Case Studies of Remote SDR Audit Findings and Lessons Learned

Posted on digi By digi

Case Studies of Remote SDR Audit Findings and Lessons Learned

Published on 21/12/2025

Audit Failures in Remote SDR: Real-World Examples and Compliance Lessons

Why Regulatory Agencies Scrutinize Remote SDR Documentation

Remote Source Data Review (SDR) has become a vital component of centralized monitoring in modern clinical trials. It supports real-time oversight, risk-based quality management, and subject safety assurance. However, its growing use has led to heightened regulatory scrutiny from agencies like the FDA, EMA, and MHRA.

Inspectors increasingly request audit trails, reviewer logs, finding resolution timelines, and evidence of corrective actions stemming from SDR activities. When these records are missing, incomplete, or inconsistently filed in the Trial Master File (TMF), it results in critical inspection findings.

This article presents real-life case studies from regulatory audits involving SDR documentation and centralized monitoring oversight. We analyze what went wrong, identify gaps, and outline key preventive actions.

See also  Feedback Mechanisms for Online Training – Compliance Checklist

Case Study 1: Missing Reviewer Logs in an Oncology Trial

During a GCP inspection of a global Phase III oncology study, the sponsor presented evidence of using remote SDR for ongoing subject monitoring. However, upon closer inspection, the FDA reviewer requested logs identifying:

  • Who conducted SDR on specific subjects
  • When the review was performed
  • What issues were identified and resolved

The sponsor was unable to produce

a structured reviewer log. The SDR data existed in a dashboard tool, but no export or audit trail was available for the selected subject IDs. As a result, a 483 observation was issued for inadequate documentation of centralized monitoring activities.

Lessons Learned:

  • All SDR reviewer activity must be logged and timestamped
  • Logs should be exportable and filed in TMF (Section 5.4.1)
  • Assign clear ownership for documentation and TMF filing

Case Study 2: Audit Trail Gaps in a Cardiovascular Study

An EMA inspection of a 12-country cardiovascular trial revealed that SDR activities were conducted using a vendor-hosted eSource platform. While the sponsor had SDR reports and reviewer annotations, the inspector asked for:

  • Audit trails showing which user accessed which records
  • Date and time of reviews
  • Evidence of follow-up on identified issues

The sponsor had no audit trail extract and had not validated the platform’s audit trail feature under EMA Annex 11. The lack of system validation and audit trail access resulted in a major finding.

See also  Case Studies on Real-Time Patient Feedback via Remote Apps and CAPA Solutions

Lessons Learned:

  • Ensure SDR systems meet Part 11 and Annex 11 requirements
  • Validate audit trail functionality and retention settings
  • Back up and export audit trails periodically for TMF storage

Case Study 3: SDR Findings Not Linked to CAPA

In a decentralized dermatology trial, a centralized monitor identified recurring protocol deviations through SDR. However, during an MHRA inspection, when asked for CAPA documentation linked to those findings, the sponsor provided only informal email threads and notes in the SDR system. No CAPA forms were initiated, and there was no evidence of a formal investigation or preventive action.

This led to a GCP observation for failure to escalate SDR findings into documented CAPA workflows.

Lessons Learned:

  • Define clear escalation pathways from SDR findings to CAPA
  • Maintain traceability through unique SDR finding IDs
  • Link SDR logs to deviation records and CAPA reports in TMF (Section 5.2.1)

Case Study 4: TMF Gaps in SDR Documentation

In a global vaccine trial, an FDA inspector requested a summary of SDR findings and reviewer actions over the past 6 months. The sponsor had conducted SDR regularly and maintained Excel logs, but none of these were filed in the TMF.

Further, the SDR summary reports had no version control, no signatures, and no evidence of QA review. This resulted in a finding for non-compliance with TMF management and lack of oversight documentation.

See also  How to Achieve Patient Identity Verification in eConsent with FDA/EMA Oversight

Lessons Learned:

  • SDR logs, summaries, and escalations must be filed in the TMF
  • All documents must be version-controlled, signed, and dated
  • QA review of SDR documentation should be documented

Case Study 5: Use of Untrained Reviewers

In an investigator-initiated study, centralized review was performed by data managers without documented GCP or SDR system training. During inspection, the FDA requested training logs, and none were available. The agency cited the sponsor for lack of qualified personnel performing GCP-critical tasks.

Lessons Learned:

  • Ensure all SDR reviewers are trained on GCP, the monitoring plan, and SDR tools
  • Maintain training logs and file them in TMF Section 1.3
  • Verify role-based access controls align with training records

Conclusion: Audit-Proofing Your SDR Process

The shift to remote SDR requires more than just technology—it demands robust documentation, traceability, and quality control. These case studies demonstrate that:

  • Reviewer logs and audit trails must be accessible, complete, and retrievable
  • CAPA and deviation response must be triggered when needed and filed appropriately
  • TMF filing of SDR documentation must be timely and version-controlled
  • Training and SOP adherence are critical to defend SDR roles and activities

To remain inspection-ready, sponsors must treat SDR as a formal oversight activity governed by quality systems—not just a data review function. Regulatory scrutiny will continue to rise, and being prepared means investing in proactive documentation, system validation, and TMF governance.

Remote Monitoring and Virtual Visits, Source Data Review Remotely Tags:, , , , , , , , , , , , , , , , , , , , , , , ,