Since ICH GCP was revised to include requirements for quality and risk management, sponsors have struggled to implement it in a meaningful way. When I review RACT (Risk Assessment Categorization Tool) output and risk management plans, I feel like I'm an English teacher again, and my students don't really understand the assignment, but are hoping that if they write down everything that comes into their heads, they'll hit the five-page minimum and achieve a passing grade.
The first step to risk management is being able to articulate risks. To do that, we need to name three components:
It helps to start backward, by identifying the critical elements of our study. Patient safety is always critical, but critical data is protocol-specific. Typically, critical data are key safety and efficacy data.
Next, we need to identify potential negative impacts on patient safety and critical data. What's the worst that could happen? On the safety side, patients could have avoidable serious adverse events--for example, because they were enrolled with a prohibited condition, or took a prohibited medication, or were mis-dosed, or underwent a risky study procedure that resulted in harm. Data integrity could be compromised if data were lost or corrupted, if sites did not comply with the protocol, or if patient did not comply with the dosing regimen. These issues could apply to almost every study; our job is to get specific in imagining how they might apply to our study.
Finally, we need to look at the conditions that could elevate the likelihood of the negative outcome. Below are some conditions that elevate risks:
Put these three components together and we have a fully articulated risk:
"Using a new ePRO vendor that we didn't qualify via an audit [condition] increases the risk of data loss or corruption [negative outcome] to one of our key efficacy endpoints [critical element]."
Later in the series, we'll look at why articulating the risk in this manner is critical in our efforts to mitigate it.