CTIS and CTA in the EU: how to avoid RFIs and review delays

CTIS and CTA (EU): the operational guide to avoid getting stuck during assessment

When “uploading the CTA” is no longer enough

If you work on clinical trials in the EU, you already know this: CTIS is not a drive where you upload PDFs. It is a regulatory workflow with its own rules, tight timelines, and a “historical memory” that makes inconsistencies and rushed decisions visible.

During GCP audits, this is the issue I encounter most often: the team assumes compliance is “just” about scientific content, while inspectors identify the gaps in version control, decision traceability, and the way RFIs and changes are managed.

The (dangerous) myth to dismantle: “CTIS is just a portal”

Common myth: “If the documents are complete, CTIS cannot slow you down.”
Why this is risky: CTIS mainly penalizes:

  • inconsistencies across documents (protocol vs IB vs IMPD vs IMP label),
  • “implicit” decisions that were never justified (missing rationale),
  • unstructured RFI responses (or responses without a declared assessment impact).

Practical result: you end up facing RFIs on predictable points, with the clock running and the team in panic mode.

Part I vs Part II: where the CTA really gets stuck

CTIS separates the assessment into two blocks, and this has a major operational impact:

Part I (scientific/technical core)

Typically includes:

  • Protocol (and scientific appendices),
  • Investigator’s Brochure (IB),
  • IMP/IMPD aspects (investigational medicinal product quality),
  • safety aspects and rationale.

Part II (national/ethical/operational)

Typically includes:

  • informed consent and subject-facing materials,
  • site suitability/recruitment documents (depending on the country),
  • required local documentation.

From a real-world operational perspective, Part II is often underestimated because it is considered “local.” In reality, it is often where avoidable delays arise when ownership and harmonized templates are missing.

A Complete Guide to Regulatory Affairs in the Pharmaceutical Industry

“30-second table”: deliverable, owner, CTIS critical point, and typical mistake

Deliverable Realistic owner (who must “close” it) CTIS point where you are assessed Mistake that triggers an RFI
Protocol Clinical + RA (consistency) Part I Endpoints/visit schedule not aligned with safety monitoring
IB Medical/Clinical + RA (versioning) Part I IB not updated or mismatch with protocol
IMPD CMC/QA + RA (submission) Part I Stability/controls/process description too generic
IMP labeling CMC/Packaging + QA + RA Part I/operational Label not aligned with randomization/blinding
ICF & patient materials Clinical/Legal + local RA Part II Different country versions without rationale
RFI response RA (coordination) + functions Part I/II Fragmented responses without impact assessment

IMPD: the 6 points that always generate RFIs

The IMPD (Investigational Medicinal Product Dossier) is the “mini-dossier” that many teams treat like a technical attachment. In reality, it is one of the most sensitive areas because it affects quality, traceability, and safety.

Here is where I most often see problems:

  1. Stability data that are not “actionable”
    It is not enough to say “stable for 12 months”: the reviewer must be able to understand conditions, pull points, specifications, and the supporting data package.
  2. IMP labeling handled like “marketing-style” artwork
    For IMPs, what matters is blinding, randomization, kit management, and the logic of the clinical supply chain.
  3. GMP for IMP underestimated
    If your IMP is managed through external vendors, expect questions on qualification, document flow, and release.
  4. QP certification / release flow not described clearly
    When release is distributed across CRO, CMO, and depot, the assessor looks for consistency and clear responsibilities.
  5. Comparability ignored when something changes “mid-study”
    A process or site change during the study is not “just operational”: it becomes a regulatory issue.
  6. Weak version control (IMPD/IB/protocol)
    If you do not control versions, CTIS will put them on display.

Key point to remember:
An “audit-ready” IMPD = data + logic + traceability. If the rationale is missing (why that control set? why that shelf life?), the RFI is almost inevitable.

RFIs in CTIS: how to respond without turning everything into a “crisis project”

Many teams fail RFIs not because of content, but because of method.

An approach that works (and that I recommend for audit readiness):

  • RFI triage within 24 hours: classify by impact (Part I vs Part II, blocking vs clarifying).
  • Response map: every question → owner, deliverable, data source, QA/RA reviewer.
  • Single narrative: each response must explain what you are doing, why you are doing it, where you are updating it, and with which updated documents.
  • Impact statement: explicitly state whether the response changes the protocol/IB/IMPD and how.

In practice, the perfect response is not the longest one. It is the one that leaves the assessor with zero ambiguity.

A Complete Guide to Regulatory Affairs in the Pharmaceutical Industry

Substantial Modification: the “grey-zone” decision that exposes you during inspection

The recurring question is always the same: is this modification substantial or not?

Operational rule (not academic): if the change affects at least one of the following:

  • safety (new risks, monitoring, population),
  • scientific value (endpoints, design, statistics),
  • IMP quality (process, specifications, stability, supply chain),

…then it should be handled as a substantial modification, with a defensible written rationale.

In inspections, the most common challenge I see is:
“You implemented a change before approval” or
“You did not document why it was not substantial.”

CTIS transparency: redaction and protection of know-how

CTIS introduces an issue that is often ignored until it is too late: what becomes public, and how to manage redaction without destroying readability.

Best practice from a senior RA perspective:

  • define in advance what is CCI (Commercially Confidential Information),
  • create a redaction policy with Legal and Clinical,
  • avoid blanket redaction, as it raises questions and reduces trust.

Ready-to-use checklist: “CTA/CTIS pre-submit” in 10 points

  • Protocol, IB, and IMPD aligned (same terminology, same versions).
  • IMP label consistent with blinding/randomization.
  • Stability: conditions, time points, and conclusions clearly readable.
  • QP release path and responsibilities across the supply chain defined.
  • TMF/eTMF: evidence of version control and decision audit trail.
  • Part II: country package with clearly assigned owners.
  • “RFI readiness kit”: response map template already prepared.
  • Plan for DSUR/SUSAR and safety governance (who decides, who notifies).
  • Strategy for urgent safety measures (who does what, and within what timeline).
  • Redaction/transparency: criteria and Legal review before upload.

Operational conclusion

Managing CTIS well means reducing friction, avoiding predictable RFIs, and above all being ready to demonstrate that every decision, including technical ones, is traceable and defensible.

If you want to expand your regulatory toolbox beyond dossiers and post-marketing activities, CTIS is now one of the areas where the maturity of a clinical RA function becomes truly visible.

Back to blog

Looking for something specific?