Compliance is a necessary requirement of doing business within the life sciences industry, and rightly so. However, for life sciences organisations it is costly and complex and poses a serious risk to their business if not adhered to correctly.
Meeting regulatory and compliance requirements is a complex and cross-functional effort across the organisation with data sources often spread across siloed infrastructures and in a variety of data formats. The complexity comes in various forms; the growing amount of data and where it lives, how that data is used around the business (creating multiple touch points) and the technologies that create and manage the data, including legacy and emerging technologies.
The result is often a decrease in operational efficiency and productivity due to the increase in complexity to meet regulations and provide the related reporting. A lack of specialist in-house compliance and technology skills also creates a need for additional assurances when looking to create robust processes to meet compliance requirements, both ongoing and new.
What are the globally mandated regulations?
- Regulatory agencies: FDA, EMA, JPMA, MHRA
- Regulations: CGMP, GxP, ALCOA-C, 21 CFR Annex 11, GDPR.
- Types of Data: Regulated GenSequence Diagnostic Data, Clinical Research, eTMF, RAW Images, Data Generated by Medical Devices, chemical structures, just to name a few.
Common themes across all regulatory bodies and mandated regulatory procedures are:
- Proving data integrity based on MHRA GxP data integrity definitions
- Long term data preservation management providing ALCOA-C based principles
- Data fixity procedures ensuring data integrity and chain of custody
- Secured record-keeping and retention policy management for long term (e.g. the life of the business+) to guarantee complete evidence-proof reproducibility
- Secure export to fulfil regulatory GDPR based procedures
- Adherence to data privacy laws and data traceability
What are the technical challenges in complying with regulations?
- Extracting data from multiple systems owned/managed by multiple people; Data is all over the place – redundant & replicated in a siloed environments
- Lack of data ownership in bigger organisations
- Identifying data sources and types/formats of the data under regulation(s)
- Understanding the original file formats and related preservation formats for long-term accessibility.
- Organising and harvesting metadata dictionary per industry/domain specifications if any (e.g. eTMFs)
- Identifying metadata required to anonymise/pseudonymise Personally Identifiable Information (PII) data before securely sharing it with CROs & Researchers
- Digitising paper-based data set for long-term archiving and searching
Questions to ask before embarking on finding the right long-term archiving solution:
- Where is the data and who owns it, who has access to it?
- Are there any comprehensive standards/specifications to identify & describe metadata for a given data domain?
- What is the appropriate infrastructure and support required to keep the data(records) for long-term with secure sharing and accessibility?
- How to derive context (description of metadata) of the data so that the data can be transformed into information.
- How to foster secure collaborative data sharing thus promoting data accessibility?
What does the cost of compliance mean?
There are three main aspects to this; the amount of company dollars being invested to meet compliance and regulatory requirements, regulatory fines received that impact your business’ bottom line, and your company’s reputational damage and loss of business from any resulting negative press.
Companies’ compliance budgets have increased drastically over the last 5 years, which reflects the increase in the cost of hiring compliance staff, the increasing costs of managing legacy technology (both hardware and people), increased internal audits, intense supervision and external regulatory inquiries. There is also more focus on regulatory and supervisory risk management – people, processes and reporting, and a general increase in spend on tracking and analysing regulatory changes.
An increase in the number of fines being imposed due to non-compliance is having a negative impact on organisations’ brand reputations and often its stock price. This can result in deteriorating trust leading to lost business, an inability to hire or a high employee turnover, legal expenses, business disruption and generally, an increased cost of doing business.
Whose problem is it?
You’d be surprised how many conversations we have where the compliance team think their IT team have this covered and vice versa, yet when we get them both in a room together there are gaps or weak points in their processes. Understandable as there is often a blurred line regarding who owns which part of the process.
Think about this though – could you replace your data if it was lost or corrupted? If yes, how much would it cost you to replace it and how long would it take? And how would you validate that your replaced data is identical to the original data lost or corrupted? How do you ensure your data is protected from deletion, loss or corruption in the first place?
How do you reduce your cost of compliance? Here are the 5 steps:
#1. Remove data silos and implement a single, enterprise wide view of your data. This not only provides a single source of truth to support better informed decision making, it also means you can size your compliance risk more accurately.
#2. Build investigation and inspection capabilities into your workflows and processes.
#3. Collaborate with regulators, CROs, and other organisations to share resources and knowledge and improve your processes together.
#4. Automate workflows including robust retention schedules.
#5. Upgrade your deployment model to utilise emerging technologies and gain huge benefits from advanced search capabilities that include eDiscovery and enhanced context, cloud-based data storage and data management models, Open Source features and no vendor lock-in to provide flexibility in how you manage your data in the future, helping you keep a step ahead of new, emerging requirements.
Getting your data under control is the foundation
Constantly being able to meet expanding compliance and regulatory requirements in the life sciences and pharmaceutical industry is certainly not a trivial task. Getting your data under management is an important foundation to build your compliance workflows and processes on top of, as once your data is under management you will be able to monitor and control your data as it moves around your organisation and in turn, report on every step while making sure that data is still accessible and usable.
If you would like to discuss your compliance data challenges with one of our experts or to book a demo, contact us here.
01 Apr, 2019
Eldin Rammell, Phlexglobal – Archiving GxP Data – Is it actually rocket science?
28 Nov, 2018
5 benefits of safeguarding your research data management
12 Dec, 2018