DATATRAK Auditing in Today’s Changing Environment Walt Townsend International Director Quality Assurance
Aug 20, 2015
DATATRAK
Auditing in Today’s Changing
Environment
Walt Townsend International Director Quality Assurance
Disclaimer
7/16/2013 2 DATATRAK Confidential www.datatrak.com
The views and opinions expressed in the following PowerPoint slides are those of the
individual presenter and should not be attributed to Drug Information Association, Inc.
(“DIA”), its directors, officers, employees, volunteers, members, chapters, councils,
Communities (formerly known as SIACs) or affiliates, or any organization with which the
presenter is employed or affiliated.
These PowerPoint slides are the intellectual property of the individual presenter and are
protected under the copyright laws of the United States of America and other countries.
Used by permission. All rights reserved. Drug Information Association, Drug Information
Association Inc., DIA and DIA logo are registered trademarks. All other trademarks are the
property of their respective owners.
Key Topics: Focus on Data
• What does today’s clinical environment look like?
• Remember, data is our first product!
• Key principles and considerations regarding risk planning
before planning an audit
• Typical factors affecting risk
• Some risk factors often overlooked
• Leveraging Quality Auditing best practices to mitigate risk
to data, systems and services
7/16/2013 3 DATATRAK Confidential www.datatrak.com
Clinical Trial Electronic Data
Environment
7/16/2013 4 DATATRAK Confidential www.datatrak.com
Protocol Development
Site Selection
Data Collection Tool Development
IRB Review & Approval
Subject EnrollmentSubject Visit & Data Collection
Data Analysis
Clinical Study Report
Submission
High-level View
Data is Our First Product
• Electronic data are the fastest growing segment of the pharmaceutical industry’s information resources
• Electronic data systems, services, and processes are growing in number and complexity
• The importance of electronic data requires the incorporation of data as a “product” in a pharmaceutical company’s QMS
7/16/2013 5 DATATRAK Confidential www.datatrak.com
Critical Considerations
• Software is a foundational component of
processes used to manage products and
services
• Software enables functionality
• Software facilitates business operations
• Software fuels the engine of globalization
7/16/2013 6 DATATRAK Confidential www.datatrak.com
But There are Some Risks
Steady increase in the relative risk to data
• System size and complexity
• Outsourcing and the use of un-vetted software
supply chain (COTS)
• Sophistication of attack
• Software and data re-use
• Number of vulnerabilities and incidents
7/16/2013 7 DATATRAK Confidential www.datatrak.com
Bad Data Can’t Hide – Or Can It?
• Vulnerabilities increase if the underlying quality of
software, data, data capture/production processes, and
data storage is defective
– Unchecked, these vulnerabilities allow bad data to
hide or systems to be exploited
– The cost of bad data can be extreme
• Delayed product launch
• Non-approval
• Adverse safety impact
7/16/2013 8 DATATRAK Confidential www.datatrak.com
Data Risks in a Changing
Environment • With today’s technology and cloud-based computing,
traditional approaches to system development and validation may not fully address risks posed exploitable software
• Risk mitigation requires a deeper understanding of all suppliers’ practices, processes and products
• What is the supplier’s acquisition process?
• Does the supplier have a vendor audit/assessment process? How effective is it?
• Supplier assessment must go broader and deeper
• Effective auditing becomes ever more critical
7/16/2013 9 DATATRAK Confidential www.datatrak.com
Integrated Quality Processes
Risk Management is a component of overall
Quality Management System (ICH Q9)
• Develop appropriate documentation (SOPs, etc.)
• Determine and implement training and education
• Identify, evaluate, communicate quality to facilitate
risk communications and determine appropriate
action
• Develop and implement comprehensive internal and
external audit/inspection process
7/16/2013 10 DATATRAK Confidential www.datatrak.com
Focus of Audit Program
• Existing legal requirements
• Overall compliance status
• Robustness of quality risk management activities
• Complexity of site, processes, products, systems
• Number and significance of quality defects
• Results of previous audits/inspections
• Major changes of building, equipment, processes, key
personnel
7/16/2013 11 DATATRAK Confidential www.datatrak.com
Risk Factors Often Overlooked
• Impact of technology changes – Processes
– Training
– Organizational structure
• Impact of growth – Process quality and effectiveness
– Training
– Resources
7/16/2013 12 DATATRAK Confidential www.datatrak.com
Criticality as a Dimension of Risk
ICH Q9 defines risk as the combination of the probability of
occurrence of harm and the severity of that harm
– Assessing the criticality of processes, tools and systems to
prevent harm and strengthen quality provides a framework for
measuring risk
7/16/2013 13 DATATRAK Confidential www.datatrak.com
Risk & Criticality Assessment
7/16/2013 14 DATATRAK Confidential www.datatrak.com
Quality Auditing Best Practices
• Audit Preparation and Planning
• Conducting the Audit
• Audit Reporting
• Audit Follow-up and Closure
7/16/2013 15 DATATRAK Confidential www.datatrak.com
Audit Preparation and Planning
• Define the Purpose and Scope – Informed by Risk and Criticality Assessment
• Identify the audit team – Responsibilities
– Task distribution
• Develop a risk-based audit plan – In an environment of increasing complexity, focus is key
• Develop an audit agenda/timeline
• Identify/define data collection methods
7/16/2013 16 DATATRAK Confidential www.datatrak.com
Audit Preparation and Planning
• Identify audit-related documentation
– Current QMS documents • Policies, manuals, procedures, work-instructions
– Records • Training, validation, problem resolution
– Quality history • Previous audit reports,
• Understand previously noted strengths and deficiencies
7/16/2013 17 DATATRAK Confidential www.datatrak.com
Key Areas to Consider for Auditing
• Configuration Management
• Quality attributes of requirements
• Traceability – From requirements to training materials
• Testing – Robust, multi-tiered, failures and resolution
• Defect Management – When are defects discovered
• Metrics gathering and reporting
7/16/2013 18 DATATRAK Confidential www.datatrak.com
Conducting the Audit
Basic activities performed during audit – Meeting the auditee
– Understanding the process and system controls
• Complexities, risks
– Verifying that controls and processes are appropriate and executed consistently
• Do they produce consistent quality outputs?
– Communicating with representatives of auditee organization
– Communicating with audit team members
7/16/2013 19 DATATRAK Confidential www.datatrak.com
Organization of Audit Activities
• Opening Meeting
• Data Collection and Analysis – Documentation review, record review, observation of work
activities, interviews, tours, physical examination
• Maintain Working Papers – Planning documents, checklists, audit /attendance logs
• Objective Evidence – Physical, testimonial, documentary, observations
• Close-out meeting
7/16/2013 20 DATATRAK Confidential www.datatrak.com
Audit Reporting
• Communicates audit results
• Correct, clear, concise, accurate
– Aid to management in addressing important
organization issues
• Identify system deficiencies
– Focus on risk and criticality
7/16/2013 21 DATATRAK Confidential www.datatrak.com
Audit Closure and Follow-up
• Begins after the formal report is issued
– Corrective Actions: assignment, evaluation, verification
– Effectiveness check
– Implementation of strategies for when corrective action is
not done, or is ineffective
– Establishment of criteria for audit closure
– Audit closure/follow-up audit
• Continuous Correcting is not Continuous
Improvement!
7/16/2013 22 DATATRAK Confidential www.datatrak.com
Keys to Success
• Integrate Quality Risk Management into Overall
Quality Management
• Use proactive risk assessment and audit execution
as management/decision support tools
• Avoid continuous correction and evolve to
continuous improvement
• Identify and analyze trends – Although each audit stands alone, audit results can indicate key
quality trends.
7/16/2013 23 DATATRAK Confidential www.datatrak.com
Thank You!
Walt Townsend
International Director of Quality Assurance
DATATRAK International
7/16/2013 24 DATATRAK Confidential www.datatrak.com