The contracting of trial activities
to vendors is now commonplace in clinical research. However,
determining what regulations are in place and how to develop a
system of oversight is often difficult for sponsors.
Looking through GCP
regulations1 can prove frustrating. There are no
requirements for clinical quality assurance and no references
to auditing vendors. Also, the FDA has well-defined
expectations in some areas, but is less clear in others.
Developing a program of
quality assurance for vendor oversight is important for
sponsors concerned about the quality of their trials. This
article attempts to provide a regulatory context for managing
three important GCP vendors: CROs, clinical labs, and site
management organizations (SMOs).
Where to begin
It is helpful to look at
the FDA's two main concerns when conducting a GCP inspection
at a sponsor of clinical research.2 They are:
- The integrity of the data submitted to the agency in
support of an application
- The protection of the rights and welfare of human
subjects in clinical research.
A useful guidance for data
integrity and human subject protection is the International
Conference on Harmonization (ICH) document E6, Good Clinical
Practice: Consolidated Guidance.3 We learn in
section 5.1.1 that the sponsor should develop "quality control
systems with written SOPs." And in section 5.1.3 we learn that
"quality control should be applied to each stage of data
handling."3
CRO Audits: Areas to
Cover
|
In some ways, the data integrity
portion of GCP compliance is that simple: "Each stage of data
handling." Many GCP vendors are hired to do just that. They
handle and process data from a trial. So, the first component
of any GCP compliance activity is to determine data flow. Each
entity, such as a statistician, that handles data from the
time the subjects have signed the informed consent form until
the time the database is locked needs consideration.
Next, "each stage of data
handling" needs to be determined. For example, a study
coordinator enters a subject's blood pressure into a case
report form. That is a stage of data handling. The sponsor
contracts with a CRO to send a monitor to review the CRF. That
is a quality control system. It all sounds pretty simple at
first. However, the devil is in the details. Looking at the
different types of organizations that handle the data shows
why.
Contract research
organizations
The most common vendor
performing work on clinical trials is the CRO. Most CROs
provide a variety of functions. They are also the only vendor
that is specifically covered in the regulations. FDA's
regulations state: "A sponsor may transfer responsibility for
any or all of the obligations set forth in this part to a
contract research organization."4 This transfer
must be in writing and all CRO responsibilities must be
described in detail.