ICH E Guidelines: how to pass audits and inspections
ICH E Guidelines and audits: what inspectors expect from QA and QP
Introduction
For QA and Qualified Person professionals, advanced knowledge of the ICH E Guidelines is essential to successfully manage regulatory audits and inspections. Inspectors review clinical studies not only for data quality, but to assess whether the entire GCP system is under control: delegations, oversight, TMF, data integrity, safety and risk-based management.
ICH E6(R3) and the ICH E2 series provide the framework on which EMA, FDA and MHRA base their inspections and decisions.
Prepare for EMA/FDA inspections: correctly apply the ICH E Guidelines on sponsor oversight, TMF, data integrity and risk management. Guide for QA/QP.
Regulatory Analysis: what EMA and FDA look for
Authorities assess:
- application of ethical GCP principles
- sponsor governance and adequacy of the QMS
- documented processes proportional to risk
- validated and secure electronic systems
- data integrity throughout the entire data lifecycle
- completeness of TMF and ISF
- correct management of safety reporting (SAE, SUSAR)
A non-compliance in one of these areas can compromise entire sections of the regulatory dossier.
What inspectors look for (with examples)
1. Sponsor → CRO oversight
Real case: a CRO conducts monitoring, but the sponsor keeps no evidence of oversight.
Outcome: Major finding due to lack of documented supervision.
2. Investigator and Delegation Log
Inspectors review:
- up-to-date delegation logs
- staff qualifications and GCP training
- consistency between assigned roles and actual activities
Typical deviation: clinical tasks performed by unqualified personnel.
3. Misaligned TMF
Inspectors request immediate access to the TMF. Recurring findings include:
- missing documents
- outdated versions
- absence of critical evidence (decision logs, escalations, key emails)
- discrepancies between sponsor TMF and site ISF
4. Data Integrity
Frequent issues:
- audit trails not reviewed
- shared user accounts
- late modifications to primary data
- unvalidated systems
How to avoid critical deviations
QA/QP must implement preventive strategies:
1. TMF always inspection-ready
- real-time updates
- TMF index aligned with the DIA Reference Model
- version-controlled, searchable documents
- audit trails included
2. Formalised oversight
- clear monitoring plans
- KPIs and Quality Tolerance Limits
- co-monitoring
- targeted audits of CRO and vendors
3. Robust Data Integrity
- validation of each electronic system
- control of data transfers
- risk-based audit trail review plan
- user management following least-privilege principles
4. Integrated safety and pharmacovigilance
Ensure alignment with ICH E2 (E2A, E2B(R3), E2D, E2C(R2)):
- timely SAE reporting
- correct SUSAR assessment
- ICSR compliant with R3 standard
- updated RSI stored in the TMF
Audit Readiness: essential documents
For every study, QA/QP must keep ready:
- protocol + amendments + ethics approvals
- monitoring plan, statistical plan, PV plan
- contracts with CRO and vendors
- delegation logs and training records
- monitoring and co-monitoring reports
- audit trails and system logs
- updated RSI
- key communications and decision logs
Box – Typical error → Recommended corrective action
Error: audit trails not reviewed
Action: implement a risk-based audit trail review plan, with defined criteria and documentation stored in the TMF.
Error: delegations not formalised
Action: update contracts and delegation logs, train staff and establish cross-checks.
Error: incomplete TMF
Action: monthly TMF audits, unified index and strict version control.
Conclusion
The ICH E Guidelines form the foundation of GCP compliance. For QA and QP, being audit-ready means integrating risk-based management, data integrity, pharmacovigilance and TMF governance into a single robust and transparent quality system.
Keep your organisation audit-ready. Discover the full guide on GuideGxP.com.