Pharma IT Insights

Ensuring IT Compliance for Outsourced Clinical Trials

Three Tips for Clinical Trial Sponsors

By Jakob Juul Rasmussen

March 2, 2021

Pharma IT Insights

Ensuring IT Compliance for Outsourced Clinical Trials

Three Tips for Clinical Trial Sponsors

By Jakob Juul Rasmussen

March 2, 2020

Share on email

Share on linkedin

Share on twitter

Share on skype

Share on facebook

Since sponsors of clinical trials are ultimately responsible for the validation and provisioning of adequate documentation for computerized systems, thinking about computer system validation early on is a great way to ensure compliance and handle risks in due time. This, however, is more easily said than done. For this reason, we have created the following three tips on optimal initial steps when conducting audits and approvals of CROs.

Tip 1: Make sure to include IT system validation as part of the vendor audit/approval process

Including IT system validation at the very beginning of the vendor audit/approval process is the best way to ensure thorough compliance and to mitigate risks. In this way, there will be ample time to correct findings, discuss solutions, and, in a worst-case scenario, find a new vendor. Key focus areas to take into consideration are, among others, data integrity, backups, security, and documentation. Furthermore, insofar as you choose to rely on your vendor’s own documentation, make sure that all documentation is readily available for inspection1.

Tip 2: If a system validation can’t be conducted as part of the vendor audit/approval process, establish a risk assessment

Should a vendor have been approved without auditing their IT validation of the used computerized systems, we recomend establishing a risk assessment. The risk assessment should define high-risk areas, for example data integrity or security, and seek to assess to which extent the vendor has mitigated and documented such risks. From here, audits and qualifications of specific high-risk areas can be conducted, in turn increasing chances of approval from outside auditors. Lower risk areas can then be handled later when high-risk issues have been identified and qualified.

Tip 3: If you want to use your vendor’s own qualification documentation, make sure to read up on EMA GCP guidelines

According to EMA’s GCP guidelines, there are several cases in which you can rely on documentation supplied by your vendor. See the following list for a list of conditions in which sponsors may use vendor documentation2:

  • Knowledge of the vendor’s quality system and qualification activities
  • Assessment/audit of the qualification activities performed by qualified staff sponsor/CRO (performing the activities for the sponsor), has detailed knowledge about the documentation and can navigate and explain the activities
  • Sponsor and vendor establish full configuration management for qualification and production environment
  • Sponsor performed an Installation Qualification (IQ)/Performance Qualification (PQ) of a system that depends on trained users

Don’t be afraid to ask for assistance

At Pharma IT, we are aware that conducting clinical trials is a complex process that involves expertise from a wide range of fields. For this reason, we have assembled a diverse, talented, and highly experienced team of Clinical Trials & Science Operations, Drug Development, CMC, and IT consultants. Feel free to contact us if you’re in need of assistance.



2. GCP Matters, 9:

About the author(s)

Jakob Juul Rasmussen is Managing Director of Pharma IT and has over 14 years of experience managing IT projects within Pharma, Finance, and the Public Sector.