Today we look at the changes from the draft to final version of E6 R3 in the Data Governance section. This section, which is applicable to both investigator- and sponsor-controlled systems, was new to the 2023 draft, so it's not surprising that there are multiple changes as ICH refines its thinking. Most of the changes make the language more precise, and of course there are a bunch of new references to risk. Away we go:
Section 4.1.2, which addresses maintenance of the study blind, adds the bolded text in the following sentence: "Roles, responsibilities and procedures for access to unblinded information should be defined and documented by all relevant parties according to the protocol; this information may also be included in the data management plans and statistical analysis plans or other trial specific plans/instructions and site staff delegation records," adding a requirement to note blinding status in delegation logs.
A new step 4.1.3 has been added: "In such cases [cases in which some sponsor team members are unblinded], suitable mitigations strategies should be implemented to reduce the risk of inadvertent unblinding of the blinded investigator site staff."
Step 4.1.4 regarding risk assessment for unblinding, now uses the term "inadvertent unblinding" instead of "accidental unblinding." Previously, this statement said that "any planned or unplanned unblinding should be documented and assessed for impact to clinical trial results." This statement has been split into two so that it is now clear that any unblinding should be documented, but only unplanned blinding should be assessed for impact (which makes sense, because a team would not perform an assessment of every planned interim analysis). A clause has been added to indicate that after unplanned unblinding is assessed for impact, "actions should be taken as appropriate."
Step 4.2.1 regarding Data Capture has been divided into three substeps where previously there were two. The bolded text is new: "Acquired data from any source, including data directly captured in a computerized system (e.g., data acquisition tool), should be accompanies by relevent metadata. At the point of data capture, automated data validation checks to raise data queries should be considered as required based on risk, and their implementation should be controlled and documented." The first addition emphasizes the importance of metadata for e-source systems; the second adds detail to explain the purpose of validation or edit checks.
Section 4.4.2 (a) (ii) regarding audit trails for computerized systems previously stated that systems should be designed to "permit changes in such a way that the initial data entry and any subsequent changes or deletions are documented, including, where appropriate, using a risk-based evaluation, the reason for the change if it is not implicit." Both italicized phrases have been omitted in the final version. The first change may have been made because it was impractical (were users supposed to document a risk assessment every time they change data?). Removal of the second phrase appears to have a big impact: in the draft, reason for change for data changes appeared to be optional; now it appears to be mandatory.
Section 4.4.2 (b) has been similarly rewritten to differentiate between disabling and changing audit trails, reports, and logs. The final version now makes it clear that these items should never be disabled, which seems a bit drastic - surely there might be a good reason for disabling certain reports? It now says that audit trails should be modified only in rare circumstances and gives an example - when an audit trail includes a participant's personal information. This step still states that if such a step is taken, it should be documented along with its justification.
Step 4.2.2 (c) previously stated that the party responsible for a computerized system should ensure "that audit trails and logs are decipherable and can facilitate analysis." The final version states that parties should ensure "that audit trails and logs are interpretable and can support review."
Step 4.2.2 (d) about date and time stamps previously stated that sponsors should ensure "that the automatic capture of date and time of data entries or transfer using data acquisition tools are unambiguous." The italicized text has been removed, likely because systems other than data acquisition tools are used for data transfer.
Section 4.2.3 about review of data and metadata sneaks in a new reference to "risk-based" approaches: Procedures for review of trial-specific data, audit trails and other relevant metadata should be in place. It should be a planned activity, and the extent and nature should be risk-based, adapted to the individual trial and adjusted based on experience during the trial."
Section 4.2.4 regarding data corrections rewords the statement "Corrections should be attributed to the entity making the correction" with "Corrections should be attributed to the person or computerized system making the correction," clarifying the requirement.
Section 4.2.5 regarding data transfer now emphasizes that electronic data transferred between systems includes metadata. The sentence "The transfer process should be documented to ensure traceability, and data reconciliation should be implemented as appropriate" now states, "The data exchange/transfer process or system migration should be documented to ensure traceability, and data reconciliation should be implemented as appropriate to avoid data loss and unintended modifications." The first change broadens the applicability of this statement, and the second explains the purpose of data reconciliation.
Steps 4.2.6 (a) and (b) previously referenced the process of "rectifying errors and omissions" while finalizing datasets prior to analysis. Wording has been modified in both steps to suggest that errors in data should be rectified, and omissions should be rectified "where possible." In (b), protocol deviations are added as an example of "noncompliance issues" whose impact is addressed during data finalization.
Step 4.2.7 titled Retention and Access has been added: "The trial data and relevant metadata should be archived in a way that allows for theirretrieval and readability and should be protected from unauthorised access and alterations throughout the retention period."
Step 4.2.8 titled Destruction has been added: "The trial data and metadata may be permanently destroyed when no longer requiredvas determined by applicable regulatory requirements."
In Section 4.3, Computerized Systems the following big chunk has been taken out of the introductory paragraph: "In summary, the sponsor is responsible ensuring that for computerized systems which they put in place, the expectations computerised systems as described in this section are addressed in a risk proportionate manner. The sponsor should review whether the systems used by investigator/institution (e.g., electronic health records and other record keeping systems for source data collection) are fit for purpose in the context of the trial. In the event that the investigator/institution deploys systems specifically for the purposes of ICH E6(R3) Guideline conducting clinical trials, the investigator/institution should ensure that the expectations are proportionately addressed and implemented." This detail was likely found to be redundant with the rewritten steps in the previous section (III. 3.16.1. (x) (vi), (vii), and (viii)).
Sections 4.4 - 4.8 in the draft, previously Security of Computerized Systems, Validation of Computerized Systems, System Failure, Technical Support, and User Management, are now collected as subsections under Section 4.3, Computerized Systems.
Step 4.3.3 (d) regarding security procedures has been modified with the addition of bolded text: Procedures should cover the following: system security measures, data backup and disaster recovery to ensure that unauthorized access and data loss are prevented. Such measures should be periodically tested, as appropriate."
Step 4.3.4 (c) in the Validation section is new: "Periodic review may be appropriate to ensure that computerized systems remain in a validated state throughout the life cycle of the system."
Step 4.3.4 (g) in the Validation section removes references to "qualification" of computerized systems. It now states that responsible parties should ensure systems are "validated as fit for purpose" (previously, "qualified and validated") and that "validation documentation" (previously "qualification and validation documentation" is maintained. "Qualification" is a term borrowed from a manufacturing environment, where it refers to assessment of equipment and systems as fit for purpose, as opposed to the term "validation," which is used for processes. When talking about computer systems, however, "qualification" can stand for pieces of the validation process (e.g., installation qualification) but is sometimes used as a term to mean "evaluation and selection" (for example, you might review a vendor's validation documentation to "qualify" the system for use, without validating it yourself). These conflicting usages are confusing, which is probably why ICH is avoiding the use of the term "qualified."
Step 4.3.5 has been changed from "The trial-specific systems (including updates resulting from protocol amendments) should only be implemented to enable the conduct of the trial by the investigator after all necessary approvals for the clinical trial have been received" to "The trial-specific systems (including updates resulting from protocol amendments) should only be implemented, released or activated for individual investigator sites after all necessary approvals for the clinical trial relevant to that investigator site have been received."
Step 4.3.8 regarding security measures for access control now states simply, "The security measures should be selected in such a way that they achieve the intended security." Previously the phrase "and do not unduly impact user-friendliness" was appended.
