5 Life Sciences Technology Strategy Considerations for 2015

  1. Have you assembled the appropriate project team to implement a life sciences application?

The nature of projects and outsourcing today is composed of complex global projects managed by virtual teams and project variance. Outsourcing strategies and project variance leads to cost variation within a budget which usually is unaccounted for. Projects involving the implementation of life sciences applications can fail for multiple reasons – however a lack of user requirements and budget mismanagement should not be any of those reasons.

A good implementation team is usually a multidisciplinary team that adopts a risk-based approach to identifying obstacles and establishing measures that will mitigate challenges and foresee the participation of the client’s key users from the first steps of system implementation.  The key users usually collaborate with the validation team in the definition of general/regulatory user requirements, but their involvement starts at the very beginning of the project. In order to include the key/business users at this stage, the IT Project Manager should include a Business Analyst in the project team.

By using this approach, key users can deepen their understanding of how the system works and if it fits their organizational structure, processes and procedures. Consider a multidisciplinary team of business analysts, project managers qualified and specific to the system being implemented and a Computer System Validation expert (see why below!).

  1. Are you leveraging cloud-based solutions for important clinical systems?

We have stated the data before: It has been estimated that cloud computing techniques could lead to a 30 percent increase in speed to trial for clinical work, resulting in up to $400 million USD in savings.

The benefits of implementing a cloud-based solution for electronic data capture are endless: no more IT infrastructure investments, better data quality and global study management, software reusability and more secure data transfers. More importantly, cloud-based systems allow access to real time data which supports better discrepancy management, faster data cleaning and ad hoc reporting.

Cloud-based SaaS systems are ideal and cost-effective for pharmacovigilance as well by implementing a system accessible through the Internet with minimal IT effort. In this scenario, the application can be deployed using the standard validation configuration and then be customized to meet customer needs. The Cloud eliminates the need for hardware and software installation and allows clinical applications to be accessed through a web browser with personal credentials, eliminating the need for IT infrastructure such as data centers.

  1. What clinical data visualization solutions so you have in place?

Modern communication technologyIs your company looking to have access to clinical data in real time? Is Risk Based Monitoring part of your upcoming clinical trial strategy? Data Visualization tools make it possible to collect clinical and safety data from multiple sources and display the data in a structured format for the study team. The analysis team has the ability to drill-down data and click-through multiple levels of details.

Perhaps the biggest benefit is the ability to see and analyze safety data metrics from multiple sources in real-time. Real-time alerting features can notify the study team when problems arise, for example when adverse events are entered. Real-time data results allow decision-makers to identify and fix underperforming sites and make crucial decisions.

Business Intelligence tools are the best technology option for Risk-Based Monitoring. They allow for data retrieval, report development from different data sources, report delivery and cloud-based technology. Web-based applications can be accessed from various devices including PC/laptops, smartphones and tablets.

  1. Are all of your systems up-to-date and in compliance with industry standards? Are they really?

As mentioned above, every successful life sciences project team should have a Computer System Validation and Risk Management expert. Computer system validation in the pharmaceutical industry is applied from discovery through to manufacturing and supply. Between 40-60% of software defects can be traced back to errors made during the requirements stage. The costs of IT quality can be an investment: from documented planning and prototyping to review and inspection and test execution. However, the costs associated with poor quality normally outweigh the costs associated with good quality.

Defect correction, including diagnosis and bug fixing, can produce enormous costs for companies. More importantly, external failure can cause huge losses for a company. Operational defects can lead to lost productivity and lost sales. On a more serious note, it can lead to a delay in a new drug approval or even regulatory fines.

Are all of your clinical systems up to date with the latest security patches? Discontinued software versions should be considered a high security risk for critical IT components and should be mitigated by upgrading to supported versions or migrating to newer solutions in other platforms.

  1. Is your company prepared for Disaster Recovery and Business Continuity?

In an increasingly technology-dependent world, is your company prepared for a power failure? Cyber attacks? Disaster Recovery and Business Continuity is crucial for life sciences companies today. Sponsors should know if their IT provider has a plan in place – after all, consider the quantifiable losses if your IT infrastructure shut down for an hour, a day or even more? Could you go on conducting “business as usual”=

A good Disaster Recovery plan starts with analyzing the risks. Once you have determined the priorities, the most important analyses will be the RPO (Recovery Point Objectives) and the RTO (Recovery Time Objectives). The RPO will establish how far back services will have to go to find recoverable data, and the RTO will determine how much time is needed for recovery. The Disaster Recovery plan must then be maintained through proper documentation and system validation.


Pharmacovigilance Best Practices Part II: Consortium Initiative

In Part II of ARITHMOS‘ article series on pharmacovigilance best practices, we address the need of project implementation and maintenance by introducing the Consortium initiative which helps companies significantly reduce costs while receiving expert advice from cross-functional teams.

Two hands touch screen of tablet with medical icons. VectorIn order to facilitate the implementation, production and maintenance phases of a pharmacovigilance system migration project, ARITHMOS has introduced a consortium for the provision of Oracle Argus Safety Version 7. The fundamental idea behind the consortium is that customers take advantage of lower costs due to the sharing of set-up activities, validation documentation and deliverables. The Oracle Argus system would be released to the customer with a standard configuration which is shared among multiple end users.

The concept of sharing implementation activities guarantees at least a 20% reduction in costs for Consortium subscribers. The benefits to joining are:

  • Access to experienced Project/Account Manager during set-up and production
  • Get a standard configuration built on best standard practices and experience
  • Have the PhV application hosted in a certified Data Center with backup/recovery processes in place
  • Compliance and regulatory expertise and support during inspections
  • Use of International Standards (GAMP5) and Internal QMS
  • Multidisciplinary team covering all validation aspects (Business analysts, IT experts, CSV specialists)

Why is the Consortium an ideal solution for pharmacovigilance departments?

Step 1: Oracle Argus Safety Version 7 is an ideal solution for managing global workflow while providing case reports and instant safety data reports and analysis. It is an up-to-date pharmacovigilance system that meets all the requirements of computerized systems in the GVP environment. As an Oracle Business Processing Services (BPS) provider, ARITHMOS provides the Oracle Argus Safety license with payment based on cases entered in a defined time period with no annual maintenance fee.

Step 2: The Consortium initiative also covers compliance and Computer System Validation aspects of pharmacovigilance through a Quality by Design approach. As a member of the Consortium, a cross-functional team of validation experts are available to make sure the system is maintained properly through periodic review and change control.

Consortium ROI: Consortium membership guarantees cost reduction through the sharing of implementation activities and documentation. However, the real Return on Investment comes from access to validation experts, advice and feedback from other Consortium members and access to “My Oracle”, which is Oracle’s official web portal for the support of its applications – guaranteeing a smooth, compliant and risk free pharmacovigilance process.

The Consortium is a yearly initiative with limited subscriptions available. For more information on a pharmacovigilance system migration project and Consortium membership, contact ARITHMOS at info@arithmostech.com.




Pharmacovigilance Practices Part I: Argus Data Migration

In this two-part blog, ARITHMOS takes an extract from its article series on migrating safety data and cases from legacy pharmacovigilance systems to Oracle Argus. ARITHMOS describes the process involved in data migration and validation principles and considerations during the production phase to ensure efficient and cost-effective pharmacovigilance practices. In Part II of this blog, coming next week, ARITHMOS will discuss what happens after migration and how joining its consortium initiative can result in considerable cost savings.

Oracle AERS premium support will end in 2015, and various other pharmacovigilance systems offer limited support. Therefore, ARITHMOS recommends a data migration project to Oracle Argus Safety, which is an up-to-date pharmacovigilance sytsem that meets all the requirements of computerized systems in the GVP environment.

Hand press on First Aid Symbol , medical background

How would an implementation project work?

As an Oracle Business Processing Services Provider (BPS), ARITHMOS provides the Oracle Argus Safety Version 7 license with payment based on cases entered in a defined time period with no annual maintenance fee. The process for migration includes:

  • Business Requirements Analysis
  • Configuration Analysis
  • GVP Validation Assessment
  • Detailed User Requirements definition (including configuration workshop)
  • Data Migration strategy
  • Configuration set-up and pilot testing system design specifications
  • Design, Build and Test Data Migration solution
  • System Installation
  • Validation Testing (IQ, OQ) and Business QC of migrated data
  • End Users training and User documentation
  • Validation Testing (PQP) and Production Data Load
  • Validation Report

This process can take an estimated 6-8 months to complete, therefore if a legacy system is still in place in your company, it is best to begin the migration process.

Due to increased regulations on safety data and the need to improve data quality, ARITHMOS can guarantee real-time reporting solutions for Oracle Argus Safety Version 7 including integration with Oracle Business Intelligence with reports directly on smartphones and tablets.

Validation Principles and Best Practices

The data migration progress guarantees:

  • Risk Based Approach
  • Proactive validation
  • Use of international standards (GAMP 5) and Internal QMS
  • Use of templates and validation scripts
  • Monitoring and control over the project
  • Multidisciplinary project team covering the key aspects of validation (business analysts, IT experts, CSV & QA specialist)

A dedicated Account Manager will provide support during the production phase including operational technical support, user access management, periodic review and support in preparation and conduction of regulatory inspections. ARITHMOS can also support in the decommissioning of the legacy pharmacovigilance system.

argus safetyIn Part II, ARITHMOS will explore what happens after data migration and how companies can properly maintain their pharmacovigilance system. If your company is considering a migration project from a legacy system to Oracle Argus Safety Version 7, schedule an assessment meeting with ARITHMOS to learn your business and user requirements.

FDA 483s & Warning Letters and How to Avoid Them

computer_warningThis week ARITHMOS has been focusing on Computer System Validation and the importance of implementing a proactive approach to system validation and maintenance. In this week’s blog post, we look at FDA warning letters, what they mean and how to avoid them by following the computer system validation life cycle.

Warning Letters represent two of the three steps that are important to a GxP assessment of deviations.

  • The first step are deviations reported on the well-known FDA-483 Form by an FDA inspector at the time of inspection.
  • A Warning Letter is issued if the EIR (Establishment Inspection Report) written by the inspector has been checked by the head office and the deviations have been classified as significant or the statement on the elimination of the faults has been classified as insufficient.

If the answer to the Warning Letter is also insufficient from the FDA’s point of view, they enforce step three:

  • The inspected site cannot manufacture products for the US/American market until further notice

What are the most notable deviations that result in FDA-483 forms and Warning Letters?

  • No individual passwords which can cause repudiation problems
  • Insufficient system security
  • No electronic audit trail
  • (Electronic) raw data not saved or lost
  • No correlation between e-records and paper print-outs
  • No back-up of data
  • No prevention of data deterioration during archiving
  • Lack of or inadequate computer system validation

Implementing a CSV Plan to Avoid FDA-483s and Warning Letters

Sponsors can avoid the deviations above by performing a risk assessment on their computerized systems and then maintaining system performance through periodic reviews and change control. The Computer System Validation life cycle follows a process that tests systems throughout the Software Development Life Cycle (SDLC).

For example, let’s look at the requirements for Electronic Records and Electronic Signatures (ERES). ERES requirements are related to the validation of the system and maintaining the system in a validated state. Inspectors will look at a combination of technical controls provided by the system and procedural controls provided by users or administrators of the system.

Therefore, how can Sponsors approach CSV?

  • Planning and Requirements: Validation should cover both technical solutions and the implementation of any procedural controls for electronic records and signatures. Define compliance requirements, create a validation plan and define user requirements.
  • From Designing to Deployment: Design and build requirements, perform development testing  and deploy the system to satisfy all user requirements
  • “In Use”: Provide training, define a security procedure in a System Access Plan, retain records according to their retention period and record copies which need to be provided during inspections.
  • Cross Phase: Ensure that anyone who develops and maintains systems has the education, training and experience to perform the tasks at hand. An appropriate Document Management Plan should also be defined including a maintenance plan according to change control. Also ensure that a Change Management Process is in place to maintain the validation status.
  • Decommissioning: Systems should be decommissioned in accordance with a Decommissioning Plan. Validation documentation must be archived and data maintained in according to the retention period. Even if the system is decommissioned, it must be guaranteed that copies of records are available during inspection.

The FDA requires that organizations comply with all applicable regulatory validation requirements including validation of design, computer software for its intended use and software changes before approval and issuance. Contact ARITHMOS to discuss or strategic and maintenance approach towards CSV and our expert advice on how to avoid FDA (and other regulatory bodies) Warning Letters.


Quality by Design: Risk-Based Approach to Clinical Trials

Internet gamblingLast week, ARITHMOS attended the GIQAR conference in Italy which focused on managing changes to GxP guidelines. ARITHMOS’ Stefano Piccoli presented at the conference on the topic of Quality by Design and how to prevent failure in monitoring by anticipating and mitigating risk when it comes to technology solutions.

The overall problem is that current practices in clinical research are not proportionate to risk or well-adapted to achieving the desired goals. Some origins of this problem include:

  • The costs of clinical development
  • Globalization of clinical trials which complicates the regulatory and business environments
  • Risk Aversion
  • Poor study design and processes
  • Failing to identify the individual implementation needs of quality control activities

The goal of Quality by Design is to build in quality prospectively rather than “test it in” retrospectively. This means identifying in advance the risks to quality and planning how to avoid them.

In terms of Quality Risk Management, the FDA is expecting a shift from data-heavy NDA/BLA submissions to “knowledge-rich” submissions with insight from QRM practices. Likewise, the EU expects risks to be identified prospectively and concepts to be applied at the early program design stage before individual trials are running.

How can Quality by Design help in clinical drug development?

  • Designing optimal infrastructure
  • Optimizing processes and systems
  • Mitigating risks associated with clinical programs and individual studies
  • “Fit-for-purpose” monitoring
  • “Fit-for-purpose” training and communication
  • Enhancing GCP compliance and reducing audit/inspection findings
  • Meeting health authority expectations
  • Reducing the likelihood of costly errors
  • Getting it right the first time and avoiding the need to “fix” it down the road

Risk Based Approach to CSV

Computerized systems that support GxP processes must be validated in proportion to the level of risk they present to patient safety, product quality and the integrity of regulated records. The validation effort should be concentrated on the areas with the most risk.

There are 5 steps to a Quality Risk Management process which is designed to scaled according to the level of risk, complexity and characteristics of individual systems.

  • Step 1: Perform Initial Risk Assessment and Determine System Impact
  • Step 2: Identify Functions with Impact on Patient Safety, Product Quality, and Data Integrity
  • Step 3: Perform Functional Risk Assessments and Identify Controls
  • Step 4: Implement and Verify Appropriate Controls
  • Step 5: Review Risks and Monitor Controls

ARITHMOS’ team of expert CSV and Life Sciences Application consultants, certified in COBIT 5 and ITIL, provide two approaches to Computer System Validation. The strategic approach involves appropriate expert planning, risk assessment, business process analysis and defining user requirements. In the maintenance approach, on-going project management and periodic compliance reviews ensure technologies are safe and accurate for end users through a continuously documented process. 

To schedule a pre-assessment meeting with one of our experts, contact us at info@arithmostech.com.


A Strategic vs Maintenance Approach to Computer System Validation

keyboard-with-security-buttonAs mentioned in our last blog post on IT quality, the costs associated with poor quality outweigh the costs of investing in validated, quality systems. IT quality and validation deliver systems which are fit for their purpose and comply with pharmaceutical regulation requirements. This week, ARITHMOS outlines a strategic vs. maintenance approach to Computer System Validation best practices. 

First of all, Sponsors should know that computer system validation in the pharmaceutical industry is applied from discovery through to manufacturing and supply. The GxP standards – including Good Laboratory Practice (GLP), Good Clinical Practice (GCP), Good Manufacturing Practice (GMP) and Good Distribution Practice (GDP) – are applicable throughout the drug life cycle, and Sponsors should be asking themselves:

  • Do we have documentary evidence to prove our systems work as expected?
  • Are our systems developed, used and supported in a controlled manner?
  • Are we in compliance with 21 CFR Part 11 and/or EU Annex 11 and do we know how they differ for our drug development in Europe vs. US?
  • Have we assessed our systems in accordance with GAMP 5?
  • Are our systems validated according to industry and international standards?

Sponsors can take a strategic or maintenance approach to Computer System Validation – or even a hybrid model of strategic implementation and and continuous follow up.

The strategic approach to CSV means appropriate and expert planning, risk assessment and defining user requirements to guarantee the best approach. This includes business analysis by an expert consultant to include a gap and risk assessment, validation and mitigation plans, strategic planning and initial training.

Once a computer system is validated, it is important to maintain the system’s IT quality to avoid malfunctioning systems and to keep up-to-date on changing regulatory requirements. Risks associated with not maintaining IT quality include:

  • New vulnerabilities will no longer be collected, reported or analyzed
  • High risk of cyber attack on data integrity and data confidentiality (especially is working on a cloud-based environment)
  • Potential violation of data security laws
  • Non-compliance with industry standards

A maintenance approach to CSV would ensure technologies are safe and accurate for end users through a documented process for ensuring the system continuously does what it is designed to do. In a maintenance approach, services would include on-going project management, periodic review, change control, internal audit support and continuous training.


ARITHMOS has a team of expert consultants who provide strategic advice on the right validation plan for your computerized system in the pharma industry. We also provide on-going project support for maintenance activities including offering a flexible pricing model: either on a case-by-case basis or a fixed fee monthly rate.

Contact ARITHMOS’ CSV experts for a pre-assessment meeting to see which approach works best for your company. Contact us at info@arithmostech.com. 

Avoiding the Risks and Costs of Poor IT Quality: Computer System Validation for Clinical Trials

Between 40-60% of software defects can be traced back to errors made during the requirements stage.

In anticipation of next month’s GIQAR conference in Verona, Italy, ARITHMOS discusses the risks and costs associated with poor IT quality in the clinical trial environment. Implementing best practices for Computer System Validation will help Sponsors comply with regulatory standards and avoid paying high costs for IT support and bug fixing down the road. 

scheiThe costs of IT quality can be an investment: from documented planning and prototyping to review and inspection and test execution. However, the costs associated with poor quality normally outweigh the costs associated with good quality.

Defect correction, including diagnosis and bug fixing, can produce enormous costs for companies. More importantly, external failure can cause huge losses for a company. Operational defects can lead to lost productivity and lost sales. On a more serious note, it can lead to a delay in new drug approval or even regulatory fines.

The FDA has taken the initiative to improve IT quality in both clinical practices and manufacturing. In just the past decade, several pharmaceutical cases have been brought to justice under the FDA’s strict policies:

  • Case 1: a pharma company was fined $297 million USD plus 18.5% of drug sales; the drug was discontinued and 2 manufacturing plants were closed
  • Case 2: a pharma company faced a $650 million USD financial penalty and the closure of its manufacturing site for failure to meet quality standards for diabetic medication

Computer System Validation (CSV) is one way to ensure IT quality and provide documentary evidence (such as plans, records and reports) to guarantee a system works as it should. CSV can prevent software problems before reaching the usage environment.

The FDA is aiming to strengthen its CSV standards by aligning them with international standards like ISO 9000:2000. 21 CFR Part 11 compliance is required for electronic records and electronic signatures. CSV is essential in this case because the FDA requires all computerized systems with GxP electronic records to be validated.

stock-footage-portrait-young-female-hospital-doctor-using-computer-to-input-data-on-clinical-trialsEU Annex 11 requires that all computerized systems used in GxP-regulated environments are compliant in order to ensure integrity of records and data. It applies to the European Union and all foreign manufacturers who are seeking EU market approval.


How can companies ensure IT quality?

Quality means that the systems and the services you deliver meet specifications and is achieved by providing the desired functionality with minimum defects. A quality product has the following attributes:

  • Usability: it does what you expect
  • Availability: it is ready when you want it
  • Reliability: it does not breakdown and has a long shelf life
  • Maintainability: if it does break, you can fix it; if requirements change, you can modify it
  • Trustworthy: you know the end result – always
  • Affordability: the value to the business outweighs the costs

ARITHMOS has extensive experience in validating systems in the healthcare sector. To ensure patient safety and full adherence to regulatory requirements, we validate regulated systems in a cost-effective, efficient and fully compliant manner. We provide full evidence of the validation exercise, and when requested, fix non-compliant areas. For inquires regarding our CSV consultancy services, send us an email at info@arithmostech.com.