Regulatory transformation: cloud reality check

    Industry debate at AMPLEXOR’s conference examined role of cloud services in driving the next generation of regulatory information management in life sciences.

    Subscribe to our blog

    An industry debate at AMPLEXOR’s annual user conference in June examined the role of cloud services in driving the next generation of regulatory information management in life sciences, and I want to share with you the main points of the discussion.

    The need for regulatory information management (RIM) transformation is driving new interest in cloud services, particularly access to the latest applications via Software as a Service (SaaS) delivery models. But there are different approaches to the cloud, and data sensitivities to consider, so it is rarely a straightforward decision.

    It was in this context that AMPLEXOR recently hosted a major industry panel debate, keen to sort the fact from the fiction and establish some best-practice approaches to cloud-based service use in life sciences. The discussion, chaired by Steve Scribner of consultancy The Scribner Group, brought together heavyweight regulatory experts and consultants from across the sector: Romuald Braun of uanotau; Peter Brandstetter of IBM’s GBS Life Sciences team; Torben Thorhauge of NNIT; and Steve Gens of Gens Associates. The audience, made up of AMPLEXOR customers, also participated in the debate.

    Current cloud adoption

    Chair Steve Scribner opened the debate by asking whether cloud is now the subject of serious intent for pharma organisations. Torben Thorhauge of NNIT said he saw cloud options increasingly being included as a serious option in RFPs, with hybrid models rising in popularity as companies test the water – dedicated solutions, but provided using a cloud payment and cloud deployment model. The more innovative companies were striving to be (for example in exploiting the Internet of Things), the more likely cloud was to be on the agenda.

    IBM’s Peter Brandstetter noted that big data ambitions have prompted many companies to use the cloud, because of the complexities of trying to consolidate and analyse data from numerous different sources - something that can be hard, if not impossible, to achieve via traditional internal systems.

    Members of the audience brought their own experiences to the table, noting that in many cases users and teams are already using cloud-based applications and services without even thinking about it, in the form of Google Docs for example. The point is that users simply have a job to do; they don’t care about where the data or application is hosted.

    Technology advances ease the transition

    For companies seeking to empower users, the cloud cuts through any worries and cost of upgrades, validation and maintenance (because the external service provider takes this on), as well as the need for specific technological expertise that can be expensive to maintain internally.

    Thorhauge emphasised how far cloud services have advanced too, challenging the perception that something isn’t secure if it’s in the cloud. Data security has always been a cause for caution in relation to cloud adoption, particularly in such a heavily regulated industry, but the panel agreed that companies are able to see past this now.

    Steve Gens pointed to findings from recent surveys conducted by his consultancy, which reveal a growing acceptance among life sciences companies - that cloud service providers can even help this cause, providing even greater protection than companies can achieve under their own steam. Between 2014 and 2016 the number of companies using SaaS had nearly doubled, and a large proportion claimed the SaaS environment was proving better for access and security than internal firewalls and systems. That’s a pretty big statement, he noted.

    The fact that the FDA is positively encouraging the industry to investigate cloud shows the perception of control is changing, the panel agreed.

    One major consideration is data sovereignty and regulatory limitations on where certain types of data can reside and who can access it.

    Ensuring data sovereignty means thoroughly evaluating the service provider’s set-up. Just because the cloud company is located in Europe, the data won’t necessarily be held or processed there: cloud provider may have subsidiaries or partners in other regions which they use to balance demand, for example. But the right provider and solution will be out there, if companies do their homework. Some companies may feel more comfortable choosing a private cloud if personal data is involved because of the implications of sensitive data breaches.

    Matters of control

    The conversation then turned to issues of control. Scribner noted that after 24 years of being involved in content management in pharma, he has witnessed a strong preference for companies to tailor their own systems based on individuals needs or requirements. This could have a bearing on their interest in using fully blown cloud services where resources are shared with other companies.

    Romuald Braun of uanotau noted that these so-called ‘multi-tenanted’ cloud environments give fast, easy access to functionality through a focus on simplicity – something that can’t really be applied to a task like creating a submission, or reacting to adverse effects – events which could trigger changes to 5,000 products in 50 countries. Although 80% of a company’s particular process might be the same as another firm’s, would they really want to be reduced to a one-size-fits-all scenario, he wondered.

    Steve Gens pointed to the confusion around the many cloud and SaaS variations, which he has seen reflected in his firm’s industry surveys. Rather than dwell on these differences, he prefers to focus on the value being delivered by cloud delivery options.

    Although some larger organisations have the budget to furnish a vast internal IT department, the economies of scale, the automated processes, and the high security now associated with cloud alternatives are compelling. It is a growing challenge for companies to keep skills up to date internally too, given the technology skills crisis: again the cloud can help by removing the need for life sciences companies to be experts in all facets of technology, because someone else is taking care of it.

    New normal, new priorities

    The bottom line is that QA departments need to think differently about provisioning IT if they want to stay ahead – and the signs are that many have recognised this. Of the 15 companies which indicated they are using cloud-based applications for regulatory information management in Gens’ most recent industry survey, two-thirds said they had seen faster product innovation compared with internal systems, as well as a significant improvement in implementation time. This is due to standardisation at the application and process layer – for example of the clinical trial master file, and common practices. The issues of whether it’s a private or a multi-tenanted cloud is just an implementation or cost decision.

    IBM’s Brandstetter suggested that ‘sharing’ resources would offer companies more advanced options in future – not simply the greater economic benefits of using the same systems and software, but also to pool data. He noted that some pharma companies are already using IBM’s Watson Health cloud system to share data across organisational boundaries for the greater good.

    The panel agreed that we would almost certainly see a range of cloud variations co-existing, to meet different conditions and levels of criticality, rather than the Utopia of one definitive cloud environment, and that on-premise options would probably still have a role to play for certain applications and scenarios.

    Torben Thorhauge of NNIT suggested, for example, that the cloud may not be ideal for business-critical applications, or situations where companies need to be sure of high performance. The private cloud may be best here, he said. In other circumstances the issue may be convincing staff that SaaS is the best route, or the need to perform extensive configuration/alterations to the system to adapt it for the organisation’s specific needs.

    As companies start to look more seriously at the cloud, they also need to change the way they plan IT initiatives so that they can take advantage of the cloud as and when they decide they need to. Scribner proposed reconsidering internal processes in the light of cloud options. One of the advantages of a cloud-ready strategy, he said, is that it encourages firms to move away from more localised thinking towards greater harmonisation, supporting business change on a more global basis.

    Continuing the conversation

    As the debate drew to a close, the more reticent cloud evaluators in the room appeared to be in the minority, amid a growing acceptance that cloud does seem to be the answer to a lot of the challenges currently facing life sciences Regulatory Affairs and Quality Assurance teams, as well as their counterparts in other business functions.

    It will be interesting to chart the latest shifts in attitude and approach to the cloud at a follow-up debate next year. A lot can change in 12 months.


    Download Cloud-based Regulatory Transformation White Paper

    Published on 19/10/16    Last updated on 01/07/19

    #Regulatory Information Management (RIM), #Digital Strategy, #Life Sciences

    About the author

    Sinisa started his professional career at Pliva (now member of the TEVA Group), where in addition to his responsibilities in manufacturing, he also engaged in successful EDMS implementation project. Belina later joined KRKA’s Regulatory Affairs Department, and finally moved to AMPLEXOR. He applies his detailed knowledge of pharmaceutical documentation and processes to areas of business process analysis and optimization of EDMS.


    Participate in this discussion