Insights from the TGA Good Clinical Practice (GCP) Inspection Program - Session one

Tahli Fenner

My name’s Tahli Fenner. I'm the director of the risk management section at the TGA. In my section, I have got the GCP [Good Clinical Practice] Inspection Program and I also have got the PV [Pharmacovigilance] Inspection Program, the clinical trials team and the risk management plan evaluation team. And I have with me today, for our presentation, our lead GCP inspector, Anastasia Makshakova. And she'll be talking about some insights from an inspector’s perspective.
And I'll also have her and another inspector with us for a Q&A later in the session. Let's kick off. Thank you. We've got a lot of people joining us today. And we're really pleased to see so many people interested in learning about the GCP Inspection Program. This was implemented last year. And I hope that you've had an opportunity to read our first report that we published on the TGA website a few weeks ago.
And before I hand over to Anastasia to talk about her inspection insights, I'm going to give you a little bit of background on the program and the inspection process. We'll be running a couple of polls as well today and hopefully… We had a little bit of trouble on Monday’s session with me seeing the results of the poll. Fingers crossed today we don't have those problems.
We'll be running some polls to get a sense as to what your experience is in terms of understanding the GCP Inspection Program and also the types of information that you think you would like more about. Those polls will run alongside this, my presentation. I'll touch a little bit today. And I'm not going to go into a great deal of depth about the key legislation and standards that apply. But I'm sure you're all very familiar with the GCP guidelines that apply.
At a Commonwealth level, the key legislation for clinical trials of therapeutic goods is found in the Therapeutic Goods Act and the Therapeutic Goods Regulations. The act provides the basis for the CTN and the CTA schemes. That's the Clinical Trial Notification and Clinical Trial Approval schemes. And the regulations set out the conditions that therapeutic goods used in clinical trials must comply with to be exempted from the act.
Regulation 12AC is very important for our inspection program. That's the regulation that gives us the legal powers for our authorised officers, our inspectors, to come and inspect, examine, take measurements, or take evidence of trial-related material on the site. We also have specification that enables us to release the inspection report to the approving authority and to the ethics committee. 

Brief history of the development of the GCP Inspection Program in Australia. It's important to note that the requirements to comply with GCP in Australia are longstanding, with the ICH GCP standard having been recognised for over 20 years. While the inspection program’s relatively recent, those requirements in terms of compliance have been there for a very long time. The current ICH guideline for GCP was adopted by the TGA in 2018. And as I'm sure you're aware, the ICH are currently consulting on the third revision of the GCP guidance.
In 2019, the TGA commenced a pilot GCP Inspection Program that's been modelled on the EMA's [European Medicines Agency] inspection program, with this first inspection happening in August of 2019. The pilot inspections were voluntary at investigator sites for clinical trials of medicines. And seven inspections were conducted in the initial stage over a 12-month period. And last year, we implemented the ongoing risk based GCP Inspection Program.
We published guidance in April last year and the first non-voluntary inspection through our ongoing program commenced in August of last year. We've conducted eight inspections to date, including the five GCP inspections that we discuss and cover in the report, our first GCP metrics report that was published a few weeks back. 

This is a key document. This is our GCP Inspection Program guidance that we published in April last year. And I'd really like to emphasise the value of going and having a look at this guidance. This really steps you through the process and we'll be finding out through that poll soon how many people have actually read this guidance, and if you haven't, please take the time to have a look at it. I've got some poll results here. Only 43%, I think, actually have read this guidance. That's a lot of you that have some good reading ahead of you, I would suggest. Please take a look at this.
I'll just talk a little bit about the objectives of the program. The inspection program strengthens the TGA’s monitoring activities to help protect the rights, safety and wellbeing of Australian trial participants and assures the quality and credibility of the trial data. The GCP Inspection Program allows us to verify that you're compliant with the GCP standard and have met your clinical trial responsibilities.
It also provides us with an opportunity to work with you and provide some education, ensuring that there are effective systems in place that are in alignment with Australian legislation and the relevant GCP guidelines. We are promoting a culture of compliance with the principles of GCP and the applicable Australian legislation. During inspection, there is an opportunity for sites to discuss specific questions or areas of concern with our inspectors and learn about best practice approaches to assuring safety and quality in the conduct of clinical trials.

What's in scope of our inspection program? At the moment, clinical trials of medicines and biologicals regulated under either the CTN or CTA schemes are subject to the GCP Inspection Program. This involves the inspection of clinical trial sites for medicines and biologicals but does not currently cover clinical trials for devices or trial sponsors. However, our scope is going to broaden. We will be looking at working towards getting devices within the scope of our program.
Following public consultation last year on proposed regulatory changes for clinical trials of medical devices, that was in August of last year, there was really strong support to include devices in the inspection program. And that will be going ahead. We’ll be working towards developing guidance and other resources to support implementing that broader scope to include devices in 2024. 
I'm going to talk a little bit about inspection prioritisation and how we take a risk-based approach to that. There’s far more information available in that guidance that I referred to that I recommend you have a look at. But we'll touch on some of this today. We really do take a risk-based approach. We can't inspect every trial. As a guide, other regulators internationally conduct GCP inspections on about 1 to 3% of studies. And we’re aiming to do the same proportion. We use a combination of internal and external intelligence and a risk assessment that's based on the NHMRC [National Health and Medical Research Council], in their document, their risk-based management and monitoring of clinical trials involving therapeutic goods.

That is a risk assessment that breaks up into two categories, risks associated with the IMP [investigational medicinal product] and risks associated with the trial conduct design and methods. We also do consider some other elements when we make the final selection of clinical trial sites for inspection. We look at the type of sites. We try and get a mix of, for instance, is it a large institution or a small clinic? Look at the geographic location to select sites around Australia so that we're not focussing on one type of site or one location. We're getting a good representative spread. Other factors, like the number of participants in the trial at the site, will also be considered, as well as the compliance history of the investigator sites and the sponsor.
For instance, we may have information about breaches or information from previous GCP inspections. Most of our inspections are routine and they’re usually conducted onsite rather than remotely. However, we have done some hybrid inspections where we've had people onsite and then people supporting remotely. And there might be occasions when we need to do an inspection fully remotely because the access is difficult or for other reasons.
But generally speaking, our inspections are onsite and routine. And what I mean by routine is that they're scheduled in advance, and they're prioritised based on our risk assessment that I've just discussed. And we give advance notice to the site that an inspection is coming up. These inspections are usually of a single investigator site of a specific clinical trial. But other sites can be selected, if needed, to verify and provide practical evidence of compliance.
We can also inspect what we call a ‘for cause’ inspection. That would be usually in response to a specific trigger where an inspection is an appropriate way to examine the issues. For cause inspections would generally focus on specific aspects of the clinical trial at a particular site or focus on a particular compliance issue and its impact. Significant safety concerns or identified non-compliance are likely to be the most common triggers.
As I said, for these routine inspections, we announce them in advance. You will be given notice to be able to ensure the relevant personnel are available. Occasionally, though, it may be appropriate to conduct an unannounced inspection and we do have the power to do that. And that might be, for instance, where the objectives of the inspection could be compromised if we announced it or there was such an urgent safety concern that we needed to really promptly inspect.
Reinspection is not something we routinely plan for. However, there may be circumstances in which it's appropriate for us to undertake a reinspection. But it's not part of our routine schedule. Follow-up inspections may be performed, more likely perhaps for a ‘for cause’ inspection to verify that the appropriate action has been taken in terms of corrective and preventative action to address the non-compliance.
I'll take you through now a little bit about what a routine inspection looks like in terms of the process. Our inspectors will get in touch with the site about a month beforehand to organise logistics and timing. So far, inspections have been running over three days onsite and we've held them, as I said, with all inspectors onsite as well as some hybrid inspections. There's an opening meeting on the first day where the inspectors introduce themselves and the site gives the inspectors a presentation.

And throughout the inspection period, the inspectors will undertake interviews with key staff, and they review documentation, including source data. On the final day, there's a closing meeting where the inspectors will present their findings and there's an opportunity for the site staff to discuss any issues and those findings with the inspectors. I should emphasise that throughout the whole inspection, there are opportunities to ask questions and talk through issues.
And after the inspection, there is a report issued and the site will often ask for a meeting to discuss the corrective and preventative action plan, the CAPA, and the options to resolve the issues that have been identified and agree with the inspectors on actions. In terms of the inspection follow-up and closeout, the inspection team will assess your proposed CAPA and provide any comments if the initial response is not acceptable or needs to be discussed further.
The inspectors can meet with the site to discuss the deficiencies and reach agreement on acceptable actions and timeframes. For critical and major deficiencies, evidence will usually need to be provided to demonstrate the implementation of your described actions. In this case, the inspectors will review the evidence that you've submitted and assess whether there's been appropriate implementation of the CAPA.
Other follow-up actions can be initiated potentially, such as reviewing progress reports on corrective action or reinspecting to assess if there's been appropriate implementation. The inspection is closed when the CAPA has been completed and accepted by the GCP inspector. 

I'm not going to go into all the definitions of the deficiencies here. You'll find those definitions in the GCP inspection guidance. But I will just emphasise something about the critical deficiencies, which I think, as you would imagine, are the most serious deficiencies that are identified by our inspectors. These are deficiencies in clinical trials systems, practices or processes that adversely affect the rights, safety or wellbeing of clinical trial participants or the quality or integrity of data or that represent a very serious violation of applicable legislation and guidelines.
It's important to note that critical findings, while very serious, can usually be resolved effectively through the corrective and preventative action plan process. And at least to date, in the short time the program's been implemented since last year, that's been our experience with those critical findings as they were able to be resolved through that process. I'm now going to hand over to Anastasia to share her insights as an inspector who has been out and about.
And share some of those findings and some tips on how to better prepare for an inspection. Thanks, Anastasia.

Anastasia Makshakova

Thank you, Tahli. We have recently published the 2022 GCP metrics report. The information in the report is de-identified and we see it as a valuable educational resource for the sector. In 2022, since the first inspection in August last year, we inspected five sites for trials ranging from phase one to phase three, including commercially and CRO [Contract Research Organisation]-sponsored, as well as investigator-initiated trials.
Please note that the GCPIP main categories and sub-categories superseded the inspection topic areas included in the current version of the guidance document, which will be updated to reflect this. It is important to note that the categories and sub-categories did not change the scope of the GCP inspections, rather allowed for the TGA to align reporting categories with the international regulators.
In GCPIP, we group observed deficiencies against five main categories, which include findings from 28 sub-categories. The main categories and sub-categories that are typically reviewed during an inspection are presented on this slide. We grade all findings as either minor, major, or critical. A deficiency recorded for one of the five main categories, that may be comprised of a number of minor, major and critical findings.
The grading recorded for the main category deficiency is set to the highest-level finding. In 2022, we found deficiencies in all five categories: t3 critical, 8 major and 11 minor. A deficiency recorded for a main category will often be comprised of a number of findings at a sub-category level. Corrective and preventative action plans, referred to as CAPA, were developed by all the sites for the identified deficiencies.
All deficiencies have been rectified. The highest proportion of deficiencies were for protection of trial participants, protocol compliance and documentation. Documentation was a key area of non-compliance that cuts across all categories. It is really important to have documented evidence of processes and decision-making. While we do undertake interviews to help understand the processes, if there is no supporting documented evidence or SOPs [standard operating procedures], then this will lead to deficiencies being recorded.

In terms of critical deficiencies, these represented serious non-compliance with fundamental requirements of GCP. However, none of these deficiencies warranted halting a trial and they were all addressed through the CAPA process. The critical deficiencies in documentation included the electronic medical record system could not be verified as a validated system, the site staff had the ability to amend any information entered in the medical records at any time, there was no process to ensure that the study documents were identical to the HREC [Human Research Ethics Committee]-approved copies. The critical deficiencies in trial management included no risk management plan and /or risk management process developed for the investigator-initiated trial. The study documentation available for the inspected site did not adequately reflect or explain the distribution of responsibilities between the sites involved in the trial management.
The critical deficiencies and protection of trial participants included the consent form that was signed by participant, but not signed by the investigators, the consent form signed by the participants that was a modified version of that approved by the HREC, he modified version was not submitted to the HREC before it was implemented at the site, trial participants signed the forms electronically in a system that was not validated. This system did not allow for identification of the signatory. That is, the participants’ signatures could not be verified as a legal equivalent of their handwritten signature. 
As I have just mentioned, there was a critical deficiency related to the informed consent process. And I would like to share some questions that can help you to assess your processes for compliance. 

Do you know which consent form is currently approved version for your study?

How promptly is the study team notified that a new consent has been approved? Does everyone know what this process is? How do you supersede previous version of the consent forms? Do you mark them as superseded regardless of the media used? Are you familiar with the content of the consent form, including changes from the previous versions? Who has responsibilities in the informed consent process?
And are those responsibilities outlined in an internal SOP? Are all relevant staff adequately trained on this process? Answering these questions will help you understand if your processes are robust and address any gaps you may identify. It is important to remember that self-evaluation of the process should be repeated in case of any changes either at a site or at a clinical trial level. 
Here are some tips that may help you with compliance. Ensure that the consenting process is documented appropriately, and no standard-related procedures are completed before informed consent is signed by all relevant parties. It is important for sites to ensure that there are quality assurance processes in place. For example, confirmation that the consent form was completed in full, without any errors before a copy is provided to the participant.
Complete and accurate documentation of the informed consent process is essential to demonstrate compliance with protection of trial participants category. Please refer to the GCPIP metrics report for more information on the expectations on compliance. I will now share a mock scenario that is based on the observations made in this period. All of the scenarios included in this presentation are not direct examples from the inspection.
The first example scenario is, you discovered that a modified consent form was electronically signed by the participants, but not the investigators. You need to understand the root cause of this non-compliance and to take corrective and preventative actions. It's important to understand that there are two issues here. The electronic consent form that was used was not identical to the version approved for use.
And the electronic signature was only captured for the participant and not the investigator. In order to understand the root cause of these issues, we need to understand the process that was followed. And the following questions can support with that. What is the consent process at your site? Do you plan to follow a standard process or are there any unique aspects related to the study such as a tick box with optional choices, specific addendums, or different main consents applicable to different treatment arms?

Has the consenting process applicable to the study been tested before screening participants? Is your electronic system validated for the purpose of e-signing a consent form? Does it allow for multiple signatures? And if so, what is the order? Do you have documented evidence of validation? Is the signed consent form exactly the same version as the one that was approved by the HREC? Due to a wide range of available electronic systems, there can be different reasons for non-compliance.
And it is important to ask ‘why’ as many times as possible and as needed to get to the root cause. If we get back to our example, let's suppose that the system automatically modifies every imported document and has only been set up to allow one signature by default. This system was not tested before the first participant was consented. This is your root cause. Now you need to think about correcting the issues, both with the incorrectly signed consent form and the system.
In this example, let's suppose that the site notified the HREC of this issue and the HREC supported for the participant to be reconsented. Now you would need to assess how quickly the system can be set up and tested and whether your preference is to wait until the issues are resolved or to seek approval from HREC for an alternative consenting method, for example, a paper form. You also need to think about preventing similar issues.
In our example, let's suppose preventative measure is included, checking if other studies at site that use the same system require similar updates and updating an SOP to include a step to test the system before consenting or reconsenting the participants. And another step to ensure a quality check is done on each signed consent form before a copy is provided to the participant. There is no one-size-fits-all solution to correct and prevent these issues.

It is important to have a culture that values and rewards thinking about quality and to remember that the patient should be at the centre of clinical trials. HRECs consist of experts who have an important role in review of consent forms before they issue the approval letter. It is therefore important to use the approved version without any modifications to ensure that the participants are protected. In case a consent form needs an update, it is expected that the updated consent form will get back to HREC for review before it is used.
And here are some tips that may help you avoid similar issues at your site. Ensure you understand and test the consenting process. This includes understanding the electronic systems being used in the study, ensuring systems are validated according to the GCP requirements and ensuring quality assurance measures and tools are in place. For example, a careful review of the first consent form to ensure all required signatures and tick boxes are completed. And consider having a backup plan in case of system malfunction. 
Now let's talk about protocol compliance and what questions can help you assess your processes? Based on the protocol, what resources do you need to conduct the study and ensure compliance? Do protocol timelines facilitate compliance? Do you anticipate any issues with short windows for visits that you need to raise with the sponsor or sponsor-investigator to plan, for example, for a better day of the week to build protocol compliance into your visit planning?
Is there an internal process to verify protocol compliance? Who is responsible for protocol compliance? Are these responsibilities outlined in an SOP? Have all relevant staff been trained on the delegated study-related procedures? Most findings in protocol compliance were assessed as major in this reporting period.

You need to ensure your site processes allow you to comply with ICH GCP E6 (R2), section 4.5.3 that states that the investigator or a person designated by the investigator should document and explain any deviations from the approved protocol. Follow the journey of a participant from screening and consider conducting a mock participant visit to train the delegated site staff. This is particularly useful if the protocol design is complex.
I would like to highlight that building quality into the design will enable protocols and processes to minimise unnecessary complexity and burdens. The protocol is an essential document that requires HREC approval before it can be implemented. It is important to follow the approved version of the protocol and to have proactive oversight of any deviations at site level and not to rely on the sponsor to identify site-level deviations.
This active oversight will ensure the sites have a process to promptly detect any deviations to the protocol, perform a root cause analysis and implement a CAPA to avoid recurrence. The example scenario is, day one, post those ECGs [electrocardiograms] were completed out-of-window for all time points for all patient visits at your site so far. You need to understand the root cause of this non-compliance and to take corrective and preventative actions.
As with our previous example, first we need to understand the process that was followed. And the following questions can support with that. Was the ECG performed by fully trained and delegated staff? Why were ECGs completed out of window? Were there any recent protocol changes that would affect the ECG window? Was this deviation preventable? Who identified this deviation and when was it done? What are the consequences of not collecting the ECG data as per protocol?
There can be different reasons for this type of protocol deviation, depending on protocol design, sites’ resources, and multiple other factors. Let's suppose that the ECG window in our example is ten, plus, minus, five minutes. There were no recent changes to the protocol, no new staff members, no new equipment or supplies that would cause this deviation. After you followed participant’s journey during a visit that involves ECG, you realise that it takes a participant at least 15 minutes to get from the consulting rooms to the ECG room and the order of procedures cannot be changed.
This distance means that there is no opportunity to get to the ECG room and prepare for the ECG within window. While nothing can be done about the ECG data collected to date, similar issues can be prevented by either moving the ECG equipment into the consulting rooms or moving the visit to the ECG room, whichever is more appropriate and feasible in the circumstances.
What can you do to incorporate compliance with protocol into processes at your site? Remember that the patient should be at the centre of clinical trials. And following the approved protocol ensures participants’ safety. Proactively assessing protocol compliance will ensure robustness of your processes. Consider if study visit checklist may help you with compliance and ensure that any additional tools used to support compliance are reviewed each time the protocol is updated.

Two final examples are related to decentralised trials referred to as DCT. The example scenario related to a DCT management is a future DCT study will have one site where the data is kept, one pharmacy location and several referring sites. The participants will only be seen remotely for the duration of the study. You need to decide which sites are required to be notified to the TGA. Questions to consider on trial management include, what is the role of a primary site and the referring sites?

Will there be any trial-related activities performed at any of the referring sites? How are duties delegated? Are there any duties unique to DCT? Do you have documented processes? Do you have the right resources? Do you need any additional resources or training to run a DCT? There is no single solution that would be suitable for every DCT. A prospective risk management plan and a clear structure of the site's roles and responsibilities are required to support appropriate decision-making about the trial management.
During GCP inspection, we may look at applicable documents that support the sites’ structure, such as contracts, agreements, delegation log, supervision plan, etc. The national SOP on clinical trials, including teletrials, is a great resource available to the sites to provide guidance on trials that involve a remote component of trial management. It is our expectation that the sites where the IMP is stored and where clinical trial activities take place are notified to us, with the exception of participants’ homes.
And the final example for today is related to investigational medicinal product, IMP, management in a decentralised trial, DCT. The example scenario is a planned DCT will have a primary site where the data is kept, a pharmacy location and several referring sites where there will be no trial-related activities. All participants will receive the IMP at their homes. You need to decide by what means and how often to deliver IMP to the participants.
Questions to consider on IMP management in a DCT include, is there a documented process at your site for IMP delivery, temperature control during the transit return and destruction of IMP? What are the IMP storage conditions? What stability data do you have about the IMP? Do you have an investigator’s brochure or an equivalent? What IMP delivery frequency would be most appropriate? What delivery options do you have?

And are there any considerations for your planned population? Who and how will assess participants’ compliance with assigned treatment? There is no single solution that will be suitable for IMP management in every decentralised trial. This should be assessed on a case-by-case basis. ICH GCP E6 (R2) sections 4.6.3 and 4.6.4 clarify sites’ responsibilities on IMP management that are applicable to all types of regulated clinical trials in Australia.
These sections include expectations on minimum information that is required to be documented. To comply with these requirements, risk management and quality control are especially important in case of direct delivery of IMP to participants’ homes. If delivery methods are used that are not monitored, for example, for temperature or receipt of the IMP, this needs to be carefully justified and documented.
For example, undertaking a test run with the temperature monitoring before initiating the study may be appropriate to make an evidence-based decision on IMP delivery methods. The risk of not delivering IMP to the participant or losing participant’s IMP returns due to disruptions of the post-provider should also be an important consideration in decision-making on IMP management. And this concludes my part of the presentation. Back to you, Tahli. Thank you.

Tahli Fenner     

Thanks, Anastasia. I really appreciate you sharing those insights and I hope that people have found them really useful. Before we move on towards the Q&A, I wanted to reflect a little bit on Anastasia's insights and tips and reiterate some of the key points that will help you facilitate compliance. Firstly, know the requirements that apply to your clinical trial and make sure that you are documenting things, including your training and your processes.
Carefully plan your site's participation to ensure compliance with requirements. Ensure that risks associated with the trials’ conduct are identified and assessed and monitored. And I'll reiterate it again, documentation, this was a key area of non-compliance that cut across every single topic area. It's really important to have documented evidence of your processes and decision-making. The inspectors cannot really establish what has happened if it's not documented.
And thirdly, if you're selected for inspection, keep an open mind. I know it's a big undertaking, but it's a massive educational opportunity as well. You can get so much value out of the inspection and apply that learning much more broadly at your site beyond the trial that's been the subject of the inspection. And one final takeaway tip, don't wait until we contact you about an upcoming inspection to be inspection ready.
Hopefully your attendance today will set you on that path. And going off and reading our guidance will be another next step. 
Just before we move on from this presentation, I wanted to touch on our focus for the next 12 months. We've got a big time ahead of us. In addition to continuing to carry out inspections and working with sites to address deficiencies, our big focus over the next year will be to expand the scope of the program to include devices.

We'll also be working to build awareness of the program and provide more education and support to sites to ensure compliance with GCP. We want to connect broadly across the sector. And as we're in early days of implementation, we are looking at how we can refine the program and also seeking feedback from inspectees as well. I do want to mention that the education focus is big for us at this early stage of the program, but we can take enforcement actions where necessary. To date, we haven't had cause to do that, and we certainly are really looking at that education and building awareness and building capability and compliance. We will continue to be publishing information on our inspection activities through these reports, as we published a few weeks ago, annually.
And I should mention as well, if the outcomes of an inspection do lead to enforcement and regulatory actions being taken under the act, that information does get published in line with TGA’s compliance and enforcement procedures. We do have a TGA compliance framework. And through that process, that can involve identification of parties and offences. But through our annual report, as we published a few weeks ago, that information doesn't identify any parties who’ve been inspected and that will continue to be the case. That concludes our presentation and thank you.