As the use of electronic data capture (EDC) systems grows among clinical researchers, quality assurance professionals are being asked to audit software and service vendors. But there are "significant differences" between using a software vendor and a service vendor. Auditing these two different types of vendors (software as a product vs. software as a service) entails different criteria and expectations, says Joseph Knight-McKenna, senior director of quality and regulatory compliance at drug-safety services provider Drug Safety Alliance (DSA), in a presentation planned for last week's Society of Quality Assurance (SQA) annual meeting in San Diego.
From a QA perspective, IT presents a host of gnarly issues: EDC-based data management systems require a different auditing process than paper-based systems. So audits for EDC should be based on computer system validation to ensure that databases are set-up and tested to ensure that the data is cleaned correctly at initial entry, as Randall Basinger of Quintiles explains.
Another issue involves changes in regulatory expectations for projects that use commercial off-the-shelf (COTS) technology in electronic document management. System complexity and the actions of supplier groups have made regulatory signoffs more difficult, says Kim Nitahara of META Solutions. System selection, configuration, validation, and maintenance, as well as the interactions among COTS vendors, consultants, and system integrators, must all be approached with an eye toward regulator scrutiny.