Experts Make Business Case for IT Compliance

Pharma companies should not view adherence to the FDA's encouragement of IT adoption as a costly unfunded mandate, but rather as an opportunity to grow the business, according to experts at a recent industry conference.

"Within IBM, we feel you can be compliant and drive business value at the same time," said Christopher Hines, associate partner for IBM Business Consulting Services. He described a number of problems with the way the pharma industry uses IT:

Quality control is currently conducted by inspection after production. "It's a matter of 'Oops, we catch it at the end of the process;'" Structured and unstructured information is artificially separated in IT "silos." Extensible Markup Language (XML), a next-generation internet language, can be used along with other new technologies to solve this problem; Lack of an information "feedback loop" between manufacturing and development; and Continued use of legacy systems.

The solution to many of these problems is the development of compliance-centric IT architecture organized around the company's manufacturing processes, using technology to pull it all together, Hines said. The end goal is to use IT to aid in good manufacturing practices (GMPs) and improve product quality up to the "six-sigma level," he said. This means reducing the failure rate in pharmaceutical manufacturing down to the fraction of a percentage point supposedly enjoyed by the semiconductor industry.

But institutional inertia remains a problem for the pharmaceutical industry. "The life sciences haven't been taking advantage [of new technology] as much as, for example, the chemical industry," said Christine Deitz of Emerson Process Management.

This may be due partly to historical reasons, Deitz said. Fifteen to 20 years ago, pharma companies were reluctant to upgrade their integrated hardware and software packages. These were relatively expensive to begin with, and replacing them involved substantial validation costs. Modern automation techniques use "open systems" -- usually commercially available operating systems such as Windows -- making upgrades much easier and cheaper.

The greater compliance risk for pharma companies now is in failing to keep pace with technological developments. "There are more validation requirements now; 21 CFR part 11 has really raised awareness of security issues," Deitz said. She acknowledged that there is less concern about Part 11 now than there was a few years ago, but added that "nobody can argue that it didn't raise awareness of data security and user security." She added that it is cheaper to "stay with the crowd," because software companies tend to offer the most support for the newest versions of their products.

Deitz offered a number of tips for keeping IT up to date:

Get management on board by pointing out that the FDA is encouraging industry to update its IT, for example by getting managers to support esubmissions; Design migratability into the system and use product features as intended rather than in a makeshift customized manner, to reduce risks and costs for the next upgrade; Keep current users in mind: if the upgrade looks very different from the current version, they may have difficulty adjusting; Weigh the impact of the upgrade on the company's custom configuration; Create a schedule for planned upgrades; and Do risk analysis. IT managers should ask themselves, "How stable is the software you're going to? How many users does it have? Have other people already done the upgrade?"

"The bottom line is that you should do a careful analysis of the risks of upgrading, but times have changed; you can't use 10-year-old tools now," Deitz said. -- Martin Gidron (mailto:mgidron@fdanews.com)