OR WAIT null SECS
With the new regulatory guidelines concerning GCP, questions have arisen as to how best RBM plans can comply. These questions and answers will assist sponsors in assuring compliance.
RBM Questions Every Sponsor Should Ask to Confirm Your CRO Complies with New GCP
The ICH E6 (R2) new guidelines for GCP became final in November 2016. This guidance fundamentally changed the requirements for GCP, which now must include a total quality approach. Your evaluation of vendors needs to confirm the implementation and dynamic management of the new GCP guidelines.
Risk Based Monitoring (RBM) has been implemented in a wide variety of ways. Some provide a significant benefit to quality oversight while others simply decrease the number of monitoring visits or decrease the amount of data that is source data verified and call that RBM. That could not be further from the spirit of the FDA Guidance or the new ICH GCP Guidance.
To help you understand the requirements and guide you in knowing what questions to ask, I have provided the following checklist and the type of answers you should expect.
1. Explain your approach for Quality Management (addendum 5.0)
What you want to hear: Your CRO should have a comprehensive quality management approach. One to capture and categorize risks with an oversight process that synthesizes review across all functions, focusing on critical data integrity, trial subject protection, and safety.
The approach should be customized to the specific data collected in your trial. It should have specific approaches that define exactly how and when high-risk data will be reviewed. You should expect near real-time review of your critical data.
There should be a process for issue management visible to all and that can demonstrate the process of identification of issues, root cause analysis of major issues, and a process for following issues to resolution.
Questions to ask:
• What are your processes for Critical Process and Data Identification? (if CRO develops protocol-otherwise a sponsor activity).
• What are your processes for Risk Identification? This includes system risk identification and trial-specific risks. Who does the work, how are the risks captured, and how does this translate into oversight plans?
• Risk Evaluation; For each risk, identify the likelihood of occurring, impact, and extent that error would be detectable.
• Risk Control. Risks that can be reduced should be reduced.
• Risk Communication. How does the CRO communicate quality management activities to the site, team, and sponsor to facilitate risk review and continuous improvement?
• Risk Review. How does the CRO facilitate Risk Review with updates to reflect evaluation of current risk management processes? How is the Risk Review performed with regard to the Risk Elements identified in Risk Identification? Is there a monthly meeting to review performance? Who attends the meeting? Are the minutes provided to the entire project team? Does performance include both the sites and the CRO? How does the CRO provide performance feedback to sites?
• Risk Reporting. How does the CRO describe its quality management approach and summarize deviations from tolerance limits? How is the risk reporting accomplished? Who receives the reports? Does the data go to the sponsor or only a high-level report? How broad is the reporting? Do the sites get any type of performance report? Is a CRO performance included? Is the output of the Risk Reporting integrated into the clinical monitoring report?
• Issue Management. How does the CRO manage issues? Is there a method to allow root cause analysis of major issues? Is there a way for the sponsor to see that issues are closed efficiently and that the appropriate follow-up, including confirmation that any remediation was successful? Is there a way to aggregate issues across technology, sites, and the study team? Does the sponsor have full access to all issues reported?
2. Explain your approach for rapid remote review of subject data and documents. How do you focus on the areas of greatest risk: Primary and secondary endpoints, safety assessments and maintaining human subject protection?
What you want to hear: Subject review occurs within x number of days. It is not predicated on having an onsite visit and is focused on assuring that subject data affecting safety and efficacy are reviewed promptly for missing or incorrect data.
Remote or Central review is listed as an option in the FDA guidance. The key aspects for you to understand are:
• Who does the review and how is that integrated with the on-site monitoring visits?
• For subject data oversight:
• What is the approach for overall site performance review?
3. How are the computer systems validated (Addendum 1.60.1)?
You should have access to specifications, user acceptance testing results, and help desk reports. These help desk reports can be a valuable tool to identify whether the system(s) are working as designed. You should ask additional questions any time the system is modified during the trial (e.g., Have the exports been updated after a change is made?). One important recommendation (we consider it a requirement) is to have the data from all data sets able to be combined, so that it is easier to identify errors.
4. Explain your approach for managing site training (Addendum 4.2.6) and study staff. This is important for all user training on systems as well as study procedures.
The training plan ideally will include how replacement staff will be trained and documentation of the training materials used. 21 CFR Part 11 requires all users be trained to use all systems. This must be documented for each system.
5. Explain your use of source data. (Addendum 4.9.0) How does your CRO assure that the documents meet ALCOA principles?
Changes should be traceable, should not obscure the original entry, and should be explained if necessary (e.g., via audit trail). The ALCOA principles and the FDA and EMA guidance on electronic source encourage direct entry of data into a technology system. This assures more rapid review of the data and allows errors to be identified earlier.
Electronic Source Systems, Electronic Patient Reported Outcomes, and Electronic Data Capture using direct data entry should be the answers that you receive for this question.
If electronic systems are used, the person doing the work (Attributable) enters the data contemporaneously with the subject visit. An additional benefit is that errors previously attributed to an entire site can be traced to an individual user, aiding identification and correction of errors.
Having the paper source completed and scanned so the CRO can do remote SDV does not meet the spirit of ALCOA. First, the source may not be attributable and entry of the data is not contemporaneous or original, both requirements embraced by the new ICH E6 (R2).
6. Explain how you manage essential documents.
If site visits are not occurring, how are informed consents being reviewed? How can your CRO be sure documents are available and audit ready at each site?
7. How does your CRO support improved site performance?
Conducting a clinical trial involves many players, but the most important is the clinical research site. The site staff are in direct contact with the research subjects. The PI has primary responsibility for the medical care of research subjects.
How does the CRO communicate performance information to the research site? We all expect to get performance feedback in our jobs-it is how we improve our performance. Does your CRO have a plan to provide comprehensive performance feedback to the site? If not, how can we expect the site to improve and how can the site identify staff that may not be performing as expected?
8. How does your CRO support sponsor oversight? What access to data will you have?
Is there a way for the sponsor to evaluate monitoring reports to assure that all are completed as planned? Electronic reports are superior to having to review PDF copies of all monitoring reports. Ideally you can search or run reports on the frequency of issues, if not provided by your CRO.
You should expect reports from your CRO on whether monitoring visits are being performed as defined in plans. You should also expect the CRO to provide clear visibility into important aspects of sponsor oversight such as deviation evaluation.
Access to data to perform its own inquiries into study conduct is one of the biggest issues Sponsors identify as a challenge working with a CRO. If your access comes only from spreadsheets that you must request, you may not know exactly what is happening and you might not be able to identify issues that occur, even if they are missed by your CRO.
While many in the industry have quickly (and we believe prematurely) dismissed the guidance as not improving quality, a critical focus should include how your CROs implement the new requirements. By making these requirements part of the GCP requirements, it is the responsibility of everyone conducting clinical trials to have a plan.
The tools needed to formulate and implement the plan do not have to cost an exorbitant amount. We have found that implementing the processes, technology, and training needed to adopt the new guidance has improved the conduct of our trials, without increasing costs. You should, however, expect changes in where your clinical trial budget line items are assigned. Look for more insight into that area in a future paper.
Penelope K. Manasco, MD is CEO of MANA RBM. She can be reached at firstname.lastname@example.org