Clinical Research Associate (CRA) - A Growing Career Path in Biotechnology / ...
FDA Compliance in a Virtual Company_Moore (LI)
1. Achieving FDA Compliance in a Virtual Biopharma
Company
Jason E Moore, MS, MBA, RAC
Minimize Risks, Maximize Development Success
2. THE “VIRTUAL COMPANY”
• The “virtual company” model is increasingly used as a cost-containment approach
for many start-up and development-stage life science companies
• Allows access to needed development expertise and research/development
resources, without creating own infrastructure
• Achieved through use of contract research organizations (CROs), consultants, and
other service providers
• Can be a very smart and effective approach to achieving efficiencies; particularly
desirable if the technology/product(s) are to be partnered
• Brings a particular set of business and compliance challenges that are often under-
appreciated
• Requires a special set of talents for the virtual company executive to effectively
manage
2
3. Lack of alignment, or frank
conflicts, lead to dissonance and
execution failures
CLINICAL CROs
Method development, validation,
and QC testing critical
ANALYTICAL LABS
Seek vendors that have regulatory
and “mechanical” expertise in
regulatory submissions
eCTD VENDORS
Bad consultants have far-
reaching effects. How can one
tell the difference between a
good consultant and bad?
REGULATORY
CONSULTANTS
Compliant execution of targeted
studies is key to IND activation,
NDA approval
NONCLINICAL CROs
Once committed, difficult to “break
up”. Often rate-limiter/critical path
for IND, clinical studies, NDA
readiness, and commercial launch.
CMOs
MANAGING A CONSTELLATION OF
EXTERNAL PARTIES
Virtual Company
Executive
4. THE VIRTUAL COMPANY MODEL CARRIES RISKS
• Two primary risk classes:
o FDA Compliance Risk: ie, the risk that programs will not be conducted according to required
regulatory standards (eg, GXP)
o Deliverable Quality Risk: that delivered work products will be of inadequate quality, or
otherwise will not be suitable to support IND or approval
• There are also execution risks when a third-party is asked to develop ‘your’
product
o Can they adhere to timelines?
o Stay on budget? (Inherent conflict of interest?)
o Adequate transparency, predictability, and clarity of issues/solutions?
• Legal/business risks matter here too (eg, product liability exposure)
5. EFFECTIVE VIRTUAL MANAGERS HAVE A DUAL
CHALLENGE
Regulatory/Compliance
• Determine what responsibilities are to
be delegated to contractors
• Conduct an appropriate level of due
diligence on each potential vendor or
consultant
• Assess the ability of vendors to conduct
delegated activities in a compliant
manner
• Determine the level of documentation
that is needed for both business and
compliance purposes
• Assess the interplay among various
quality systems, as applicable
• Determine ongoing compliance oversight
and audit responsibilities/plans
5
Business Needs and Execution
• Define and articulate a strategic
vision/intent
• Define corresponding scopes of work,
timelines, budgets
• Identify and engage cost-effective
contractors and consultants
• Seek, exploit efficiencies and economies
of scale
• Ensure vendor oversight and
financial/timing accountability
• Ensure the regulatory/development
strategies that the vendor pursues are
in-line with your corporate strategies
• Identify and proactively manage risks
• Integrate and orchestrate to successful
outcomes
• Get the job done
6. THE COMPLIANCE CHALLENGE – WHO ME??
6
“I am delegating manufacturing to a CRO; their SOPs cover me.”
“I don’t need to visit the vendor or do any audits prior to getting on with the
development work.”
“What’s a Quality Agreement?”
“I don’t need to audit.”
“My product is early-development; I’ll deal with all of that [Quality stuff] later.”
“They are an established CRO operating under GXP. I’m covered.”
7. DELEGATION IS NOT ENOUGH
7
What is required?
• Sponsors may delegate certain
obligations to CROs, but they
never delegate complete
responsibility
• When obligations are delegated,
the Sponsor must inform the FDA
in writing
• Prior to transferring obligations,
business due diligence should not
be considered enough
• Virtual company executives need
a model for assuring compliance,
and documenting their diligence
and oversight
8. WHY? – CLINICAL CRO
8
Clinical CROs
• Clinical CROs can be responsible
for…
o Site identification and
qualification
o IRB submissions and approvals
o Site initiation, interim monitoring,
and close-out
o Medical Monitoring and SAE
management and reporting
o Study drug management/
accountability
o Ensure study conduct per
protocol and IND regulations
Scenarios to Consider
• SAE resulting in patient death
• Interim monitoring reports
suggest quality/compliance issues
• End-of-study QA review of clinical
database shows high error rate
• Quality issues/concerns emerge
as clinical data reported out
• FDA BIMO inspection of a clinical
site, and a 483 orWarning Letter
issued
• Study execution poor (eg, late,
over budget)
• Fraudulent clinical trial data
9. 9
CLINICAL TRIALS, PARTICIPANTS, AND PROCESSES
Potential Participants
• FDA
• Sponsor
• Investigator
• IRB
• Subjects/Patients
• CROs
• Clinical and “Core” Labs
• Academic & Government Institutions
• Monitors (CRAs)
• Auditors
Operations/Process
• Hypothesis formulation
• Protocol, IB, IC Development
• Site/Study Feasibility
• Site/Investigator Recruitment
• FDA/IND
• IRB approval
• Site initiation/CTM shipment
• Subject screening
• Subject randomization, treatment, data collection
• Site monitoring
• Site close-out
• Study data analysis
• Study data reporting
10. 10
US IND REGULATIONS – FORCE & EFFECT OF LAW
You are responsible…
21 CFR 50: PROTECTION OF HUMAN SUBJECTS
• Subpart A--General Provisions
§ 50.1 - Scope.
§ 50.3 - Definitions.
• Subpart B--Informed Consent of Human Subjects
§ 50.20 - General requirements for informed consent.
§ 50.23 - Exception from general requirements.
§ 50.24 - Exception from informed consent requirements for
emergency research.
§ 50.25 - Elements of informed consent.
§ 50.27 - Documentation of informed consent.
• Subpart C [Reserved]
• Subpart D--Additional Safeguards for Children in Clinical
Investigations
§ 50.50 - IRB duties.
§ 50.51 - Clinical investigations not involving greater than
minimal risk.
§ 50.52 - Clinical investigations involving greater than minimal
risk but presenting the prospect of direct benefit to individual
subjects.
§ 50.53 - Clinical investigations involving greater than minimal
risk and no prospect of direct benefit to individual subjects, but
likely to yield generalizable knowledge about the subjects'
disorder or condition.
§ 50.54 - Clinical investigations not otherwise approvable that
present an opportunity to understand, prevent, or alleviate a
serious problem affecting the health or welfare of children.
§ 50.55 - Requirements for permission by parents or guardians
and for assent by children.
§ 50.56 - Wards.
21 CFR 56: INSTITUTIONAL REVIEW
BOARDS
• Subpart A--General Provisions
§ 56.101 - Scope.
§ 56.102 - Definitions.
§ 56.103 - Circumstances in which IRB review is
required.
§ 56.104 - Exemptions from IRB requirement.
§ 56.105 - Waiver of IRB requirement.
• Subpart B--Organization and Personnel
…
• Subpart C--IRB Functions and Operations
§ 56.108 - IRB functions and operations.
§ 56.109 - IRB review of research.
§ 56.110 - Expedited review procedures for certain
kinds of research involving no more than minimal risk,
and for minor changes in approved research.
§ 56.111 - Criteria for IRB approval of research.
§ 56.112 - Review by institution.
§ 56.113 - Suspension or termination of IRB approval of
research.
§ 56.114 - Cooperative research.
• Subpart D--Records and Reports
§ 56.115 - IRB records.
• Subpart E--Administrative Actions for
Noncompliance
…
21 CFR 312: INVESTIGATIONAL NEW DRUG
APPLICATION [truncated]
• Subpart A--General Provisions
• Subpart B--Investigational New Drug Application (IND)
• Subpart C--Administrative Actions
• Subpart D--Responsibilities of Sponsors and
Investigators
§ 312.50 - General responsibilities of sponsors.
§ 312.52 - Transfer of obligations to a contract research
organization.
§ 312.53 - Selecting investigators and monitors.
§ 312.54 - Emergency research under 50.24 of this chapter.
§ 312.55 - Informing investigators.
§ 312.56 - Review of ongoing investigations.
§ 312.57 - Recordkeeping and record retention.
§ 312.58 - Inspection of sponsor's records and reports.
§ 312.59 - Disposition of unused supply of investigational
drug.
§ 312.60 - General responsibilities of investigators.
§ 312.61 - Control of the investigational drug.
§ 312.62 - Investigator recordkeeping and record retention.
§ 312.64 - Investigator reports.
§ 312.66 - Assurance of IRB review.
§ 312.68 - Inspection of investigator's records and reports.
§ 312.69 - Handling of controlled substances.
§ 312.70 - Disqualification of a clinical investigator…
11. WHY? – CLINICAL CRO
11
Questionable Clinical Data Submitted to FDA
• Can trigger FDA’s “Application Integrity
Policy”, where FDA investigates potentially
false data submitted in an application
• Results in delays during the investigation
• If fraudulent or substantially incorrect data
are submitted, or there are other material
omissions or misstatements of fact, the
NDA can be invalidated (ie, rejected)
• Includes submitting data that may be
unreliable due to, for example, a pattern of
errors whether caused by incompetence,
negligence, or a practice such as inadequate
standard operating procedures or a
system-wide failure to ensure the integrity
of data submissions
• One or more (pivotal) studies can be
thrown out (requiring their repetition)
• Other civil and criminal penalties can result
12. WHY? – CMO
12
Contract Manufacturers
• CMOs can be responsible for…
o GMP production of clinical trial
materials (study drug) to be
administered to patients
o CTM testing and release
o Process development, scale-up,
clinical- and commercial-scale
production
o Labeling and distribution
o Analytical method development
and validation
o Stability testing
• Subject to Pre-approval
Inspections (PAIs)
Scenarios to Consider
• Defective drug product identified
by pharmacist/clinical site(s)
(eg, leaking capsules)
• Lot failure at time of planned
release for use in clinical trial
(ie, does not conform to release
specifications)
• Patient injury due to adulterated
drug product
• PAI shows GMP deficiencies
leading to NDA Complete
Response (non-approval)
13. WHY? – NONCLINICAL CRO
13
Nonclinical CROs
• These CROs can be responsible
for…
o Conducting IND-enabling GLP
pharm-tox studies
o Conducting other GLP
toxicology studies for NDA (eg,
carc studies)
o Qualifying impurities and
degradants
• Subject to PAIs
Scenarios to Consider
• Failure to…
o Complete stability assessment of
test article
o Fully validate bioanalytical
methods
o Use validated/Part 11 compliant
LIMS for study data collection
o Utilize a properly constituted
IACUC
• IND-enabling study raises quality
questions at study read-out
• Major compliance issues found
during PAI
14. Plan &
Identify CROs
Triage Qualify Contract Oversee Audit
APPROACH
Generally, one should employ a semi-structured, step-wise process for identifying, qualifying, overseeing, and auditing key vendors. A virtual company executive defines
objectives and outcomes; identifies, triages, and qualifies potential CROs/vendors; contracts with each, including potentially establishing one or more Quality Agreements;
monitors and oversees the vendor and its adherence to obligations; and periodically audits. It is wise to develop documentation to support that each activity was diligently
completed throughout the life of the project or program.
A PROCESS TO ENSURE COMPLIANCE
15. STEP-WISE APPROACH
15
Plan and Identify Potential CROs
• Plan
o Seek input from internal resources
and key consultants
o Define scopes of work and
objectives
o List desired outcomes and work
products
o Enumerate any applicable regulatory
frameworks/specific requirements
o Prepare RFP (if the structure
facilitates interactions*)
• Identify Potential CROs
Triage
• Review company’s representations
concerning capabilities
• Have initial discussion with BD
contact at vendor
• Utilize any word-of-mouth
available/seek references
• Assess whether capabilities match
need
• Look for evidence of GXP
compliance/noncompliance (eg,
debarment,Warning Letters/483s)
• Look for evidence there could be a
good cultural match/working
relationship
* Many small companies find that preparing lengthy RFPs is not necessary; however, being able to be explicit is a critical factor for success.
16. STEP-WISE APPROACH
16
Qualify
• Vendor qualification can be a highly
structured, formal process
• Calibrate the level of diligence to the
potential risks the engagement poses
o Ancillary vendors can receive less scrutiny
o Core/key vendors should receive more
• Consider pre-engagement qualification site
visits (audits)
• Request/review all available Quality
documentation (eg, SOPs, org chart, EIRs,
Warning Letters, 483s)
• Develop and utilize structured
questionnaires
• Maintain records of qualification
• Consider independent auditor with
expertise if needed
Contract
• Ensure relationships of the parties,
including core responsibilities, are spelled
out
• Define explicit scope of work,
deliverables, timelines
• Include provisions for critical activities
(ie, batch failure, vendor non-
performance)
• Be explicit on which regulated activities
(obligations) are to be transferred, and
how this is to be documented
• Consider a separate Quality Agreement
for manufacturing activities that will be
part of scale-up to commercial/launch
(eg, process validation, registration lots,
launch stock)
17. STEP-WISE APPROACH
17
Oversee for Execution & Compliance
• Set expectations for continual updates,
issue management, and oversight
• Regular meetings; don’t ‘sign and forget’
until an issue arises
• Assume there will be issues, and
determine how you will detect and
address
• Be present for key events, or send a
representative (eg, key GMP
manufacturing runs, sac days at GLP
CRO)
• Plan for periodic audits; include in
budgets
• Yes, audit the auditors (ie, clinical
monitors)
• Be deeply engaged in the event of any
Health Authority inspection related to
your product(s)
18. STEP-WISE APPROACH
18
Audit
• Auditing is a formalized process for
reviewing an entities compliance with
applicable laws and regulations
• Conducted by experts in the
technical discipline (eg, nonclinical,
clinical, CMC) who also deeply know
the regulations (eg, GLP, GCP, GMP)
and Quality science
• Select skilled audits; don’t do this
yourself
• Provide input into audit plan;
facilitate scheduling/access; expect
written Audit Report; take action if
there are findings
• Don’ts
o Assume that the CROs Quality
organization has assured adequate
compliance
o Believe that clinical site monitoring is
adequate; audit all high-enrolling
sites and those with any compliance
signals
o Decide that the additional auditing
expense is not worth it; could prove
to be “the best money you ever
spent”
o Fail to take action if there are
significant findings; use data to
prepare site for PAI/BIMO
inspection
o Fail to document that you
conducted audits/exercised proper
diligence (eg, via Audit Certificate)
19. Minimalist Quality System
Intermediate Quality System
Comprehensive,
Mature Quality System
Minimalist: Few SOPs; activities performed
ad hoc by various staff; no Quality Policy; no
Quality group. Minimal documentation.
Comprehensive: Full range of SOPs across all
applicable domains; activities performed
ad hoc by dedicated staff; established Quality
Policy; Quality function staffed, funded, and with
articulated mandate. Comprehensive
documentation related to Quality functions (eg,
staff, training, vendor qualification, audits)
Intermediate: Modest number of SOPs; activities
performed by identified staff; may have simple Quality
Policy and organizational charts (for Quality purposes); no
Quality group. Some requirements for documentation.
Virtual Companies have some leeway in determining how much of a
Quality System and associated documentation is enough
POTENTIAL ELEMENTS
DOCUMENTATION: HOW MUCH IS ENOUGH?
A
B
C
A
B
C
Answer: While a comprehensive Quality System may not be necessary/desirable,
companies must embrace at least an intermediate level of diligence, documentation, and
oversight. Failing to do so creates myriad liabilities that you don’t want to regret later.
B
20. It’s not enough to rely on the representations, SOPs, policies, or activities of other regulated
entities. To do so invites risk, and creates opportunities for very significant delays, increased
costs, loss of investor confidence, and litigation. Consider a right-sized quality system and vendor
management approach to be a normal, essential part of “GBP – Good Business Practices”.
Don’t regret failing to complete and
document the described activities;
“if there’s no documentation, it
didn’t happen!”
TRUST BUT VERIFY
Document Activities & Findings
Implement, maintain, invest, and
consider these activities part of
normal business operations
Operationalize
Use the outlined approach to
create one suited to your
business needs
Define a Tailored Process
Embrace the need for a modest
quality system; invest in a
targeted way; advocate internally
See the Necessity
Cost-Effective
Approach
Mitigated
Risks
Smart
Documentation
Tailored
Process
CONCLUSIONS
21. Phase 1,2,3 Clinical Trials
FDA Meetings
Compliance & Inspections
Portfolio Management
Federal Grants
(NIH, DoD)
20+ years leading drug-development programs, company operations, and strategy formulation
Program Management
Financial Modeling
FDA Submissions
eCTD
INDs
Rx
OTC
Monograph
Combination Products
Technologies
Oncology
Cardiovascular
Gastroenterology
Rheumatology
Infectious Disease
EXPERIENCE COUNTS
NDAs
BLAs
Therapeutic Areas Regulatory and Operational Experience Regulatory Class, Dosage Forms
Pain
Psychiatry
Gene Therapy
Small Molecules
Immunotherapy
JASON E MOORE, MS, MBA, RAC
22. How can I help you?
Phone Number:
281.989.9064
E-Mail:
jasonmoore715@gmail.com
Website:
https://www.linkedin.com/in/jason-moore-ms-mba-rac-b0b1b69
Jason E Moore, MS, MBA, RAC
Cincinnati, Ohio
EXPERIENCE COUNTS