Companies in the pharmaceutical industry find compliance and issues related to enterprise content management (ECM) challenging. Compliance is becoming a greater challenge internally because of external requirements from authorities.
The public demises of Enron, Arthur Anderson, and other Wall Street scandals have resulted in massive legal costs, fines and even sentences. This has highlighted the need for electronic information to be saved and indexed for easy retrieval. What was once only true for paper records is now becoming necessary for electronic documents, email and instant messaging.
Reacting to these scandals, public authorities have produced legislation such as the Sarbanes-Oxley Act and DoD5015.2, where the penalties for non-compliance have increased; corporate employees can be charged with criminal obstruction for failure to preserve documents or communications.
Naturally, because of the way financial information is processed, stored and accessed, this creates challenges for pharmaceutical companies. Systems that provide document management, access to financial data or long-term storage of information must now
provide auditing capabilities.
For pharmaceuticals, auditing is not new. The industry is regularly audited by the US FDA. 21 CFR part 11 sets out requirements for electronic records and electronic signatures, and places requirements on organisations to implement controls, including audits, validation systems, and documentation for software and systems.
In addition to legislative requirements, many companies are toughening their internal compliance regulations because of the costs and risks involved with litigation. Finding the right document at the right time - or not finding it - can mean the difference between winning and losing millions. Projects relating to legal discovery have consequently been moving steadily up the ranks in many IT and project governance evaluations.
ECM is also becoming increasingly complex. For many pharmaceutical companies, it is delivered through a range of point solutions. Content for purposes such as regulatory affairs documentation, marketing, standard operating procedures (SOPs), contracts with CROs, intellectual property and research, US FDA/EMEA submissions, validation documentation, HR material and labelling documentation are often kept in separate systems. These content silos result in knowledge silos, cost silos and technical competency silos, resulting in growing complexity and costs.
The situation described above creates several challenges for pharmaceutical companies. Naturally, they must be sensitive to Sarbanes-Oxley and DoD5015.2 requirements. After all, they will be held responsible. But at the same time, compliance with Sarbanes-Oxley 404 and other regulatory requirements is expensive.
Financial Executives International (FEI)'s survey of 217 companies with average revenues above $5 billion, found that the cost of compliance was more than $4 million on average because of costs associated with auditing. The high cost means that compliance remains a major driver for IT implementations. For NNIT's customers in the pharmaceutical industry, this has meant that more than 60% of investments happen because of compliance needs. With growing compliance requirements (Figure 1), the business case for simplifying ECM becomes evident.
Another challenge for pharmaceutical companies is to ensure that the organisation's systems effectively support core business processes. Not only are these separate systems, but requests for changes have also created highly customised solutions. These can have their own special logic that may be far removed from the business processes they were once set up to support. IT departments may focus on the daily management of systems and lose sight of both the key drivers for change and new core business processes that the systems should be supporting.
Other factors include data entry, which is time consuming and tedious (yet many organisations manually enter information that should be available across departments and functional areas), and the challenge of making strategic decisions in terms of what systems and processes should be integrated after mergers and acquisitions.
From an IT perspective, the situation is not sustainable either. Hard-pressed by executive management to provide the knowledge needed to make strategic decisions, many IT departments are struggling just to respond to the most urgent requests for changes and maintain a validated system in and out of upgrade cycles.
The high levels of customisation mean a high dependency on specialised knowledge, extensive documentation or people who know the systems to effectively support problem solving, maintenance and upgrades. This increases risk and cost compared with the acquisition of more generic competencies.
So what can be done to meet these challenges? NNIT's experience as a system integrator has shown that ECM vendors have significantly progressed in terms of the maturity of their products. This now means that vendors are able to supply:
Configurable standard solutions exist within the areas of regulated content management, record management, SOP management and submission management. The optimal ECM approach must address the triangle of objectives of both businesses, IT and QA & RA (see Figure 2). Consequently, an organisation has new business opportunities in terms of the ability to:
Where does an organisation start? The NNIT recommendation is to start at the beginning and from the top. Technology-driven programmes tend to be tactical and rarely get support from line of business. For this reason, it is critical that senior management visibly supports the enterprise-wide project. NNIT's recommendations for success are:
NNIT's approach uses the above recommendations and aligns core business processes across the organisation with what is possible in configured standard solutions. This knowledge is used to provide a step-by-step roadmap for the organisation. A consistent enterprise-wide approach to managing records and information helps organisations mitigate legal risk and operate more efficiently and competitively.