Performing a Remote Audit of Your EDC Vendor

There has been a great deal of discussion lately on remote trials, remote monitoring, e-consent, etc., in the context of COVID-19. Another great topic worth discussing is remote auditing. Sponsors and CROs typically conduct on-site audits of their EDC vendors on a bi-annual or tri-annual basis, but what if that can’t be done on schedule? Add in the fact that experienced auditors are amongst the most vulnerable population, and the need for an alternative becomes painfully obvious. 

Recently, Prelude Dynamics has experienced an increase in Requests for Information and Vendor Qualification Questionnaires. Instead of becoming overwhelmed by filling in the same information multiple times, we have come up with a solution to streamline the process. We created a proprietary Remote Audit Response document for distribution to our Sponsor and CRO clients. It is a comprehensive document which will provide a suitable baseline for remote audits going forward. If you’re interested in receiving a copy, contact us.

We recently attended a webinar on the topic of remote audits so that we could provide helpful information to our Sponsor and CRO clients. Here are the most important tips we learned:  

Use a risk-based approach to identify providers to audit.

• The FDA uses a risk formula to determine inspection priorities. 
• It may be appropriate to assess less risky organizations and sites using a questionnaire. Software-as-a-Service (SaaS) providers are very good candidates for remote audit. 
• Consider auditing 10% of the riskiest providers. The complexity of the service provided and proximity to market (GMP) factor into risk. 

Establish protections for Intellectual Property and methods of communication and data transfer. 

• Non-Disclosure agreements protect both Sponsors/CROs and vendors and promote the flow of information. 
• Test web-based video teleconferencing platforms and data transfer mechanisms in advance. 

Conduct the remote audit in phases. 

• Ask the provider for an initial set of documentation and use that as a basis for a second request for information. Establish a deadline for submittal. 
• The initial set should include indices (such as an SOP list), Organization Charts and Quality Manuals. 
• Plan subsequent phases to address issues and questions that remain after the initial set has been reviewed. 

Formulate and communicate the agendas for additional phases in advance. Both parties should confirm receipt of all audit related communications. 

• Requests for information should not be all inclusive. Request subsets such as specific training records, validation results and backup and restore evidence. 

Conduct opening and closing meetings to review status and remaining agenda items. 

• If interviews with specific personnel are required, collaborate on scheduling. 

Conduct a closeout meeting to discuss observations. Only assign severities in the final report. 

• Set realistic timeline for audit response. Define how results of any CAPAs will be reviewed (e.g., video telecon, copies of documentation). 

We are ready to collaborate with you on your next remote audit of Prelude Dynamics!