<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=377593866636424&amp;ev=PageView&amp;noscript=1">
Montrium_Logo_smaller
Close

Reach out to our team

0%

What ICH E6(R3) asks for in TMF oversight

ICH E6(R3) and TMF Oversight

What ICH E6(R3) asks for in TMF oversight
10:10

Contents

For years, TMF oversight rewarded activity. Reviews got completed, metrics got pulled, dashboards turned green, and teams called the job done. ICH E6(R3) resets the standard. Oversight no longer proves activity alone. Oversight now proves reasoning: why a risk got flagged, what decision followed, and whether the decision changed anything downstream.

Four TMF and quality leaders unpacked what this shift demands in practice. Jared Brooslin is Senior Manager, Trial Master File at Intellia Therapeutics. Dr. Antje Dahlen is Senior QA Manager and Auditor at Forschungsdock CRO GmbH. Joanne Malia is Senior Director of Records and Research and Development Records Management at Regeneron Pharmaceuticals. Anusha Rameshbabu is Senior Manager, TMF Systems and Operations at Moderna. Their answers point to a consistent theme: risk-based oversight demands more thinking, not less documentation.

 

Document the rationale, not the activity alone

The consequential change in ICH E6(R3) is not a new form or a new field. The change is a shift in what counts as evidence. Anusha Rameshbabu put the distinction directly:

"It changes the way we think about oversight. It's not just about being able to do it, but being able to show evidence, and being able to show how we evaluated the risks on that study. It's not a one size fits all approach."

A sponsor now decides which factors count as critical to quality for a given study, scenario, indication, and phase, and the decision needs a paper trail from the design stage forward. Sponsors are asked to document rationale alongside activity, not activity by itself.

eTMF Connect Risk Management builds this paper trail automatically. Every CTQ decision, every rationale, tracked from design forward. See how Risk Management supports your ICH E6(R3) documentation.

 

What demonstrable oversight looks like from an auditor's chair

Dr. Antje Dahlen reviews sponsor documentation from the outside, and her list of what evidence should exist runs deep. Procedures on oversight come first: not only the SOPs, which do not sit in the TMF, but a listing referencing those standard procedures alongside study-specific plans describing how the sponsor ensures oversight. Records and trackers follow, showing the procedures got applied. Agendas and memos document oversight initiatives, and any issue triggers a risk-based assessment early, before the issue grows.

One area she flagged as new territory sits inside data governance. Oversight now extends to the systems in use, and not only the sponsor's own systems. Systems used by service providers and their subcontractors need oversight too, along with validation documentation for study-specific systems.

Her closing point cuts to a habit she sees repeatedly during audit prep: sponsors treat the TMF as the CRO-held TMF, and forget one thing: the oversight documentation kept in a separate repository counts as part of the TMF as well. A sponsor demonstrates oversight only when procedures cover the full TMF, including who checks TMF health and reports findings back.

 

The sponsor-CRO relationship needs a genuine partnership

Working across sponsors and CROs surfaced the widest range of answers among these four leaders, and the range itself was the point. Jared Brooslin summarized his approach in three words: trust and verify.

"You're giving them this responsibility. You've got to trust them, but then you have to check in with them and make sure they are doing the work they're contractually obligated or morally obligated to complete."

Joanne Malia described a more structured model at Regeneron, where CROs work inside the sponsor's own system. Her team generates TMF health metrics from the system and shares the metrics with every CRO. A poor score comes with a plan to close the gap, and Regeneron now brings all its own CROs together to walk through the metrics as a group, a practice leading CROs to trade tactics with each other.

Anusha Rameshbabu offered a counterpoint from her own experience inheriting multiple TMFs from acquired companies, each running as a separate environment of the same system, each carrying its own restrictions. Her conclusion: transparency at the start of the relationship prevents surprises at the end. Vague expectations create anxiety on the CRO side, comparable to studying for an exam without knowing the material. Defined expectations, agreed early, remove the guesswork on both sides.

The group converged on one practical fix for shared accountability: define who owns what percentage of review, put the split in the TMF plan, and stop duplicating QC on top of QC. As Anusha noted, repeating the same check without added value wastes effort rather than reducing risk.

 

EDL completeness is an honesty problem before a technology problem

A familiar frustration surfaced during the discussion: CROs update expected document list entries only after documents arrive, producing a 100 percent complete metric hiding gaps against DOA logs and 1572s.

Anusha Rameshbabu named the root cause without hesitation. A completeness metric only means anything when the underlying milestones reflect the actual study design, indication, and trial type, updated as documents come in rather than backfilled to look clean.

"Don't go in and make it look like it's always a hundred percent complete, because there's always a layer underneath it and someone will figure it out. It's an honor code thing also."

Joanne Malia offered a working fix from one of her CROs, who centralized a group to review completeness by cross-referencing documents already filed against what those documents implied should exist. A single set of weekly meeting minutes on file, for example, flags every missing week following logically from the record. The approach found real gaps missed by a static checklist, and Joanne pointed to this pattern, using existing documentation to infer what remains outstanding, as the direction several vendors are now building toward.

 

Risk-based frameworks built to hold up

Three organizations, three variations on the same discipline. Joanne Malia's team assigned a criticality code to every artifact type in the TMF, built with input from functional areas and cross-checked against what inspectors request most often, since teams sometimes underrate documents mattering most during inspection. Study phase, size, and therapeutic area all shift the requirement. Controlled substance studies, in her experience, carry a heavier documentation load than a standard trial.

Anusha Rameshbabu described a completeness review built around site-level risk: high enrollers, sites with more protocol deviations, sites more likely to draw an inspection get reviewed first, and the target sites rotate with every periodic cycle. The underlying discipline runs deeper than the review schedule. Every choice ties back to a written rationale in the TMF plan and supporting SOPs, corrective actions get tracked to closure, and the next assessment checks whether the correction held. Inspection readiness, in her words, functions as a constant state rather than a destination reached once.

Jared Brooslin's team runs a comparable scorecard by study, weighing completeness, missing documents, duplicates, and open queries, then bringing the findings back to the full study team.

The mechanics behind scoring and logging risk by artifact, the piece the panel treated as assumed knowledge, are worth walking through on their own.

Audit trail review should not depend on a custom dashboard built with IT. Study Oversight surfaces access and activity anomalies inside eTMF Connect. See how oversight cycles become inspection-ready records.

 

Where technology earns its place

Joanne Malia's team added audit trail review to oversight, working with IT to build a dashboard flagging anomalies: a user downloading an unusual volume of documents, or access granted outside what a role should allow. The dashboard recently caught someone downloading far more documents than their role justified, leading to retraining, and surfaced a gap in access ownership another department has since taken on. Audit trail review has stayed under-examined across the industry relative to the visibility gained on who touches the system and whether training matches access.

Artificial intelligence came up as a possible answer to the EDL completeness problem specifically, and the group stayed candid about the limits of this answer today. Anusha Rameshbabu named the interest directly, and named the gap directly too: nobody had seen a working, mature solution for using AI to drive EDL updates from study milestones. The instinct is reasonable. The maturity is not there yet, and any tool applied here needs to earn trust through demonstrated accuracy rather than assumed capability.

We keep a running answer key to the questions this raises most often, from defining high versus low risk to what inspectors actually check first.

 

See how eTMF Connect operationalizes R3 compliance. Book a demo to get an early look at the upcoming features. Stay ahead of R3

 

The takeaway

Risk-based oversight is not license to do less. The requirement is to think harder, write the thinking down, act on findings, and show the follow-through. The sponsor-CRO oversight relationship works only as a genuine partnership built on a documented, shared understanding of who owns what. An oversight metric earns its place only when the metric changes a decision. A dashboard never driving action is not oversight. Such a dashboard is decoration.

The regulatory direction is set, and the organizations represented here already carry both the expertise and the discipline to meet the standard. Montrium builds eTMF Connect around the same principle these leaders described: oversight decisions, supporting evidence, and corrective actions belong inside the TMF itself, not scattered across separate trackers nobody reconciles until an inspector asks.

 

Christina Mantzioros

Christina Mantzioros

With a mandate to bridge the gap between clinical research, technical development, and business applications, Christina Mantzioros brings over a decade of experience in clinical research and technology. As Director, Product & Clinical Intelligence, she shapes the next generation of the eTMF platform, translating clinical and regulatory needs into practical product solutions. She is the co-host of The State of TMF podcast and a regular speaker at industry events including the CDISC TMF Interchange.