OR WAIT 15 SECS
Volume 22, Issue 9
When assessing the competencies of an outsourcing service provider, sponsor companies must pay a great deal of attention to the cGMP compliance level of the provider.
When assessing the competencies of an outsourcing service provider, sponsor companies must pay a great deal of attention to the cGMP compliance level of the provider. This is very important for four reasons:
a). First, the regulatory health agency may decline a marketing submission by saying that the trial data was unreliable as was the clinical trial production.
b). Investors now sue claiming executive incompetence, negligence, fraud, etc. (note that anyone in senior management is likely to be named personally in such lawsuits).
c). Patients who took the now "deemed unsafe" trial drug may decide to seek damages because the sponsor's quality personnel did not do their jobs to ensure the clinical drug production met minimum standards (e.g., cGMPs).
d). Finally, we can start adding in the worst case, due to litigation discovery (where the plaintiff can force sponsors to reveal publicly the sponsor's internal documents, reports, emails, presentations, and so on), more lawsuits get filed, individual personnel in the company get named, and public reputations are ruined.
Furthermore, all firms should be cognizant of the recent recommendation that the FDA is considering, that warning letters and other regulatory enforcement actions against a CMO or CRO also be applied to the sponsor.
When it comes to the audit process, I believe it completely depends on each individual case as to whether the sponsor should be expected to be involved in the process or whether the outsourcing provider should be expected to deal solely with the audit. Let me provide three situations from three different clients of mine with three different answers:
There are a number of ways that a sponsor can help its outsourcing partner to pass its regulatory audits but first, as part of any quality or technical agreement, the sponsor needs to clarify two items:
Next, the sponsor may want to work with the outsourced provider to assemble a standing "audit package." This is a set of documents, such as a Site Master File, a current listing of SOPs, a copy of the summary of the most recent quality system management review, and so on, that can be given to any regulatory health agency inspector. I've found this type of default audit package, properly kept current of course, can be of much help to the sponsor, the outsourced provider, and the inspector.
Third, the sponsor should consider hiring an independent third-party to conduct a sort of "bulletproof yourself against inspections" type of corporate workshop. The key for this workshop would be to really show the outsourced provider what the inspector looks for (e.g., it's a lot less about SOPs and a lot more about looking at records — or the lack thereof — which prove compliance with SOPs and regulations), what agency inspectors use to develop their questions, have some role-play on answering inspector questions so the outsourced provider can see how it works in the real-world, and so on. I've had a number of clients tell me over the years how much just a one-day workshop on this has yielded huge dividends over years, as well as how it reduced their risks and anxieties when it came to regulatory inspections.
So what happens when problems are identified by the sponsor during the course of the agreement? What should the sponsor be expected to do in this scenario? Naturally, it depends on the nature of the deficiencies and the business goals of the sponsor. As a simple example, a sponsor looking for justification to break a contract with an outsourced provider with whom it is unhappy may not want to help the sponsor to resolve any issues, but rather use the regulatory findings to justify finding a new outsourced provider.
That said, in general, the sponsor should expect to perform some level of help. Setting situational specifics aside, here's how I suggest my clients set about determining the level of help they will provide, or at least offer, the outsourced provider: