QC2 offers the following CSV audits:
Data Management Systems and Electronic Data Capture (EDC) Audits
QC2 conducts audits of data management and EDC core applications, as well as study-specific configurations. We are familiar with widely used data management and EDC applications for clinical trials and have audited validation packages for the core applications, both for local installations at contract research organizations (CROs) and at the software vendors themselves. QC2 auditors are aware of the validation needs specific to the application infrastructure, including hosted systems.
We understand the varying testing requirements for different data management platforms. For both core and configured applications, we conduct a comprehensive assessment of the robustness of validation, focusing particularly on functionality essential for 21 CFR Part 11 compliance. When it comes to study-specific applications, we ensure that edit check testing, dynamic navigation, page level controls, and user privileges have been programmed as per specifications and have been thoroughly tested. We also evaluate data extracts and provision to biostatistical personnel, as well as archival and provision of final data to sites. Additionally, we assess the application infrastructure, including the security, redundancies, and environmental safeguards, to confirm that the system meets industry standards and regulatory requirements.
Safety Database Audits
QC2 audits validation packages for industry-leading safety database applications in various environments. Our safety database audits focus on validation of workflows and routing, alerting, and reporting functionality. Additionally, testing of application user requirements relating to 21 CFR Part 312, 812, and 314, including reporting timelines, is also assessed. Emphasis is placed on the modules for triage and report management and tracking, to confirm the application will facilitate timely safety reporting to regulatory authorities. Compliance with 21 CFR Part 11 is also reviewed, including the application’s infrastructure.
IVRS/IWRS/IXRS Audits
QC2 has extensive experience auditing interactive voice response systems (IVRS), interactive web response systems (IWRS), and multi-modal platforms (IXRS). We have audited a wide variety of IVRS/IWRS/IXRS applications, ranging from systems that are developed “one-off” for study-specific use to highly configurable, menu driven applications with little to no custom programming. Our audits include in-depth assessment of the adequacy of testing of user requirements, ensuring that test cases include sufficient data to stress the system. We confirm that thorough scenario testing has been performed to simulate production use of the application to support that the system responds appropriately to complex inputs.
We pay careful attention to the security, testing, and uploading of randomization lists and packing lists to the application, as well as the handling of unblinded information in reports and other aspects of system operation. We review internal user acceptance testing (UAT) and client or sponsor UAT, along with any associated issues, errors, or software defects arising during those activities, and verify successful resolution. Compliance with 21 CFR Part 11 is evaluated both at the application level and with respect to infrastructure.
Electronic Diaries and Patient Reported Outcome (ePRO) Tools Audits
QC2 conducts audits of electronic diaries and ePRO devices to confirm that the applications have been properly validated for use. We audit various electronic diary and ePRO systems including those with multi-modality inputs (e.g., internet and smart phone based) and single modality inputs (e.g., entirely on handheld devices or smart phones). We carefully assess the data capture tool specifications in comparison to the software and the decision flow, and confirm that appropriate scenario testing has been performed manually and/or through automation, and challenged appropriately. Additionally, we assess interfaces with other devices or systems to ensure complete and accurate data are captured. We also pay closed attention to the security and integrity of the data while on the personal device. Similar to all of our computerized system validation audits, we review the infrastructure to ensure that appropriate security, redundancies, and environmental safeguards are in place. We verify compliance with 21 CFR Part 11, where applicable, and ensure that regulatory requirements for investigational sites are met so that, when appropriate, the investigator maintains ownership of the data.
Laboratory Information Management Systems (LIMS) Audits
QC2 conducts audits of LIMS validation packages to ensure that the environment and equipment are properly installed and qualified, and that the system is fully described. The operational qualification and performance qualification (OQ/PQ) are reviewed to confirm that test cases demonstrate functional requirements have been met, and verify appropriate traceability within the documentation. We confirm that sufficient testing has occurred, in addition to any software vendor supplied installation qualification (IQ) or OQ scripts to ensure that the system has been fully tested. Our audits focus on key requirements, ensuring that key functionalities such as specimen tracking, instrument interfaces, results reporting, and audit trail functionality have been thoroughly stressed to ensure data integrity and compliance with 21 CFR Part 11.
