Category: Uncategorized

Computer system validation (CSV) is an essential process in the life science industry to ensure that computer systems used in the manufacturing, testing, and distribution of drugs are accurate, reliable, and secure. The guidelines provide a framework for the life cycle of computerized systems validation. The GAMP 5 is a set of guidelines established by the International Society for Pharmaceutical Engineering (ISPE) which is used by pharmaceutical and medical device manufacturers as well as suppliers to ensure compliance with regulatory requirements.

The following are some of the challenges of computer system validation:

▪ It can be a complex and time-consuming process.
▪ It requires a high level of expertise and knowledge.
▪ It can be expensive.
▪ It can be difficult to maintain compliance with regulatory requirements.

Despite the challenges, computer system validation is an essential process for ensuring the quality and safety of products and services.

The life cycle of computerized systems validation, consists of four phases which are:

Concept:

▪ Define the system: The system should be defined in detail, including its purpose, scope, users.
▪ Identify risks: The system’s risks should be identified, including if its related to GxP and the questions we had in the priviest post.

Project:

🔸Planning

should cover all required activities, responsibilities, procedures, and timelines, life cycle activities should be scaled according to:

1. System impact on patient safety, product quality, and data integrity (risk assessment)
2. System complexity and novelty (architecture and nature of system components, including maturity and level of configuration or customization)
3. Outcome of supplier assessment (supplier capability)

🔸Specification, Configuration and Risk assessment

Initial user requirements are often gathered during the concept phase and refined during the projected phase.
The role of specification is to enable systems to be developed, verified, and maintained. The number and level of detail of the specifications will vary depending upon the type of system and its intended use.
For example, software design specifications are not expected from the regulated company for non-custom products.

Specifications should be adequate to support subsequent activities, including risk assessment, further specification and development of the system, verification as appropriate, and system maintenance and update. The requirements for configuration and coding activities depend on the type of system (see Section 4.2.6 for examples).

Any required configuration should be performed in accordance with a controlled and repeatable process. Any required software coding should be performed in accordance with defined standards. The need for code reviews within the organization producing the software should be considered.

Configuration management and version control are intrinsic and vital aspects of controlled configuration and coding

🔸Verification

Verification confirms that specifications have been met. This may involve multiple stages of reviews and testing depending on the type of system, the development method applied, and its use.
Verification activities occur throughout the project stages.
Testing computerized systems is a fundamental verification activity. Testing is concemed with identifying defects so that they can be corrected, as well as demonstrating that the system meets requirements.
The use of effective and appropriate testing tools is encouraged. Such tools should have documented assessments for their adequacy (refer to EU Annex 11 Clause 4.7 [32]) and be controlled in use; however, validation is not required.
Testing is often performed at several levels depending on the risk, complexity, and novelty.
Tests may be defined in one or more test specifications to cover hardware, software, configuration, and acceptance.

🔸Report and Release

After the verification part of the project, we have the reports that approves that all verifications were completed, and that the system is approved for use.
The system should be accepted for use in the operating environment and released into that environment in accordance with a controlled and documented process. Acceptance and release of the system for use in GXP regulated activities should follow a defined process and involve oversight and input of the process owner, system owner, and the appropriate quality function as necessary and applicable.
A computerized system validation report should be produced summarizing the activities performed, any deviations from the plan, any outstanding and corrective actions, and provide a statement of fitness for intended use of the system.
The incorporation of lessons learned/after action review stage gates in the project should be considered (see /SPE
A well-managed system handover from the project team to the process owner, system owner, and operational users is a prerequisite for effectively maintaining compliance of the system during operation.
Traceability is recommended to add to the report to ensure that:
▪ Requirements are traceable back to business process needs
▪ Requirements are addressed and traceable to the appropriate functional and design elements in the specifications
▪ Requirements can be traced to the appropriate verification

As well as demonstrating coverage of design and verification, traceability can greatly assist the assessment and management of change.
Traceability should be focused on aspects critical to patient safety product quality, and data integrity.

Operation:

🔸Handover
Handover is the process for transfer of responsibility of a computerized system from a project team or a service group to the operations team or a new service group.
This is an important process; achieving compliance and fitness for intended use on its own may not be enough to guarantee a successful transfer into the operational phase.
The handover process will typically involve the project team), process owner, system owner, and Quality. The support group should be involved at the earliest opportunity to ensure effective knowledge transfer and establishment of operational procedures. A period of elevated support and maintenance, often referred to as Hypercare Services, may be arranged to facilitate the transfer.
Implied context-specific knowledge acquired through personal experience or internalization, as well as explicit knowledge captured and codified in documentation, tools, and systems should be considered.

🔸Service Management and Performance Monitoring
Service management and performance monitoring are shown related to records management due to records generated to demonstrate proper operation and performance of a system. In addition, there is potential interaction with incident and problem management and CAPA and change management when the results of the service or monitoring indicate there are issues that need addressing.

1. Establishing and Managing Support Services

The support required for each system, and how it will be provided, should be established. Support may be provided by external service providers or internal resources. This process should ensure the following:

▪ Service agreements
▪ Maintenance plans
▪ SOPs
▪ Support systems

2. Performance Monitoring

Performance monitoring detects issues that could impact the availability and performance of the system in order to facilitate mitigation before problems occur. Detected issues are managed through the incident management and problem management processes. Monitoring tools and automation are increasingly used to detect potential issues, report issues, and escalate to support organizations for timely intervention and rectification, and are encouraged.

The need for performance monitoring should be considered, and required activities scheduled and documented. This may change during the operational life of a system.

🔸Incident and Problem Management and CAPA

1. Incident Management and Problem Management

The incident management process aims to categorize incidents to direct them to the most appropriate resource or complementary process to achieve a timely resolution; whereas problem management involves analyzing root causes and preventing incidents from happening in the future.
There should be a procedure defining how problems related to software, hardware, and procedures should be captured, reviewed, prioritized, progressed, escalated, and closed.

This includes the need for processes to monitor progress and provide feedback.
Incident and problem management processes may be supported by service management tools that support the incident and problem management process, associated action planning, and traceability of actions taken to address the incident or problem.

🔸Corrective and Preventive Action

CAPA is a process for investigating, understanding, and correcting discrepancies based on root-cause analysis, while attempting to prevent their recurrence.
In the operational environment the CAPA process should feed into the overall CAPA system used for GxP operations.
When incidents occur, or when opportunities to reduce process/system failures are identified by other means, CAPA should be identified and processes established to ensure that these are implemented effectively.

🔸Change Management

1. Change Management

Change management is a critical activity that is fundamental to maintaining the proper functioning and controlled status of systems and processes. All changes that are proposed during the operational phase of a computerized system, whether related to software (including middleware), hardware, infrastructure, or use of the system, should be subject to a formal change-control process. This process should ensure that proposed changes are appropriately reviewed to assess impact and risk of implementing the change.

Regression analysis and regression testing may be required. The process should ensure that changes are suitably evaluated, authorized, documented, tested, and approved before implementation, and subsequently closed.

The process should allow the rigor of the approach, including the extent of documentation and verification, to be scaled based on the nature, risk, and complexity of the change, by application of critical thinking. Some activities such as replacements and routine system administration tasks should be covered by appropriate repair or system administration processes.

Change management should provide a mechanism for prompt implementation of continual process and system improvements based on periodic review and evaluation, operational and performance data, and root-cause analysis of failures.

🔸Configuration Management

Configuration management includes those activities necessary to precisely define a computerized system at any point during its life cycle, from the initial steps of development through to retirement.

A configuration item is a component of the system that does not change as a result of the normal operation of the system. Configuration items should only be modified by application of a change management process. Formal procedures should be established to identify, define, and baseline configuration items, and to control and record modifications and releases of configuration items, including updates and patches.

🔸Repair Activity

The repair or replacement of defective computerized system components, which are often but not exclusively hardware or infrastructure related, should be managed in accordance with a defined process. Such activities should be authorized and implemented within the wider context of the change management process. Many repair activities are emergencies and require rapid resolution, so the incident and change management processes should be designed to allow such activities to occur without delay or increased risk to the operational integrity of the computerized system.

🔸Periodic Review

Periodic reviews are used throughout the operational life of systems to verify that they remain compliant with regulatory requirements, fit for intended use, and meet company policies and procedures, including those related to data integrity. The reviews should confirm that, for components of a system, the required support and maintenance processes and expected regulatory controls (plans, procedures, and records) are established.

Periodic reviews should be:

1. Scheduled at an interval appropriate to the impact and operational history of the system. Risk and other assessments should be used to determine which systems are in scope and the frequency of periodic review.
2. Performed in accordance with a predefined process
3. Documented with corrective actions tracked to satisfactory completion

🔸Continuity Management-

1. Backup and Restore

Processes and procedures should be established to ensure that backup copies of software, records, and data are made, maintained, and retained for a defined period within safe and secure areas

Restore procedures should be established, tested, and the results of that testing documented.

🔸Business Continuity Planning

Business Continuity Planning (BCP) is a series of related activities and processes concerned with ensuring that an organization is fully prepared to respond effectively in the event of failures and disruptions, covering local and global infrastructure, data, and the application

Critical business processes and systems supporting these processes should be identified, and the risks to each assessed. Plans should be established and exercised to ensure the timely and effective resumption of these critical business processes and systems

A business continuity plan defines how the business may continue to function and handle data following failure. It also defines the steps required to restore business processes following a disruption and, where appropriate, how data generated during the disruption should be managed. Plans should be prioritized based on patient and business risk, in case of disruption to multiple systems.

The BCP also identifies the triggers for invoking the business continuity plan, roles and responsibilities, and required communication.

🔸Disaster Recovery Planning

As a subset of BC, plans should be specified, approved, and rehearsed for the recovery of specific systems in the event of a disaster. These plans should detail the precautions taken to minimize the effects of a disaster, allowing the organization to either maintain or quickly resume critical functions. There should be a focus on disaster prevention, e.g., the provision of redundancy for critical systems. Disaster Recovery (DR) plans often require a shared responsibility model between internal organizations of the regulated company  and external service providers.

🔸Security and System Administration-

1. Security Management

Computerized systems and data should be adequately protected against willful or accidental loss, damage, or unauthorized change. Procedures for managing secure access, including adding and removing privileges for authorized users, virus management, password management, and physical security measures should be established before the system is approved for use

Role-based security should be implemented, if possible, to ensure that sensitive data and functions are not compromised. Security management procedures should apply to all users, including administrators, superusers, users, and support staff (including supplier support staff).

Security provisions should ensure that data is protected against unauthorized intrusions including cyber security attacks. Intrusion prevention and detection processes, supported by relevant IT tools and automation, should be in place.

🔸System Administration

Once a system is in operation the users of the system will require support. The system administration process provides administrative support for systems, including performance of standard administration tasks. The extent of this process varies greatly depending on the nature of the system.

🔸Record Management

1. Retention

Policies for the retention of regulated records should be established, based on a clear understanding of regulatory requirements and existing corporate policies, procedures, standards, and guidelines.

🔸Record Management- Archiving and Retrieval

Archiving is the process of taking records and data off-line by moving them to a different location or system, often protecting them against further changes. Procedures and processes for archiving and effective and accurate retrieval of records should be established based on a clear understanding of regulatory requirements including retention periods.

Retirement:

▪ Retire the system: The system should be retired from use when it is no longer needed.
▪ Archive the data: The system’s data should be archived.

This part covers system withdrawal, system decommissioning, system disposal, and migration of required data.

🔸Withdrawal

Withdrawal is the removal of the system from active operation, i.e., users are deactivated, interfaces disabled. No data should be added to the system from this point forward. Special access should be retained for data reporting, results analysis, and support.

🔸Decommissioning

Decommissioning is a controlled process by which an application or system is removed from use in an organization once it has been retired and/or has become obsolete.

🔸Disposal

Data, documentation, software, or hardware may be permanently destroyed. Each may reach this stage at a different time. Data and documentation may not be disposed of until they have reached the end of the record-retention period, as specified in the company’s record-retention policy, following an authorized and documented process.

Due to the volume of data and records involved, retirement can be a major task for IT systems in particular.

Consideration should be given to:

1. Establishing procedures covering system retirement, including withdrawal, decommissioning, and disposal as appropriate
2. Documentary evidence to be retained of actions taken during retirement of the system
3. GxP records to be maintained, their required retention periods, and which records can be destroyed
4. The need to migrate records to a new system or archive, and the method of verifying and documenting this process
5. Ability to retrieve these migrated records on the new system

🔸Data Migration

Data migration may be required when an existing system is replaced by a new system, when an operational system experiences a significant change, or when the scope of use of a system is changed. The migration process should be accurate, complete, and verified.

In conclusion, the GAMP5 guidelines provide a framework for the life cycle of computerized systems validation which is essential in ensuring that computer systems used in the Life Science industry are accurate, reliable, and secure. The five phases of the life cycle, namely planning, risk assessment, specification, testing, and maintenance, provide a structured approach to the validation process, which helps to ensure compliance with regulatory requirements.

Rafael Port
Validation & Engineering Project Manager

Does your regulatory strategy indicate that the most appropriate regulatory path to market your device in the US is 510(k)?
Did you ask yourself what next?

Consider the following key points:

▪ Start by thinking about what are you going to say about your device when
you will market it in the US.
▪ Choose the appropriate predicate device to demonstrate substantial equivalence according to your marketing claims, intended use, and technical characteristics.
▪ Determine the 510(k) types (traditional, special, or abbreviated) and prepare the submission accordingly.
▪ Have all required tests and data to support your submission (using recognized consensus standards and relevant FDA guidance).
▪ Ensure the advocacy of your 510(k), it is not sufficient to have evidentiary documents only.
▪ Ensure the data integrity of your submission and use good submission practices to enable smooth review.
▪ Get to know the eSTAR (Starting October 1, 2023, all 510(k) submissions, unless exempted, must be submitted as electronic submissions using eSTAR).
▪ Understand the impact of MDUFA metrics on FDA actions.
▪ Be familiar with the options to communicate with the FDA (before and during the submission).
▪ Get to know the function of the CDRH Deputy Ombudsman (in case you will need to contact him).

In this post we would like to highlight the relevance of appropriate computer system classification based on GAMP 5 guidelines.
GAMP 5 establishes a framework for validating computerized systems in the healthcare sectors.
Computer systems should be properly classified in order to determine the amount of risk associated with
a system as well as the controls required to reduce those risks.
Those actions dictate the validation effort.
GAMP 5 divides computer systems into three categories: 3, 4, and 5.
(There is another category for software but it’s for Infrastructure Software, Tools, and IT services)

Here is the definition of the different categories:

V shape model Category 3

For example, UV system that runs on all the spectrumand user’s privileges can’t be changed.

V shape model Category 4

For example, UV system that I can billed different protocol with different light spectrums to fit my needs.

V shape model Category 5

For example, a QMS system that connects to a lab system to collect the date from there and when there is a deviation in the test automatically the QMS will open a deviation form.

As we have seen there is an impact for the different categories on the validation that is need to be performed.
So, let’s go to the most important question, How do we determine what category, the system we have or the one we want to purchase?
In order to do that we will need first to determine whether this system have any impact on cGxP according to the following bullets:

If your answer is No then great, we stop the process here.
If you have one answer of Yes, so the system is related to cGxP, and we should move to the next set of questions to decide the systems category.

• Was the system developed specifically for the company or any customization done to this application?

If your answer is yes then your system is Category 5
If not we will go to the next question

• Is the system a standard product developed by a Vendor where the System-Level Configuration is being modified (excluding Run-Time Configuration) to fit the company’s business process/flow?

If your answer is yes then your system is Category 4
If not we will go to the next question

• Is the software a standard product developed by a Vendor and is either

1. not configurable or
2. configurable but only the default configuration like run time? (Category 3 – Non-Configured)

If this is the correct then your system is Category 3
If You are not sure contact us for further assistance

This article was prepared by:

Rafael Port

Validation & Engineering Project Manager

Most companies have a risk methodology in place.
In this post, we want to remind you of the critical questions that should guide you during the risk assessment process and the key points where your computerized system can be at risk.
But before the questions, do you need to consider your acceptable risk level?
The questions we should have in mind:
▪ What can go wrong?
▪ What is the harm?
▪ What is the impact?
▪ What is the probability of a system failure?
▪ What is the detectability of a failure?
▪ How will the risk be managed?
The essential thing is to remember that there are risks during the Computerized system life cycle.

If you recognize a risk in one of your systems in one of the different parts of the life cycle, please don’t hesitate to contact us; we would be happy to help you.

This article was prepared by:

Rafael Port

Validation & Engineering Project Manager

The new In Vitro Diagnostic Regulation (IVDR) 2017/746 is a set of regulations issued by the European Union (EU) for the control and supervision of in vitro diagnostic medical devices (IVDs).
These regulations aim to improve the safety and effectiveness of IVDs and ensure that they are of high quality.

The IVDR has been applicable since 26 May 2022. In January 2022, the European Parliament and the Council adopted a staggered extension of its transition period, ranging from 26 May 2025 for high-risk in vitro diagnostics to 26 May 2027 for lower risk in vitro diagnostics, and to 26 May 2028 for certain provisions concerning devices manufactured and used in health institutions.

To be prepared for the IVDR, there are several steps that manufacturers, distributors, and other stakeholders can take: Familiarize yourself with the requirements of the IVDR. Make sure you understand the requirements of the IVDR and how they apply to your organization and products.
Verify your device classification according to the IVDR new classification system as you may now require the involvement of a Notified Body.
Review your current processes and procedures. Ensure that your processes and procedures for developing, manufacturing, and distributing IVDs comply with the requirements of the IVDR.
Develop a plan for transitioning to the IVDR, including timelines and budgets.
Consider seeking assistance from a third party, such as a regulatory affairs consultancy, to help you navigate the transition to the IVDR.
Keep up to date with developments in the IVDR and any changes or updates to the regulations.

By following these steps, you can ensure that your organization is prepared for the IVDR and can continue to provide high-quality IVDs to patients.
Contact US for further support and guidance.

This article was prepared by:

Dr. Einat Dekel, DVM

QA & RA Medical Device Senior Consultant,
SME In-Vitro Diagnostics & Digital Health

When discussing upgrading the company’s quality system and technical documentation to meet the EU-MDR requirements, many of the companies still think that this is “an activity that QA&RA department should deal with”.

However, the truth is that the main failure cause or bottleneck for upgrading to EU-MDR is the activity related to design and development.
For example, product verification and validation tests that have not been performed, design and development documentation that was not kept up-to-date (specifications, drawings etc.), product risk management plans and reports, design changes that were not analyzed and implemented properly and/or were not followed by the relevant verification and/or validation tests, customer complaints that were not analyzed properly as far as influence on product performance and safety is concerned, clinical evaluation documentation including postmarking clinical follow-up and in some cases also the need for clinical trials.

These activities take time, usually, months or even years.
Many of these requirements were already there in the MDD, but they were not enforced by the NBs to the extent that they are enforced under the EU-MDR.
If the company does not have significant support from the design and development team, the QA&RA departments will not be able to successfully lead the effort to meet the requirements of the EU-MDR.
The issues described in relation to design and development, are also critical for successful FDA inspections, which have significantly increased over the last year.
It is very important to recognize this fact and understand what needs to be done to achieve compliance.

If you recognize a risk in one of your systems in one of the different parts of the life cycle, please don’t hesitate to contact us; we would be happy to help you.

This article was prepared by:

Marina Lebel B.Sc., CQE

VP, Medical Device

A traditional clinical trial is carried out at an investigational site, with all patients traveling to and from sites for receiving the investigational treatment and being examined for safety and efficacy.
This traditional approach was restricted due to the covid-19 pandemic, and studies around the world were placed in jeopardy.
The traditional format of the clinical trials was challenged and led sponsors to look for advanced solutions to overcome and enable clinical operations continuity.
Decentralized clinical trials offer a hybrid approach and include solutions that enable more flexibility to patients, clinical staff, and sponsors alike. So, what are decentralized trials, and what advantages do they bring? 

1. What is a decentralized clinical trial?
2. How and why did DCTs become popular?
3. What are the different types of decentralized trials?
4. What are the advantages of decentralized clinical trials?
5. What are the challenges of decentralized clinical trials?
6. The future of clinical trials
7. Clinical trials with Gsap

What is a decentralized clinical trial? 

A decentralized clinical trial is a modern evolving approach that includes different levels of integration of technological solutions that enable activities and assessments to be performed virtually such as electronic informed consent, video and telemedicine visits, home health, supply chain extensions, and basic remote monitoring.
This approach and solutions enable the improvement of data collection flow, recruitment, and patient compliance. 

How and why did DCTs become popular?

A major factor for the increase in popularity of decentralized clinical trials was the COVID-19 pandemic. The nature of the global pandemic forced society to find alternative ways to function, and clinical trials were no different. Although decentralized trials were already operating before the COVID-19 pandemic (Pfizer completed its first decentralized clinical trial in 2011), this type of trial became much more popular in response to the global pandemic. 

What are the different types of decentralized trials?

Decentralization can be split into two categories: 

Fully remote

A fully remote clinical trial is conducted virtually, using mobile devices, remote monitoring software, and apps. Sometimes, home visits are also offered, or patients are required to travel to labs located near their homes. Fully remote clinical trials take advantage of recent advances in telemedicine, and there is no defined “study site” to speak of. 

Hybrid

As the name suggests, hybrid clinical trials combine traditional, on-site clinical trials with remote clinical trials. Some activities are conducted remotely, using the technologies described above, while other activities occur at designated study sites. This model is becoming increasingly popular with study sponsors across a wide range of fields and industries. 

What are the advantages of decentralized clinical trials?

Decentralization comes with many advantages, including the following: 

● Flexibility. Because the model reduces the need to physically travel to a designated study site, a DCT offers much more flexibility for patients. Using telehealth and wearables, data can be submitted from anywhere, at any time.

● Ease of participation. Reducing the need to travel to a study site makes it much easier for patients to participate in clinical trials. The option to participate remotely reduces a major barrier and allows more participants to enroll in a trial. 

● Saves time. Recent research has shown that decentralized phase 2 clinical trials can be completed one to three months faster than traditional trials, with phase 3 trials also saving time compared to their traditional counterparts. 

● Better generalizability of trial results. With fewer barriers, more patients can enroll in decentralized trials. This makes it easier for trials to enroll a more diverse patient population, which allows for fewer caveats and greater generalizability of the overall results of the trial. 

● Improved patient engagement. Patient engagement is higher, and patients are more likely to participate in a clinical trial for the entire duration if the “patient burden” is reduced. The flexibility of decentralization significantly reduces the patient burden, improving patient engagement. 

● Authenticity and reliability of data. Due to the use of technology such as wearables and real-time monitoring devices, decentralized trials often lead to more robust data. 

● Improves enrollment potential. Transportation is a major barrier to trial enrollment. With decentralized clinical trials, this barrier is largely removed, which improves the potential patient pool. 

● Real-time study overview. Collecting data remotely, and in real-time, means that the study team can identify missing data or deviations that must be addressed immediately. Real-time monitoring is especially advantageous for safety data, as any adverse events can be acted upon immediately. 

What are the challenges of decentralized clinical trials?

While decentralization offers several advantages, there are also some challenges associated with this newer trial format, including: 

● Infrastructure. Clinical trials require a great deal of infrastructure, including financial support, information systems, technology, staff, and more. Coordinating this remotely, and ensuring that all patients receive and administer medications appropriately is a significant logistical challenge. 

● Technological skills needed by participants. DCTs often involve patients administering their medication, or affixing their own wearable devices. This requires patients to have some skills in these areas or risks the integrity of trial data. 

● Design and planning. DCTs require comprehensive planning to promise smooth execution. The DCT approach requires interaction and interface of many factors and the process needs to be well planned, validated, and documented

● Data quality. Some decentralized clinical trials rely on self-reported data, which may increase certain forms of bias and not be as accurate as data collected from a traditional trial site. 

● Patient safety. Patient safety needs to be carefully considered in DCTs. As patients are often not required to report to a trial site, stringent trial monitoring needs to be in place to ensure that all patients are appropriately and frequently assessed for adverse events. 

● Regulations. As patients are given more freedom with a DCT, trial staff must ensure that regulations are adhered to despite the reduced patient contact and interaction. 

The future of clinical trials

The technological development landscape and regulatory approach towards DCT enable the integration of advanced solutions to improve main parameters in the execution of clinical trials, in particular aspects of recruitment, duration, and cost. Yet, the full integration of applicable solutions should be considered and built in the early stages of the trial design.

Gsap CRO supports sponsors during the planning phase and clinical trial protocol development to promise appropriate integration of the relevant DCT solutions into their operation. This increases the value to the sponsor, improving data authenticity and reducing patient burden.

Clinical trials with Gsap

Gsap is a boutique Contract Research Organization (CRO) with vast experience across a wide range of industries. Gsap’s full-service CRO services will help ensure your trial runs smoothly from start to finish. Whether you are running a traditional clinical trial, a hybrid trial, or a fully-remote clinical trial, Gsap has the professionals on staff to make it a success.

A boutique CRO offering personalized support

The team at Gsap ensures that you have much more than an organization to plan and execute all facets of your clinical trial. Gsap acts as a partner, providing personalized services based on your trial’s specific needs. 

Gsap has helped hundreds of clients execute clinical trials across cell and gene therapy, medical cannabis, medical devices, digital health, and beyond. The Gsap holistic approach to CRO services helps to ensure the success of your clinical trial. 

Contact Gsap today to discuss your upcoming clinical trial.

This article was prepared by:

Matti Hoggeg, M.Sc.

Clinical Section Manager

For more information about our CRO services visit:

Contract research organizations (CROs) can be excellent assets for companies in the biotech, pharmaceutical, or medical device industries. But what can a CRO actually bring to your company, and when should you enlist the services of a CRO? Let’s take a look at what a contract research organization is, the services offered by CROs, the benefits of CROs, and how to choose a CRO that meets your clinical study’s needs

1. What is a contract research organization (CRO)?
2. What does a contract research organization do?
3. What services does a clinical research organization provide?
4. What are the benefits of a CRO?
5. How to choose a Contract Research Organization
6. CRO services with Gsap

What is a contract research organization (CRO)?

In short, a contract research organization (CRO) is a company or business that offers support for clinical studies in the biotech, medical device, or biopharma industries. CROs are experts in clinical trial execution, their experts include different disciplines such as CPMs – Clinical Project Managers, CRAs – Clinical Research Associates, Medical Writers, Data Managers etc., thus they can help companies, businesses, or institutions (usually referred to as trial “sponsors”) reduce the costs and often lengthy timelines associated with a clinical study. 

What does a contract research organization do?

Now that we’ve addressed what a CRO is, let’s take a look at what a CRO does. A clinical research organization is hired by a clinical trial sponsor and is then responsible for the planning, management, and execution of the entire clinical trial. 

The role of a CRO and its assigned team is to ensure that a clinical trial is performed to the highest standards, according to the guidelines and regulations, to ensure the participant’s safety is maintained and that all data is robust and accurate. At the same time, the clinical research organization is responsible for performing the trial efficiently and as cost-effectively as possible. 

What services does a clinical research organization provide?

The CRO acts as the main point of contact and coordinates between the sponsor and other stakeholders in the clinical trial, including regulatory bodies, ethics committees, physicians/medical staff, research coordinators, and vendors. 

Specific services typically offered by a clinical research organization include: 

● Study planning and design
● Medical writing of study protocol and other core documents
● Study feasibility, start-up, and document preparation 
● Site selection and activation
● Regulatory submissions and contracts
● Site management and clinical monitoring 
● Data management, data analysis and biostatistics
● Clinical trial Project management
● Interim and final study reports
● Quality assurance (QA) and audits 

Contract research organizations (CROs) have the skills and knowledge required to run a successful clinical trial and ensure that all elements of the trial are compliant with local and international requirements. 

What are the benefits of a CRO?

There are a lot of advantages associated with a contract research organization. The most important include: 

Expertise and experience

Most sponsors looking to undertake a clinical trial do not have experience in all of the areas listed above. Therefore, teaming up with a CRO that has the resources, personnel, and experience needed to execute a successful trial offers a much simpler and more streamlined approach to conducting a clinical trial. 

Cost-effectiveness

Another major benefit is cost reduction. A clinical research organization that can keep a clinical trial running according to a pre-determined schedule can save the sponsor significant financial burdens associated with delays to the trial. 

Meeting the technological needs of the trial

Clinical research organizations have the needed infrastructure and are equipped to meet the clinical and technological requirements of a clinical study, when a sponsor may otherwise not have been able to. This could relate to everything from SOPs, Clinical Trial Management System, subject enrolment tools, to data collection system, biostatistical and data management programs. 

Time-saving

If a sponsor was required to create or obtain everything necessary to run a clinical trial, this would take years to commence. A clinical research organization already has all these necessary resources, meaning that a trial can get up and running significantly faster with a CRO for healthcare. 

Navigating evolving and complex regulatory requirements

Clinical trial regulatory requirements are ever-changing, complicated to navigate, and often region-specific. A contract research organization can coordinate with regulatory personnel and ensure that necessary approval from the relevant regulatory bodies is obtained prior to the start of the trial. Throughout the trial, a CRO ensures all regulatory requirements are adhered to. 

How to choose a Contract Research Organization

Depending on the requirements of a specific clinical trial, a sponsor may have a large number of seemingly suitable contract research organizations to choose from. When assessing which CRO is the best for your specific needs, consider the following factors: 

● Is the CRO responsive, communicative, and collaborative?
● Does the CRO have relevant experience? 
● Do they have an established quality system and QA processes?
● Is there a high turnover of clinical research associates (CRAs), or is staffing stable?
● What are the services the CRO offers?

These questions, along with others specific to the nature of your clinical trial, will help you find a CRO that gives you the peace of mind that your trial management is in safe hands. 

CRO services with Gsap

Gsap is a full-service CRO with significant experience in the design and execution of clinical trials. Whether running an early-phase PK study, or an advanced-stage clinical trial, Gsap can provide the support you need to ensure success each step of the way.

A boutique CRO offering personalized support

Gsap is a boutique CRO, which means that you have more than just an organization to manage your trial – you have a partner you can work with every step of the way. Gsap delivers undivided attention to sponsors, both large and small. 

Broad experience across multiple disciplines 

Gsap’s CRO services span a diverse array of disciplines, including medical devices and digital health. Gsap also specializes in the rapidly growing field of medical cannabis, as well as cell and gene therapy, and the development of new pharmaceutical drugs and biologics. 

End-to-end clinical trial support

Gsap is able to provide services that cover all the stages of a clinical trial. Before your trial commences, Gsap offers study design, planning, regulatory submissions, and site selection services. When a trial is wrapping up, Gsap delivers study reports, closes out study sites, and analyzes the associated trial data and writing interim and final reports.

Customized clinical trial services

By design, no two clinical trials are identical. Therefore, Gsap tailors its clinical trial services to each sponsor, to ensure the needs of your specific trial are met, based on your product’s characteristics and the geographical location(s) of your trial. 

Gsap has helped numerous clients successfully manage the transition from pre-clinical development to clinical studies and can support your trial from start to finish. The Gsap holistic approach to CRO services helps to ensure the success of your own clinical trial. 

Contact Gsap today to discuss your upcoming clinical trial. 

This article was prepared by:

Matti Hoggeg, M.Sc.

Clinical Section Manager

For more information about our CRO services visit:

Learn what is A clinical trial protocol, why it’s important, what the protocol should include, and how to conduct a clinical trial with a CRO
This article will address the following topics:

1. What is a clinical trial protocol?
2. Why is a clinical trial protocol important?
3. What should a protocol for clinical trials include?
4. Conducting a clinical trial with a CRO
5. Clinical trials with Gsap

Clinical trials must strictly adhere to detailed protocols, which dictate every aspect of a trial. The clinical trial protocol documents the objectives, study design, methodology, statistical analyses, and general organization of a planned trial. It’s a critical document that helps to ensure that all data collected is robust, and also that the safety of trial participants is guaranteed. 

What is a clinical trial protocol?

A clinical trial protocol is a written document that forms the backbone of the clinical trial. The protocol is finalized before any clinical trial activities commence, and must be observed and adhered to throughout the trial.  A clinical trial protocol provides answers to many of the critical questions that come with a clinical trial, including: 

The clinical trial provides details for physicians, study coordinators, and other staff regarding how to execute the trial. It also describes timelines for the trial, as well as ensuring data integrity and patient safety. 

Before the trial commences, the protocol must be submitted for review by an ethics committee and be granted formal approval.

Why is a clinical trial protocol important?

A clinical trial simply can’t be completed without a clinical trial protocol. The protocol essentially acts as a set of quality control guidelines, put in place to protect both the participants in the trial and the integrity of data collected throughout the trial, and to ensure uniformity in the execution across all participating sites.

Specifically, a clinical trial protocol is important because: 

● It ensures the safety and health of all participants in the clinical trial 

● It details a strict and accurate study plan that all physicians, study investigators, coordinators, and trial staff must follow accordingly 

● It ensures consistency in data collection and integrity, meaning that data from multiple different study sites can be compared or compiled

● Approval from ethics committees for the conduct of clinical trial cannot be granted without a robust clinical trial protocol 

As you can see, the clinical trial protocol is crucial to the success of the trial itself. 

What should a protocol for clinical trials include? 

A clinical trial protocol needs to include all the information required to carry out the trial. More specifically, the protocol follows good clinical practice (GCP) guidelines or the closely related ISO 14155 guidelines for clinical trials of medical devices. GCP is an international ethical and scientific quality standard, which dictates how clinical trials should be conducted, and the roles of investigators, review boards, sponsors, monitors, and other stakeholders. 

So, now that we know what a clinical trial protocol is, here is an overview of what needs to be included in a clinical trial protocol:

Purpose of the clinical trial 

The clinical trial protocol must provide enough background information and rationale to outline the purpose of the trial, and justify why the trial is being conducted. The purpose of the trial will likely depend on the phase of the trial; earlier phase trials are usually to collect safety data, while later phase trials are to examine efficacy. 

Trial outcomes and measures 

The clinical trial protocol also needs to outline the measures that will define whether or not the trial is deemed successful. The protocol must detail measures that assess the safety and, if relevant, efficacy. Typically, a trial has one or two primary objectives and a few secondary or exploratory objectives. 

Study participant criteria

Any given clinical trial has a strict set of guidelines relating to who can and cannot participate in the trial. These inclusion and exclusion criteria depend (among other things) on the disease being studied and the treatment being evaluated. For example, participants in a trial drug efficacy trial will likely need to have the condition or disease that the drug is being evaluated for. Exclusion criteria that could prevent a patient from participating in a trial may include age, medical history, or other medications that the patient is currently taking. 

Study design and details 

Other elements that need to be included in a protocol for a clinical trial include: 

● The length of the trial and the number of participants needed 

● The schedule relating to the frequency and duration of clinical visits for participants 

● Suitable control measures, and whether or not some participants will be issued a placebo

To summarize, a clinical trial protocol must satisfy GCP guidelines, therefore ensuring both the integrity of the trial and the safety and well-being of trial participants. 

Conducting a clinical trial with a CRO

As shown above, a clinical trial protocol needs to be extremely thorough and provide all necessary information to satisfy GCP guidelines and ethical considerations. If a clinical trial protocol is incomplete or insufficient, the trial will likely not receive ethics approval, and therefore cannot proceed. In addition, the trial objective must be carefully considered for the trial to meet the target and succeed.

Given that the clinical trial protocol is such a critical component of the trial itself, and essentially dictates how the trial will proceed, it is often necessary to enlist the services of a professional clinical research organization (CRO). A CRO works closely with the study sponsor to ensure that the clinical trial protocol contains all the necessary details for the trial to be approved. 

CROs offer medical writers, clinical experts, and regulatory specialists that can assist in the clinical design and protocol development of your trial. 

Clinical trials with Gsap

Gsap is a full-service CRO with years of experience in the design and execution of clinical trials. Gsap offers a team of professionals that can work with you to develop the clinical trial protocol, along with providing any other support your trial needs. 

A boutique CRO providing personalized support

As a boutique CRO, Gsap ensures that you have more than an organization to develop your clinical trial protocol and manage your trial – you have a partner to assist you every step of the way. 

Gsap has helped many clients create clinical trial protocols and manage the transition from pre-clinical development to clinical studies. The Gsap holistic approach to CRO services helps to ensure the success of your own clinical trial. 

Contact Gsap today to discuss your upcoming clinical trial. 

This article was prepared by:

Matti Hoggeg, M.Sc.

Clinical Section Manager

For more information about our CRO services visit: