Computerized System Validation (CSV) Audits


QC2 offers the following CSV audits:

Data Management Systems and Electronic Data Capture (EDC) Audits

QC2 performs audits of data management and EDC core applications as well as study specific configurations.  We are familiar with widely used data management and EDC applications for clinical trials and have audited validation packages for the core applications, both for local installations at contract research organizations (CROs), as well as at the software vendors themselves.  QC2 auditors are aware of the validation needs particular to the application infrastructure, including hosted systems.

We  understand the differing testing requirements for various data management platforms.  Both for core and configured applications, a thorough assessment of the robustness of validation is performed, with particular focus on functionality key to 21 CFR Part 11 compliance.   For study specific applications, we ensure edit check testing, dynamic navigation,  page level controls, and user privileges have been programmed according to specifications and have been thoroughly tested.  Data extracts and provision to biostatistical personnel, as well as archival and provision of final data to sites are assessed.  Application infrastructure, including the security, redundancies, and environmental safeguards are evaluated to confirm the system meets industry standards and regulatory requirements.

Safety Database Audits

QC2 has audited validation packages for industry leading safety database applications in a variety of environments.  Our safety database audits focus on validation of workflows and routing, alerting, and reporting functionality.  Testing of application user requirements relating to 21 CFR Part 312, 812, and 314, including reporting timelines, are also assessed.  The modules for triage and report management and tracking are emphasized, to confirm the application will facilitate timely safety reporting to regulatory authorities.  Compliance with 21 CFR Part 11 is also reviewed, including the infrastructure for the application.


QC2 has considerable experience auditing interactive voice response systems (IVRS), interactive web response systems (IWRS), or multi-modal platforms (IXRS).  We have audited a wide variety of IVRS/IWRS/IXRS applications, ranging from systems that are developed “one-off” for study specific use, to highly configurable, menu driven applications with little to no custom programming. Audits include in depth assessment of the adequacy of testing of user requirements, ensuring that test cases include sufficient data to stress the system.  We confirm that thorough scenario testing has been performed to simulate production use of the application, to support that the system responds appropriately to complex inputs.

Careful focus is paid to the security, testing, and uploading of randomization lists and packing lists to the application, as well as the handling of unblinded information in reports and in other aspects of system operation.  We review internal user acceptance testing (UAT) and client or sponsor UAT, and associated issues, errors, or software defects arising during those activities and verify successful resolution.  Compliance with 21 CFR Part 11 is evaluated both at the application level and with respect to infrastructure.

Electronic Diaries and Patient Reported Outcome (ePRO) Tools Audits

QC2 has performed audits of electronic diaries and ePRO devices to confirm the applications have been appropriately validated for use.  We have audited electronic diary and ePRO systems involving multi-modal (e.g., internet and smart phone based) and single modality inputs (e.g., entirely on handheld devices or smart phones).  We closely evaluate the data capture tool specifications versus the software, and the decision flow, and confirm appropriate scenario testing has been performed manually and/or in automated fashion, and challenged appropriately.  Interfaces with other devices or systems are also assessed to ensure complete and accurate data are captured.  Security and integrity of the data while on the personal device are also given close attention.  As with all of our computerized system validation audits, infrastructure is also reviewed to ensure appropriate security, redundancies, and environmental safeguards are in place.  We confirm compliance with 21 CFR Part 11, where applicable, and ensure that regulatory requirements for investigational sites are also met such that, when appropriate, the investigator maintains ownership of the data.

Laboratory Information Management Systems (LIMS) Audits

QC2 conducts audits of LIMS validation packages.  We ensure that the environment and equipment are appropriately installed and qualified and that the system is fully described.  The operational qualification and performance qualification (OQ/PQ) are reviewed to confirm test cases demonstrate functional requirement have been met, and verify appropriate traceability within the documentation.  We confirm that sufficient testing has occurred, in addition to any software vendor supplied installation qualification (IQ) or OQ scripts to ensure that the system has been fully tested.  Our audits focus on key requirements, ensuring key functionality such as specimen tracking, instrument interfaces, results reporting, and audit trail functionality have been thoroughly stressed to ensure data integrity and compliance with 21 CFR Part 11.

QC2 audits are customized for your specific project and budget needs.  We can provide assistance with all aspects of your projects, including audit plan consulting and development, audit scheduling, conduct, and reporting, and audit follow-up services (e.g., review of audit responses).  We conduct both general qualification audits and in-study audits. Many of our audits can be conducted remotely, helping our clients to maintain their audit programs during this unprecedented time.