In Teresa Gorecki’s second session of Executive-level GxP training, the two reviewed Regulatory Compliance Fundamentals for Early-Stage Development, emphasizing the importance of data integrity.
Table of Contents
Evolving Challenges in Clinical Trial Oversight and Data Integrity
In clinical trials, US regulations and global regulatory guidelines such as CFR 312 and ICH E6 R2 play crucial roles in ensuring data quality and integrity. These regulations establish foundational responsibilities, particularly emphasizing the responsibilities of sponsors in supervising trial conduct and data integrity.

According to CFR 312, Contract Research Organizations (CROs) share equivalent regulatory responsibilities with sponsors, highlighting the need for preactive oversight of outsourced responsibilities. ICH E6 R2 places the responsibility solely on sponsors for maintaining the quality and integrity of trial data. Together, these guidelines provide a framework designed to protect human subjects and ensure the reliability and data integrity of clinical trial results.
The landscape has changed significantly since these regulations were established. The rise of clinical service providers, including Central Labs, SaaS providers, and EDC platforms, introduces new challenges. Unlike traditional CROs defined under CFR 312, these entities require similar attention to maintain data integrity and must abide by evolving standards outlined in ICH E6 R2’s clinical quality management system.
Enforcement cases, such as the 2010 CoreLab Partners and 2012 Bioclinica incidents, showcase ongoing challenges in maintaining data integrity and regulatory compliance. ICH E6 R2’s emphasis on certified copies, data handling principles, and risk-based computer system validation provides a framework to reduce these risks and reinforce clinical trial data reliability.
Additionally, recent regulatory updates reinforce the critical importance of data integrity. The MHRA’s ‘GXP’ Data Integrity Guidance of 2018 explains varying risks associated with different data types and mandates careful system design to ensure data integrity throughout its lifecycle. The 2020 EMA Notice reminds sponsors about the importance of proper documentation and validation of computerized systems. Sponsors are responsible for ensuring strong documentation and contracts with vendors to meet regulatory requirements.
In summary, while CFR 312 and ICH E6 R2 set the standards for responsible trial conduct, their application to various clinical service providers necessitates ongoing adjustments. These updates are essential to maintaining the highest trial integrity standards and ensuring data reliability, which is crucial for regulatory approval processes.
Impact of Regulatory Inspections on Clinical Service Providers
Regulatory inspections within the clinical trial area have undergone significant shifts in recent years, particularly concerning the supervision of clinical service providers. In the past, the FDA attempted to inspect these entities as if they were traditional Contract Research Organizations (CROs). However, a new trend has emerged: regulatory authorities now integrate inspections of clinical service providers into broader assessments.
Today, as part of submission reviews, regulatory bodies may inspect a subset of clinical investigator sites alongside conducting inspections of the CRO and/or sponsor. Importantly, clinical service provider inspections are increasingly carried out through these mediated inspections. This approach holds sponsors directly accountable for overseeing all entities involved in the trial process, including these service providers.
Similarly, in Europe, regulatory practices mirror this evolving trend. European authorities also conduct inspections encompassing clinical service providers, ensuring comprehensive oversight and adherence to regulatory standards across all stakeholders involved in clinical trials. These measures underscore the growing emphasis on ensuring data integrity and compliance throughout the trial ecosystem, reinforcing the importance of meticulous oversight by sponsors and regulatory bodies.
Ensuring Data Integrity Actions in Clinical Trials: Mitigating Key Risks
To maintain data integrity in clinical trials, stakeholders must address critical risk areas with proactive measures:
Contracts:
- Actions: Immediate notification is required of any quality incidents impacting contracted services. Ensure validation records are readily accessible at all times.
Access to Data:
- Actions: Implement clear procedures for granting, reviewing, and revoking user access. Apply the Principle of Least Privilege and conduct periodic user access reviews and investigations for potential violations.
Lack of Audit Trails:
- Actions: Ensure that lock-down inputs are read-only files in applications.
Lack of Audit Trails:
- Actions: Ensure that the Clinical Investigator authorizes all subject data changes.
Computer System Validation:
- Actions: Perform thorough user acceptance testing for all study-specific builds and core systems during new releases.
Data Transfers:
- Actions: Use secure methods for data transfers, verify data that what was sent was received, and require quick data corrections in the systems.
Statistical Programming:
- Actions: Restrict data hardcoding.
Clinical Investigator Sites:
- Actions: Read and respond to monitoring reports, perform co-monitoring visits, and avoid overwhelming sites.
By adopting these strategies, sponsors and stakeholders can effectively mitigate risks, uphold regulatory compliance, and ensure data integrity. This commitment allows pharmaceutical manufacturers to provide data accuracy while developing safe and effective treatments for patients worldwide.
Best Practices in Ensuring Data Integrity: Creating Supportive Environments
Leading companies in clinical trials are setting standards by creating environments that prioritize data integrity through comprehensive strategies:
Creating the Right Types of Cultures & Environments:
- Actions: Ensure executive management understands and supports culture and environment. Allow data integrity controls to be effective.
Effective Data Integrity Controls & Risk-Based Approach:
- Actions: Design data flow diagrams that align with critical data and consider that the closer data are to the subject and patient safety, the higher the risk. Consider different data types, as all data is not created equal.
Outsourcing Strategies:
- Actions: Understand business partners’ compliance profiles and require contractual standards that align with internal data integrity protocols. Be specific in Statements of Work (SOWs) regarding notification requirements and compliance expectations.
- Establish governance plans involving multiple levels of oversight between the company and service providers/CROs. Implement technical monitoring programs to ensure adherence to data integrity standards throughout the outsourcing process.
GLP and Investigator Sites:
- Actions: Conduct co-monitoring at key stages of GLP studies and clinical investigator sites, particularly during initial dosing and key study milestones. Attend training sessions with sites to reinforce data integrity practices and verify personnel histories.
By implementing these best practices, companies can foster environments where data integrity is upheld rigorously, ensuring the reliability and compliance of clinical trial data. This proactive approach protects patient safety and product integrity and strengthens the credibility and validity of trial outcomes in regulatory submissions.
Stay tuned for part 3, where we discuss GMP Compliance in Outsourced Manufacturing.
To learn more about early-stage development compliance fundamentals and data integrity.