Research Compliance
Multi-stakeholder institutional decisions where academic mission, student outcomes, and financial sustainability converge.
Inside this journey
-
Pre-Discovery
Align the room on outcomes, decision process, and constraints before deeper discovery.
-
Stakeholder Alignment
Confirm decision roles, timeline, risk tolerance for regulatory findings, and what ‘good’ looks like for each stakeholder.
Alignment Questions
Let's Start With Who's in the Room
- To get us started, which people or roles will be actively involved in evaluating a new IRB/compliance platform?
- Who ultimately signs institutional certification for federal compliance (title or office)?
- Which single person or office will be the day-to-day champion for a pilot (name/title preferred)?
- How have prior cross‑functional tech decisions been made here—consensus committee, executive signoff, procurement-led, or other?
- Who do you expect will push back most during evaluation (role) and why?
Who's Paying the Price for Delay?
- If approval times don’t improve, what is the single biggest consequence you fear for the institution?
- Over the past 12 months, how much estimated external funding or awards were at risk due to IRB delays?
- How often do investigator complaints about IRB delays escalate to the VP of Research or IO?
- Tell us about a specific case where an approval delay had a measurable impact—what happened and what was the fallout?
- When delays occur, who internally bears the most operational burden to fix them (roles)?
Are Decision Roles As Clear As You Think?
- Do you have documented decision authorities and sign‑off matrices for protocol approvals today?
- Which roles have final sign‑off on high‑risk or federally‑sensitive protocols?
- Who is responsible for certifying compliance responses to federal findings (title/office)?
- When reviewers disagree, how is that dispute typically resolved and how long does resolution take?
- How confident are you that role & responsibility maps are applied consistently across departments?
If OHRP Called Tomorrow, Could You Tell the Story?
- Could your team produce a complete audit trail (decision timestamps, reviewer notes, attachments, version history) for a random protocol within 48 hours?
- Current median approval time — Full Board (select range):
- Current median approval time — Expedited:
- Current median approval time — Exempt determinations:
- Where do audit‑trail gaps most often appear (choose all that apply)?
What Would 'Good' Actually Feel Like for Each Person?
- If you had to name the top three outcomes your VP of Research would celebrate, what would they be?
- Which of these measurable success signals matter most to your institution (select up to 3)?
- For investigators, what approval time would be perceived as acceptable (choose one):
- What non‑negotiable controls must be present for your compliance office to sign off (list specific requirements)?
- Which stakeholder would measure success qualitatively (stories, investigator feedback) versus quantitatively (SLA metrics)?
What Risks Are You Willing to Accept to Move Faster?
- Would leadership accept temporary parallel records (legacy system + new platform) during migration if approvals improve?
- Which of the following would immediately pause a pilot for you?
- Who must be notified the moment a regulatory risk is suspected during pilot (roles)?
- How quickly do you expect major issues to be escalated (timebound answer)?
- What remediation options are acceptable if a compliance gap is found during pilot (list and prioritize)?
How Fast Do You Need This to Happen (Really)?
- What is your ideal pilot start date and what fixed deadline (audit, grant, mandate) drives that date?
- What pilot length do you believe is sufficient to evaluate investigator usability and approval-cycle impact?
- By when must enterprise expansion be complete to meet institutional objectives?
- Which external deadlines will constrain the schedule (select all that apply)?
- Which internal approval gates historically create the biggest delay (select all that apply)?
Who Will Own This Long Term — And Will They Stick With It?
- Which office will be the long‑term owner of the platform and its governance (select one)?
- What governance cadence feels realistic post‑deployment (how often should performance and risks be reviewed)?
- What ongoing resources/budget are committed (training, admin FTE, licensing) — approximate range?
- How will success be reported to institutional leadership (dashboard, quarterly review, written report, other)?
- Which existing SOPs or regulatory commitments must we align with during implementation (list key documents)?
Decision Path: What Would It Take to Move From Pilot to Commit?
- What are the non‑negotiable pilot acceptance criteria that must be met before institutional signoff?
- Who will sign the pilot acceptance certificate (title/office)?
- What responsibilities will your team retain versus expect the vendor to own during pilot (check all that apply)?
- If the pilot meets its targets, how quickly could budget and procurement approvals be finalized to expand?
- What would make you say 'no' after a successful pilot—what residual barriers matter most?
-
Current State Mapping
Document existing IRB workflows, approval cycle times, backlog, legacy data sources, and failure modes that create OHRP exposure.
Current State
Start with the Story: How You Really Run IRB Today
- Give a brief snapshot of how a new protocol enters your IRB and the core steps it passes through today.
- Which channels are used to submit and track protocols right now?
- Who touches a submission in sequence (roles or offices) from intake to final approval—list them in order.
- How many distinct review workflows or committee types do you operate (e.g., expedited, full board, exempt, multi-site)?
- Tell us about one recent protocol that followed the ideal path—and one that did not. What made them different?
If Your IRB Could Be Arrested—What Would the Charges Be?
- Where in your current process are you most likely to trigger an OHRP finding or formal compliance concern?
- In the last 24 months, how many formal findings, citations, or significant corrective actions have you had?
- Describe the most recent finding or near‑miss: what happened, who noticed it, and what immediate harm or exposure did it create?
- What root causes were identified for that event (process, people, tools, data)?
- When an issue is escalated, what is your typical remediation path and who signs off on closure?
Where the Clock Breaks: Approval Time & Backlogs
- What is your median time-to-approval for initial full-board review today?
- How much variability do you see across committees or protocol types (e.g., some committees average 10 days while others average 60)?
- Which stages create the largest delays (intake triage, reviewer assignment, convened meeting cadence, PI revisions, legal review)?
- What is your current backlog (protocols awaiting committee review) and seasonal pattern if any?
- Describe a recent bottleneck you solved—what changed and what measurable impact did it have?
Ghosts in the System: Legacy Data and Hidden Records
- Roughly how many protocol records exist outside your primary IRB system (old paper files, legacy databases, spreadsheets)?
- Which legacy sources contain the most critical data that would need migration?
- What formats, metadata, or documents are most often missing or corrupted in legacy records?
- Have legal or regulatory constraints prevented you from consolidating older records? If so, explain briefly.
- What would a successful data migration look like for you—minimum viable vs. ideal outcome?
Failure Modes That Keep You Up at Night
- If one thing went catastrophically wrong tomorrow, which single failure would you least want to face?
- How confident are you in detecting that failure early enough to act?
- What early signals or indicators do you currently monitor that would warn you of this failure?
- When a near-miss occurs related to this failure, how quickly can you investigate root cause and implement corrective action?
- Which controls or redundant checks would reduce your anxiety about this failure, even if imperfect?
Who's Actually Deciding? Invisible People Who Move the Needle
- Who has final authority to close a compliance gap or approve remedial changes—are there hidden decision-makers we should know about?
- Which stakeholders can accelerate approvals, and which consistently add friction? Give examples.
- How do academic incentives (tenure, grant timelines) influence investigator responsiveness to IRB requests?
- Are there regular governance or oversight meetings (e.g., compliance committee) that review IRB performance? If yes, how often?
- Who would need to be convinced internally for a pilot to proceed, and what objections are they likely to raise?
If Compliance Were a Movie—What Would Winning Look Like?
- Imagine an OHRP site visit where every question is answered clearly—what tangible evidence and metrics are on your table?
- Which measurable signals would define pilot success for you?
- Please list current baseline values for any signals you selected (e.g., median approval days = ___; training = ___%).
- What non‑negotiable controls must be present at pilot completion for leadership to consider expansion?
- Which stakeholders must sign off on pilot success and what decision criteria will they each use?
What Would It Take to Change—Budget, Time, and the Human Side
- What are the top three barriers that would stop your institution from moving from paper/email to a structured platform?
- What budget range or funding mechanism would you realistically consider for a pilot plus migration?
- How much change management support would you expect or need (communications, training, on-site support)?
- Who would be the project champion and what authority/resources can they commit?
- If we proposed an 8–12 week configuration and an initial quarter-long pilot, what would be realistic acceptance criteria and the earliest possible start date?
-
-
Outcome Discovery
Define measurable success signals (e.g., approval time target, training completion, audit-trail completeness) and non-negotiable controls for federal compliance.
Discovery Questions
If One Win Could Calm the Room
- If a single measurable win in the next 90 days would make you breathe easier, what would that win be?
- Which of these outcome types would feel most urgent right now? (select all that apply)
- What is your current baseline for the top metric above (give number, timeframe, and how it’s measured)?
- Who is currently the named owner for that metric inside your institution?
- If we achieved that win, what downstream impact would you expect on funding, investigator workload, or reputation? Be specific.
What Keeps You Up at 2 AM About Compliance?
- Imagine an unannounced federal site visit tomorrow — what single failure would cause the biggest institutional damage?
- How often have you had OHRP/agency inquiries, audits, or determinations in the last 3 years?
- Of recent regulatory findings, which gap recurs most frequently (select the best fit)?
- How would you describe your institutional tolerance for regulatory risk?
- When a compliance gap appears, who must be notified within 24 hours and what usually happens next?
Where Paper and Email Still Hide the Problems
- Which parts of your IRB workflow live outside your structured system today and why do they remain there?
- Approximately how many active protocols are recorded only in spreadsheets/email/legacy systems?
- Do you maintain parallel records (electronic + paper) during reviews? If yes, how long does parallel maintenance typically persist?
- Which failure modes from legacy tracking have led to regulatory exposure or investigator complaints? Please give one or two concrete examples.
- How often do investigators bypass the portal or email the IRB directly, and what reasons do they give?
What Would Each Stakeholder Say 'Good' Looks Like?
- If you asked the VP of Research, IRB Chair, and a PI what ‘good’ looks like, where would their answers differ most and whose view must prevail?
- For each stakeholder below, select the outcome that matters most to them (choose multiple stakeholders if needed).
- What specific approval-time targets would satisfy leadership, chairs, and investigators respectively? (give numeric targets or ranges)
- Which compliance controls are truly non‑negotiable for your institution (select all that apply)?
- Are there stakeholder groups whose acceptance you anticipate will be hardest to win? Who are they and why?
Metrics You Can Trust — Not Just Numbers You Hope For
- If an auditor asked to trace the lifecycle of a protocol from submission to approval, would your current metrics and logs satisfy them?
- How are your key compliance metrics currently collected?
- Which specific metrics do you rely on monthly to make compliance or operational decisions? (e.g., avg approval days, % training complete)
- Who validates the accuracy of those metrics today, and how often are they reconciled?
- What minimum thresholds or tolerances must those metrics meet to be considered acceptable (provide numeric thresholds where possible)?
Training and Behavior: Will People Actually Do the Right Thing?
- Even with the right tech, what human behavior would most likely sabotage the outcomes you care about?
- What is your current enterprise training completion rate for required compliance modules?
- Which training modalities have worked best for your faculty (select all that apply)?
- What enforcement or incentive mechanisms do you use when completion is low (select all that apply)?
- What target training completion rate would you require before approving an enterprise rollout?
When Things Go Wrong: Escalation, Accountability, and Fixes
- If a protocol missed a required control and created regulatory exposure, what response timeline would you demand?
- Describe your ideal escalation path for compliance incidents — who gets alerted and who ultimately signs corrective action plans?
- Which remediation actions are non-negotiable after a serious finding (select all that apply)?
- How comfortable are you with automated alerts that escalate directly to senior leadership?
- What evidence do you require to be confident a root cause has been addressed and will not recur?
Pilot Signals: What Proof Will Unlock Enterprise Rollout?
- At pilot close, what single piece of evidence would make you comfortable recommending an enterprise rollout?
- Which pilot success signals matter to you? (select all that should be met)
- For each selected pilot signal, what is the numeric acceptance threshold you would require?
- Who must sign the pilot acceptance — list roles/titles and whether they have veto power.
- How soon after pilot close do you want a decision meeting to occur?
What Tradeoffs Are You Willing to Make?
- Which tradeoff would you accept: slightly stricter workflow that halves approval time, or lighter workflow that preserves pace but leaves some compliance manual?
- Which of the following one-time costs would you tolerate to reach your outcome goals? (select all that apply)
- Are there any tradeoffs that are absolute deal-breakers for your institution? Please list with reason.
- What is the maximum acceptable timeline to demonstrate pilot success before you reassess strategy?
- What budget band have you allocated (or would consider) for a pilot that proves these outcomes?
Choose One Hypothesis to Prove First
- If you had to pick one hypothesis for a focused pilot that would unlock the rest, what would it be (be bold and specific)?
- Which pilot scope below best matches your appetite for proof-of-value?
- What minimum data access and exports do we need to prove the hypothesis (select all that apply)?
- Who will be the pilot owner on your side and what percent of their time can they commit?
- What cadence for pilot review meetings would you prefer to feel confident (select one)?
-
Solution Experience
Validate how the platform and services deliver the target outcomes using the institution’s scenarios, risk points, and acceptance criteria.
Experience Meetings
- Experience Prep & Current State Confirmation
- Scenario Walkthrough Workshop (Diagnosis → Proof)
- Live Simulation — Investigator & Committee Flows (Proof)
- Acceptance Test Review & Pilot Success Criteria Finalization
- Executive Validation & Pilot Go/No-Go
- Customer and seller sign the finalized acceptance criteria and pilot gates document.
- Team to create simulation scripts for the Live Simulation meeting capturing the precise inputs and expected outputs.
- Readout of Expected Metrics & Test Plan
- Collect measured evidence demonstrating improvement (or gaps) against approval time, usability, and audit completeness targets.
- Identify and prioritize configuration or process fixes required to meet acceptance criteria.
- Ensure every observed issue is tied back to customer consequence and a remediation owner.
- Seller to deliver a metrics report (timestamps, reviewer latency, audit log samples) within 48 hours of the simulation.
- Customer to validate the accuracy of captured metrics and flag any anomalies.
- Team to log prioritized remediation tickets with owners and target completion dates.
- Executive Recap: Preconditions & Targets
- Reach explicit agreement on which acceptance criteria are met and which require remediation prior to pilot.
- Create an actionable remediation and retest plan with owners and deadlines for any failed items.
- Establish clear go/no-go gates and sign-off authority for pilot launch.
- Introductions & Meeting Objectives
- Seller to implement critical remediations and schedule retest sessions within agreed timelines.
- Customer to confirm availability of reviewers for the retest and final decision meeting.
- One-sentence Recap: Current State, Consequence, Future State
- Secure executive sign-off to proceed to pilot or capture explicit reasons and conditions if pausing.
- Confirm pilot governance, roles, and escalation paths to manage compliance risk during pilot.
- Ensure a clear, dated set of next steps to launch the pilot efficiently if approved.
- Execute pilot authorization signature and publish the pilot kickoff date and governance cadence.
- Communications owner to notify pilot participants and publish the pilot scope document.
- Seller to prepare the pilot-run playbook (roles, runbook, escalation) and hand it off to the customer governance lead.
- Produce and record a single-sentence current state validated by stakeholders.
- Document quantified consequences tied to regulatory and operational risk.
- Agree a one-sentence future-state outcome and the measurable success signals to prove it.
- Lock the set of institution scenarios, acceptance criteria, and required sandbox data for simulations.
- Customer to provide sample protocols, backlog metrics, and any OHRP findings referenced in the consequence discussion.
- Seller to provision sandbox with agreed forms, 3 representative protocols, and committee roles before the simulation meeting.
- Owner to finalize acceptance criteria document (pass/fail thresholds) and circulate to attendees.
- IT contact to confirm access and test credentials for all named participants.
- Recap Preconditions
- Demonstrate, step-by-step, how the platform changes the investigator and committee workflows to achieve the future state.
- Bind each platform action to a quantifiable success signal and a current-state failure it eliminates.
- Collect explicit customer validation or corrections for each scenario so no assumptions remain.
- Seller to convert walkthrough notes into a scenario playbook showing steps, controls, and mapped success signals.
- Customer SMEs to mark any deviations from expected institutional policy that require configuration changes.
- Investigator Portal Simulation
- Results vs Acceptance Criteria
- One-sentence Current State Confirmation
- Evidence Package Summary
- Scenario 1 Walkthrough — Investigator Submission
- Residual Risks & Mitigations
- Consequence Quantification
- Failure Root-Cause & Remediation Plan
- Committee Review & Decision Simulation
- Scenario 2 Walkthrough — Committee Review & Approval
- Audit-trail & Compliance Reporting Validation
- Finalize Pilot Success Gates & Go/No-go Rules
- One-sentence Future State & Success Signals
- Risk-Point Controls Mapping
- Pilot Plan, Timeline & Governance
- Immediate Feedback & Triaging
- Scenario and Acceptance Criteria Inventory
- Validation Check & Forced Confirmation
- Decision & Signature
- Assign Owners & Next Steps
- Immediate Next Steps
- Environment & Data Readiness Review
-
Solution Scope
Specify modules, pilot boundaries, customization needs, integrations, data migration scope, and measurable acceptance criteria.
Scope Configuration
- Deploy Investigator Submission Portal
- Configure IRB Review Workflows
- Migrate Legacy Protocol Records
- Integrate Grants and Protocol Systems
- Implement Adverse Event and SAE Tracking
- Activate Continuing Review Automation
- Enable Conflict-of-Interest Disclosure Workflows
- Set Up IACUC Animal Protocol Workflows
- Install Biosafety Incident Reporting Module
- Provision Role-Based User Accounts
- Deploy Audit Trail and Regulatory Reporting
- Train Investigators and Research Staff on Platform
Scope Questions
Deploy Investigator Submission Portal
- What are your current channels for protocol submission?
- Approximately how many unique investigators will use the submission portal in the pilot scope?
- Do different investigator groups (e.g., clinical, basic science, multi-site) require distinct submission forms or flows?
- List required attachment types or templates investigators must submit (e.g., consent forms, CVs, study protocols, budgets).
- Do you require multilingual forms or localized guidance within the portal?
- Should the portal enforce pre-submission checks (completeness, required signatures, training completion)?
- Are there investigator privacy or data-segmentation rules (e.g., external collaborators whose identities are redacted)?
Configure IRB Review Workflows
- How many IRB committees/boards will be included in the pilot configuration?
- Do committees follow different review types (Full board, Expedited, Exempt) with unique routing or pre-review steps?
- What voting rules and quorum requirements must the workflow enforce?
- Do you require conditional branching (e.g., route to biosafety or COI review when triggers present)? If yes, specify common triggers.
- Are there committee-specific templates, review checklists, or scoring rubrics that must be embedded?
- What target submission-to-decision SLA should workflows support for pilot committees (in calendar days)?
- Will reviewers need anonymous review modes or redacted investigator information?
Migrate Legacy Protocol Records
- How many legacy protocol records need to be migrated for the pilot (approximate count)?
- What formats are legacy records stored in?
- Which core fields must map from legacy records to the new system (e.g., protocol ID, PI, approval date, consent documents)?
- Do legacy records require redaction or de-identification before migration for privacy reasons?
- Is there an expected downtime window or parallel-run period where both systems must be maintained?
- Are there duplicate or inconsistent protocol identifiers that require deduplication rules?
- Do you need historical audit logs preserved and surfaced in the new system?
Integrate Grants and Protocol Systems
- Which grants or award management system(s) must integrate with the platform?
- Is a real-time sync required or will batch nightly exports be sufficient?
- Which key identifiers must be mapped between systems (e.g., PI ID, project ID, award number)?
- Do grants integrations need to restrict access to protocols based on sponsor or funding source?
- Are there security or contractual constraints on API access (IP allowlist, VPN, SCIM, client certs)?
- Will the integration be used for automated compliance checks (e.g., link protocol to active award status)?
- Are legacy grant-to-protocol mappings documented and stable, or will mapping rules need discovery work?
Implement Adverse Event and SAE Tracking
- What types of safety events must be captured (adverse events, serious adverse events, unanticipated problems, device malfunctions)?
- What regulatory reporting windows must workflows support (e.g., 24-hour, 7-day, 15-day reporting)?
- Who must receive automatic notifications or escalations (IRB chair, PI, institutional safety officer, OHRP liaison)?
- Should event intake include structured severity scoring and causality assessment fields?
- Do you require integration with external safety systems (e.g., CTMS, sponsor safety portals)?
- Is there an institutional policy defining who performs initial triage vs. who completes regulatory reporting?
- Do you need dashboards or reports for incident trends and regulatory readiness?
Activate Continuing Review Automation
- Which study types require continuing review in your institution (e.g., full board, minimal risk studies)?
- What are your required reminder cadences before an upcoming continuing review (e.g., 90, 60, 30 days)?
- Should continuing review automation include automatic renewal generation or only notify owners to submit?
- Do continuing reviews require linkage to enrollment/subject counts, consent expiration, and deviation logs?
- Are there programmatic exceptions (e.g., longitudinal minimal-risk cohorts) that need custom automation rules?
- How should lapsed approvals be handled in automation (e.g., suspend access, send escalations, auto-assign manager review)?
- Describe any regulatory reporting that must trigger automatically when a continuing review lapses.
Enable Conflict-of-Interest Disclosure Workflows
- Do you have an existing COI policy with defined disclosure thresholds and review pathways?
- Which roles must complete COI disclosures (PI, study staff, external collaborators) for protocol approval?
- Should COI disclosures block protocol approval if unresolved, or allow approval with mitigation conditions?
- Do you require integration with HR or financial systems to validate investigator appointments and external income?
- Are there standard mitigation templates or management plans that should be auto-attached to approvals?
- Do COI disclosures need periodic renewal cadence separate from protocol continuing review?
- Describe any required public disclosures or export formats for COI reporting (e.g., CSV for compliance office).
Set Up IACUC Animal Protocol Workflows
- Which animal species and facility types will be included in the pilot (e.g., rodents, large animals, ABSL-2/3)?
- Do IACUC protocols require linked facility reservations, husbandry approvals, or occupational health signoffs?
- Are standard IACUC forms/checklists available that must be embedded in the workflow?
- Should protocol routing include species-specific review panels or designated reviewers?
- Is training verification for animal care staff required during submission, and how is training tracked?
- Do you need automated notifications for IACUC protocol expirations or animal use reporting?
- Describe any mandatory institutional or funding-agency inspections/attestations that must be supported.
Install Biosafety Incident Reporting Module
- Which biosafety incident types must the module capture (exposure events, containment breaches, spills, near-misses)?
- What BSL levels and lab locations should be in scope for the pilot?
- Who should receive immediate incident notifications (biosafety officer, PI, EHS, institutional leadership)?
- Do incidents require evidence attachments (photos, instrument logs, video) and do those need restricted access?
-
Mutual Commit
Agree pilot success criteria, responsibilities for data migration and training, governance cadence, and escalation paths for compliance issues.
Agreement Modules
- Statement of Work (SOW)
- Master Services Agreement (MSA)
- Data Processing & Security Agreement (DPA/Security Addendum)
- Pilot Acceptance Criteria & Signoff
- Data Migration Plan & Responsibilities
- Training & Adoption Plan
- Governance & RACI Agreement
- Service Level Agreement (SLA) & Support
- Change Control & Customization Order
- Billing & Payment Schedule
- Regulatory Audit & Inspection Support Agreement
- Escalation & Compliance Incident Playbook
- Termination, Transition & Data Return
-
Deployment
Operationalize rollout with readiness checks, enablement, and outcome validation.
-
Pre-Deployment Readiness
Confirm access, data exports, committee workflows, training roll‑out plan, and risk controls are in place before configuration.
Readiness Questions
Start Here: Who You Are and What You Own
- Tell me your role and the one responsibility you would never delegate on compliance matters.
- Which event most often triggers urgent work for your team right now?
- Roughly how many active human-subject protocols does your institution manage today (all IRBs combined)?
- How would you describe your team’s current bandwidth to lead a pilot and a phased rollout this year?
- What outcome would make you say this project was worth your time in 3 months?
If Compliance Slips, Which Alarms Go Off First?
- If your IRB program failed a federal site visit tomorrow, what would be the single most damaging consequence for your institution?
- Where have you already felt acute risk — a near-miss, complaint, or finding — in the last 24 months? Tell the story and outcome.
- How tolerant is institutional leadership of a regulatory finding that requires immediate remediation?
- What metrics or signals would you need to see in the first 90 days to feel the compliance risk has meaningfully reduced?
- Who outside your immediate office will interpret early pilot results as a sign of success or failure (names/roles)?
Where Approvals Actually Grind to a Halt
- Which single step in your current IRB workflow causes the most delay or rework?
- Quantitatively, what is your median and 90th-percentile approval time for full-board and expedited reviews today?
- Describe the most common failure mode that creates OHRP exposure (e.g., missing consent versions, undocumented modifications, incomplete continuing review).
- Who typically owns the handoff when a protocol stalls (role/title)? How long do stalls typically last?
- Which investigator behaviors contribute most to delays—portal resistance, late responses, incomplete submissions, or something else?
The Audit-Trail Truth: What Evidence Is Missing?
- When an auditor asks for a complete record of a protocol decision, what’s usually missing or ambiguous?
- How often have incomplete records triggered follow-ups or findings in the past two years?
- Which data fields or events are non-negotiable for you to see captured in an audit trail?
- If we could guarantee immutable, exportable audit records for every action, what would that change about how you handle federal reviews?
- How do you currently reconcile training completion with protocol privileges, and where does that process break down?
Define 'Non‑Negotiable' — Your Compliance Acceptance Criteria
- What are the absolute must-haves a pilot must satisfy before you’ll recommend enterprise rollout?
- For each must-have, what numeric threshold would you accept in a pilot (e.g., median approval time ≤ X days, training completion ≥ Y%)? Please list specifics.
- Which regulatory controls can never be altered in a workflow (e.g., quorum rules, required fields, review committees)?
- How will you validate that a requirement is truly enforced in the system—not just captured on paper?
- If a proposed workflow change improves speed but reduces an enforcement control, how would you evaluate whether to accept it?
Who's Empowered — and Who Quietly Blocks Progress?
- Who must personally sign off for a pilot to proceed, and who will be the toughest critic?
- Which stakeholders feel compliance is a strategic priority versus an administrative burden? Name roles and sentiment.
- Describe the coalition that would champion a successful pilot—who are the early adopters and what motivates them?
- What political or cultural dynamics have derailed past process changes here (e.g., committee autonomy, faculty pushback)?
- What escalation path do you prefer when compliance concerns surface during a pilot?
Legacy Data & Systems: The Hidden Time-Bomb
- If we attempted full data migration tomorrow, which system would cause the most headaches and why?
- List the systems you need the new platform to integrate with (select all that apply).
- What percent of your legacy protocol records must be searchable and exportable from day one of pilot configuration?
- How would you rate the quality of existing legacy data for migration (names, dates, versions)?
- Which data fields are showstoppers if not migrated (e.g., consent version history, approver identity, continuing review records)?
Designing a Pilot That Can't Be Ignored
- What would a pilot need to demonstrate in 90 days to make senior leadership green-light an enterprise rollout?
- Which IRB committee or workload is the ideal pilot candidate and why (size, openness to change, representative cases)?
- Choose the pilot length you'd prefer and why.
- What objective measures will you use to declare pilot success (pick top 3)?
- Who will own day-to-day pilot operations (name/role) and what weekly governance cadence do you prefer?
- What risks would cause you to pause the pilot early, and what mitigation would reassure you?
Adoption: How Will You Actually Get People to Use It?
- If we deliver a user-friendly investigator portal, why might investigators still avoid it?
- Which training formats have driven the highest completion rates here historically?
- What completion target would you set for investigator and reviewer training during a pilot?
- How will you enforce training as a prerequisite for protocol submission or review?
- What communication channels and tone have historically moved faculty to act (e.g., peer champion emails, leadership mandate, department meetings)?
- What incentives or friction-reducing tactics would most increase investigator participation during pilot (e.g., concierge support, faster review SLA, completion badges)?
If We Align Today: The First 90 Days That Matter
- If we agreed to move forward now, what are the three non-negotiable milestones you need to see in the first 30, 60, and 90 days?
- What internal approvals or procurement steps remain that could delay kickoff, and how long do they typically take?
- What handoffs or artifacts must we prepare before configuration begins (data export, committee charters, workflow maps)?
- On a scale from 1–5, how ready is your institution to begin a pilot in the next quarter?
- Who should be on the vendor’s project kick-off invite list (name and role) so we bring the right people from day one?
-
Deployment Enablement
Coordinate configuration, pilot launch schedule, committee expansion sequencing, and owner-assigned tasks with Gantt-level milestones.
-
Validation Checklist
Execute pilot acceptance tests: approval cycle reduction, investigator usability, audit-trail completeness, and training metrics verification.
Validation Questions
Start With a Quick Snapshot
- Which role best describes you today?
- Roughly how many active human-subject protocols does your institution manage right now?
- What is your current average IRB approval time (from complete submission to final decision)?
- What triggered you to explore a new compliance platform right now?
- How would you describe the urgency to change workflows on a scale from 'no urgency' to 'must act now'?
If This Went Wrong Tomorrow, What Would You Lose?
- If federal regulators paused your federally funded human-subjects research, what would be the near-term institutional impact?
- Have you ever received formal compliance findings or an OHRP determination letter? If yes, briefly describe scope and outcome.
- How tolerant is your leadership for one-off procedural risks versus systemic weaknesses?
- Which stakeholder outcome would feel like a failure to you if not achieved by the project?
- Tell us about a moment in the past 12 months when compliance risk caused real stress for your team or leadership.
Where the Workflow Actually Breaks (and Why It Keeps Happening)
- Which single step in your current IRB process most frequently triggers delays or rework?
- How often do appeals, resubmissions, or clarification cycles add significant time to approvals?
- Describe a recurring failure mode (e.g., missing consent versions, reviewer comments lost in email) and how long it typically takes to resolve.
- Which of the following manual interventions are regularly required to complete a protocol approval?
- Who on your team most often has to 'clean up' the process when it breaks (role/title and how many FTEs approximate)?
What Your Investigators Really Feel (and Why They Resist)
- If investigators bypass formal systems, what emotions or incentives drive that behavior?
- How would investigators describe the current submission experience—frictionless, tolerable, clunky, or punitive?
- What specific usability complaints have you heard repeatedly (give 1–2 concrete examples)?
- What percentage of required compliance training is completed by investigators within mandated timelines?
- Have you tried interventions (tool changes, communications, incentives) to improve adoption? Which worked or failed and why?
If an Auditor Asked for Everything Today—Could You Deliver?
- If an auditor requested a complete protocol audit trail from submission through closeout, how confident are you that you could produce it quickly?
- Which data sources must be included in a full compliance export?
- Do you currently have automated exports or reports for audit requests? If yes, what is the typical lead time to compile an audit package?
- Where have you found the biggest gaps in historical documentation during reviews or site visits?
- Describe any legal, privacy, or IT constraints that affect your ability to share records for audits (e.g., data residency, de-identification needs).
Imagine a Pilot That Makes the Problem Disappear
- What would make a pilot indisputable proof that the platform works for your institution?
- Which measurable targets would you set for pilot success? Please name up to three with numeric goals (e.g., approval time to 14 days, training 95% completion).
- Which committee or IRB would you pick for the pilot and why?
- Which modules and integrations must be included in the pilot to make the outcome meaningful?
- What would be an acceptable pilot duration to prove outcomes without losing momentum?
Who Will Own the Change—and Can They Hold It Together?
- Who is the ultimate decision-maker who will sign the pilot as successful and greenlight expansion?
- Which internal stakeholders must be actively involved during pilot — who needs to be in the room for decisions?
- What governance cadence would give you confidence (e.g., weekly touchpoints, biweekly steering, monthly exec review)?
- Who will be responsible for data migration, and do they have bandwidth for the pilot?
- What escalation path should we agree for compliance issues discovered during pilot?
What Could Make This Stall After a Successful Pilot?
- If the pilot delivers the agreed outcomes, what's the single most likely reason leadership would still hesitate to expand?
- Which technical blockers have derailed similar projects in your experience (pick all that apply)?
- What customization requirements are absolutely non-negotiable for your committees to accept the system?
- How much flexibility do you have in budget and resources if the pilot shows value but requires additional configuration?
- What mitigations would reduce the risk of post-pilot stall (e.g., phased rollout, funding plan, investigator champions)?
Readiness Checklist: What We Need to Get Started
- Which of the following are already available and up-to-date for pilot launch?
- Do you have a preferred pilot launch window this quarter or next? If yes, indicate target month.
- What access or environment will we need from IT before configuration can begin (e.g., test instance, SSO access, API credentials)?
- Who will be the day-to-day owner on your side during pilot configuration and testing (name, role, contact)?
- Are there any legal, privacy, or institutional policies we should review before importing or testing live records?
-
-
Success
Review outcomes against agreed signals, document lessons, and maintain a shared channel for ongoing issues and enhancements.
Success Reviews
- Success Review & Outcome Validation
- Lessons Learned Workshop (Retrospective)
- Ongoing Issues & Enhancements Cadence Setup
- Executive Metrics & Risk Briefing
- Governance Handoff & Training Verification
Issues & Enhancements
- Prepare and distribute a one-page executive brief with the evidence package and recommended rollout ask.
- Frame the Retrospective & Prework Review
- Capture a comprehensive, evidence-backed set of lessons and failure modes from the pilot.
- Produce a prioritized improvement backlog with owners and acceptance criteria for each item.
- Agree on required updates to institutional playbooks, training, and governance artifacts.
- Draft and circulate the Lessons Learned document including root-cause analysis and the prioritized improvement backlog.
- Update the IRB playbook and training materials to reflect changes proven during the pilot.
- Schedule improvement sprints or workshops for the top 3 high-priority items.
- Proposed Cadence & Communication Channels
- Establish a clear, agreed-upon channel and cadence for ongoing issues and enhancements.
- Define triage severity, SLAs, and escalation paths for compliance-impacting incidents.
- Agree on a transparent enhancement request and backlog prioritization process tied to outcome signals.
- Create the shared communication channel and invite stakeholders with documented channel norms.
- Publish the triage workflow, severity definitions, and SLAs to the project repository.
- Provision a public enhancement backlog board and schedule the first backlog grooming session.
- Executive Summary (3 lines)
- Provide executives with a clear, quantified view of outcomes and residual risk to enable a funding/rollout decision.
- Secure executive endorsement for the recommended next step (scale, additional remediation, or maintenance budget).
- Identify any executive follow-up requests and owners for those deliverables.
- Introductions & Meeting Objectives
- If requested, produce a detailed cost-benefit and rollout plan for executive review within the agreed timeline.
- Document any executive commitments and translate them into project milestones.
- Training Completion & Remediation Status
- Confirm training and remediation actions meet institutional requirements and that documentation is audit-ready.
- Transfer governance responsibilities to steady-state owners with a clear cadence and escalation path.
- Schedule and agree on the quarterly health-check cadence and the criteria to reopen improvement work.
- Finalize and publish the governance RACI, runbooks, and closeout checklist in the central repository.
- Resolve any outstanding training remediation items and certify completion for compliance records.
- Schedule the first quarterly health-check and invite required governance participants.
- Confirm whether each agreed success signal has been met and document evidence supporting acceptance or rejection.
- Quantify the operational and compliance consequences of the outcomes for executive stakeholders.
- Assign owners and timelines for any remediation items and set a date for re-validation if needed.
- Produce and circulate an Evidence Package (dashboards, logs, export snapshots) supporting each success signal.
- Create remediation action list for any unmet signals with owners, acceptance criteria, and re-test dates.
- Capture formal stakeholder sign-off or objections in the project record.
- Issue Triage Workflow & Severity Definitions
- Timeline & Major Events Mapping
- Committee Governance & Cadence
- Key Metrics & Trends
- Current State (one-sentence) — Pre-Project Baseline
- What Worked Well (capture successes)
- Enhancement Request Process & Acceptance Criteria
- Documentation & Audit-Readiness Handover
- Compliance Risk Posture & Residual Exposure
- Agreed Success Signals & Targets
- Outcomes Dashboard: Evidence vs Targets
- Data Ownership, Retention & Migration Closure
- Operational & Financial Impact
- What Didn’t Work / Failure Modes
- Backlog Management & Release Cadence
- Consequence Analysis (quantified)
- Escalation Paths & Governance Roles
- Decision Points & Proposed Next Steps
- Steady-State Support Model & Quarterly Health Checks
- Root Cause Analysis
- Gaps, Residual Risks & Root Causes
- Onboarding & Handoff to Steady-State Support
- Q&A and Executive Commitments
- Improvement Backlog & Prioritization
- Closeout Checklist & Transition Signatures