The first Senior Officials Meeting for APEC Malaysia 2020 begins

Enable trade and investments to generate concrete outcomes for the people.

Business leaders from the Asia-Pacific region called for APEC leadership and cooperation to combat the grave challenges to health and economies posed by the COVID-19 pandemic.

From : Communities>>Regulatory Open Forum
Hello Jose, To my knowledge, the change of O/O does not trigger a notification that needs to be confirmed, nor does it trigger a review of enforcement history.  The change of ownership and O/O is merely an administrative update that gives FDA both current information and a history of changes.  Of course, if there are known red flags with any of the involved organizations, changes can be scrutinized. Regards, James ------------------------------ James Bonds J.D. Director Regulatory Affairs Atlanta [More]

From : Communities>>Regulatory Open Forum
Dear Roy, You do not mention any important functions of the syringe/applicator, other than the Primary Packaging function for which you have identified testing to assess impact. The determination of these functions (e.g. deliverable dose or dose accuracy) could provide important testing to verify that no impact on performance. Also, an assessment on the impact of the change on the usability could be required (particularly if the ergonomics/forces change) or patient risk would be prudent, which [More]

From : Communities>>Regulatory Open Forum
Hi everyone, I just finished it, and it is a really simple task! Go ahead! Thanks Anna --------------------------------- Anna Alonzi MD Sr. Regulatory Associate Newtown PA United States ---------------------------------

From : Communities>>Regulatory Open Forum
Dear Lee & Spyros, Many thanks for your invaluable advice - really appreciate your time in considering and providing deep insight. Kind regards, Roy Jamieson (BPharm Hons) Regulatory CMC Consultant

From : Communities>>Regulatory Open Forum
Hi All, Always appreciate and respect the great advice that comes through this forum: The scope of my question is CE Mark of a Class IIa medical device system under the MDD (and then eventually MDR): We have Class I devices which will be CE Marked through self-certification. These devices can be used with other CE marked products (not owned by us). One of which is not CE Marked as a medical device (conformity to machinery and low voltage directives). In terms of what we consider this vendor, what [More]

From : Communities>>Regulatory Open Forum
Thank you all for participating in our Tagging Project! We're glad to hear you enjoyed it. All volunteers were entered into a drawing for a $50 Amazon gift card. See a video of the drawing attached.  I'm happy to announce that the winner is ...  @Jonathan Amaya-Hodges ! Thanks again to all who participated. If you're interested in more volunteer opportunities, see our full list here .​​ ------------------------------ Danielle Fezell Manager, Chapter & Volunteer Relations, RAPS Rockville MD United [More]

Files Attached Document
RE: Sort It Out by participating in the RAPS Tagging Project

From : Communities>>Regulatory Open Forum
Thank you RAPS, what a pleasant surprise! I appreciate the opportunity to contribute to the project! Now, if only Amazon had any toilet paper in stock... ------------------------------ Jonathan Amaya-Hodges Associate Director, Regulatory Affairs CMC Combination Products and Medical Devices Cambridge MA United States ------------------------------

From : Communities>>Regulatory Open Forum
I disagree with Richard. I just had a conversation with the COVID-19 hotline (11:45 am, May 7) and asked about this issue after having read an update from the FDA that said UDIs for EUA devices are waived and GMPs are under limited enforcement. The person I spoke with said the update is correct and that UDIs are waived for EUA devices.  Feel free to contact me if you have any questions.  Bob Bard ------------------------------ Robert Bard JD, RAC [Managing Director] South Lyon MI United States - [More]

From : Communities>>Regulatory Open Forum
Bob, I stand corrected; if you confirmed with FDA that is good.  From what I was reading and seeing (I must have missed that update) there was nothing addressing UDI or no UDI.for EUA products.  (Personally I am a bit surprised at this since the whole concept of UDI is traceability and they waive this for emergency use products - when there is an issue this is where UDI becomes so important.  Shrugs.) ------------------------------ Richard Vincins RAC Vice President Global Regulatory Affairs --- [More]

From : Communities>>Regulatory Open Forum
Hello Richard, Yesterday, I received a follow up from the Hotline (CDRH-EUA-Templates ) to my query. I was reminded that the waiver to good manufacturing practice and labeling requirements were included in the individual authorization letter. The person responding to my question concerning the UDI requirement provided the following: UDI is not specifically noted; however we are not enforcing UDI during the emergency. The specific authorization letter I was reviewing was for [More]

From : Communities>>Regulatory Open Forum
This message was posted by a user wishing to remain anonymous For device-lead drug combination products, is there any difference in the quality (grade) of API used compared to a pure drug product? The cGMP guidance for combination products does not seem to specify, and since drug claims cannot be made on device-lead drug combination products, it was not clear what quality of drug is required. Thank you!

From : Communities>>Regulatory Open Forum
​I doubt FDA would have any willingness to change the requirements or expectations for a drug product based on whether it is in a strictly drug product versus in a combination product.  The fact also that there is not a published allowance for this is further evidence that FDA expects that the drug will meet the requirements as expected for drug products without providing any allowed changes or classes of changes.  Remember, FDA expects that drug products meet specific requirements.  Things like [More]

By Laurie Meehan

“I can’t get the IWRS to assign a kit number.”

“My ECG reports take forever to come back from the Core Lab.”

“The eCRF won’t let me create a new subject.”

“This stupid machine is blinking an error code again.”

Sound familiar?  Sprinkle in some colorful adjectives and it probably does -- these problems are common enough at clinical research sites.  Equipment and systems have become increasingly technical and specialized, and study site staff has had to contend with more technology than ever before.  And because of the proliferation of niche vendors who provide the new tech, sites have had to deal with more vendors than ever before, too.  



And how are problems like these typically resolved?  Someone at the study site works his/her way through a list of maybe 20 or more vendor contact numbers, places a call, navigates a series of menu options, and hopefully gets directed to someone who can help.  And that assumes the site calls the right company; with tightly integrated systems, it’s not always obvious in which vendor’s system the problem lies.  This is frustrating for sites.  It takes time.  It costs money (since “vendor wrangling” is seldom sufficiently covered in the budget).  And it keeps study staff from doing what study staff does best – run the study, work with the study volunteers, and keep them safe.

So what’s the solution? 

Hint: It’s Not Training
Calm down.  Of course, adequate training on equipment and systems is important. But training doesn’t solve every problem.  Training doesn’t keep equipment from malfunctioning.  Training doesn’t ensure vendors deliver what and when they’ve promised.  Training can’t anticipate every situation nor address an unusual site circumstance.  And training doesn’t turn people into infallible little machines; we make mistakes.  And so, in all these cases, we’re back to site personnel interacting with perhaps scores of vendors, by phone or email, all over the world.

The Solution: a Single Point of Contact
Q: How do you help sites interact with dozens of vendors?
A:  You don’t.  You do it for them.  Establish a single point of contact within the Sponsor* organization for a site to call when vendor issues arise. 

Why is this a good idea when the expertise to resolve the issue lies with the vendor?  Why is this a good idea when the introduction of a middleman may result in some inefficiencies?

Excellent questions.  Here are our responses. 

• Better Vendor Oversight.  When sites filter their vendor issues through the Sponsor, the Sponsor can more easily track vendor performance.  Are there vendors that provide low-quality solutions, are repeatedly late, or difficult to deal with?  At best, these vendors are wasting time and money, and aren’t good for business (let alone site relations).  At worst, these vendors are jeopardizing subject safety or study data integrity, and require immediate Sponsor intervention.

• Better Site Oversight.  When sites filter their vendor issues through the Sponsor, the Sponsor can more easily track site performance.  Are there sites that routinely use equipment and computer systems incorrectly?  (Yes, now’s the time for that training.)  Are there high-performing sites that are able to work independently?  This information has always been important, but in an RBM paradigm, it’s essential.  Adaptive monitoring plans rely on on-going site performance measurements so Sponsors can adjust resources accordingly.  A reduction in monitoring visits means less opportunity to assess a site’s comfort level with study technology.  The corollary of “if it ain’t broke, don’t fix it” is “if you don’t know it’s broke, you can’t fix it.”

• Ability to Identify Pervasive Problems. After the third or fourth site reports the same problem, it’s clear that this is not an isolated occurrence.  Knowing that, the Sponsor can work with the vendor to resolve the problem before other sites experience the same troubles.

• Better Functioning Sites.  We have a saying: “The Site Comes First."™  In our experience, all things being equal, Sponsors that put their sites first -- make things as easy as possible for the study coordinators -- get the best results.  They also build the good relationships that keep the best sites coming back to work on future studies.

• Better Functioning Vendors.  The efficiencies for the vendor here are clear.  Who wouldn’t rather interact with a single point of contact than field individual calls from multiple study sites?  Plus, with far fewer players, miscommunicating both problem descriptions and problem solutions is less likely to occur.  The Sponsor contact and the vendor contacts will eventually settle into common terminology and build a history regarding past issues and resolutions.

What Do You Think?
We know that not everyone espouses this idea, and we recognize there are probably other effective processes out there.  Sponsors, how do you help your sites deal with multiple vendors?  Sites, do you have experiences and/or suggestions you can share?  (Be kind, anonymize!)  Leave a comment here, visit our website, or send us an email.




____________________
*When we use the term “Sponsors” in this post, we’re including CROs that take on Vendor Management responsibilities on behalf of Sponsors.

By Laurie Meehan

SOP revision. It falls somewhere between income tax prep and colonoscopy prep on the likability scale.  So why would you want to read about it?  Maybe you’re hoping someone’s figured out a way to make the process more efficient and less painful.  Maybe we have.

The SWAT Technique

Last month, we worked with a company to revise a set of SOPs using a technique we call SWAT.  (Any edgy appeal that name might have otherwise had will be immediately dulled by its acronym expansion: “SOP Working Analysis Team.”  It’s the best we could do.  Don’t judge.)

The goal of the SWAT technique is to revise the most documents in the least time, while preserving friendships, sobriety, and original hair color.  The heart of SWAT is an immersive, multi-day working session in which participants discuss SOP revisions and incorporate them in real time.  Careful planning, thorough preparation, and commitment from management and participants are keys to keeping the SWAT session productive.

It’s Not For Everyone

Up front, we need to say that SWAT won’t work for every organization.  While the size of the company may not be important, the size of the working team needs to be fairly small.  Also SWAT won’t work for every set of SOPs.  The documents need to be part of a natural grouping – a set of similar procedures – and not a random collection.

But in the right situations, SWAT works very well.  Last month, we conducted a 2-day SWAT session with a client’s QA department to revise a set of 10 auditing SOPs.  We’ve also successfully used the technique with ClinOps teams, for example, to revise sets of monitoring SOPs.

SWAT Planning and Preparation

The SWAT process begins with central planning.  A coordination team selects a logical grouping of SOPs to revise, and assembles a list of specific revisions to be made.  Where it’s not possible to provide specific revisions, instructions and guidelines are developed, such as “remove audit report distribution details” or “update to reflect new file safeguarding practices.”

Each SWAT participant is assigned an SOP from the revision set.  The participant doesn’t need to be the author of record, but must be knowledgeable enough to “represent” the SOP – to learn the document well and understand how it’s similar to the other SOPs in the revision set and in what ways it’s unique.  Based on this understanding, prior to the SWAT session, participants make applicable revisions to their individual documents using the information received from the coordination team.  Participants should also note questions and any open issues appropriate for SWAT discussion using inline comments. 

SWAT Session

The result of the SWAT session is a set of approval-ready SOPs.  The precise structure of the SWAT session to get you there depends on a variety of factors, such as how similar or dissimilar the SOPs are, the extent and complexity of the revisions, and whether subject matter expertise is concentrated or distributed among the group.  But all successful SWAT sessions we’ve conducted share these attributes:

• Duration of 2 to 3 days.  Just long enough to accomplish the aggressive goal, just short enough to keep everyone from diving out the window.
• Real-time revision.  The “SOP of the hour” is projected on a screen while participants sit in front of PCs and update their assigned SOPs accordingly.
• Rigorous facilitation. It’s natural for discussions about company procedures to morph into other topics, such as business strategy or staffing requirements.  Discussion *will* get off topic.  When it does, the facilitator must act quickly to table it.  You can maintain a list of tangent topics on a flip chart, schedule a meeting to discuss the most pressing items, ring a cowbell, blow an air horn, or drop a quarter in the “Diversion Jar” and move on, but keep those conversations out of your SWAT session.  Save the war stories for dinner.
• Commitment to the process.  Scheduling the session is one thing, but remaining dedicated to the session is an act of will. It’s so ridiculously easy for outside work to creep in.  Management and participants must be committed to carving out the time and keeping the barbarians at the gate.
• Of course: Plenty of caffeine and yummy treats.

If you’ve ever worked on SOPs, you know there’s a big difference between done and almost done.  To help ensure you emerge from the SWAT session with the former, time must be allotted for participants to format, polish, and conduct a quality review.  If it’s possible to scare up some on-site administrative support, that could help expedite the process.

SWAT Benefits

When you look on your team’s Outlook calendar and see 3 entire days blocked out, it can seem like an awful lot of time devoted to SOP revision.  But SWAT really doesn’t take any longer than the usual process, it’s just more obvious.  Does SWAT take significantly *less* time?  Mmmm, not sure, but SWAT brings with it other benefits.

SWAT produces a more consistent set of SOPs.  Since every document is compared to every other, it’s easy to notice and correct incidental differences.

SWAT is a cross-training opportunity.  Participants enter SWAT knowing their own SOP very well.  They leave knowing the whole SOP revision set very well.

SWAT gets it done.  Auditors, how many times have you cited facilities for failure to revise their SOPs within the specified window?  It’s not because there’s a willful disregard for SOP procedures.  It’s because, in the real world of work, revising SOPs is seldom prioritized highly enough to get on anyone’s schedule until the end of the revision window encroaches or – oops – has passed.  But schedule a SWAT and they will come. (And because the effort is so visible and so obviously resource-intensive, no one wants to be the one to drop the ball.  Participants come prepared and the resulting documents are the better for it.)

SWAT is a lot more fun.  Revising SOPs on your own is really boring.  Revising them in immersive sessions with colleagues is significantly more enjoyable.  Gallows humor reigns supreme.  Copious amounts of chocolate are consumed.  Air horns are blown in celebration.  Friendships, sobriety, and hair color remain intact.  Participants live to write another day.



_______________________________________________________________________
Photo Credit:  Tenaciousme CoffeeArt, under Creative Commons License

As a sponsor or CRO, you understand the importance of a thorough site selection process. A site needs to be able to meet enrollment targets and time frames, protect the rights and safety of study participants, execute the protocol, deliver quality data, and maintain GCP compliance. That’s what your site feasibility surveys and pre-study visits are designed to evaluate. And as you’re assessing a site’s abilities, the site is conducting its own feasibility process. They’re mining their patient database and assessing inclusion/exclusion criteria. They’re reviewing staff credentials and ensuring they have adequate resources to manage the number of subject visits and collect the data the protocol requires.

But when we conduct GCP audits, we find there’s one perspective that is sometimes overlooked by both sides: the needs of the study drug itself.




Study Drug Attributes Affecting Site Selection Process

IP Environment.  Aside from needing sufficient storage space, many drugs have special storage requirements. Does the site have the equipment and resources needed to maintain and adequately monitor and record environmental conditions such as temperature or humidity? Do they have agreements with their vendors that guarantee a specific response time for repairing or replacing faulty equipment? If they lose electricity, do they have back up power, or at least provisions to move the IP off-site? (This is a common auditor question in hurricane-prone areas.)


Preparation of Study Drug.  Does your investigational product need to be reconstituted in a liquid? Do doses need to be compounded in different concentrations? Does the protocol require that an IV solution be prepared, filtered, and sterilized? These activities take time, specially trained personnel, and sometimes specialized equipment such as ventilation hoods. If your protocol demands an involved IP prep, your feasibility survey must include questions that allow you to assess these site capabilities and your pre-study visit should definitely include some time in the pharmacy. 

Drug Administration. Handing over a bottle of capsules to a study participant is one thing; inserting a butterfly catheter into an antecubital vein is something else again. If drug administration is very invasive, you’ll want to verify that the site has taken this into account when providing you enrollment projections. During subject visits, staff members may have to calculate doses, give intramuscular injections, perform infusions, or conduct sterilization procedures. You’ll want to verify that site staff has this expertise if required. Some clinical trials require a blinded dispenser who cannot be involved in any other study procedure or activities. If so, does the site have the resources for this?

Site Selection: it’s not just the PI, it’s the IP too
The study success and patient safety are jeopardized when a site can’t meet its enrollment target or doesn’t have the resources to execute the protocol. IP requirements can affect a site’s ability to do both. It’s critical that your site selection process – both your feasibility questionnaire and your pre-study visit – evaluate how well the site can meet the storage, preparation, and administration requirements of the study drug.

__________________________________________________________________________
A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

Photo Credit: By Harmid (Own work) [Public domain], via Wikimedia Commons

Q: If Notes to File can be regulatory red flags, should we quit using them?
A: No, and here's why...

Regulatory inspections are often conducted long after the conclusion of the study. When an FDA investigator asks you a question about an anomaly five years after it’s happened, will anyone recall the circumstances well enough to satisfy the regulator’s concerns? You’ll be doing yourself a huge favor if you write NTFs that answer the questions regulators might one day be asking you.



NTFs can be used to effectively explain an irregularity, locate a document, or note a change in procedures. While there are no regulations or guidances that govern NTFs per se, ICH E6(R2) 2.10 states “All clinical trial information should be recorded, handled, and stored in a way that allows its accurate reporting, interpretation and verification.” A well-written NTF will not only describe an event, but will document who made the notation and when, why the problem occurred, what was done to fix it, and what changes were made to keep it from happening in the future. That’s a lot, so it’s a good idea to develop an NTF template to remind authors to include these elements.

Example of a poorly written NTF:
Informed Consent for study BH-90210 was revised by the IRB 01/7/2017. Subject 867-5309 was not re-consented at her next study visit, as per IRB instructions.

This NTF does nothing more than document the deficiency.

Improved NTF:
Informed Consent for study BH-90210 was revised by the IRB 01/07/2017 to include lab procedures on Visit 5. IRB instructions required a re-consent for all enrolled subjects at next study visit. Subject 867-5309 was not re-consented at her next (2nd) study visit, but was re-consented at her 3rd visit.

This version of the NTF gives us a little more context and lets us know that the subject was re-consented before the new lab procedures were performed. The oversight was corrected in time to preserve Jenny’s* rights, but we still don’t know why it happened; there’s not enough information to satisfy a regulator that failure to re-consent was not a pervasive problem. What were the site’s re-consenting procedures at the time of this study? Were they being followed? Who do we ask?


Complete NTF Using Template



Since the subject was consented before the additional lab procedures were performed, there was no violation of informed consent regulations. This was an oversight with no ill-effects, not a significant break with procedures. Discussing it at the departmental meeting is an appropriate, proportional response. (Note that if the subject had not been re-consented before the new lab procedures were performed, the site would have been in violation of consent regulations and an NTF would not have been sufficient. Both the IRB and the sponsor would have needed to be informed of the failure to consent.)

A poorly written NTF – one that doesn’t provide enough information, one that identifies a problem but no solution, one that is inadequately standing in for proper record keeping – won’t satisfy a regulator’s concerns. These are the sorts of NTFs that can actually do more harm than good. A well-written NTF, on the other hand, is something your future self will thank you for.

In case you missed it, our last post was about how GMP activities affect GCP study procedures.
___________________________________________________________________

* If you know why Subject 867-5309 goes by “Jenny," one of your friends wore a pink tux with shoulder pads to prom.

A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

You know you need a computer systems audit, but that’s literally the extent of what you know.
Has this ever been you?

Yes, you use computers on a daily basis, and you may even use the system that needs to be audited. But you don’t spend your day thinking about where all the system components are located, how services and software are combined, and what Part 11 requirements apply. Terms like “cloud computing” make you feel slightly queasy. You’d rather get a root canal than discuss “distributed processing.” Your expertise is in manufacturing. Or clinical research. Or non-clinical lab operations. And somehow it’s your job to make sure an effective and properly-sized system audit is conducted. Great.



Yet your Quality Assurance colleagues -- whether they’re from your internal QA department or an external compliance company -- need your input. They need to understand what software is being purchased, what services are being contracted, how and where components of the system are being implemented, and how the system will be used.

The good news is that the QA auditors can help you. They know that FDA favors a risk-based approach to validation and Part 11 implementation, and they even know what that means. They love to talk about configuration management and change procedures. They love gathering evidence that demonstrates your system works correctly and is in a state of control, and they know what rocks they should look under to find and fix vulnerabilities.

What follows are examples of the types of information you need to convey to QA – and that they should be asking you about – to properly size and scope an audit.

How do You Plan to Use the System?

Suppose you need to audit the supplier of a new Document Management System. The first thing an auditor would need to understand is how you plan to use the system. How mission critical are the documents you’re looking to store?  Are they covered under regulatory scope?  Maybe you plan to use the system as a collaboration environment for developing new SOPs. That would require a relatively low level of scrutiny, especially if you only plan to print out the finalized documents for wet ink signature. (As a point of comparison, if you plan to use the system to finalize SOP approval, the auditor would need to check that Part 11 requirements for electronic signatures are properly implemented.) What if the Document Management System will be housing critical GxP documents, such as Trial Master Files, Master Schedule Sheets, or Master Batch Records? In these cases, the validation would have to be far more thorough, and Part 11 electronic record features, such as audit trails and archiving functionality, would have to be implemented and verified.

Here’s another “use” example. Similar to the term “Document Management System,” the term “Analytics System” does not tell the whole story. From a business perspective, study start up (SSU) metrics may be vital for sponsors and CROs to collect and analyze. But since they have no regulatory impact, the FDA would not require an SSU analytics system to be validated. (That doesn’t necessarily mean you might not want to, though.) On the other hand, a system that performs statistical analysis on study data for regulatory submission is about as critical as it gets, and would require thorough validation and Part 11 implementation. Other analytics systems, such as dashboards that pull data from critical systems, might fall somewhere between these two extremes.

What is the Vendor Providing? And How? And Where?

If you need to audit a complex system, the questions QA will ask you will go beyond system use. The auditors will need to understand the combination of software and services the vendor is providing, and where the software and data reside.

• Does the software and data reside internally at your company or does the vendor provide a hosting service?
  If the vendor is hosting, the auditor needs to tour the facilities and review SOPs and records to evaluate physical security, staff training, environmental controls, backup procedures, disaster recovery plans, data retention, computer infrastructure, and change control.
  
  
• Does the hosting vendor own its own servers or does it, in turn, outsource that function to a 3rd party hosting company, (possibly even in the cloud)?
  If the hosting is outsourced, ideally an auditor would be able to visit the hosting site. Failing that, the auditor would ask questions about the vendor’s qualification processes and review SOPs that govern vendor selection/management procedures. If the vendor outsources other services beyond hosting, those services might need to be considered, as well.
  
  
• Is the vendor providing any other services?
  Many EDC vendors will provide study-specific services such as screen development and data entry validation edits. Auditors would need to review SOPs for providing these services and understand how the vendor tests and manages modifications to these components as the study proceeds.
  Sometimes computer systems vendors provide ancillary services, such as help desk functions and user account management. That would mean additional SOPs and training records for the auditor to look through.

Other Considerations

There are many. For example, where are you in the product life cycle? You ask different questions about a new system than you would about one that has been operating for a few years. Is the product Commercial off-the-shelf (COTS) or highly customized? COTS systems vendors often have their own validation package which auditors would review, and then ensure proper operation in the sponsor/CRO’s specific environment. A highly customized or custom-built system would require a more extensive validation process.


The Take Away

CSV/Part 11 audits will never be standardized, cookie cutter type activities; there are simply too many factors -- in too many combinations -- to consider. You want your QA efforts to be worth the money you spend and be able to answer the questions FDA says you need to be asking. If you’re unsure how to do that, that’s ok. Other people know, as long as you can help them understand how you plan to use the system, what software and services are being supplied, and how components of the system are being implemented.

In case you missed it, our previous post was Notes 2 Fix Your Notes 2 File.
_______________________________________________
Many thinks to Lisa Olson for sharing her insights with me.

Protocol trumps practice. This principle seems clear enough, but complying with it is not always as straight-forward as it sounds. Years of practicing medicine has reinforced the way a physician responds to medical situations. But do these responses run counter to the investigational plan? Can a site’s commitment to standard of care affect its ability to meet enrollment targets?


There’s a lot to consider.



What’s Your Standard of Care?
When deciding whether or not to conduct a particular study, a PI needs to verify that the protocol is aligned with practice norms. For example, an early phase trial might exclude a medication that is part of a practice’s routine therapy. Is the study placebo-controlled? Does it feature a specific comparator drug? Will it include a washout period? Any of these elements could present enrollment challenges or preclude a site from accepting a study at all. Responsible sites want to make thoughtful decisions about study suitability; they want to provide realistic enrollment estimates. Sponsors want this too, and can help sites do both these things by providing them a sufficient level of detail about protocol procedures as early as possible.


The Road to Deviations is Often Paved with Good Intentions
Therapeutic misconception – a well-documented phenomenon in clinical research – occurs when a study participant “fails to appreciate the distinction between the imperatives of clinical research and of ordinary treatment.”* Study participants are not alone in this. Researchers blur the distinction themselves when they conduct procedures that are consistent with clinical care but deviate from the protocol. This may be particularly true for PIs who recruit participants from their own practices. An endocrinologist might ordinarily reduce dosage for a particularly diminutive patient. A pulmonologist would often skip a scheduled chest x-ray she felt wasn’t needed to avoid exposing her patient to unnecessary radiation. An orthopedic surgeon may decide his patient needs more recovery time than usual before attempting her first walk. In a clinical care setting, these decisions are sound, made in an individual patient’s best interest. In a clinical trial, if they differ from the investigational plan and haven’t been approved by the Sponsor, they’re protocol deviations.**

It May be Par for the Course, But It's Still an AE
Specialists who have experience treating particular conditions are also familiar with the complications that ordinarily accompany them. A nephrologist, for instance, knows that a patient with end-stage renal disease frequently experiences bloat from a buildup of fluid between dialysis sessions. Though useful for a doctor treating patients, this knowledge can actually work against a doctor running a trial. How? A PI may fail to report a stomach ache as an AE because it’s so typical, so expected. “Bloat is common for renal patients. If I recorded every GI incident, I’d be recording AEs all day.” At its surface, this PI’s argument sounds reasonable, but what if the study drug itself is contributing to the participant’s discomfort? In order to assess the drug’s gastrointestinal effect, the PI must document the frequency and severity of all GI events.

Lab values that are either above or below normal range are also prime candidates for AE underreporting. “Of course the participant’s liver enzyme is high – we’re testing a cholesterol drug.”

The Importance of Study Oversight
Any GCP course worth its registration fee will discuss the distinction between standard of care and the study protocol. In practice, the distinction is not always as obvious as training sessions might suggest. This is where well-trained CRAs come in. As site monitors, CRAs are in a position to catch deviations that result from lapses into standard of care. Reading through progress notes, a monitor can ensure that any untoward medical event has been reported as an Adverse Event. They can verify that procedures conducted by the PI and site staff are compliant with the protocol. Then, by reviewing which types of data must be collected and emphasizing the importance of following certain protocol procedures, monitors can take the opportunity to re-educate study personnel and help them avoid these common pitfalls.

_______________________________________________________________________
* Lidz CW, Appelbaum PS (2002) The therapeutic misconception: problems and solutions. Med Care 40: V55-V63.

**Andrew Snyder of the HealthEast Care System wrote a thoughtful piece describing the compatibilities that do exist between clinical care and clinical research. His arguments provide a useful counterpoint to the issues we’re raising here. https://firstclinical.com/journal/2017/1707_Research_vs_Care.pdf

A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

When I was a teenager, my grandfather would invite my new boyfriends to run short, pointless errands with him, just so he could watch them drive. He said he could tell a lot about a boy’s character simply by observing his actions behind the wheel. Did he stay under the speed limit? Did he use his signal when he was switching lanes? Did he slow down when children were playing near the road? If so, it was a good sign that the boy was generally a careful and attentive fellow. If not, it was an early indication of reckless tendencies, and I would do well to be on my guard.

What does this have to do with PI oversight?



As Sponsors and CROs, you’re sometimes forced to make site selection decisions based on a limited set of criteria that you deem to be – hope to be – reflective of the site as a whole. In a short space of time, you need to assess a PI’s commitment to study oversight. On what should your pre-study “test drive” focus to help you gauge the level of care and attention a prospective PI will devote to your study?

We have some suggestions.


Assessing Attention to Detail
Any GCP-compliant site can produce a set of current CVs, job descriptions, and training records; they’re essential documents. But the most attentive sites are able to show you more than a collection of records during your pre-study visit with them. These sites keep a complete, organized set of uniform records and can describe their tight system for maintaining it. All documents for each staff member are found in dedicated tabs inside a records binder, or are equally well-organized in an electronic records system. All CVs are in a standard format so Sponsors can easily compare qualifications across individuals. Every document is current; CVs are up to date, and there’s a system in place to track which medical licenses are expiring when. Training records are comprehensive and include training on GCP regulations, site SOPs, and EMRs.

This is not sexy stuff. That’s why it’s a good indicator of PI oversight.  A site that is disciplined enough to keep such tight control over its personnel records is likely to carry that control into all aspects of trial execution.

Assessing Commitment to Protocol Compliance
During site initiation visits, Sponsor/CRO staff is on site to conduct protocol training; all study sites start off the same in this respect. But protocol amendments are inevitable, and sometimes – though nobody’s happy about it – frequent. You need assurances that a site’s response to each amendment will be swift, well-coordinated, and deliberate. Ask the prospective PI, “What procedures does your site follow for managing protocol amendments?”

The A answer:
“When a protocol amendment arrives, we convene a special team meeting to review the changes and discuss their effects. For example, if additional safety tests are required, the team discusses who shall be delegated to perform them? Do we have adequate time scheduled into the visit for any additional procedures the amendment requires? How will I be demonstrating oversight of any new test results? Once we’ve asked and answered these kinds of questions, we document attendance at the meeting, record assignments of delegated duties, and publish meeting minutes.”

The F answer:
“I email the amendment out to my team. I assume they’re all adults and know how to read.” (#TrueStory)

Just Ask
After reviewing essential documents and protocol amendment procedures, you should ask about other PI oversight mechanisms the site has in place. A good prospective site might tell you the PI holds biweekly meetings to review the items raised during monitoring visits. A PI may block out time at regular intervals to review adverse events and other study documents, and sign off on labs. A PI who values staff excellence may actively encourage and support Study Coordinator certification; some may even require it after an initial period of employment. In the past, we’ve worked with sites that have established internal Quality Control procedures, some maintain CAPA programs, and others conduct mock inspections.

There’s a wide variety of responses that can give you confidence a prospective PI is committed to running your study in a constant state of control. Whatever oversight measures are discussed, remember to ask how they will be documented, so during the study you’ll be able to verify that each activity is being consistently carried out.

Epilogue
After running an errand with a boy I met at college, my grandfather happily reported back to me, “He didn’t roll through a single stop sign coming down Green Hill Road. He’s all right, that one.”

My grandfather, a retired police detective for the city of Pittsburgh, knew how to read a person. That boy and I celebrated our 30th anniversary last month.

I was a child bride.

If you found this article helpful, you might also like:
Anticipating Tensions Between Clinical Care and Study Protocol
Avoiding Protocol Deviations

Sites frequently want to know how they can stand out to Sponsors and CROs to win more studies.
Our advice: Implement internal QC procedures.

Sponsors and CROs we work with consider a tight quality control program to be evidence that a site can be counted on to produce reliable data. It shows that managing quality at your site is a continual process, and doesn’t wait for monitors to arrive. In a risk-based monitoring environment, this is an increasingly compelling attribute.

Where to Start: The Usual Suspects
It makes sense for you to focus your QC efforts on those areas where you’ve historically had the most problems. If the phrase “trend analysis” makes you want to jump through a window -- it's okay -- you can climb back inside. You don't have to do a trend analysis. We've identified 3 areas in which audit findings are common and how you can avoid them.



Adverse Events (AEs) and Concomitant Medications (ConMeds). Often two sides of the same coin, AE and ConMed documentation needs to tell a consistent story. If source documents indicate a study participant had a sinus infection, it must be documented on an AE page, and any associated medications documented on the ConMeds page. A medication noted on the AE page must have a corresponding notation on the ConMed page. And all start and end dates must match across the source, AE, and ConMeds pages.

Drug Accountability Records. Calculating compliance percentages and counting pills are positively uninteresting tasks, easy to mess up, and involve math (which for some people triggers terrifying flashbacks of word problems about trains leaving stations). Is it any wonder that drug accountability records are frequent sources of error? Do some spot-checking: verify that the number of returned tablets matches the tallies recorded for them and recheck compliance calculations.

Essential Documents. Maintaining a complete, organized, uniform set of essential documents is an important, yet decidedly unsexy task. That’s why it’s a good indicator of your commitment to quality; a site that is disciplined enough to keep tight control over its essential documents is likely to carry that control into all aspects of trial execution. Make sure to file all documents associated with protocol amendments, such as IRB approvals and revised informed consent forms -- our auditors find these are the items most frequently missing from the essential document set. 

Write It All Down
Document your QC procedures in an SOP. It will serve as training material for site staff and a repository for worksheets and checklists.

There’s no magic organization for this QC SOP. A general set of instructions could outline how reviewers can verify that all documents follow ALCOA principles. For example, on (paper) source documents, are all pages and required signatures present? Are entries legible? Are corrections initialed, dated, and explained? Does the data make sense and lie within expected ranges? Have all data elements been populated? (Tip: turn the paper upside down to catch missing data.)

Checklists that are focused on particular types of documents should be as specific as possible. For example, QC reviews of source documents for screening visits would verify that the correct informed consent form was used, administration of consent was documented, medical release forms were sent if required, demographics were correct, all labs were received, reviewed and signed, all protocol assessments were completed, and all inclusion/exclusion criteria were met and documented.

A Virtuous Cycle
While designed to control quality, performing QC over time may actually improve quality. Results of QC reviews often suggest revisions you should make to your tools and operations to reduce error in the future.

Okay, you can climb back through the window again -- no one said CAPA. (But wouldn't that be impressive?)


Showcasing Site QC Processes
Does implementing a QC program require resources and time? Yes, and that’s the point. It’s evidence to Sponsors and CROs of your commitment to running a quality study. Not only that, but it demonstrates a proper respect for your study participants by ensuring their data can be used.

Oh, and make sure you highlight your QC program on feasibility questionnaires. It’s something to brag about.

________________________________________________________________________
A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites

We may call them “site inspections”, but it’s not the site that’s being inspected when a regulator visits; it’s the Principal Investigator. Though a PI typically delegates study tasks to other staff members, he or she remains solely responsible for the conduct of the study. In fact, the ICH E6(R2) addendum adds two new sections to the international guidance that emphasize PI supervision.

That’s what makes the Delegation of Authority (DoA) log so important and why regulatory inspectors care about it so much. A DoA log serves as evidence that a PI has assigned study tasks only to those staff members with the education, training, and experience to carry them out. If delegates are unqualified to perform their tasks, subject safety could be at risk and it’s highly likely that the study data would be unusable.



Monitors – you can really make a big contribution here. At the outset of the study, you can verify that your PI has made appropriate delegations and the DoA log is complete. You can cross-match the log with training records, CVs, licenses, and source documents and correct any problems as early in the study as possible. Then, throughout the study, you can verify that the DoA log is being maintained.

Coverage
Without referencing any other site document, monitors can spot two types of DoA log omissions.

(1) Missing Assignments. Are there study tasks to which no one has been delegated? The tasks in a DoA log are often represented by a short code to conserve space. A legend at the end of the log translates the code into its corresponding task. Monitors can compare the legend to the DoA log entries to see if any tasks are omitted.


(2) Gap in Assignments. Due to staff turnover, reassignment, leaves of absence, etc., delegation for a task frequently does not last the duration of the entire study. A column in the DoA log indicates the delegation start and stop date.  Monitors can check to make sure that when the delegation for a task ends for one staff member, it is picked up by another.

Qualifications
Once you’re satisfied the DoA log completely covers all tasks for the duration of the study, you can check to make sure delegates have the necessary qualifications. You’ll want to compare the log with training records, CVs, and medical licenses from the regulatory binder.

• Has the staffer charged with recording vital signs during a subject visit been formally trained to take blood pressure? Is it documented?
• Did an incoming pharmacist receive protocol training prior to the start date of his study assignments?
• Does state law allow a registered nurse to dispense investigational product, or is a nurse practitioner or physician’s assistant required? Does the protocol require only an M.D. conduct certain procedures? Does the DoA log show the requirement is being followed?

Study Procedures
Even after the focus of the monitoring visit moves past the DoA log itself, you should revisit the log during source document review.

• Have any study tasks been conducted by staff members who have not received official delegation to do so?
• Perhaps the protocol requires a blinded IP dispenser. If so, has the delegated dispenser conducted any other study procedure?

PI Oversight
The PI is responsible for ensuring subject safety, compliance with the regs and the protocol, and control of the investigational product. That obligation cannot be delegated away. PI oversight is critical to a successful study, and the DoA log is where PI oversight starts.

Procedures that are performed by unqualified or ineligible personnel put both study participants and study data at risk. These are the very things regulatory inspectors work to guard against. Good monitors know it and make verifying the DoA log a priority.

__________________
A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

True or False:

(1) eSource in clinical trials means eliminating the possibility for transcription errors.

(2) Data collected in Electronic Data Capture (EDC) systems is eSource.

Strictly speaking, both statements are false. If that surprises you, it’s probably because many casual uses of the term “eSource” actually differ from the formal definition laid out by FDA. If the participants in any discussion share the same interpretation of “eSource”, or if it’s clear from context how “eSource” is being used, then no harm, no foul. (Contemporary translation: “Meh.”) BUT…and you know where we’re going with this…when a term can be interpreted in multiple ways, there’s always a possibility for miscommunication and cross talk.



FDA Guidance on eSource in Clinical Investigations
FDA defines eSource as *any* data initially recorded in electronic format. That’s a broad definition, one that includes:
     a) equipment-generated data, such as digital imaging and labs
     b) electronic Patient Reported Outcome (ePRO) transmissions
     c) data streams from mobile health devices, such as Apple ResearchKit
     d) data entered directly into an EDC, known as Direct-Data-Entry (DDE) solutions
     e) data entered into an Electronic Health Record (EHR) or electronic Medical Record (EMR) system


Discussion of Direct-Data-Entry (DDE)
DDE systems allow research staff members to use portable devices to enter study data directly into an EDC system. DDEs have been garnering a lot of industry attention of late, and a number of companies offer solutions that offer a DDE data flow. As independent 3rd party auditors, we don’t want to play favorites by mentioning specific systems as examples, but if your company sells or uses a DDE system that you want to highlight, feel free to add a comment below to give it a shout out.

Discussion of EMR/EDC Integration
Not long after finalizing its e-Source guidance, FDA hosted a webinar that encouraged companies to explore direct EMR/EDC integration. While a few industry players have taken up the effort, movement has been slow. One difficulty: generally EMRs are built with healthcare in mind, not clinical research. Secondly, with so many EMR and EDC vendors, ensuring that EMR data from one system is mapped to appropriate EDC fields in another system relies heavily on data standards that are still being defined and need to be implemented on both sides. 

Source Data Verification (SDV)
If data is transmitted directly from the source system to an Electronic Data Collection (EDC) system, SDV is not required, since the source data isn’t being transcribed manually. (Note: other types of Source Data Review (SDR) activities are still necessary, even if SDV isn’t. SDR must be conducted to verify ALCOA-C data principles such as attribution, originality, accuracy, completeness, etc.) Direct transmission from source system to EDC system is the typical pathway for items (a) – (d) above, and so SDV is not required for these types of eSource.


Common Confusions
SDV. Unless there is EMR/EDC integration – Item (e) above – source data from an EMR system needs to be manually transcribed. This is what makes T/F question #1 false. Just because source data originates in an EMR, it does *not* suggest SDV checks are superfluous. You could argue, as many have, that SDV is not a high-value activity and uncovers only a small percent of data error. That argument may well influence how much SDV is conducted, but whenever data is transcribed from original source into an EDC system, SDV is a relevant discussion.

EDC Data. It’s not unusual for someone to refer to data stored in EDCs as eSource. Data stored in EDCs are electronic, and may be source, but only if the EDC is the first place the data is recorded. This is what makes T/F question #2 false.

In Summary
If you’re ever in a discussion about eSource and things start going sideways, it may be time to haul out the formal definition of eSource -- in all its tedious detail -- to make sure everyone is using the term the same way. 

_____________________________________________________

Image Credit: Paradox by Brett Jordan

In an effort to tease out the priorities of a clinical study site audit, I asked six of our most experienced GCP auditors the following question:

If you only had one hour to conduct a study site audit,
what would you look at?
[Obligatory warnings:  Do not try this at home. This is just a simulation. Caveat lectorem. Dinosaurs in the mirror are bigger than they appear. Et cetera.]

Of course it’s not possible to conduct any kind of meaningful audit in so short a time, but it’s an interesting thought exercise because it gets to the heart of study site risk.
In order to respond to this question, the auditors needed to ask themselves:

(1) What are the greatest site risks to a study?
(2) Where can evidence be found that those risks are being managed?

Answering the first question is pretty easy. The very first paragraph of ICH E6(R2) tells us “Compliance with this standard provides public assurance that the rights, safety and well-being of trial subjects are protected…and that the clinical trial data are credible.” So there it is: the reason GCP exists. When we conduct clinical research, our highest priorities are human subject protection and data integrity. It follows, then, that jeopardizing these obligations is our greatest risk.

So with only an hour to evaluate whether a study site is managing these risks, we can move on to the second question. What would our audit (now referred to as “hour audit”) look like?

IRB Approvals

Hour Auditor has decided to spend the first twenty minutes at the site reviewing IRB approvals. Are all of the IRB approval letters in the Investigator Site Files (ISF)? Is the protocol that’s being executed the same version that the IRB approved? Have the protocol amendments and all of the associated Informed Consent Forms (ICFs) also been approved?

Missing approval letters aren’t necessarily the end of the world. It’s quite possible that the required approvals are sitting on the sponsor portal, having been received from a central IRB. Their absence from the ISF could just be a clerical error. However, it’s a first-order finding if the site was responsible for getting approval from its local IRB and failed to do so. The IRB would have to be notified. The FDA would have to be notified. Without review and approval from an ethics body, the safety of study participants is jeopardized and their rights violated. Everything stops.


Informed Consent

With forty minutes left to go, Hour Auditor spends the next twenty minutes reviewing participants’ ICFs. The selection of these participants may be random or targeted, depending on the results of the IRB approval review. Has each participant signed every applicable version of the ICF? Were they signed before any associated study procedures were conducted? If not, was the delay noted in the subject notes? How was the situation remedied? Was there a CAPA to ensure that any other incidents were corrected and future occurrences prevented? Was the IRB informed?


Inclusion/Exclusion Criteria

Now down to the final twenty minutes, Hour Auditor asks to see the Inclusion/Exclusion (I/E) criteria for two screened and enrolled participants. Most likely, the particulars of the study -- the vulnerability of the patient population, the therapeutic area, and the protocol complexity, among other things -- would drive the selection.

We’re running out of time, and this could be our final stop. With so much else to look at, including source data, IP accountability, staff qualification and training, and Adverse Events reporting, why focus on I/E criteria? Because they give us a glimpse of many aspects of study conduct all at once. When a site can assess complex I/E criteria correctly, it demonstrates protocol compliance and a commitment to producing reliable study data. Examining I/E criteria also gives Hour Auditor a chance to assess source data quality and provides further assurance of subject safety.

Best Laid Plans
As with any audit, particular findings at any step could (and should) alter the plans for this one-hour visit. If the ICF review left Hour Auditor concerned about fundamental flaws in the IC process, the rest of the audit might be spent trying to determine the extent of the problem. An incidental discussion could raise red flags about staff proficiency that may have Hour Auditor poring through protocol training records or scrutinizing the Delegation of Authority log. (Plus, Hour Auditor really, really wants to take a peek at the IP accountability records, and so may find a reason to do so*.)

The point of this thought exercise was to consider (1) the obligations of the clinical research industry to protect subjects and produce reliable data, (2) where the biggest risks to that obligation lie, and (3) how site audits should be prioritized to ensure those obligations are being met and those risks are being managed.

_________________________________________________________________________

*The auditors involved in this discussion did their best to honor the absurdly artificial time constraint I gave them. That meant foregoing activities no self-respecting auditor could bear to forego. This paragraph recognizes some of those activities. (Thank you all. I know this hurt.)

A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

Alarm Clock Image via Good Free Photos

    WARNING LETTER

VIA UNITED PARCEL SERVICE
SIGNATURE REQUIRED

December 1, 2018

Mr. Kris Kringle, Owner
Santa’s Workshop, LLC
1225 Santa Clause Way
North Pole, Arctic Circle
 
Dear Mr. Kringle:

The U.S. FDA inspected your manufacturing facility, Santa’s Workshop, LLC at
1225 Santa Claus Way, North Pole Arctic Circle, from April 2 to April 20, 2018.

This warning letter summarizes significant violations of CGMP regulations for finished product. See 21 CFR, parts 210 and 211. During our inspection, our investigators observed specific violations including, but not limited to, the following.

CGMP Violations

1.    Your firm failed to ensure that each person engaged in the manufacture, processing, packing, or holding of product has the education, training, and experience, or any combination thereof, to enable that person to perform his or her assigned functions (21 CFR 211.25(a) and 211.28).

Many members of your Enterprise Labor Force (ELF) unit lacked sufficient prior experience for designing and assembling (b)(4). At the time of our inspection, no ELF members had received training on CGMPs, and most were unaware of their responsibilities in the areas of cleanliness and proper attire. Hands and faces were often coated with chocolate, and bells on hats and shoes prevented protective apparel from attaining a proper fit. More generally, factory staff demonstrated an undisciplined, almost gleeful disregard for quality procedures. On three separate occasions, at critical stages of the manufacturing process, floor workers erupted into spontaneous song and dance.



Your written response of May 18, 2018 is inadequate because it does not address these training and experience deficiencies. While endearing, the ability to “sit on a shelf” or “live in a hollow tree” does not constitute acceptable manufacturing experience. Candy coating does not qualify as protective covering. And sticking one’s hands in a nearby snowdrift is not a recognized sanitation procedure. “Pure as the driven snow” is not a thing. Especially with all those reindeer knocking about.

2.    Your firm failed to maintain a system by which the distribution of each lot of product can be readily determined to facilitate its recall if necessary (21 CFR 211.150(b)).

Product distribution records were incomplete and, in the event of a recall, would be insufficient to identify all product recipients.

Your written response of May 18, 2018 is inadequate. Santa’s Own Procedures (SOPs) are insufficient to capture the information required to conduct a thorough recall.  Mr. Kringle may well know which customers are naughty and which are nice -- who’s good, who’s bad, who’s sleeping, and who’s awake, but this information is not written down and, in the opinion of our investigators, would be of limited value if it were.

3.    Your firm failed to store product at an appropriate temperature to ensure the identity, strength, quality, and purity of the products are not affected (21 CFR 211.142(b)).

Entire sections of the facility lacked effective air conditioning, resulting in destruction of all (b)(4) warehoused in two large storage rooms. A third inadequately cooled room was not in use, and except for some miscellaneous items – a couple hunks of coal, a corncob pipe, and a large, oddly sad puddle of water – the room was all but empty.

Your written response of May 18, 2108 was inadequate. FDA isn’t really sure what to do with “that old silk hat we found” in your response package.

4.    Products failing to meet established standards or specifications and any other relevant quality control criteria shall be rejected. Reprocessing may be performed (21 CFR 211.165(f)).

While not strictly a violation of 21 CFR 211.165(f), the rejection and quarantining procedures your firm follows for products that fail to meet established criteria is concerning. While it’s appropriate to reject a (b)(4) that swims, a (b)(4) with square wheels, a (b)(4) that shoots jelly, and a (b)(4) that rides an ostrich, exile to a remote island ruled by a flying lion is, in a word, extreme. Your firm also rejected and exiled a (b)(4)-in-a-box for what was almost certainly an easily remediated labeling problem; reprocessing would have been a more appropriate course of action. Also, we just have to know. Seriously. WHAT WAS WRONG WITH THE DOLLY???

5.    Your firm failed to establish adequate acceptance criteria for sampling and testing necessary to assure that batches of product meet appropriate specifications as a condition of their approval and release (21 CFR 211.165(d)).

Sampling procedures consisted of pulling each finished batch of (b)(4) out of a hot oven, taking a few nibbles, and declaring it “Jingle-icious.” Testers would frequently adulterate samples by submersing and saturating them with milk. These procedures are totally without scientific rigor. Furthermore, sampling was not restricted to members of the Quality Control Unit, but was extended to the entire plant floor. At times, sampling frequency was so high that there was very little, if any, of (b)(4) left to distribute. (On a personal note, our investigators would like to express their appreciation for the opportunity to participate in the testing activity. All the batches they sampled exceeded the strictest statistical quality control criteria, excepting the fruitcake, which could have benefited from additional stability testing and an earlier expiry date.)

Conclusion

Violations in this letter are not intended as an all-inclusive list. Typically the manufacturer is responsible for investigating violations, determining their root causes, and preventing their recurrence. However, in this case we’re going to make an exception. Though your methods and procedures are unconventional and frequently out of compliance with regulations, they are not wholly without merit. Our investigators have never experienced such a high level of workplace morale -- some calling it “downright merry” – and believe it warrants further observation. Investigators have suggested a series of mutually consultative visits to your workshop. Music, dance, batch samples, reindeer games, and the occasional adulterated eggnog are highly encouraged.

Sincerely,
/S/
Holly Bush
Division Director/OPQO Division I
North Pole District Office

Q: Do study site personnel need to be able to answer questions about sponsor-provided computer systems during an inspection?

A: Yes, and there’s a simple thing that sponsors and CROs can do to prepare their sites.

This excerpt was lifted from an online, interactive course entitled “Developing a Part 11 Compliance Plan in Clinical Research.” While the course mainly targeted sponsors and CROs, who have the heaviest regulatory burden in this area, sites also have Part 11 and validation concerns, as demonstrated by this question.

Presenter Lisa Olson, a CSV/Part 11 expert with Polaris Compliance Consultants, briefly described her recommendation, which is both simple and effective. (And since that is total catnip to a compliance blogger, I interviewed her after her presentation to develop the following piece.)

So here it is. Here’s what she said...

Clinical research sites rely heavily on technology to store and manage study data, so regulators are focusing on computer systems and electronic data more than ever before. Many of the systems – such as Electronic Data Collection (EDCs), Interactive Response Technology (IRTs), and e-diaries – are selected and largely controlled by sponsors, CROs, and/or third-party vendors. That doesn’t mean, however, that site staff won’t be expected to answer questions about these systems during a regulatory inspection. Quite the contrary: site personnel are responsible for the integrity of the data these systems house. They need to be able to demonstrate the knowledge required to meet their regulatory obligations.

No one is expecting site staff to be computer specialists; the expertise on these systems resides within the sponsor/CRO/vendor organizations. But the better a site can satisfy a basic, frontline inquiry into the systems it uses, the less likely it is that an inspector will pursue additional lines of questions.

So how can sponsors and CROs help?

They can provide a set of short summaries (one page per system) that answer the questions regulators are likely to ask site staff members. Filed in the Investigator Site File (ISF), ready for use, these summaries will be valuable resources.


The Basics

First, sponsors/CROs should supply identifying information: the name of the system, the vendor, the version of the system currently being used, and a few sentences that describe what the system does.
User Access and Control

To ensure both data integrity and compliance with Part 11 e-record/e-signature regulation, it’s essential that access to a system be controlled and data entry/updates be traceable to a specific person. To that end, the one-pager should describe how unique logins are assigned and how users are restricted to activities appropriate to their roles in the study. A monitor requires read-only access to an EDC system. A study coordinator needs to be able to enter and change EDC data. A Principal Investigator must be able to sign electronic Case Report Forms (CRFs). The role determines the access. Staff should also be able to briefly describe how an audit trail captures metadata that show what data were entered/altered, by whom, and when. (And someone, though not everyone, needs to be able to demonstrate how the audit trail can be used to piece together the “story of the data.” That, however, is too much to ask from our one-pager.)

Validation 101

It would be unusual for site personnel to have detailed knowledge of Computer System Validation (CSV) activities. Nevertheless, the one-pager could include a single line that confirms that the system was validated and by whom. A contact number could be included in case a regulator asks for more information or wants to see validation documents.

Where’s The Data?

Regulators will often ask where system data are stored. The answer to that question can be a simple sentence: The data are hosted by the EDC vendor at such-and-such location, or stored at the CRO, or sit on a local server within the site’s IT department.

Finally, the last line of our one-pager could be a simple statement prepared by the sponsor, CRO, or vendor, confirming that the data are protected wherever they are being stored. The data center is secure and environmentally controlled; the data are backed up to protect against loss; the system is accessed via the web through an encrypted channel -- whatever protections apply.

Conclusion

Regulators are increasingly focused on the integrity of study-related data, and that means added scrutiny of electronic systems and records. More inspections are being conducted mid-study so regulators can evaluate and ask about live systems in current operation. It’s very difficult for sites to field these questions without help from the organizations who make the decisions and have the expertise.

It’s okay to tell an inspector, “I don’t know.” (And it’s always preferable to admit that than to improvise an answer.) But say it too many times, and it casts doubt on a site’s ability to produce and maintain reliable study data. That’s in no one’s interest.

It shouldn’t be overly burdensome to develop a one-page summary sheet for each system so site personnel can address an inspector’s questions on the spot. The Investigator Meetings or Site Initiation Visits would be a good opportunity for sites to raise this point with their sponsors/CROs.

Lisa Olson will be giving an encore presentation of “Developing a Part 11 Compliance Plan in Clinical Research,” on March 24th. She describes all the elements that regulators and clients will be expecting, and since sponsors and CROs can’t implement everything all at once, Lisa prioritizes the activities necessary for developing your plan. You can register for the online course, sponsored by the Life Science Training Institute, here. Use the promotion code olson to receive a 10% discount.

Guest Blogger: Greg Weilersbacher
Founder & President, Eastlake Quality Consulting

All companies outsource. It’s a humbling fact that you simply can’t do it all yourself. This often has to do with resource allocation; your company may allocate dollars to build and sustain some activities in-house while choosing to contract higher-cost operations to qualified suppliers who already have the expertise and equipment. 

You may outsource the manufacturing of tablets, sterile injectable, or topical dosage form, or the GMP release and stability testing of your product. Once the production and testing is complete, the product may need to be stored under controlled temperature and humidity conditions and then distributed to locations around the globe. The Contract Development and Management Organizations (CDMOs) who execute these critical operations are of paramount importance to your company’s success. Choosing the right suppliers will also help to minimize stress-induced headaches throughout your organization. Here are the top five ways to get the most out of a supplier audit.



1.  Come to the Audit Prepared
This seems obvious. However, more often than not, quality auditors step into the supplier’s lobby without doing their homework. Ask yourself the following questions: Why am I auditing this supplier? Is this supplier new to my company or one that we have used before? If used previously, have I read over the audit observations as well as the supplier’s responses and do I understand them? Which audit observations do I suspect would be the most challenging for the supplier to address and which are most important to my company’s requirements for this product? Have I reviewed previously executed production batch records and testing data and are there issues that need to be resolved? Are their deviations and CAPAs to follow up on?

Your understanding the supplier’s work proposal is of great value in refining the scope of the audit. Ask yourself:  Which of our products may be manufactured and tested here and which strengths (e.g., potency) will be produced? Which equipment is likely to be used? For a tablet production, the equipment train could include balances, blenders, roller compactor, spray dryer, solvent-rated oven, comils, tablet press and tooling, gravity feeder, coating systems, de-duster, weight sorter, metal detector, tablet counter, etc. This list of equipment will assist you in requesting equipment records during the audit. 

2.  Stay On Point
Proper audit planning will help to keep the audit organized and adhere to the audit timeline. In advance of the audit, provide the audit host with a list of the technical, lab, and manufacturing staff you wish to speak with and the records you need to review. A well-organized host will have this available for your review. Stick to your audit agenda. This is critical. The best way to derail your progress is to spend precious time chasing down minor issues while glaring problems get little to no attention. Continually refer back to the audit agenda and remember to keep the content of your audit report in mind while executing the audit.


3.  Know Your Technical Expertise and Limitations
Many auditors have led previous lives in the laboratory or in manufacturing while others started their careers in quality assurance and may have little technical background with regard to equipment, manufacturing processes, GMP utilities and laboratory testing. Know your limitations and if necessary strengthen them by hiring an expert consultant to assist you during the audit.

A common problem area that is at best glossed over and at worst completely ignored during an audit is the CDMO’s compliance with GMP utilities requirements. All too often, this is due to the auditor’s lack of understanding of the operation, inputs and outputs, validation parameters, and periodic testing and maintenance requirements for utilities such as HVAC, clean or pure steam, purified water and WFI systems, autoclaves, clean compressed air, nitrogen and other gases used for operating equipment or used during processing activities in manufacturing. Typically, these areas are also less well understood by the CDMO’s employees and as a result noncompliance abound. 

Some GMP utilities may be connected to the facility’s building management system, while others may be stand-alone equipment. In either case, the CDMO should have records of alarms (e.g., out of specification or out of range conditions), an acknowledgement of each alarm by designated staff members, and documentation of corrective actions. The last item is key. This is where the execution of quality systems tends to fail. Make a point to request documentation of corrective actions for each utility alarm. 

Additionally, purified and WFI water systems along with gases, such as clean compressed air and nitrogen, require periodical sampling/testing at each point-of-use. Verify that the timelines (monthly, quarterly, or annual) for sampling and testing were performed as directed by the CDMO’s procedures. These timelines are typically not well adhered to. A clear understanding of all the operations of the supplier’s GMP utility management process will keep your thoughts clear during the audit and help identify areas that are in need of improvement. 

4.  The Auditor’s Job is to Identify the Good and the Bad (Not to Win the Debate)
An important goal of a supplier audit is to identify the supplier’s strengths and weaknesses and come away from the audit with a compliance assessment that your company can use to make important decisions. It is of no value to your company if the goal of the auditor is to show the supplier how much he or she knows by debating the fine points of compliance. GMP auditors with decades of experience generally avoid this competitive exchange as it is unproductive. Rather, it is more important to the spend the necessary time identifying compliance issues, making them known to the audit host in a professional manner, and taking detailed notes that assist in writing the audit report. Your company’s senior managers need to know the supplier’s good and not-so-good points; detailing all of these provides the greatest value. 

5.  Interview the CDMO's Lab Staff, Manufacturing Operators, and Shipping/Receiving Personnel
CDMO’s quality systems are generally written by managers and directors who have many years of industry experience. It is of utmost importance that staff members who execute these systems understand them if your company’s product is to be manufactured, tested, stored, and distributed in a compliant manner. Request to speak with manufacturing staff members who work on the production floor and are likely to work on your product. Ask them about the process they would follow to conduct lines clearance, charge powders to a blender, operate a spray dryer, use a comil, set-up of a tablet press, inspect tablets, use metal detectors, etc. Compare the information they provide to the CDMO’s SOPs to determine if the staff understands their jobs. Listen for phrases such as “I usually do it this way…” or “it’s a different every time but I typically set up the equipment like this…” These phrases reveal a lack of control and adherence to procedures. 

The Take Away
The audit itself lays the foundation for a relationship with the supplier and the take-away message should address the following questions: Will the supplier work to resolve the issues I’ve identified? Am I confident that the supplier will immediately notify and involve my company’s representatives when deviations occur during production or testing? Do the supplier’s quality systems and records meet my company’s requirements and those of regulatory agencies? How confident am I that the supplier will produce and/or test a quality product that my company can stand behind? Is the supplier simply a pair of hands or are they committed to be my partner in this product’s success? The answers will provide you with a comfort level in making the decision to move forward with the CDMO or to look to the their competition.  

*********************************************************************************

A version of this article was first published in Outsourced Pharma.

 About the Author
Greg Weilersbacher is the Founder and President of Eastlake Quality Consulting, a GMP consulting firm based in the Southern California area. Over the last 25 years, he has held director and vice president positions leading Quality Assurance, Quality Control, Analytical Chemistry, Materials Management, GMP Facilities, and Product Manufacturing in biotech and pharmaceutical companies. His unique experiences and technical background have led to the manufacture and release of hundreds of solid oral, sterile, and biologic investigational products to clinics in the U.S. and abroad. Email Greg at weilersbacher.greg@gmail.com.

Guangping Gao, the head of the Horae Gene Therapy Center at the University of Massachusetts Medical School, will partner with Philadelphia-based Spark Therapeutics to figure out better ways to get disease-curing genes into cells. The collaboration, announced this morning, gives Spark (Nasdaq: ONCE) the option for an exclusive, world-wide license for any intellectual property to come out of it. No financial terms were disclosed. Earlier this year, Gao was featured in Newsweek magazine for seemingly…

The nation’s largest pharmacy serving elder care facilities will pay Massachusetts nearly half a million dollars to settle allegations that it got kickbacks more than eight years ago from Abbott Laboratories to promote the anti-seizure drug, Depakote. The settlement was signed by Omnicare, a pharmacy services company that was acquired by CVS Health Corporation (NYSE: CVS) in August 2015. The $476,216 payment to Massachusetts is part of a $28 million multi-state settlement that included 47 states…

Vertex Pharmaceuticals announced a plan late Tuesday to begin trials before the end of the year of the third in its so-called “triple combo” of pills designed to treat as much as 90 percent of the 75,000 patients worldwide who suffer from cystic fibrosis. That news, announced in conjunction with the Boston-based drugmaker’s third-quarter financial results last night, spurred a 6 percent stock increase after hours, implying the company’s market cap could increase by about half a billion dollars…

Wednesday’s initial public offering for Cambridge-based Ra Pharmaceuticals marked the ninth biotech startup to go public this year, tying the number in 2013 but still less than either of the two years since. Ra (Nasdaq: RARX), which has 40 employees in one of the former Pfizer buildings in Alewife, ended up with the third-largest IPO size for any Massachusetts-based biotech in 2016, with a total of $92 million raised from the sale of 7 million shares for $13 each. That’s more than the $86 million…

Editor's note: This story was originally published Friday morning, and has been updated to reflect the FDA's decision regarding the drug later that day. A U.S. approval decision for a major drug planned to be marketed by Cambridge-based Sanofi Genzyme that had been expected last Friday has been delayed due to “deficiencies” found during a manufacturing site inspection in France. In its third quarter report, released Friday morning, French drugmaker Sanofi (NYSE: SNY) disclosed that “manufacturing…

Today, Shire plc confirmed it won’t make any new investments from Baxalta Ventures, the short-lived venture capital arm of the drug company Shire acquired in June.

The results of a 33-patient study conducted by a Burlington biotech suggest its long-acting steroid injection for osteoarthritis of the knee may be safer for the large percentage of those patients who also have type 2 diabetes. Flexion Therapeutics (Nasdaq: FLXN) has for years been developing its lead drug candidate, Zilretta (formerly called FX006), a reformulation of a common corticosteroid that’s used with osteoarthritis patients. Flexion’s version combines the drug with a employs proprietary…

Latest innovation in quadrivalent meningococcal vaccination designed for use in persons 2 years of age and older in the U.S.

- Libtayo decreased the risk of death by 32.4% compared to chemotherapy

Objective responses seen in 29% of patients with locally advanced basal cell carcinoma (BCC)

Do we ever learn from our past mistakes? For many years we believed that technology was an inevitable force for good. It would give us instant access to a near infinite amount of information and allow us to easily and instantly connect with nearly anyone on earth. What could go wrong? The answer is that...

Click here to continue reading...

US-based drugmaker Mylan and partner India-based biologicals specialist Biocon have announced the launch of their pegfilgrastim biosimilar, Fulphila, in Australia. The drug can be used to treat neutropenia (a lack of white blood cells) in cancer patients.

There are major regulatory lapses in the manufacturing of similar biologics in India. The use of scientific audits could strengthen the regulatory system and improve the provision of high quality biosimilars in the country, according to a recent opinion piece [1] by Dr GR Soni, which was published in GaBI Journal.

Taiwanese biosimilars developer Mycenax announced on 28 April 2020 that it had made a deal with Hungary-based Gedeon Richter (Richter) regarding its tocilizumab biosimilar.

On 7 April 2020, China’s Center for Drug Evaluation (CDE) published draft guidance on clinical trials for the approval of bevacizumab copy biologicals. This guidance is the second specific guideline released by the CDE in April. The agency also released guidance on adalimumab on 1 April 2020 [1].

Top-line: The Congressional schedule and work practices are uncertain over the next few months, leaving many questions about whether and how appropriations bills will move forward. There is a possibility that increased funding at public health agencies, including FDA, may be exempt from FY 21 budget caps. The Alliance’s meeting with Dr. Boon, FDA Associate Commissioner […]

The Alliance met (virtually) on April 15 with Dr. Caitlin Boon, FDA Associate Commissioner for Food Policy and Response and several of her colleagues. She described CFSAN’s and CVM’s role in responding to the current pandemic, as well as how the agency is assuring a continued safe food supply. About 50% of food spending in the […]

Top-Line: There is no new information about the appropriations schedule for Congress. The House will require a rules change for appropriators to work remotely. The death of former FDA Commissioner Donald Kennedy is noted. More on FDA’s extraordinary efforts to address food safety and supply issues. Eventually, Congress will need to address FY 21 funding and […]

Q: Congress must act on FY 21 appropriations. What are the possible ways for Congress to address this? A: Congress must decide if they will do substantive work on the 12 appropriations bills with the goal of passing full-year funding bills before October 1. One alternative would be to fund the beginning of the fiscal year […]

Top-Line: This week we look at House and Senate schedules for returning to DC and starting on the FY 21 appropriations process. This week’s Analysis and Commentary explores the reasons why advances in science and technology foretell that FDA will need significant additional funding in FY 21. This column focuses on vaccine development. Senate Returns […]

FDA — along with NIH, CDC, and other front-line public health agencies — is caught up in the urgent COVID-19 efforts. Appropriately, enormous resources are being devoted to fighting the pandemic and more funding will come, if needed. At the same time, we are getting positive reports on the FDA’s efforts to carry out the […]