Managing CRO Sponsor Compliance in Veeva Vault Clinical

von Kelly Butler |
07. Juli 2021 |
Business Consulting

The main lesson learned from our first blog post in this series on best practices with Veeva Vault Clinical – keep it simple. Know the work to be done in the environment, take ownership and roll out the “welcome mat“ for your users by configuring the application to reduce the noise and minimize the learning-curve confusion of unnecessary features.


We also highlighted the importance of having a full picture of your outsourcing strategy as a small-to-midsize clinical research Sponsor. The activities to be performed and the systems of record to be utilized by the Contact Research Organization (CRO) drive our approach for oversight and governance – the essential compliance aspects of eClinical systems in the clinical operations space.

For example:

  • Will the CRO use their in-house eTMF system, work exclusively in the Sponsor eTMF, or a combination of the both?
  • Will the CRO systems/reports integrate with the Sponsor CTMS to capture enrollment metrics or other pertainant, strategic clinical data points?
  • What is the cadence of document and information sharing expected (i.e. Quarterly, Annually, End of Study)?

With this healthy foundation – simplicity and awareness – we are primed to tackle two key components of long-term eClinical system success: oversight and governance.

Oversight doesn’t have to be a complex process

First, let’s box in exactly what a Sponsor is obligated to under the FDA requirement of ICH E6, Section 5.2:

5.2 Contract Research Organization (CRO)

5.2.1 A sponsor may transfer any or all of the sponsor’s trial-related duties and functions to a CRO, but the ultimate responsibility for the quality and integrity of the trial data always resides with the sponsor. The CRO should implement quality assurance and quality control.
Any trial-related duty and function that is transferred to and assumed by a CRO should be specified in writing.

The sponsor should ensure oversight of any trial-related duties and functions carried out on its behalf, including trial-related duties and functions that are subcontracted to another party by the sponsor’s contracted CRO(s).

Put simply, the Sponsor must ensure that there is appropriate oversight and the evidence of the oversight needs to be retained. If the CRO didn’t do something or didn’t execute in the agreed upon manner or timeframe („specified in writing“ as required in 5.2.2), the Sponsor continues to bare the risk for the breach or underperformance.

As we can see in 5.2.1 of ICH E6, the CRO does have an obligation to implement (1) quality assurance and (2) quality control measures; as the Sponsor, these are our items of focus for oversight.

Is the CRO executing in alignment with these things:

  • Quality Assurance – the overarching quality management concept that relates to how a process is to be performed, and uses a proactive approach to prevent quality issues from arising
    (i.e. work instructions, process checklists, standards to be met in order to approve a document)
  • Quality Control – a reactive measure used to detect defects/deviations from defined processes and the steps taken to capture (documentary evidence of issue identification process and remediation steps) and correct any issues
    (i.e. mock inspection, QC Review workflows, logging Quality Issues on documents and routing for remediation).

Now that we know what is required, let’s talk game plan. Oversight doesn’t have to be a complex process – just set the cadence, determine the sample size, and, like your 3rd grade math teacher used to say, no points awarded unless you show your work!
Start with what is feasible, given the applicable outsourcing model and regulatory history of the organization (annual, staggered with Veeva Vault releases (3x yearly), etc.). Determine the subject matter to be reviewed and create a simple, user-friendly format to capture CRO oversight activities. This should include the remedial measures taken to correct any issues; to follow through with those measures is key, and should be incorporated into the next round of CRO oversight (if not completed sooner).

How to create a simple, painfree governance framework

Governance can be an intimidating concept! Given Veeva‘s 3x annual release schedule and associated impact activities for each one, where do you even start? The most common challenge that small-to-midsize organizations face is optimizing limited resources – how do you find the time to develop a strategic system management plan, create structure and process to support that vision, and then, actually execute on it?

The good news? In the exasperation, is the answer.

Let’s break it down:

1. Develop a strategic system management plan.

a. What we do now

i. CRO Oversight
ii. Veeva Vault Releases
iii. Program-Level Support

b. What we want to do 1 year from now

i. CRO Oversight
ii. Veeva Vault Releases
iii. Program-Level Support

c. What we want to do 3 years from now

i. CRO Oversight
ii. Veeva Vault Releases
iii. Program-Level Support

2. Create structure and process to support that vision.

a. What are we doing now that works?
b. What are we doing now that doesn’t work?
c. What needs to change to get us to the Year 1 goal?
d. What needs to change to get us to the Year 3 goal?

3. Execute on it.

a. Start with what is within your control. Lay the groundwork to persuade others toward your future vision, then embrace the evolution of the strategic vision.

By answering the above questions, you’ll create a simple, painfree governance framework; a good foundation from which to build and mature, tailored to your organization‘s specific goals and needs. And, if task 2 „Create a structure and process to support that vision.“ was a tricky one, not to worry. We’ll dig deeper into that specific topic in our upcoming blog post: „Data Discernment – A simplified approach to strategic planning“ – stay tuned!

About the author

Kelly Butler joined fme US as a Consultant in the Consulting Services (Clinical) Team in October 2020 and her bio accounts for her strong Life Sciences expertise. After graduating from the University of Minnesota, Mrs. Butler began work as an Account Executive for UnitedHealthcare and returned to school to pursue her law degree with a focus on healthcare compliance and bioethics. Upon graduation, Mrs. Butler relocated to Raleigh, North Carolina and began her foray into clinical operations specific to R&D in the life sciences space. Recognizing the potential for greater efficiency across clinical operations in leveraging emerging technology, Mrs. Butler shifted her focus to the nexus of biomedical science, technology, and the human element: eClinical Systems. As a Consultant and Customer Success Manager with Veeva Systems, Kelly secured her Vault Platform White Belt Certification through Veeva’s credentialing process, as well as a Privacy Law & Data Protection Professional Certificate from Penn Medicine, University of Pennsylvania Health System.

Haben wir Ihr Interesse geweckt? Dann schreiben Sie uns doch einfach.

0 Kommentare

Einen Kommentar abschicken

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert