• Decide on the audit scope 
  • Check whether there are resources at the site or Clinical Research Organisation (CRO) (if the on-site visit of the CRO representative is allowed) to ensure assistance during the audit (e.g. reading source data (SD), conducting a virtual facility tour etc) 
  • Request trial level and site level documents from Sponsor/CRO in advance (e.g. protocols, IBs, study-specific manuals, consent forms)  
  • Request access to electronic records such as:
    – Case Report Form (eCRF), 
    – Central vendor data (e.g. Laboratory) 
    – Interactive Voice Technology (IRT) (e.g. inventory, kits assignment), 
    – Imaging
    – Electronic PatientReported Outcomes (ePROs) 
  • Arrange an agenda with times for every task as per scope and agree with the auditee 


Opening meeting as usual 

Covering Audit Scope:

  • Investigator Site File (review will be limited to trial approvals, site contracts, trial insurance, task delegation, trial-specific and ICH GCP (R2) training, and any trial-specific requirements, at a minimum):
                         > Review of key documents can be done remotely as part of the audit preparation; 
  • ICFs for all screened subjects (100% of initial ICFs and a sample of amended ICFs, as applicable): via reading ICFs by the site staff/CRO representative and specific questions. 
  • IMP accountability (at shipment level):
    – Shipment and storage records to be reviewed remotely (provided in advance);
    – Site or CRO staff will be needed to review accountability and check remaining IMP stock at site;
    – IMP storage facility can be demonstrated using a video if not restricted by legislation/policies; 
  • IMP accountability (at subject level): 
    – Copies of subject/-s accountability logs (copies to be provided to the auditor) 
  • Laboratory/sample preparation facilities (will be checked if essential, depending on the risk assessment, may not be part of the scope): 
  • Can be demonstrated via video. 
  • Facility/equipment review including calibration/maintenance documentation (will be checked if essential depending on the risk assessment, may not be part of the scope): video tour to be considered if legislation/polices allows. 
  • Select an appropriate sample size of subjects (at least one). Source data review should focus on review of eligibility, protocol compliance and data accuracy/quality based on comparison with eCRF data of key safety and efficacy data parameters as identified in the protocol (review an appropriate sample of data including primary endpoints, safety data such as Adverse Events, concomitant medications, etc.): site staff/CRO representative assistance will be needed to read SD. All source data review and documentation will comply with the requirements of GDPR. 
  • Monitoring and site management 

Closing meeting as usual. 


  • Visit of the CRO representative is denied (e.g. due to coronavirus outbreak) and there are no resources at the site for 7.5 hours assistance for the auditor) 
  • Unco-operative auditees 
  • Inadequate internet access 
  • For cause / high risk 


  • Training/support of the site staff (3-7.5 hours depending on availability) in the scope of the particular protocol: 
  • Scope would include all of the above and the actual review and checking would be performed, not by the auditor but by specific auditor-trained staff at site. Training would include auditor/inspector expectations regarding every point in the agreed scope of the audit. 
  • Training/support of the site (2.5-3 hours) consulting the site staff for quality questions. It is important to highlight that reporting of SAEs is a site responsibility as is the documentation of protocol deviations (PDs) and their reporting to the IRB / IEC .when applicable. Advisory on Authorities’ expectations.