ICH E6(R2) – Addendum Highlights – Risk
May 10, 2017
The Addendum as finalized in November 2016 specifically calls out the need to asses and address the risks a system poses to the correct and complete collection of data and the ability to maintain the integrity of those data over time.
E6(R2) requires that a complete and accurate risk assessment be conducted and properly documented as part of software validation.
Risk must also be assessed and documented when implementing a clinical trial protocol using an EDC system.
Once documented, risks must be managed effectively to ensure patient rights and safety are always safeguarded.
Risks to overall data integrity must also be assessed, documented, and addressed. Risks to data integrity can include:
- Unauthorized access to records
- Ambiguous instructions to users or testers
- Failure of an audit trail
- Failure to properly document changes or procedures or incidents
Additional potential risks to data integrity will depend on the system, its design and its use.
One important source of risk to patient rights and safety as well as to data integrity can be found in the completeness of the quality management system, including SOPs.
The Addendum establishes a detailed requirement for specific SOPs. SOPs and all written procedures, including work instructions, manage risk by standardizing the way in which operations are performed and by setting clear roles and responsibilities so everyone connected with the system knows what must be done, how, and when.
Every aspect of the design, development, testing, acceptance, and use of the system, including its maintenance, must be described and governed by SOPs, and those SOPs must be followed at all times to ensure the system is build, used, and maintained as intended and the integrity of the data are not put at risk.