Working in the greater Philadelphia area now for nearly 17 years has given me the opportunity to work with many of the large pharmaceutical companies located in this area. And one thing you learn quickly is how heavily regulated they are. Every aspect of R&D and manufacturing in a pharmaceutical company is subject to FDA regulations and to regular FDA inspections that can lead to citations and fines if violations are found: the dreaded FDA-483 citation.
The regulations are there for good reasons. Public health and human lives are clearly at stake. Data from lab work and from clinical trials must be collected in a way that minimizes human error and that is audited every step of the way to ensure no unscrupulous individuals have tampered with it. And the manufacturing process must be closely monitored and audited to ensure the purity of the medications.
Everything is Documented
This regulation comes with a great burden of effort. Everything is documented. There is a saying about the FDA: “If it wasn’t documented, it wasn’t done.” What has changed over the past 5-10 years (and is only trending further) is the reliance on IT to support both R&D and manufacturing processes, and now the dependence this creates on the network. If there are network and application issues, let alone outages, FDA violations are a near certainty, not to mention the risk to public health depending on what is affected.
- We have seen the rise of electronic lab notebooks that automate data collection in the lab, provide auditing of human access to the data, and have become an integral part of the lab process subject to FDA regulation and inspection. These applications automate what used to be tedious manual processes and they dramatically improve time to market – which is great except when something goes wrong with the application or network.
- Applications now drive the collection of clinical trial data and provide analysis and reporting of that data, some of which must be reported to the FDA on a regular scheduled basis, with consequences if that schedule is missed. Again, the applications automate what used to be tedious manual processes – which is great except when something goes wrong with the application or network! I’ve seen more than one IT war room related to issues with these applications.
- Applications have always driven manufacturing, be it with inventory and material resource planning. However, we are now seeing the IoT phenomenon on the rise providing real-time monitoring of components in the process, to reduce bad drug batches. Those refrigerators had better be at the correct temperature or you lose the batch! All of this is riding over wi-fi and the network now.
The more companies become dependent on these new application and network-based processes, the more they let go of the old manual processes, and the availability and performance of the network and applications becomes all the more critical. It’s not a “nice to have” anymore where people can get by if the application is down. Everything stops if the application is down.
Further, this dependence on IT creates the additional security concern of protecting the company’s intellectual property. There is a great deal more data now in digital (and therefore hackable) form. This circles back to careful auditing, along with the typical steps any company takes to secure their data.
All of this raises the importance of having a solid performance management and monitoring solution in place. Application and network issues are going to happen. Hackers are trying to get into your network. And you don’t want an application or network issue creating an opportunity for a hacker to get in. The key is resolving issues quickly without finger-pointing across the silos to ensure everything is operating as expected with no surprises. This can no longer be an afterthought. It must be part of the design. And with new SDN designs coming into play, now is a great time to review your strategy.
Finally, it is a bit trickier in the pharmaceutical realm because the performance management solution itself must pass muster with the FDA; that is, the solution must not itself create an FDA (or HIPAA) violation. And the biggest risk is with capturing raw (and complete) packet data that may contain Personally Identifiable Information (PII), particularly with clinical trials and/or patient data collected into Big Data/BI databases to support research. One need not look far to find solutions that fit the bill, but freeware won’t cut it anymore. The solution must be purpose-built and designed with regulatory compliance in mind. This is true now of many industries, but the pharmaceutical industry is a great example.