As a company who implements and enhances clinical trial management systems (CTMS), a question we hear a lot is, “Do we need to validate our CTMS?” And, to be honest, it’s one we continue to debate internally. Why is the answer not black and white? Well, our internal debate always works its way back to two questions:
- Is the system is used for any GxP purposes?
- Is it the “system of record” for any regulated records?
The first question about GxP purposes is much more straightforward. If any data in the system is included in FDA submissions or is required to be maintained in order to demonstrate regulatory compliance, then validation is required. If any data in the system is used to make decisions that impact patient safety (e.g., clinical study design) or product integrity (e.g., complaint handling), then validation is required. If a malfunction of the system could impact patient safety, product integrity, or regulated data, then validation is required.
However, if none of those apply, we come to the second question about being the “system of record” for any regulated records.
This guide analyzes how artificial intelligence – including machine learning – can be used by pharmaceutical and medical device companies to improve the clinical data review and cleansing process.
If the CTMS is the one and only place that a particular regulated record resides, then validation is required. But, if it’s not – if it is truly only being used for tracking purposes, and one or more other systems serve as the “system of record” for regulated data – we find ourselves in a rather large gray area.
Now, the FDA does not discuss the “system of record” caveat anywhere (that we’ve found), so those of us who are more conservative wouldn’t even consider the idea and would just recommend that a CTMS be validated. But, those of us who are more…practical (not necessarily liberal) read the guidance and see that it applies to software that is “…used to design, develop, or manufacture…” drugs or devices.
If a system is not the “system of record” for any regulated records, then is it actually used to “design” “develop” or “manufacture” a regulated product?
Case in Point
One of our ASCEND CTMS clients outsources 100% of its clinical trial management to CRO partners, each of whom uses its own validated CTMS and electronic data capture (EDC) system. The CROs’ data is auto-populated in our client’s ASCEND CTMS through a one-way integration. Our client only uses ASCEND to oversee the work of their CROs and for internal reporting purposes.
Does their CTMS require validation? They assessed it as “non-GxP” and opted not to validate. However, they are now preparing to start using the ASCEND Trip Report module for approving site visit reports with electronic signatures, in which case (at least) that module will absolutely become GxP. Does such a change warrant validation of the entire system, or can validation be limited to the specific module? Even if it can be limited, should it?
Lots of questions, lots of gray… Figuring out when validation is required can be really tricky, depending on the system in question. Here in Perficient’s life sciences practice, when we find ourselves feeling unsure, we tend to err on the conservative side and opt for validation, unless the client disagrees. But, I will say that about 20% of our CTMS clients have assessed their system as “non-GxP,” based on the “system of record” concept, so the debate is still very much alive.
For help figuring out whether to validate your clinical or safety system, contact us.