Preparing for a clinical study is a complex process that requires careful data hygiene and preparation tied to relevant metrics. The US Food and Drug Administration (FDA) and the European Medicines Agency (EMA) each enforce regulations that impact the research and development phases of a drug discovery program.
Many of these rules define the principles of Good Manufacturing Practices (GMP) that regulate clinical product development. But some regulations apply to evidence included in an Investigational New Drug (IND) filing in the US or a Clinical Trial Application (CTA) in the EU.
Because this evidence is increasingly captured and submitted in electronic form, FDA and EMA regulations outline requirements for electronic records filed in relation to an IND/CTA. So it’s important that labs select clinical research management software that supports every team from early discovery to clinical in meeting these requirements. This article explores the features of electronic laboratory notebooks (ELNs) and laboratory information systems (LIMS) software that help you prepare to file an IND or CTA.
Preparing for clinical research
For the FDA, 21 CFR Part 11 published in March 1997 governs electronic records and signatures, and the updated guidance from September 2003 addresses concerns that arose as pharma companies scrambled to switch from paper-based records to electronic tools. For the EMA, EU GMP Annex 11 is the regulatory document relevant to electronic records and computerized systems used in GMP-regulated activities.
Both of these documents comprise complex regulatory language with serious legal implications, and you should always rely on regulatory specialists to understand how they apply to your systems. But when it comes to selecting an ELN or LIMS, there are a few core features that will ensure that your regulatory team has the resources to get you ready.
Role-based access control
A major principle that applies to both the FDA and EMA is limiting system access to authorized individuals. This is necessary whenever handling sensitive data such as personal health information (PHI). But even for researchers that aren’t working with patient samples, strict access control ensures that untrained users won’t accidentally corrupt data. So role-based access control (RBAC) is the foundation for all the other requirements.
To ensure that RBAC is effective, adequate security measures must be in place such as multi-factor authentication (MFA) or single-sign-on (SSO). And permissions should be regularly reviewed to ensure all users have the minimum possible access needed to do their jobs.
Audit trails
It isn’t enough to ensure processes are followed with controls and automation. You also need a record that shows those controls and automation worked. In theory, you could train your lab team to maintain records of every step they take. But that won’t work reliably in practice. Instead, you need a platform that automatically records everything a user does in detail.
In fact, that tracking is the easy part. The hard part is finding a platform where the team can perform every step within the system, rather than resorting to external spreadsheets and other tools for more specialized steps. Once data gets into these other tools, that’s the end of your audit trail.
Electronic signatures
Both the FDA and the EMA require that organizations hold individuals accountable for actions initiated under their electronic signatures. So an audit trail is only the first step. For some actions, users must explicitly confirm their decision or approval with an electronic signature. This feature is fairly common in most modern ELNs and LIMS, but it’s worth double checking before you adopt a new solution.
Version control for data
Data sometimes needs to be updated. That’s a fact of life. But when that happens, you need to know which version made it into each downstream application. Otherwise, your audit trail isn’t much of a trail.
In theory, keeping an audit trail should be straightforward. But every time data is transferred from the system to a specialized analysis tool, to a spreadsheet, or even to the final report, the trail tends to break. So to reliably keep track of data versions, look for clinical research systems with unified tools that provide a way to seamlessly integrate equipment and instruments.
Chain of custody tracking
For any samples that contribute critical data to a filing, regulators expect a clear record showing that all processing was properly observed and documented. Chain of custody provides this audit trail that ensures that the sample was always under the control of someone accountable for following protocols and recording their process.
For biologics approval, in particular, both the FDA and the EMA require batch genealogy—the complete, documented history of a product batch from raw materials to finished goods, including all manufacturing, processing, testing, and distribution steps.
If your lab runs assays that are included in the IND/CTA, you’ll likely need a system that supports chain-of-custody tracking.
Data encryption and backup
This is an obvious one, but worth mentioning: both regulatory agencies require that data be retained and stored. Without backup capabilities, it’s easy to fall short of that requirement. Encryption isn’t strictly necessary for this, but it’s essential for general data security best practices.
GxP compliance
GxP refers to a set of quality guidelines that includes GMP for manufacturing, and standards that apply to data management and analysis. Early discovery research labs typically don’t need to follow GxP guidelines for most of their work. But as programs approach pre-clinical and clinical stages, that can change in a hurry.
Because GxP guidelines also govern how software is configured and used, no software can be GxP certified off the shelf. Only the configured system and the processes around it can be certified. But the right software can make a difference in how easy that certification process goes.
So when choosing a new system, even early discovery teams should check that the software can be configured to follow GxP guidelines. In particular, you should ensure that other teams have configured the software for GxP in a similar context to your own. Some companies even offer pre-validated templates that speed up configuration and validation.
Conclusion
Preparing for the final steps towards clinical trials is a complex and subtle mix of regulatory and scientific processes. Ultimately, it’s up to your regulatory team’s expertise to ensure that you’re ready to file. But selecting clinical research management software with the functionality needed to address the most important regulatory requirements will help set you up to meet the requirements for electronic records and avoid any unpleasant surprises.
