GxP Audits Guide for Successful Clinical Trials
A well-designed GxP audit program, in addition to satisfying the regulatory requirement of sponsor oversight, allows for early detection of potential issues, development of key performance indicators (KPIs), and development of best practices for an organization. GxP audits are a critical component of ensuring compliance and quality in clinical trials.
By following this step-by-step guide, sponsors and sites can prepare for and navigate the several types of audits needed at each stage of the clinical trial journey. A clinical quality assurance (CQA) audit program ideally would comprise of three prongs: investigator site audits, vendor (supplier) audits, and internal audits (process, system, or individual departments).
This is unlike current good manufacturing practices (cGMP), which has detailed regulations under the U.S. Code of Federal Regulations (CFR) under 21 CFR parts 210 and 211. Clinical trials encompass several areas of GxP under the CFR: good laboratory practices (GLP) 21 CFR part 58, good pharmacovigilance practices (GVP) 21 CFR parts 314 and 600, and good clinical practice (GCP) CFR parts 50, 54, and 56. All of which must be reviewed during the clinical trials process to ensure compliance with regulations.
Developing a Robust GxP Audit Program
In tandem with protocol finalization, the sponsor should select vendors for the clinical trial. Vendor management procedures should align the risk of the vendor with the industry standardized audit observation classification system. This is where critical vendors (contract research organization [CRO], central labs) would have a higher frequency of audits than lower risk vendors (institutional review boards [IRBs], translation services), which depending on local procedures, may be qualified and re-qualified by robust questionnaires.
Key areas for review during vendor qualification audits should include:
- Quality management system (QMS)
- Experience in therapeutic area
- Length of time in business and experience with regulatory inspections
- Communication and escalation paths (i.e., are these items formalized or based on individual contracts?)
- Experience in region(s) where services will be performed
- Expansiveness of IT security, data privacy and data protection systems and awareness
In-process audits, or audits conducted once the vendor has begun trial participation, would review vendor execution to regulatory requirements, their QMS, and sponsor agreements. Often, corporate audit standard operating procedures (SOPs) allow for a three-to-five-year window for in-process audits. While this is understandable for long-standing relationships, a better practice would be to consider a qualification audit, an in-process audit between years two and three, and then after, a satisfactory audit. This allows for greater length of time between audits with a robust vendor management plan. When performing an in-process audit, the auditor should examine:
- If the vendor performed requirements to regulations and internal procedures
- If the vendor communicated issues to the sponsor in a timely manner
- If the vendor’s KPIs are in alignment with sponsor expectations
- If project milestones are being kept
- The trial master file (TMF) status
Investigator Site Audit (ISA)
The ISA program audits clinical sites are based on identified risk factors and is ongoing during the life of the study. Ideally, the number of sites audited are determined during protocol development once the number of sites has been determined by taking a representative sample using the √n +1. Across the study, 25% of the identified sites should be audited early in the trial. Early trial auditing will help to determine if there are points of clarification required, which may necessitate re-training or a protocol amendment. In the middle phase of the study, 50% percent of the identified sites should be audited.
Identifying Vendor, Investigator Sites, and Sponsor Audits
Middle- and late-stage audits provides the sponsor with a secondary review of critical vendors (Pharmacovigilance [PV], CRO, and central labs), as well as verify data which has been captured for the clinical trial. The final group of identified sites, also 25% of the total, should be audited as close to data lock as possible, allowing time for necessary corrections or remediation. In addition, the last group of sites should include sites the sponsor feels may be audited during a regulatory filing.
During the ISA, the auditor reviews protocol adherence, and regulatory standards (protection of subject rights and welfare), data integrity, and GCP compliance. The ISA will provide feedback to the sponsor of the study as well as the CRO, vendors, and sponsor team. The ISA is a snapshot of how well the trial is executed to expectations from both a regulatory and sponsor perspective. Key areas of focus include:
- The consenting process to include inclusion/exclusion criteria, reconsent, consenting in non-local languages, consent of minors
- Investigator site files (ISF) and TMF document review for, as well as against completeness of filing and ALCOA standards
- Protocol adherence and protocol deviations
- A pharmacy’s storage, dispensing, and blind maintenance of the investigational product
- Adverse event (AE), serious adverse event (SAE), and adverse event of special interest (AESI) capture and reporting
- CRO oversight at the site
Overall, site selection should be determined between quality groups (research and development [R&D], compliance) with input from clinical operations, pharmacovigilance, and potentially supply chain. Finally, the sponsor should conduct at least one audit in every regulatory jurisdiction (Food and Drug Administration [FDA], Health Canada, Medicines and Healthcare products Regulatory Agency [MHRA], etc.) to ensure regional nuances are met.
Identification of sites for an ISA is risk-based and should be evaluated yearly. Key areas to review for outliers which may have a site identified for audit include:
- High-enrolling site
- Significantly high or low number of screen failures to protocol expectations
- Principal investigator (PI) with recent regulatory findings
- Disproportionate number (high or low) of SAE/AESI findings and/or protocol deviations
- Change in PI or change in location
- Research-naïve PI or site
- High site turnover (site staff turnover or clinical research associate [CRA] turnover)
While sites will answer many of the ISA findings with CRO assistance, the sponsor should review the findings against their wider portfolio to look at areas for improvement which include:
- Are several sites missing a specific endpoint or lab test?
- What are common issues in the findings, potentially indicating a communication issue between the sponsor and CRO? CRO and site?
- Are different studies experiencing similar issues?
Internal Audits Essentials
The last area for discussion is the sponsor’s internal audit program. The internal audits should be conducted as part of the ongoing audit program to ensure the sponsor is also in an inspection-ready state and compliant with regulatory expectations for all countries where the sponsor conducts business. Common areas of focus on the internal audit program include:
- Pharmacovigilance and safety
- Clinical project management
- Vendor management and governance
- TMF
For the first three areas, the audit reports from the vendor and sites provide valuable input to the audit plan development. The findings should be reviewed as part of the audit preparation to examine the internal process for points of failure may have contributed to findings at the vendor or site level. Aside from the standard audit areas, the internal audits should review the following:
- Common findings among similar vendors
- Meeting minutes for relevant meetings with sites, vendors, and internal teams
- Project plans for vendor transition(s)
All three common audit areas – vendor, investigator site, and the sponsor’s internal audit program – are part of a robust GxP audit system for sponsors. While each segment focuses on different aspects of the regulations governing clinical trials, the comprehensive review of audit reports and findings will assist the sponsor in developing a comprehensive inspection readiness plan.