Scope and Direction of the Revision
The revised ISO 14155 aims to set a new global benchmark for clinical investigations of medical devices conducted in increasingly complex, multi-centre, and digital settings. The draft clarifies definitions and responsibilities of sponsors, investigators, and clinical sites to ensure consistency across ISO, MDR, and regulatory practice. Greater emphasis is placed on data traceability, decision transparency, and lifecycle documentation integrity, ensuring that every clinical activity can be reconstructed and verified.
Data Integrity and Electronic Systems
A major component of the update concerns data lifecycle management. The new ISO 14155 expands on requirements for validation and qualification of electronic systems (eCRF/ePRO platforms, eConsent, eTMF repositories) and integration of wearable and remote monitoring technologies. Following the ALCOA+ principles, sponsors will be expected to prove that systems can reliably capture, secure, and reproduce data with complete audit trails. This involves defining access controls, documenting system validation, mapping interfaces, and managing risks from downtime, version changes, or interoperability gaps.
Risk Management and ISO 14971 Alignment
The revision reinforces the link between GCP and ISO 14971:2019, requiring systematic identification and continuous review of risks throughout the study lifecycle. Beyond participant safety, attention shifts toward data quality, cybersecurity, and the specific risks posed by decentralization. Sponsors will need to establish Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) – such as missing source data rates, delayed verification, or access violations – together with thresholds for escalation and corrective action tracking.
Risk-Based Monitoring and Quality Oversight
Remote Source Data Review/Verification, centralized statistical analytics, and targeted on-site visits are now fully recognized as legitimate oversight mechanisms when based on sound risk assessment. The standard introduces the concept of “living” RBM plans – documents that evolve dynamically as risk profiles change. It also strengthens audit expectations: auditor qualifications, QA independence, and evidence-based CAPA follow-up are explicitly defined.
Decentralized and Hybrid Trial Conduct
The new guidance incorporates decentralized and hybrid trial models (televisits, remote consent, direct-to-patient shipments). Sponsors must demonstrate that trial integrity and data quality remain equivalent regardless of setting, with particular attention to participant identity verification, device calibration, and secure data transmission. Risk assessments must include potential measurement bias from home use and outline compensatory measures such as confirmatory site visits.
Documentation, Archiving, and Transparency
Requirements for eTMF structure, completeness, and long-term accessibility are clarified. Compatibility with MDR Annex XV is reinforced, particularly concerning safety reporting, SAE/SADE management, and documentation of substantial modifications. Long-term electronic archiving must ensure readability, traceability, and data protection over time.
Practical Implications for Manufacturers and CROs
From a compliance standpoint, the upcoming revision demands early preparation. Sponsors and CROs should perform gap analyses in IT validation, adapt monitoring strategies to RBM principles, update statistical analysis plans for centralized oversight, and redefine vendor qualification processes. Pilot implementations (“dry runs”) under new oversight principles are strongly recommended to test readiness and identify procedural weaknesses. Anticipatory adaptation will minimize certification delays and ensure alignment with MDR and global GCP frameworks.