7F* It's all about trust

STANDARD OPERATING PROCEDURE (SOP)

GS03 Subcontractors and Vendors, version 03

Author: IFS

Authorised by:

Approved by:

Alistair Bone, Executive Vice President Quality Assurance

Date Date of authorisa

Daniel Spasic, CEO

3 Approval Date

Effective Date Dater

fie

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from IFS is prohibited.

Unofficial copy –not valid

Subcontractors and Vendors TFS) Its all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 2 (12)

CONTENTS

1. PURPOSE 3 2. SCOPE 3

3. DEFINITIONS 3 4. RESPONSIBILITY 3 5. Evaluation and Approval 5 5.1.1 Use of subcontractors or vendors 5 5.1.2 One man companies 5 5.1.3 Evaluation of subcontractors and vendors 5 5.1.4 Questionnaire 7 5.1.5 On site Audits 7 5.1.6 Approved subcontractors and vendors 7 5.1.7 Conditional approval 7 6. Agreement with Subcontractors and Vendors 8 6.1.1 Confidentiality agreement 8 6.1.2 Contract 8 7. Oversight of approved subcontractors and vendors in projects 9 7.1.1 List of subcontractors and vendors 9 7.1.2 Project plan 9 7.1.3 Training 9 7.1.4 Performance review 9 7.1.5 Quality Issues 9 8. Follow-up 9

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

TFS Subcontractors and Vendors

It's all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 3(12)

1. PURPOSE

This Standard Operating Procedure (SOP) describes the procedures for evaluation, approval and management of subcontractors and vendors contracted by TFS.

2. SCOPE

This SOP is applicable for all vendors and subcontractors providing clinical research related services for example other CROs and suppliers of systems. Investigator sites are not covered by this SOP.

3. DEFINITIONS

Subcontractor A subcontractor is a company or person contracted by TFS to conduct services. Examples of services are monitoring, regulatory submissions and storage and distribution of investigational products.

Vendor A vendor is a company or person supplying products to TFS. Examples of products are data management systems and laboratory materials.

4. RESPONSIBILITY

Executive Vice President (EVP) Clinical development Ensuring that:

• An adequate number of subcontractors and vendors are identified and approved in order for TFS to be able to conduct assigned projects

• TFS Quality Assurance department are informed about the quality of the services provided by subcontractors and vendors

• The need for future use of approved subcontractors and vendors is checked on a regular basis

Informing: • TFS Quality Assurance department in good time about the need for assessment of new

subcontractors and vendors • Making the final decision as to which subcontractors and vendors should be used in

projects

Executive Vice President (EVP) Quality Assurance • Ensuring that vendors and subcontractors are audited or evaluated in compliance with

this SOP

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

, TFS Subcontractors and Vendors

IN all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 4(12)

• Maintaining a list of approved subcontractors and vendors

TFS staff • Informing the Quality Assurance department and obtaining approval from the Quality

Assurance department before using vendors and subcontractors for clinical research related services

• Obtaining signed contracts or agreements from vendors and subcontractors before any assigned tasks are initiated

Head of Business & Contracts Ensuring that: • An overview is maintained of approved subcontractors and vendors used for different

projects • Quality Assurance department are informed in a timely manner of any proposed new

subcontractors and vendors

Business & Contracts Manager (BCM) Ensuring that: • Sponsors have been informed of all vendors and subcontractors selected for an

assignment that a list of all vendors and subcontractors is included in the contract with the sponsor

• That Quality Assurance department are informed in a timely manner of any proposed new subcontractors and vendors

Project Leader Verifying that all vendors and subcontractors: • To be used in their project are included in the contract • "Selected by IFS" have been approved by TFS Quality Assurance department

Informing: • Business Development if the event that any new subcontractors or vendors will be used

in the project

Assessing: • The suitability of individual subcontractors used in their projects. This means the clinical

team (monitors, etc.)

Informing: • Quality Assurance department, the BCM and Line Management about any significant

issues with subcontractors and vendors • Quality Assurance department, the BCM and Line Management on an annual basis as to

the performance of subcontractors or vendors

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

.,

Subcontractors and Vendors TFS It's all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 5(12)

5. Evaluation and Approval

5.1.1 Use of subcontractors or vendors

Any TFS employee who is in the position of selecting or using subcontractors and vendors should verify that:

• The subcontractor or vendor has been approved by TFS Quality Assurance department • A valid contract is in place with the subcontractor or vendor • A confidentiality agreement is in place • Sponsors have been informed of all services that will be subcontracted to vendors and

subcontractors

Information about approved subcontractors and vendors can be found on TFS Intranet or requested from the QA department.

In the event that the subcontractor or vendor is not included on TFS list of approved subcontractors and vendors the TFS employee should inform TFS Quality Assurance department in order for the Quality Assurance department to start the selection process (request for information) since the assessment and approval process needs to be performed before the actual work starts.

The Quality Assurance department will decide in cooperation with Clinical Operations and the Business and Contracts department whether the evaluation of an additional subcontractor or vendor is needed and initiate the evaluation process accordingly.

5.1.2 One man companies

One man companies will not be assessed by the Quality Assurance department unless there is a specific request for this. Project Leaders are responsible for ensuring that:

• One man companies have adequate training and experience for the assigned tasks and that this training is adequately documented

• One man companies have been approved by the sponsor • A signed contract and confidentiality agreement is in place • The SOPs the subcontractor will work according to are clearly identified and included in

the project plan (this will normally be TFS SOPS) • Subcontractors are trained in appropriate TFS SOPs and policies

5.1.3 Evaluation of subcontractors and vendors A written request (Vendor Assessment request form) for the evaluation of vendors and subcontractors should be submitted to the Quality Assurance department as soon as possible and in good time so that the Quality Assurance department can assess the subcontractor or vendor.

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

Subcontractors and Vendors (TES

Its all about bust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 6 (12)

Evaluation of subcontractors will be conducted by TFS Quality Assurance department. This assessment can be conducted e.g. questionnaires, telephone calls, references and on site audits.

Subcontractors and vendors providing services or products in assignments on sponsor's account shall be evaluated according to the procedures in this SOP. However, if the subcontractor or vendor is selected by the sponsor then TFS Quality Assurance department do not have to assess the subcontractor or vendor.

Subcontractors and vendors providing services or products outside assignments on sponsor's account may be evaluated as deemed appropriate.

5.1.3.1 Exceptions to formal Quality Assurance assessment

For some in-sourced services no formal Quality Assurance assessment and approval is obligatory.

Services such as: • Printing • Banking • Travel agents • Telephone companies • Office supplies • Cleaning • Insurance • Couriers for documents

Although no formal Quality Assurance assessment for these companies is obligatory:

• The individual who hires these companies is responsible for ensuring that the work is performed in compliance with agreed quality standards

• The Quality Assurance department always reserves the right to review the quality system used by these companies and challenge the use

• If deemed necessary by the individual who hires these companies a request can be made for Quality Assurance's assistance to assess a vendor or subcontractor

Companies that provide the above mentioned services will not be incorporated in the official TFS vendor & subcontractor list on intranet.

Confidentiality agreements should be obtained from all subcontractors or vendors who could have access to confidential information. This includes cleaning companies.

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

..3 Subcontractors and Vendors TF'S

Is all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 7 (12)

5.1.4 Questionnaire

The initial evaluation step is normally to send a detailed request for information questionnaire to the subcontractor. The TFS Vendor/Subcontractor self-assessment template questionnaire will be sent to the vendor or subcontractor by TFS Quality Assurance department.

The information provided in the completed questionnaire will be reviewed and evaluated by TFS Quality Assurance department. This review will be performed by the assigned member of the TFS Quality Assurance department and discussed with the EVP Quality Assurance. The provider can be approved based on the information collected in the questionnaire. This will be dependent on the adequacy of the information provided and the type of service provided. If the information collected is deemed insufficient to approve the subcontractor or vendor, TFS Quality Assurance department may decide to request additional information, discuss the information provided by the subcontractor or vendor in a telephone conference with the vendor, set a condition on their approval and/or to conduct an on-site audit.

5.1.4.1 Assessment of information provided by a new subcontractor or vendor

The information provided to the Quality Assurance department will be assessed. A risk based assessment is used to define critical requirements and to be able to decide if a subcontractor or vendor will qualify as TFS supplier.

Providers who have adequately completed the questionnaire and who will work according to and trained in TFS SOPs can normally be approved based on the questionnaire. Examples of this could be providers who are providing monitors who will work according to TES SOPs.

5.1.5 On site Audits

In the event that more detailed information is needed to be able to approve the providers it may be decided to conduct an on-site audit before a decision as to whether an approval of the provider can be given. Examples of providers who will normally be audited are companies working according to their own SOPs and procedures such as data management companies.

5.1.6 Approved subcontractors and vendors TFS QA are responsible for maintaining a list of approved subcontractors and vendors. This list will be published on TFS intranet. Approval will be documented in a statement by the Quality Assurance department. This statement will be maintained by TFS Quality Assurance department.

5.1.7 Conditional approval

As part of the approval by the TFS Quality Assurance department several conditions for use may be set. When subcontractors or vendors are used, the Project Leader or Line Manager has to ensure these pre-defined conditions are met.

Examples of conditions: • Work will be done according to TFS SOPs (or sponsor SOPs when agreed)

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

(TF54 . Its all about trust

Subcontractors and Vendors

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 8(12)

• Submissions should be approved/controlled by Project Leader/Regulatory Affairs manager prior to submission

• TFS SOP training in TFS Academy • No subcontracting allowed

For Subcontractors working according to TFS SOPs, the Project Leader is responsible for ensuring that:

• CVs & Training Records (of people involved) have been reviewed and individuals have been approved to work in the project. This must be done before the start of project specific activities

• Individuals are trained in relevant TFS SOPs and procedures This could include:

o Use of Cosmos timesheets o Training of general TFS SOPs o Use of TFS e-mail accounts

TFS policy is that all subcontractors should have adequate training for the tasks they are conducting. It is the responsibility of Project Leaders or Line Managers to ensure that the people they use have adequate training, for example GCP training.

6. Agreement with Subcontractors and Vendors

6.1.1 Confidentiality agreement A confidentiality agreement must be signed between TFS and the representative for the subcontractor before any exchange of information is made. These agreements will be maintained by the Business and Contracts Manager.

6.1.2 Contract

A contract or agreement signed by both parties will be obtained from subcontractors and vendors before any subject enrolment activities are initiated. Contracts should clearly address:

• Confidentiality • The fact that subcontractors may not be used unless written approval has been given • The possibility of audits • Insurance

If any activities are initiated before a signed contract is in place this could be performed using a letter of intent. However, this is only valid for pre enrolment activities and subjects may not be included in studies without a signed contract in place.

/The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior

written permission from TFS is prohibited.

Unofficial copy –not valid

Subcontractors and Vendors TFS) Is all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 9 (12)

7. Oversight of approved subcontractors and vendors in projects

Subcontractors should as far as possible work as an integrated member of TFS project team. This means that they should be trained in relevant TFS SOPs, use TFS emails standard and use TFS letter writing paper etc.

7.1.1 List of subcontractors and vendors

The Project Leader is responsible for ensuring that a list of subcontractors and vendors working in their project is maintained and that the sponsor, Business Development and TFS Quality Assurance department are informed of any changes or issues as appropriate.

7.1.2 Project plan

The project plan should clearly identify any vendors and subcontractors to be used in the project and how oversight will be maintained throughout the project.

7.1.3 Training The Project Leader should review subcontractors Training Records and CVs to ensure that they have adequate experience and training including GCP training to work in the project. Subcontractors should as far as possible work according to TFS SOPs and the Project Leader should ensure that they receive appropriate training and that this is adequately documented.

7.1.4 Performance review The Project Leader should provide, a written report using the subcontractor, vendor assessment form, about the quality of the deliverables provided by subcontractors or vendors in their project on a regular basis, at least once annually to the Business and Contracts department, Line Managers and TFS Quality Assurance department. This report will include information on: • Services delivered • Performance (quality of the services delivered; delivery as agreed; etc.) • Information on the ongoing use of the subcontractor or vendor in the project • Plans on future use

7.1.5 Quality Issues Any quality issues identified with subcontractors or vendors should be escalated to TFS Quality Assurance department and Line Managers as soon as possible. Significant quality issues should be reported as defined in the issue escalation plan.

8. Follow-up

The Business and Contracts department will update TFS Quality Assurance department on planned or expected future use of subcontractors and vendors.

/The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

,

TFS Subcontractors and Vendors

It's all about trust

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 10 (12)

The Clinical Operations department is solicited to inform the Quality Assurance department about the need for a re-assessment of subcontractors and vendors.

TFS Quality Assurance department will review the need for follow up activities and review. A follow-up assessment of subcontractors or vendors should normally be made every third year unless there is sufficient information or rationale not to do so. The final decision as to whether to conduct a re-assessment or an audit will be made by the Quality Assurance department.

/The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

QA assess completed questionnaire

• • Condition Vendor audit by

QA QA request additional information

Yes

TES) Subcontractors and Vendors

fl's all aboul trusl

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 11 (12)

Flowchart Vendor & Subcontractor evaluation

New Vendor/ Subcontractor

Check the list on TFS intranet

• Report intended use of

vendor to QA & request assessment

QA send questionnaire to vendor

TFS offices who want to use the following type of companies are responsible for ensuring agreed quality:

• Printing • Banking • Travel agents • Phone companies • Office supplies • Cleaning • Insurance • Couriers for documents

QA should be informed on their use.

Check need 4

for new vendor

QA updates TFS list of approved / not

approved vendors

End

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TFS is prohibited.

Unofficial copy –not valid

Approval on Extension page

Review date Extension valid to

3 March 2011 — 3 Sep 2011

31 March 2014 - 31 March 2015

27 March 2015 16 Feb 2016

4

Approval on SOP page

Approval on Extension page

QA Approval

(TESj Its all about trust

Subcontractors and Vendors

Standard Operating Procedure

Version: 03

Number: GS03

Effective date: 20 July 2015

Page 12 (12)

DOCUMENT HISTORY

Version No Effective Date Brief Description of Change New training required

Yes No 01 10 March 2008 F New SOP

L 02 20 April 2011 Minor updates 03 20 July 2015 Change of process: BCM

involvement and management of subcontractor / vendors added

E LII

—

EXTENSION WITHOUT CHANGES

The contents of this document are confidential. Unauthorised use, disclosure or reproduction without prior written permission from TES is prohibited.

Unofficial copy –not valid