The contracting of trial activities to vendors is now commonplace in clinical research. However, determining what regulations
are in place and how to develop a system of oversight is often difficult for sponsors.
Looking through GCP regulations1 can prove frustrating. There are no requirements for clinical quality assurance and no references to auditing vendors. Also,
the FDA has well-defined expectations in some areas, but is less clear in others.
Developing a program of quality assurance for vendor oversight is important for sponsors concerned about the quality of their
trials. This article attempts to provide a regulatory context for managing three important GCP vendors: CROs, clinical labs,
and site management organizations (SMOs).
Where to beginIt is helpful to look at the FDA's two main concerns when conducting a GCP inspection at a sponsor of clinical research.2 They are:
- The integrity of the data submitted to the agency in support of an application
- The protection of the rights and welfare of human subjects in clinical research.
A useful guidance for data integrity and human subject protection is the International Conference on Harmonization (ICH) document
E6, Good Clinical Practice: Consolidated Guidance.3 We learn in section 5.1.1 that the sponsor should develop "quality control systems with written SOPs." And in section 5.1.3
we learn that "quality control should be applied to each stage of data handling."3
CRO Audits: Areas to Cover
|
In some ways, the data integrity portion of GCP compliance is that simple: "Each stage of data handling." Many GCP vendors
are hired to do just that. They handle and process data from a trial. So, the first component of any GCP compliance activity
is to determine data flow. Each entity, such as a statistician, that handles data from the time the subjects have signed the
informed consent form until the time the database is locked needs consideration.
Next, "each stage of data handling" needs to be determined. For example, a study coordinator enters a subject's blood pressure
into a case report form. That is a stage of data handling. The sponsor contracts with a CRO to send a monitor to review the
CRF. That is a quality control system. It all sounds pretty simple at first. However, the devil is in the details. Looking
at the different types of organizations that handle the data shows why.
Contract research organizations
The most common vendor performing work on clinical trials is the CRO. Most CROs provide a variety of functions. They are also
the only vendor that is specifically covered in the regulations. FDA's regulations state: "A sponsor may transfer responsibility
for any or all of the obligations set forth in this part to a contract research organization."4 This transfer must be in writing and all CRO responsibilities must be described in detail.
