Building the Greenlight Checklist—People, Places, Products, Processes, and Firewalls

People—competence and authority. Confirm investigator CV/license currency (within the activation window), GCP training attestations, financial disclosures, and a reconciled delegation of duties log with start/stop dates. Validate that system access (EDC, IWRS/IRT, imaging, eConsent, safety portals) matches roles. Require short knowledge checks for endpoint-critical steps (eligibility windows, primary assessment timing, unblinding requests). Evidence: CV/license PDFs, GCP certificates, signed delegation log, role-based access report, quiz results with thresholds (e.g., ≥80% overall and 100% on critical items).

Places—equipment, logistics, and environmental controls. Pharmacy readiness (temperature mapping, alarm thresholds verified, excursion drill executed), investigational product receipt and quarantine/release rules, waste and returns plans. Imaging/lab readiness (test file upload accepted by the reading/central lab; reference ranges loaded; back-up slot plan). Courier accounts live, dry-ice/hazardous-goods constraints documented, and first pickup tested. For hybrid or decentralized workflows, confirm mobile nursing availability, safe kit storage, return logistics, and help-desk scripts. Evidence: temperature maps and alarm screenshots, test upload receipts, courier bill of lading, hazard declarations, mail-back instructions.

Products—control, labeling, and configuration. Verify product/device labeling, kit assortment, and expiry windows; document stock reconciliation between physical inventory and IWRS/IRT. For device or diagnostic studies, confirm hardware model and firmware/software versions, site acceptance tests, disposables/consumables inventory, and quarantine/release rules if configuration issues arise. Evidence: label proofs, packing lists, stock reports, acceptance test logs, and a version table stored with the site’s configuration sheet.

Processes—protocol, consent, privacy, and safety. Ethics/authority approvals on file; informed consent version in effect (threaded to approval dates) and localized as required; recruitment materials approved; privacy and cross-border data transfer narratives in place; SAE clock rehearsal completed; emergency unblinding request path tested; eConsent identity verification demonstrated (both in-person and tele-consent if used). Evidence: approval letters, localized consent pack manifest, readability/translation certificates where applicable, privacy statement, unblinding test record, identity-verification screenshots.

Firewalls—blinding and access segregation. Separate unblinded pharmacy/IWRS roles from blinded coordinators and raters; restrict read access to code-break logs and unblinded stock; document a clean hand-off for temperature excursions and resupply decisions. Evidence: role matrix, access approvals, and a one-page firewall description filed with the SIV minutes.

First-day rehearsals—prove the path works. Conduct a table-top walk-through or simulation of consent → eligibility confirmation → randomization → first dose/first procedure, including rescue paths for common errors (e.g., visit outside window, scanner downtime). Include decentralized steps—tele-visit connectivity check, mobile nurse scheduling lead-time, identity re-verification. Evidence: SIV minutes with outcomes, mock run sheets, screen captures, and a short defect list with owners and due dates.

Risk-based acceptance—binary thresholds and conditional activation. Define objective pass criteria (e.g., “training completion ≥95% with no critical gaps,” “EDC and IWRS UAT sign-offs filed with at least one negative test each,” “courier test pickup completed,” “identity verification success rate ≥98% across two scenarios”). If some non-critical evidence is pending, allow conditional activation with time-boxed items and an explicit pause rule if milestones slip. Record every exception with rationale and owner so inspectors see proportionate control, not improvisation.

Five-minute retrieval drill—make it muscle memory. Before signing the greenlight memo, pick one dashboard date and retrieve: delegate log, user provisioning report, UAT logs, pharmacy mapping/alarms, imaging test receipt, courier test proof, localized consent in effect, ethics approval letter, privacy/identity evidence, and the signed go/no-go decision. If retrieval exceeds five minutes, correct metadata, refactor filing locations, or enforce a single record-of-record to eliminate duplicates.

Go/No-Go Governance—Decision Meetings, KRIs, QTLs, and Escalation

Small, named board with the meaning of approval. Keep the decision group focused: Site Operations Lead (chair), Regulatory/Ethics Lead, Pharmacy/Supply Lead, Data Systems Lead (EDC, IWRS/IRT, eConsent), and Quality. Each signature must include a short phrase stating what the approver reviewed and approved. The meeting runs on evidence, not updates: the checklist and artifact links are screened beforehand; the board adjudicates exceptions and signs the memo.

Agenda that ends with a decision. (1) Confirm binary criteria met; (2) Review exceptions and conditional items with owners and due dates; (3) Confirm firewalls and privacy controls; (4) Review early-ramp readiness (imaging blocks, courier capacity, navigator staffing, interpreter coverage); (5) Decide: go (release IP), conditional go (time-boxed items, pause rule), or no-go (specific defects to correct). Decisions are recorded in a one-page memo and filed to the eTMF/ISF with the evidence pack.

KRIs that warn before go/no-go fails. Define leading indicators and thresholds that automatically open actions: (1) Delegation vs. access drift (mismatch rate >0% on reconciliation); (2) Consent version drift (localized version not threaded to approval dates); (3) UAT gaps (no negative tests recorded); (4) Pharmacy exceptions (mapping or alarm verification pending); (5) Imaging readiness (test upload not accepted); (6) Courier exceptions (failed test pickup or missing hazardous-goods documentation); (7) Identity-verification failures (>2% failed attempts in pilot). Red KRIs trigger either rapid containment (24 hours) or a no-go recommendation unless closed.

Quality Tolerance Limits (QTLs) tied to early ramp. Convert the most consequential KRIs into QTLs: no consent within 21 days of activation; ≥10% missed endpoint windows among first 10 participants; ≥15% courier exceptions over two weeks; or eConsent restarts >10% for tele-visits. Crossing a QTL forces the board to meet and either contain (local fix), correct (design/process changes), or communicate (resequence activation, add resources). Record the decision with rationale and link it to the triggering tile.

Conditional activation with explicit pause rules. If non-critical items remain, allow go-live with hardholds, for example “activate but do not randomize until pharmacy alarm verification filed,” or “consent only; randomize after imaging QC passes.” Set hard dates—if unmet, the site pauses automatically. Conditional logic is proportionate, transparent, and self-enforcing.

Vendor oversight. If readiness relies on vendors (EDC/eConsent/IWRS, imaging cores, couriers, home health), encode obligations in SOWs: immutable logs, weekly evidence feeds, synchronized clocks, and participation in retrieval drills. Require at-risk fees if persistent red metrics delay go/no-go decisions.

Change control and communication. Treat the checklist and thresholds like controlled code. Version changes, publish a “what changed and why” memo, retrain impacted roles, and update the metric dictionary. After each decision, communicate a short “greenlight bulletin” to the site: evidence reviewed, items still pending, pause rules, first-day reminders, and help-desk contacts.

Operating Playbook—Templates, Pitfalls, 30–60–90 Plan, and a Ready-to-Use Checklist

Templates to standardize speed. Provide (a) the greenlight checklist with binary criteria; (b) a one-page go/no-go memo template that captures decision, rationale, exceptions, owners, and dates; (c) a firewall description template showing blinded/unblinded roles and system access; (d) a first-day run sheet for consent→eligibility→randomization→first dose/procedure; and (e) a retrieval drill script with a 5-minute timebox and “fix filing now” instruction if the drill fails.

Common pitfalls—and durable fixes.

• “We presented it” instead of “they can do it.” Fix with outcome tests (dummy randomization, excursion drill, identity verification) and short knowledge checks tied to endpoint integrity.
• Delegation and system access drift. Fix by reconciling weekly and requiring PI sign-off for role changes; block activation until matched.
• Consent version and approval threading mismatch. Fix with a visible concordance table and required metadata; prevent “consent in effect” without the matching approval attached.
• UAT without negative tests. Fix by mandating at least one negative test per module with screenshots and expected error messages.
• Unverified pharmacy alarms. Fix with path-task status and logger screenshots filed before IP release.
• Imaging/readiness gaps. Fix with accepted test uploads and pre-booked acquisition blocks where capacity is scarce.
• Courier and hazardous-goods surprises. Fix with a documented test pickup and explicit dry-ice/hazard rules per country before greenlight.
• Decentralized bolt-ons added late. Fix by configuring identity verification, tele-visit scripts, and mobile nurse logistics during SIV, not after FPI.

30–60–90-day implementation plan. Days 1–30: publish checklist and memo templates; finalize thresholds and KRI/QTL definitions; wire click-throughs to eTMF/ISF; define signature meanings; embed country calendars and import/translation lead times. Days 31–60: pilot the checklist at three sites; run retrieval drills; close filing gaps; tune negative-test cases for EDC and IWRS/IRT; perform pharmacy alarm and courier test rehearsals. Days 61–90: scale to all wave-1 sites; institute weekly risk huddles; enforce conditional activation rules; integrate vendor feeds; and review QTLs after the first 10 randomizations per site to adjust early-ramp controls.

Ready-to-use greenlight checklist (paste into your SOP or site initiation pack).

• People: Investigator CV/license current; GCP training; financial disclosures; delegation log complete; knowledge checks passed; system access reconciled to roles (EDC, IWRS/IRT, imaging, eConsent, safety).
• Places: Pharmacy mapping and alarms verified; excursion drill executed; IP receipt and quarantine/release rules filed; imaging/lab test uploads accepted; courier account live with test pickup and hazard documentation.
• Products: Label proofs approved; kit assortment verified; stock reconciled to IWRS/IRT; device/diagnostic configuration recorded with acceptance test pass; quarantine/release rules documented.
• Processes: Ethics/authority approvals on file; localized consent version in effect and threaded to approval; recruitment materials approved; privacy/data-transfer statement filed; eConsent identity verification demonstrated; SAE clock rehearsal completed; emergency unblinding request flow tested.
• Firewalls: Blinded/unblinded roles separated; access approvals filed; code-break and unblinded stock visibility restricted.
• Simulation: First-day table-top/flow test recorded (consent→eligibility→randomization→first dose/procedure), defects logged with owners and due dates.
• Thresholds: Training completion ≥95% (no critical gaps); UAT sign-offs (positive and negative tests) for EDC and IWRS/IRT; courier test pass; identity-verification success ≥98% in two scenarios.
• Conditional Items (if any): Explicit time-boxes and pause rules recorded; owners and due dates assigned.
• Retrieval Drill: Evidence chain produced within five minutes; metadata corrected if drill fails.
• Decision: Go / Conditional Go / No-Go memo signed; each signature includes the meaning of approval; memo filed with links to artifacts.

Bottom line. A greenlight is credible when readiness is demonstrated, not declared. Encode the right criteria, wire them to evidence you can retrieve in minutes, rehearse first-day execution, and run governance that turns signals into dated, documented decisions. With proportionate controls anchored in widely recognized expectations, clear firewalls, and practical early-ramp limits, you will activate faster—and you will be ready to show why you were confident to begin.