Breakout 2: When Systems Fail, Oversight Speaks Loudest

R3 has sharpened expectations for data integrity, traceability, and system validation. This session digs into the real-world challenges of ensuring data reliability across increasingly digital and outsourced environments.

Discussion Subtopics

• Defining “data integrity” beyond ALCOA+: what regulators are really looking for.
• Risk-based approaches to system selection, validation, and ongoing monitoring.
• Cloud systems, eTMF, and decentralized trials: where risk escalates.
• Practical examples of data oversight failures and how to prevent them.

Under R3, Your Systems Tell a Story. Make Sure It’s the Right One

ICH E6(R3) challenges sponsors to move beyond generic system documentation and toward a real-time, risk-based understanding of where data integrity can break down, especially across complex digital and outsourced environments.

During the in-person session at Syncup, participants were given real-world data integrity failure scenarios, from broken data flow diagrams to missing computer system validation (CSV), and tasked with identifying what went wrong, what R3 requires, and what should have been done differently.

Scenarios Explored

1. Incomplete Data Flow Diagram

A sponsor submitted a protocol with a data flow diagram, only to receive feedback from regulators that it lacked sufficient system detail.

What went wrong: The diagram focused on operational flow, not on which systems were used, how data moved, or how integrity was protected.

What should have happened: Sponsors should show full system interactions, identify risk points, and clarify roles, especially for manual processes and dual-entry risks.

2. Insufficient Controls Beyond a Diagram

Another sponsor submitted a clean-looking diagram, but failed an audit due to lack of implementation steps.

What went wrong: A diagram alone is not enoughm it must be supported by controls.

What should have happened: Teams should inventory systems, conduct risk assessments, and plan for validation and lifecycle oversight. Diagrams should illustrate a governance strategy, not replace one.

3. Unvalidated Technology System (CSV)

A sponsor contracted a vendor for a digital endpoint system, but mid-study realized it had never been validated. The study was cancelled.

What went wrong: The sponsor failed to validate the system or vendor up front.

What should have happened: Qualification, reviewed documentation, inclusion in the validation master plan, UAT testing, and vendor audits—all documented, should have been done before the system was implemented.

What the Session Made Clear

Sponsors often assume vendors or systems “have it handled”, but under ICH E6(R3), assumptions won’t hold up in an inspection. The session reinforced the importance of:

• Aligning data integrity controls with actual systems, not just process maps
• Ensuring CSV is documented, traceable, and vendor-inclusive
• Mapping where data travels, how it transforms, and who is responsible at each point
• Replacing cosmetic compliance with fit-for-purpose system validation and oversight

Data integrity isn’t just a documentation exercise, it’s a systems and accountability issue. If your team needs help translating R3 expectations into tangible, auditable system and vendor strategies, Seuss+ can help.

Did You Miss a Conversation? Catch Up On Session All Breakouts Here