Data management strategies are fueled by the advent of "knowledge transfer" as a management technique. Under this approach, multi-disciplinary teams work in parallel, often at multiple sites. The goal is to enable fast, efficient sharing of raw and processed data for analysis and collaboration to optimize critical-path decision support throughout the innovation cycle. In fact, a recent market analysis report concerning the life sciences industry stated: "By 2007, agility in data integration, management and access will be the single greatest source of competitive advantage for life sciences research organizations."
A data management strategy
To start, a foundation strategy is required for automated--and application independent--data (raw and processed) capture, cataloging and storage. This strategy allows aggregation of data sets from disparate sources (instruments, scientist reports and outside information).
Within this foundation comes the ability to effectively communicate among the team, as well as to generate knowledge from which consistency in decisions will be achieved. Also needed is an ability to export and import data to and from "best-in-breed" information technology resources such as statistical and visualization software, as well as existing laboratory information management systems (LIMS), bioinformatics and enterprise data systems. The principal benefit to this strategy component is that it provides an internal standard for all data capture so an internal information technology organization can aggregate and integrate within the entire corporate data management infrastructure.
Regulated industries are experiencing a time of increased competition, expanding global markets, mergers, partnerships and acquisitions. As a result, they are under growing pressure to reduce costs and improve margins and, at the same time, comply with significant new governmental regulatory and compliance policies, both in the lab and on a global level. Pressures to comply with these regulations create an atmosphere of concern that can inhibit decision-making and implementation of solutions to these problems.
The last decade has seen astounding growth in the amount of raw data collected relating to the production and quality of various products. The increase of computer-controlled equipment and sophisticated instruments will only facilitate this trend.
Problems arise when data are held in disparate, unconnected systems, making the process of converting the data into meaningful information difficult. This challenge is shared by industries regulated by the U.S. Food and Drug Administration (FDA) and the U.S. Environmental Protection Agency (EPA) because both agencies specify rules on electronic record-keeping. Successful data capture and subsequent transformation of the data into viable information can enable companies to create new opportunities and face new challenges with greater agility.
21 CFR Part 11
Recently, FDA increased active enforcement of Title 21 Code of Federal Regulations, Part 11 (21 CFR Part 11), its rule regarding electronic records and electronic signatures (www.fda.gov/ora/compliance_ref/part11). Critical systems that generate electronic records and are regulated by GxP (a generic acronym for good practices applications such as good laboratory practices [GLP], good manufacturing practices [GMP] and good clinical practices [GCP], etc.) also must comply with 21 CFR Part 11.
The rule applies to any FDA- (GxP) regulated facility, including those involving drugs, cosmetics, nutraceuticals, medical devices and other substances. Records subject to 21 CFR Part 11 include, but are not limited to, inventory records, calibration and preventive maintenance records, validation protocols and reports, training records, customer-compliant files and adverse-event reporting systems. These industries currently are responsible for upgrading so-called "legacy systems" by implementing the technical controls outlined in 21 CFR Part 11. These controls address electronic record security, integrity, traceability and the proper use of electronic signatures.
The basic intent of 21 CFR Part 11 is to ensure individuals working in environments governed by previously published rules protect their regulated electronic records using different levels of security, traceability and access control than those for paper records. Scientists must establish that the e-records and e-signatures are trustworthy, reliable and equivalent to paper records and handwritten signatures.
EPA's proposed Cross-Media Electronic Reporting and Record-keeping Rule (CROMERRR) will provide the legal framework for electronic reporting and record-keeping under the agency's environmental regulations (www.epa.gov/cdx/cromerrr/propose/ index.html). Developed with 21 CFR Part 11 in mind, CROMERRR will apply to most, if not all, reporting and record-keeping currently required of EPA-regulated organizations, including GLP-regulated industries that are required to maintain master schedules, protocols, standard operating procedures and quality assurance inspection reports.
EPA also has formulated a process to submit reports electronically to the agency. Like 21 CFR Part 11, this rule was drafted to ensure electronic documents will have the same legal and evidentiary force as their paper counterparts.
21 CFR Part 11 has been final and effective since Aug. 20, 1997. Firms are expected to have their procedural and administrative controls in place now, as well as to have a plan in place for upgrading legacy systems with the technical controls for the rule. These plans must be detailed and contain a reasonable timeline. Firms must show progress against these plans. FDA has not specified a date by which all firms must be in total compliance with the rule.
The data 'repository'
A lot of data means a lot of decisions. Unfortunately, most data formats are proprietary to the instrument that created it. Until now, it has been a daunting challenge to develop an application-independent storage system to aggregate data from several sources. What is more, the need to and electronically store, retrieve, extract and communicate data to colleagues throughout the enterprise along with a regulatory compliance strategy is not easy. Many suppliers to the pharmaceutical industry have enhanced their software features and have also devised internal technologies to address the technical controls required by these regulations. Such fixes tend to be proprietary and thus become only partial solutions.
Does a firm maximize profits or comply with regulations? Good data management software allows it to do both. The sidebar outlines some suggestions for selecting such a software solution.
Lander is program manager, compliance, for NuGenesis Technologies Corp., Westborough, Mass. NuGenesis offers automated data collection and storage solutions to regulated companies. Lander can be contacted via e-mail at [email protected].
Selecting a Software Compliance Solution
Selection and implementation of viable software and systems solution to address 21 CFR Part 11 and CROMERR compliance are important, but certainly not easy.
The first step for a firm is to create a task force for the job. The task force should include representatives from various departments across the enterprise.
The next step is to come up with a consistent interpretation of the regulations and a consistent direction for a remediation plan. After performing a detailed assessment of what systems generate regulated electronic records and electronic signatures, the team should conduct a gap analysis on the most process-critical systems. This analysis will show how far away the systems are from compliance and what needs to be accomplished to get to compliance. The latter then must be written into a detailed remediation plan that also includes repudiation, assigned responsibility, reasonable timelines and a budget.The plan hinges on the functionalities of the legacy systems already in place, and the desired state of compliance the company is trying to achieve. It is advisable for the compliance task force to work with existing and future vendors to communicate the firm's requirements for regulatory compliance. From there, the facility can make the determination as to which software solutions are able to most thoroughly meet its requirements.