

Everything a trial runs on.

FORMSForm designerBuild CRFs & visit schedules without code — versioned snapshots, edit-checks, computed fields, acceptance criteria.eCRF · versioned
IRTRandomizationBlinded allocation with a cryptographic RNG and row-locked kit assignment that can't double-allocate under load.blinded · CSPRNG
LABSpecimen & IVDSubject → specimen → result chain of custody with full lifecycle status and site-scoped traceability.chain of custody
CTMSMonitoringMonitoring visits, milestones, and key risk indicators; dashboards for enrollment, completeness, open queries.RBM · KRIs
RBACRoles & sitesPer-study, per-site access with a configurable permission matrix and custom roles — scoped, never tenant-wide.scoped access
EXPORTReportingCompleteness, SDV, acceptance, and audit reports — plus SDTM datasets, CSV, and print-ready PDF casebooks.SDTM · casebook
Isolation you can point to

Tenants can't see each other. The database enforces it.

Isolation shouldn't rest on remembering a WHERE clause. Every request runs as a constrained role inside a per-tenant transaction, so row-level security applies to reads and writes alike — even raw queries.

Row-level security, not app trust
The app connects as a non-owner role; each query is bound by the tenant set on the request. A connection with no tenant context reads nothing.
Append-only audit engine
A database trigger writes an immutable row for every insert, update, and delete — and auto-attaches to any new table, so coverage can't drift.
Signed records are frozen
Once a form is e-signed, a trigger blocks further change at the database level — the freeze doesn't depend on application code behaving.
session · app.tenant_id = sponsor-A
sponsor-A subject A007 · VITAL_SIGNS read ✓
sponsor-A audit_log · seq 48213 read ✓
cro-B subject B012 · DEMOG blocked
cro-B audit_log · seq 90771 blocked
RLS policy: tenantId = current_setting enforced
AI study design · agent access

Draft from the protocol. Run it from your tools.

Hand the assistant a protocol PDF and it drafts the CRFs, visit schedule, and consent bindings for your data manager to review and approve — never applied blindly. Your model key stays encrypted and tenant-scoped.

Prefer the terminal? Issue an API token and drive the EDC from an agent over MCP — same permissions, same row-level security, same audit trail. Signing and token minting stay human-only.

100%
of writes attributable — actor, time, reason
0
cross-tenant reads without a tenant context
3
signing controls: re-auth · freeze · hash
IT · EN
bilingual capture for European sites
Compliance, itemized

Inspection-readiness, wired in.

Not a checklist on a slide — controls built into the system, each one demonstrable in the running product.

IVDR 2017/746 · ISO 20916Performance-study data model with acceptance criteria, method comparison (Bland–Altman, Passing–Bablok, PPA/NPA) and specimen chain of custody — designed around the standard.By design
21 CFR Part 11Electronic signatures with password re-authentication, a signing meaning, and a bound content hash.Enforced
EU Annex 11 · GCPRecord-level freeze on signed data, versioned form definitions, and a database-lock milestone.Enforced
ALCOA+Attributable, legible, contemporaneous, original, accurate — with a complete, immutable audit trail.Enforced
GDPRPseudonymous subject coding, recorded legal basis and consent, and export accountability logging.By design
Access controlPer-study, per-site RBAC with configurable roles, MFA-capable sign-in, and separation of duties.Enforced
Questions, answered

eCRF, EDC, and IVDR — the basics.

What is an eCRF, and how is it different from an EDC?

An eCRF (electronic Case Report Form) is the structured form a site fills in for each subject; an EDC (Electronic Data Capture) system is the platform that builds, hosts, validates, and audits those forms across a study. FirsTeck EDC is the platform; the eCRF is what it delivers.

Is FirsTeck built for IVDR performance studies?

Yes. It captures analytical and clinical performance data with built-in acceptance criteria and repeatability checks, computes method-comparison statistics (bias, Bland–Altman limits of agreement, Passing–Bablok) and qualitative agreement (PPA/NPA/OPA), and tracks specimen chain of custody — the substance of an ISO 20916 / IVDR Annex XIII performance evaluation.

Does it support 21 CFR Part 11 and EU Annex 11?

It provides the technical controls those rules call for: e-signatures with password re-authentication and a bound content hash, an append-only audit trail enforced in the database, and record-level freeze on signed data. Compliance itself is achieved by your validated deployment and your procedures — the software supplies the controls, not a certificate.

How do I get data out for analysis and submission?

Export flat CSV, SDTM-style domain datasets, method-comparison results, and print-ready PDF casebooks — at any point in the study, scoped to your role and sites.

Ready when your protocol is

See your study, running.

We'll stand up your protocol as a live study — forms, visits, sites, roles — and walk your team from first capture to a signed, exportable casebook.