Identifying Critical Data and Processes in Risk-Based Monitoring

Posted on digi By digi

Identifying Critical Data and Processes in Risk-Based Monitoring

Published on 21/12/2025

How to Identify Critical Data and Processes in Risk-Based Monitoring

Introduction: Why Identifying CDPs is Foundational to RBM

Risk-Based Monitoring (RBM) is now a regulatory expectation—not just an operational option. At the core of every effective RBM strategy is the accurate identification of Critical Data and Processes (CDPs). These are the components that, if compromised, would significantly impact subject safety or data reliability.

ICH E6(R2) defines critical data and processes as those essential to ensure human subject protection and the reliability of trial results. Misidentifying or failing to monitor these components may lead to audit findings, protocol deviations, or delayed submissions. This article walks you through how to identify CDPs and integrate them into your RBM framework.

See also  Site Communication Based on Centralized Monitoring Findings

Step 1: Understand the Clinical Trial’s Objectives and Endpoints

Every CDP analysis begins with a clear understanding of the trial’s primary objectives and endpoints. These shape what data is considered “critical.” For example:

  • In a diabetes trial: HbA1c levels at week 12
  • In an oncology trial: Progression-Free Survival (PFS) assessments
  • In a vaccine study: Seroconversion rate at Day 28

Only after aligning on these endpoints can you begin to identify the specific eCRF fields, processes, and assessments that feed into them.

This

principle is part of Quality by Design (QbD), a concept promoted in ICH E8(R1).

Step 2: Map Protocol Data Flow and Workflows

Conduct a visual mapping of the data and operational workflows. This includes:

  • Informed consent to randomization flow
  • Visit schedule adherence and procedure capture
  • eCRF design and source documentation linkage
  • Data entry and query resolution timelines

Each data element should be traced back to its source and downstream impact. For example, if “ECOG performance status” is used as an eligibility criterion, errors here could lead to inclusion of ineligible subjects—making it a CDP.

Step 3: Apply Risk Scoring to Data Elements and Processes

Use a RACT or Data Criticality Assessment tool to evaluate elements on three dimensions:

  • Importance: Direct relation to primary/secondary endpoints or safety
  • Complexity: Risk of misunderstanding or mis-execution
  • Frequency: Number of times it occurs per subject
See also  Quantitative vs Qualitative Risk Assessment Models in RBM
Data Element Importance Complexity Frequency Criticality
Informed Consent Signature 5 3 1 High
ECG QTc Measurement 4 4 4 High

Anything scored “High” should be flagged for 100% Source Data Verification (SDV) or centralized monitoring.

Step 4: Classify CDPs into Logical Buckets

To operationalize CDPs, organize them into groups:

  • Safety Critical Data: SAE reporting, lab abnormalities, vital signs
  • Efficacy Endpoints: Assessment forms, imaging review, lab biomarkers
  • Eligibility Criteria: Inclusion/Exclusion parameters, diagnostic tests
  • Consent & Compliance: Consent dates, withdrawal tracking

This grouping simplifies monitoring strategy creation. For example, safety-critical data may require dual review by CRA and Medical Monitor.

Step 5: Link CDPs to KRIs, QTLs, and Monitoring Plans

Identified CDPs must be monitored using Key Risk Indicators (KRIs) and Quality Tolerance Limits (QTLs). Examples include:

  • Consent form missing rate > 2%
  • Protocol deviation involving eligibility > 1 per site
  • Data entry delay > 5 days for safety labs

These thresholds are built into your Central Monitoring strategy or RBM dashboard.

To learn more about setting QTLs for CDPs, visit PharmaSOP.

Real-World Case Study: CDPs in an Oncology Trial

Study: Phase III, double-blind study on second-line NSCLC treatment

Identified CDPs:

  • CT Scan imaging for PFS determination
  • Adverse Event attribution
  • Randomization log accuracy

Mitigation Strategy:

  • Remote imaging QC by blinded radiologists
  • AE causality training for investigators
  • Daily export and QC of IVRS randomization files
See also  Integrating Risk Assessment into Clinical Trial Start-Up

Outcome: No critical findings in subsequent FDA audit; inspection report noted “robust RBM approach.”

Step 6: Audit Trail and Documentation

CDP identification must be fully documented in your Trial Master File (TMF) and be inspection-ready. Documents include:

  • RACT or Critical Data Worksheets
  • Monitoring Plan references
  • Training records indicating site awareness of CDPs
  • RBM meeting minutes

These records should demonstrate a clear rationale and consistent oversight aligned with GCP and ICH guidelines.

Common Mistakes to Avoid

  • Overloading CDPs: Including every field in the eCRF dilutes focus
  • Failure to revise CDPs post-amendment: Always re-evaluate after protocol changes
  • Not aligning with endpoints: If data doesn’t drive an endpoint or subject safety, it’s likely not “critical”
  • No link between CDPs and KRI/QTLs: Monitoring must follow risk—not routine

Conclusion

Identifying Critical Data and Processes is the backbone of a meaningful RBM strategy. It empowers clinical teams to focus on what truly matters—protecting participants and delivering reliable trial results. The process isn’t one-size-fits-all; it must be protocol-specific, dynamic, and well-documented.

By investing time in precise CDP identification, sponsors and CROs not only ensure compliance with ICH E6(R2), but also gain operational efficiency and inspection readiness.

References:

Risk Assessment Tools, Risk-Based Monitoring (RBM) Tags:, , , , , , , , , , , , , , , , , , , , , , , ,