Archivio per la categoria RESOURCES ITA

Why Should Pharma Companies Include Clinical Trial Oversight in Their Strategy?

Why Should Pharma Companies Include Clinical Trial Oversight in Their Strategy?

The ICH-GCP update which came into effect on June 14, 2017 had among its main elements the “Clinical Trial Oversight” topic.
The E6 R2 revision reminds principal investigators of their crucial role 3 activities performed at their clinical sites: delegation, conduct and oversight. The latter plays now a larger role: sponsors are responsible for a way more insightful oversight, including each and every duty performed by external companies included in their outsourcing strategy. Furthermore, a more comprehensive risk-based approach is required with the aim of preventing systematic errors rather than correcting already occurred issues.

Since clinical trial oversight is gaining every day more relevance in life sciences global environment, pharmaceutical companies are slowly understanding its value and looking for different strategies to successfully adopt a clinical trial oversight solution.

In the following infographic, Arithmos Life Sciences IT experts have summarized the why pharma companies should include a clinical trial oversight strategy analyzing both internal and external needs; leading to a 3 steps guide for a successful Clinical Trial Oversight implementation.

Arithmos Clinical Trial Oversight

To download the Infographic click here.

Are you ICH GCP E6 R2 compliant?

Have a chat with our experts to know how we can support you throughout the whole clinical trial oversight requirements identification and implementation processes

ICH GCP E6 (R2) – Are pharma companies ready to ensure Clinical Trial Oversight?

ICH GCP E6 (R2) – Are pharma companies ready to ensure Clinical Trial Oversight?


It’s been more than a year since the ICH GCP E6(R2) addendum became effective. The reasons which brought the Authorities to update the ICH GCP regulation are clear: on one side the increasing complexity, scale and overall costs of the clinical trials, on the other the strong shift from a paper-based clinical trial process to an electronic data capture and management one. Among the phases mentioned in the addendum (clinical trials design, conduct, oversight, recording and reporting) the oversight is gaining each day more relevance:

  • Are projects performing as planned?
  • Are partners respecting quality agreement?
  • Are the documents produced by partners enough and effective?

Pharmaceutical and Biotech companies are required to implement a more structured and comprehensive monitoring of their projects. In particular, the addendum focuses on the relationship between sponsors and CROs, as stated in the addendum to article 5.2.2.:

The sponsor should ensure oversight of any trial-related duties and functions carried out on its behalf, including trial-related duties and functions that are subcontracted to another party by the sponsor’s contracted CRO(s)”.

What is Clinical Trial Oversight?

A set of processes put in place by the Sponsor and the CRO aimed at providing the former with an updated, constant overview on CRO’s performances, deliverables and results.

What is Clinical Trial Oversight Objective?

Enhance a more transparent and efficient communication about projects’ status, timelines and results between Sponsors and CROs ensuring global alignment   

But, if for Sponsor CROs’ oversight is considered to be a #1 priority, it is also true that most of companies find it extremely difficult to design and implement a shared and efficient set of processes to reach this goal. As the GCP states, digital transformation in Life Sciences industry led to enormous changes, representing at the same time a great opportunity and a challenging reorganization. Thanks to IT innovations, information, data and documents can be now collected, organized and shared in a more efficient and cost-effective way. The other side of the coin is that these disruptive modifications are not often included in a comprehensive digital strategy, leading to a lack of integration of the different applications utilized by the company’s departments. What does this mean?

  • Resources devoted to the download and the up-load of data from one application to another;
  • Compliance issues related to the System Validation of the different platforms (CSV);
  • Great increase of the risk of human mistakes due to data manipulation;
  • Risk of out-dated reports for the management team;
  • Delays in activities with a significant impact on the study budget.

As it has been widely discussed in the last months, the ICH GCP E6 (R2) put the need of a Risk-Based Quality Management System under the spotlight. In fact the Addendum 5.0 states:

The sponsor should implement a system to manage quality throughout all stages of the trial process. […] The methods used to assure and control the quality of the trial should be proportionate to the risks inherent in the trial and the importance of the information collected.”

Companies are therefore required to implement a risk-based QMS to support each phase of the whole trial. The adoption of a Clinical Trial Oversight allows real-time monitoring of specific compliance and processes KPIs, identified during the risk analysis phase. This embraces the philosophy introduced by the ICH E6 addendum encouraging the use of improved and more efficient approaches/ tools to clinical trial oversight in order to avoid unnecessary complexity, procedures, and data collection.

It is clear: clinical trial oversight represents a mandatory requirement both from a regulatory perspective and from a strategic management point of view. The path towards the successful implementation of such a widespread improvement cannot be considered easy, but 3 main steps that every Sponsor should follow in order to ease the process have been identified:

  1. Requirements Analysis

    As a first step, it is fundamental to create a detailed map of the stakeholders (internal or external) involved in every activity, their responsibilities, tasks, data produced and of course, IT applications utilized. This analysis will help in the identification of the specific Sponsor’s requirements;

  2. Oversight Model Evaluation

    Having a clear overview of the requirements, it is now time to evaluate the multiple ways an Oversight process and consequently system can be designed and implemented. Is it better to introduce a horizontal global application? Would a central integrated projects management and control cockpit be the best choice? In this phase these questions will find and answer;

  3. Oversight System Implementation

    Requirements have been identified, alternatives evaluated and the best solution was found. Sponsor and CROs approach now the final phase: the pragmatic creation of a more connected and integrated environment where it is possible for the Sponsor to examine data, monitor activities and have a real-time overview of CRO’s performances.

As stated in the previous paragraphs, these 3 macro phases involve several actors performing multiple processes, for this reason, the role played by Quality Assurance Department is crucial. Ensuring a streamline risk-based QA Management system (Standard Operating Procedures, Quality Manuals, Policies…) throughout all stages of the trial process allows Sponsors to meet regulatory requirements avoiding compliance pitfalls.


Is your company compliant with Clinical Trial Oversight GCP?

We at Arithmos have developed a comprehensive approach for Clinical Trial Oversight Management: from requirements analysis to the vendor selection and implementation of the solution. In collaboration with its strategic partners, Arithmos also provides complete support in the re-organization of Quality Systems using the Risk-Based Approach. Would you like more info on this topic? Just send us an email!

GDPR, what it is, what does it change and what do you risk if you are not compliant

GDPR, what it is, what changes and what do you risk if you are not compliant

Less than 3 months separate us from the moment the GDPR will become effective. It is therefore fundamental for companies to better understand what actually GDPR is and which consequences it will imply in their daily routine, especially in Life Sciences, industry characterized by an incredible amount of sensitive data.

What Actually is EU General Data Protection Regulation (EU GDPR)?

The EU General Data Protection Regulation is a set of more than 250 pages approved by the European Parliament, the Council of the European Union and the European Commission. The GDPR will replace the previous Data Protection Directive 95/46/EC from 1995. It is easy to understand, due to the technological innovation and the huge shift to a data-driven approach, why an update was more than necessary.

If you are asking yourself why should you be interested in GDPR, well, consider that it will imply a greater boost for compliance: fines up to €20M or 4% of global turnover.

What are the GDPR main objectives?

As stated in the homepage of the website, “The EU General Data Protection Regulation (GDPR) […]  was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”

The GDPR objectives are therefore 3:

  1. Increase homogeneity of data privacy laws in the Euro area, this might be directed especially to those organization working in multiple countries;
  2. Ensure that EU population is conscious of the data organizations obtain about them and how they will be used;
  3. Deeply reorganize the way companies collect, manage, analyze and share data.

Despite the different actors involved it is easy to spot the global comprehensive pattern that lays under the  New Privacy Regulation: these pages concern the rights of the individuals over the personal data, explaining how they can be obtained, what can or can not be done with them and how the organization must guarantee their protection.

What is Personal Data?

The Article 4 provides a wide definition of Personal Data which include:

  • Name, address and unique identifying numbers (IP address, cookie strings…);
  • Demographics—age, gender, income…;
  • Behavioral data — web searches chronology, purchase history…;
  • Social data—your friends’ list, emails, messages…;
  • Sensor data—biometrics, health tracking devices…;
  • User-generated content — videos, photos, blogs or comments.

Concerning only personal data, the GDPR do not consider anonymized data, there is although a big BUT: if data, even anonymized ones, can somehow lead to an individual (for example by the combination of different data sources), then this information is defined as personal.

The actors involved in the GDPR

Who is or What constitutes a Data Subject?

GDPR defines the data subject as a natural person, which could therefore, be your customer, employee or, concerning clinical trials, your patient.

Who is or What constitutes a Data Controller?

The Data Controller a “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”  It has therefore to be considered the company at the beginning of the data request workflow.

In Life Sciences industry it can be identified with the sponsor, the Academic Institution or the Contract Research Organization (CRO).

Who is or What constitutes a Data Processor?

The Data Processor is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” Those entities who actually handle the personal data under the mandate of the controller, for example, IT companies that manage or administrate a client’s database.

The Geography of The GDPR: Which are the Controllers and Processors involved?

One of the biggest changes introduced by the GDPR is the extension of the regulatory jurisdiction. In fact, if any one of the following 3 conditions is met, than the entity must be GDPR compliant:

  • The data controller is based in the EU (regardless of whether the processing takes place in the Union or not);
  • The data processor operating is based in the EU (regardless of whether the processing takes place in the Union or not);
  • The data subject is based in the European Union.

In other words, if you or any link of the chain is or passes through the European Union, than it is required GDPR compliance (sponsors, CROs, patients participating in the trials are all involved).

Why is Consent the Key of GDPR?

As stated on, there has been a great increase in the conditions for consent in order to prevent companies to use “long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form” including the purpose for data processing attached to that consent.

Consent is only valid when actively given, this means no pre-ticked checkboxes are accepted. The subject must be also able to withdraw the consent at any time.

How Does GDPR Empowers EU citizens?

As stated in the previous paragraphs, the Regulation introduces a brand new set of rights for the data subjects to enhance information management. These include:

  • Access & modification: Subjects must be able to access their data and modify it.
  • Right to erasure: Subjects can request the cancellation of their data when it is no longer necessary for their original purpose.
  • Portability: subjects must be able to request and have from the controllers all personal data they obtained, in a portable format.

What Do You Risk If you are not GDPR Compliant?

The GDPR penalty section is extremely clear, the paragraph 6 of Article 83 states: Non-compliance […] shall, […], be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover […], whichever is higher”. This represents the maximum fine that can be imposed and it applies to the most serious infringements: lack of sufficient customer consent to process data or violating the core of Privacy by Design concepts.

Concerning compliance, a few words must be spent on the controversial breach notification: GDPR requires companies to communicate to the Data Protection Supervisor if a breach has occurred within 72 hours from the event, which, as stated by Richard Stiennon on Forbes, means that you have 3 days to:

  1. Determine what happened.
  2. Put in controls to stop it from happening again.
  3. Figure out how to communicate it.

Of course, the path to compliance is no easy duty, a comprehensive plan involving many different departments must be put in place in order to ensure an efficient deployment before May 25th. Life Sciences companies, be they pharmaceutical companies, biotech, CROs or Research centers must include in their strategy all the possible means to prevent personal data from being used in the wrong way, especially if concerning their patients’ identity.

Sources & Further Info

Which business model in a fast changing world for pharmacovigilance solutions?

Read more

Does your Clinical Technology Provider Have ISO 27001 Certification?

Read more

5 Reasons Why Clinical Research Need PPM Platform

Read more

8 Best Quotes from “Process Automation & Performance Improvement” Workshop – Milan 13th July, Talent Garden

Read more

[Infographics] 10 Reasons to Implement a Cloud-Based EDC

Read more

Follow us on Twitter