1. Quality & Regulatory Expectations of Outsourcing Oversight Nicky Dodsworth, VP Global Quality Assurance

2. Topics  Interesting Facts & Figures  The Problem  What are the Regulations?  Vendor Assessment Processes  Importance of Risk Assessments  QA’s role in Assessment/Evaluation  What is the Focus of an Audit?  Type of Audits/ SOPs/ Audit processes  What do Inspectors/Auditors find?/ Common Failures

3. Interesting Facts and Figures Pharmaceutical companies currently contract out 20% - 100% of their R&D. The clinical research market is growing rapidly, with the proportion of the market outsourced to CROs having grown from $1 billion in 1992 to over $25 billion now. According to the Tufts Center, clinical trials conducted by CROs are completed an average of 30% more quickly than those conducted in-house. This results in time saving of some 4 - 5 months; $120 - $150 million (£1 m/ day).

4. The Problem

5. What Are The Regulations? (1) ICH GCP says very little – it defines a CRO (1.20), the fact they may be inspected (1.29) and defines the delegation of duties (5.2) Contract Research Organization (CRO) as: "A person or an organization (commercial, academic, or other) contracted by the sponsor to perform one or more of a sponsor's trial-related duties and functions.“ ICH GCP 1.20

6. What Are The Regulations? (2) Ref: ICH Q9: Quality Risk Management

7. Vendor Assessment Process

8. The Importance of Risk Assessment

9. QA’s role in Assessment/Evaluation  To ensure CROs conduct trials per Regulatory and Industry standards  To ensure data that is provided will be/is credible and accurate  To ensure the CRO will protect the safety, integrity and confidentiality of subjects in the trials they conduct  To ensure they can/are meet contractual obligations  To ensure they are financially viable  To conduct routine assessments at a pre-defined timeline (often every 2 years) or to assess on an ‘as need’ basis

10. What is the Focus of an Audit?  Review of vendor against defined scope (roles & responsibilities)  Awareness of requirements (regulations + sponsor)  Implementation of project/process (against SOPs – written processes in place)  Data protection/confidentiality  Assessment of quality activities (QC and QA)/written processes for audit  Staff qualifications (expertise in therapeutic area) and workload

11. Type of Vendor Audits  Initial On-site Audit  Routine Audit  For Cause Audits  Virtual Audits -Vendor Assessment/Quality Surveys

12. The Audit Process For Vendors Identification Operational/ Business Selection QA Audit / Assessment Positive or Negative Outcome On-going Management - Performance Assessment Re- Assessment or Audit at a defined time- line or ‘for cause’

13. The Audit Process for Vendors – Planning (1)  Good preparation  Carefully define audit scope  Ensure key staff are available  Review of contracts, RFIs/RFPs, project plans, scope of work, protocols etc.  Timing of the audit – proactive for any changes that need to be made  Signed Confidentiality in place  Use of contracted Auditors

14. The Audit Process for Vendors – Planning (2)  Draft Audit Plan and discuss audit with vendor  Send confirmation letter/e-mail  Request documents in advance from the vendor – Org Chart, list of SOPs, quality policy  Review any previous audit reports/assessments  Review websites/promotional materials  Check for any issues with vendor’s performance from project teams  Finalise Audit Agenda

15. The Audit Process for Vendors – Conduct Opening Meeting Introductions, purpose, scope, changes to agenda Audit Conduct Use of checklists/ interviews -discussed in next slide Auditor Review Time Review of findings, further clarification if required, categorisation of findings Exit Meeting No surprises, no lengthy discussions, next steps

16. General Items Audited  SOPs in place and adequate control (see next slide)  QC steps for key processes  Contracts and agreements  Subject confidentiality  Data security, transfer and protection  Staff experience and training  Facility  Equipment – maintenance, calibration and records  IT/ disaster recovery/business continuity  Document storage and archiving

17. SOPS  A process for pre-selection of vendors, on-going management and follow up of issues  The audit process (preparation, conduct, reporting and follow up)  A process for contracts & contract amendments in place  A list of all SOPs, templates etc. that are being used on a project (as part of the Project Plan)  A process for handover and any staff changes  Business continuity, disaster recovery plans  + All the necessary process SOPs on monitoring, data management, training etc.

18. The Audit Process for Vendors – Reporting & Follow Up  Audit report – prompt, clear and concise, includes timelines for response and format, copy senior management and relevant study teams, recommendations can be made?  CAPA follow up (Corrective & Preventive actions)  Issue Audit Certificate (if applicable)

19. What Do Inspectors/Auditors Find

20. EMA Inspections 2011 (1)

21. EMA Inspections 2011 (2)

22. MHRA Inspections (1)

23. MHRA Inspections (2)

24. Summary of Common Failures  Roles & responsibilities poorly defined at the contractual stage  Poor two-way communication throughout the project  Plans not in place/approved in a timely manner  Poor training on the project/ sponsor SOPs  Mixture of SOPs/forms/templates being used that have not been adequately assessed

25. Conclusions & Questions  Remember -> Data Integrity and Rights and Welfare of Human subjects  The sponsor cannot just sign away responsibilities and forget about them.  Good assessment/audit initially  On-going reviews/management (not micro-management, but support/partnership)  Discuss issues as they occur  Listen to your vendor