Applying ISO 9001 to the IRB Process

David Borasky headshot

David Borasky, MPH, CIP, vice president, Copernicus Group IRB

An institutional review board (IRB) is an independent body that reviews proposed human subjects research in order to ensure that proposed activities are in compliance with applicable regulations and the ethical principles described in the Belmont Report. The use of the term “institutional” in IRB is derived from the reality that most clinical research studies historically were single-site studies conducted at academic medical centers, and so the IRB was viewed as a committee within the institution. However, as research evolved in the late 20th century, the model for clinical trials shifted to multicenter studies implemented at a mix of academic and non-academic research sites, with IRB oversight provided by independent IRBs that were contracted to provide the regulatory and ethical oversight in a centralized manner.

In this paper, we describe how one independent IRB utilized a non-traditional quality standard to drive improvement in IRB processes, the challenges to achieving certification, and the benefits to the organization.


Copernicus Group Independent Review Board (CGIRB) was established in 1996 to provide IRB review services to the clinical trials industry, and quickly recognized the need for a formal quality assurance (QA) program. While such programs are not required by regulation, it is an expectation of industry sponsors that providers of IRB services have a dedicated QA function. Further, a QA program should serve as an effective means for reducing organizational risk.

Organizations that provide IRB services have limited means for obtaining independent verification of the quality of their services. The industry standard for documenting the quality of independent IRBs is through accreditation by the Association for the Accreditation of Human Research Protection Programs (AAHRPP),1 which was founded in 2001 following a series of highprofile suspensions of research at academic medical centers. Accreditation by AAHRPP indicates that IRBs have demonstrated compliance with the organization’s standards for quality and human subjects protection; however, there is no regulatory requirement that IRBs be accredited, and regulators do not consider accreditation status when inspecting IRBs.

CGIRB first received AAHRPP accreditation in 2004, and has maintained its accreditation status since then. However, the organization’s leadership wanted to identify a means for demonstrating commitment to operational quality that went beyond the AAHRPP framework, and that would be recognizable by those companies in the areas of drug and medical device development. It was determined by the leadership that the organization would seek certification to the International Organization for Standardization (ISO) standard ISO 9001:2008 – Quality Management.

In Search of ISO Success

ISO is an independent, non-governmental organization with global representation that publishes standards covering a broad spectrum of industries, including agriculture, manufactured products, technology, and healthcare. ISO standards promote the creation of products and services that are safe, reliable, and of high quality through the establishment and maintenance of a quality management system (QMS).2 The standards are utilized widely in the drug and medical device industry to help increase productivity while minimizing errors and waste by focusing on domains covering the QMS; management responsibility and resource management; product realization; and measurement, analysis, and improvement.

Although our organization was not aware of any other IRBs that had achieved ISO certification, the leadership believed that ISO would be a recognizable certification that clients would accept as an independent measure of organizational quality. ISO was also viewed as an optimal fit because of its focus on customer service.

Compliance with the ISO standards requires a commitment of resources as well as a commitment by organizational leadership. Top management is responsible for the system’s effectiveness, and makes sure stakeholders throughout the organization understand how they contribute to the QMS.

The process of obtaining certification began with a year-long self-study of internal processes. CGIRB engaged with North Carolina State University’s Industry Expansion Solutions program to facilitate this process. Preparatory activities included supplementing existing organizational policies and procedures, and the development of ISO-specific standard operating procedures (SOPs).

In addition to revising written policies, management worked to identify the processes that would be considered within the scope of the certification. The process concluded with a certification assessment in which CGIRB’s revised policies and procedures were reviewed and all process areas that were in scope were audited. Full certification to the ISO 9001:2008 standard was achieved in 2010.

Tallying the Benefits

The ISO standards provided a strong framework to improve existing processes, and the organization experienced quantifiable benefits across the company with the adoption of ISO 9001, in part because it established a mindset and provided a methodology for tracking operational metrics in every department.

One of the simplest actions that had significant effects was implementation of measurement tools for metrics such as turnaround time, error rates, and client feedback. These measurement tools introduced a new level of accountability that helped to increase awareness of business goals with both staff and managers, and helped to monitor possible problematic patterns.

Prior to certification, the organization had informal goals for processing submissions, such as processing new principal investigator submissions within 24 hours; however, the turnaround times had not been tracked. The organization began systematically tracking the turnaround times for processing various submission types, and those numbers are used as a reliable metric to support communications on expected delivery timelines to clients. When turnaround times increase unexpectedly, it is recognized quickly and serves as a trigger for management to analyze the workflow and determine what kind of issues might be contributing to the deviation. The continuous monitoring means that problems can be identified sooner and additional resources or re-training can be instigated to address potential problems quickly.

The QMS is also monitored through routine internal auditing. Although the organization is subject to frequent external audits by clients and the British Standards Institution, which audits CGIRB for its ISO 9001 certification, systematic internal audits are still required by the ISO standards. Internal audits are a way to make the company self-monitor and provide the business with opportunities to detect and address non-conformities, and to pre-empt findings from external auditors, which again translates to higher confidence in the organization’s services.

Internal process audits are conducted on the key functional areas within the company by organizational staff who are trained as auditors. The organization values the internal audit process for providing a systematic review of key processes to check that employees are following the company’s SOPs, as well as customer expectations and regulatory requirements. Following SOPs ensures consistent products and services, which translates to the company’s reliability. Internal audits not only identify issues with conformance to the processes, but also opportunities for improvement that are shared with process owners and organizational leadership.

Clients from the industry recognize the standard, and understand what organizations must do to obtain and maintain certification. Clients know that the certification requires a commitment to quality, an active risk-mitigation approach to management, and a focus on customer service.

The Sensibility of Standardization

ISO’s requirements for the standardization of processes have also benefited the organization by contributing to a reduction in internal errors—those made by the organization that clients identify and result in documents being corrected and regenerated. Internal errors exclude client-generated errors and any errors identified during the internal quality check process before documents are transmitted to clients.

A comparison of 2010 versus 2016 data shows a remarkable 90% decrease in the overall internal error rate. The organization continues to be committed to reducing errors, and tracks errors at a more granular level by submission-type, which helps to focus on key performance metrics and to implement process improvements on a continuous basis.

Standardization of processes and commitment to reducing errors have also contributed to a reduction in turnaround time; 2010 versus 2016 data show that there has been a 48% improvement in processing new protocol submissions. New investigator submission turnaround times also improved by 7%, and with an aggressive 24-hour turnaround time goal, that is a significant accomplishment. Thus, ISO has led to a more effective use of human resources to complete work processes without compromising the quality of the product or the timeliness of delivery.

The benefits of ISO affect CGIRB’s employees, as well. CGIRB created standardized job guides for processes, which are used to audit against in internal audits. Ensuring that SOPs and job guides are followed also ensures that they are up to date if there have been any changes in procedures.

Accurate and complete job guides have a positive impact on employee training and onboarding. Further, the job guides and SOPs can be used as reliable references for new staff, which helps in facilitating the transition to becoming proficient team members. CGIRB has clear company quality objectives and goals, which are communicated to all staff so they know what is expected of them.

The Challenges of Certification

There are challenges associated with obtaining ISO certification, beginning with a commitment on the part of the organizational leadership. Organizations must be prepared to allocate sufficient financial and human resources to the certification effort. The allocation of resources begins with preparing for certification, which can take up to a year, and continues through the time when certification is achieved and into the ongoing maintenance phase.

Organizations may need to establish or expand QA departments and establish a cadre of staff who can conduct internal audits. Key performance indicators and other metrics have to be identified and systems have to be established to collect and analyze data for use in improving performance.

In addition to internal audits, an organization must commit to one or more surveillance audits per year by its certifying body, and a complete recertification every three years. Additional requirements include establishing robust processes for managing corrective and preventive actions, and identifying and qualifying business critical vendors on a systematic basis.

Another practical challenge is derived from CGIRB’s status as an outlier among certified organizations. Auditors from the certifying organization are typically unfamiliar with IRBs, and there is a learning curve for them when assessing an IRB for the first time. IRBs seeking certification must exercise patience during surveillance assessments, until the assessor builds up familiarity with the organization and what it does.


Adoption of the ISO 9001:2008 – Quality Management standard led to a measurable improvement in the quality of the product and more effective use of our human resources. The application of the standard to the processes followed by an IRB require an investment of human and financial resources and a commitment on the part of organizational leadership. However, we conclude that the return on investment justifies the costs.

The ISO standards provide a framework for implementing a QMS that goes beyond the basic regulatory requirements and contributes to an IRB’s mission of protecting participants in clinical research. The standards ensure that the organization remains focused on continuous process improvement that is data-driven, while maintaining high standards of customer service and accountability.



  1. Summers EI. The Association for the Accreditation of Human Research Protection Programs: 15 years of emphasizing research safety, ethics, and quality. J Med Dev Sci vol.2(1).

David Borasky, MPH, CIP, ( is vice president at Copernicus Group IRB.

Heather Kim, MS, RAC, CIP, is quality assurance manager at Copernicus Group IRB.

[DOI: 10.14524/CR-17-0017]

*To see all figures and/or tables published originally in this article, please visit the full-issue PDF of the June 2017 Clinical Researcher.