In light of recent FDA guidance on data integrity, the challenges and benefits of using the public cloud to deploy and use data management software are discussed.
By Stuart Ward
In December 2018, FDA published the long-awaited Data Integrity and Compliance with Drug CGMP–Questions and Answers Guidance for Industry. The document provides clarification on how data should be captured to most effectively preserve its integrity, primarily in the current good manufacturing practice (CGMP) regulated space (1).
The document also highlights how organizations are increasingly moving to new, paperless environments, with much of their data now captured using electronic systems. Because of this change, many organizations are subsequently adapting and adjusting their working practices—which were acceptable when paper was being used to record the primary data—to make sure that the requirements of ALCOA (Attributable, Legible, Contemporaneous, Original, and Accurate) can be met.
Changing working practices and regulations
One example from FDA’s guidance document describes the use of shared login accounts. Previously, shared accounts have been used to conveniently access a range of computerized systems. In the past, this practice was generally accepted because the data that were being captured were initially written or printed out and then stuck into a paper laboratory notebook, which was assigned to a specific user and defined as the source of the data. But as organizations have moved to new systems where all of the data are captured and documented electronically with the use of software such as electronic laboratory notebooks (ELNs) and laboratory information management systems (LIMS), the expectations of both organizations following the regulations and the agencies generating the regulations have changed.
The main reason for this is the ‘extra’ information and workflow processes that the electronic systems can easily provide over paper when configured and used appropriately. Lots of additional information—like when individual user accounts are used, when data are initially captured by the electronic data management application, details about the user performing the work, and when the work occurred and where it took place—can be automatically captured in a system’s audit trail.
Using technology to automatically flag deviations
In addition, electronic data management systems can be set up to provide alerts when data entries are not as expected, or when a defined process has been deviated from.
Instead of the user and/or quality assurance reviewers needing to ‘hunt’ for deviations by looking at all of the data captured in a paper record, electronic systems can be configured to provide automatic alerts or reports to highlight deviations from a defined workflow. This is in addition to the time saving that an electronic data management system can provide by reducing manual manipulations of the data, for example by being directly integrated to the instruments and other systems generating the data instead of having to copy and paste or write the information on paper.
By using electronic data management systems instead of historic paper notebooks, the organizational data review process can be made far easier and much more efficient.
Improving reporting using electronic submissions
The other main benefit of electronic systems comes at the reporting stage. If all of an organization’s data has been collected electronically, this can improve the process of reporting to assist with decision making and generation of submissions to the regulatory agencies.
Some regulatory agencies have already expressed their preference for electronic data submissions instead of paper ones, like the Standard for Exchange of Nonclinical Data (SEND) for the presentation of nonclinical data. This is a trend that is only likely to increase as technology becomes more advanced.
Other than reducing the amount of paper that needs to be used, which can often be considerable, electronic data submissions also reduce the need for error-prone manual transcription processes that frequently have to be performed to interpret and review data.
Ensuring data are submitted in a standard electronic format also means that the regulatory agencies can review the data using their electronic tools and processes in a consistent and efficient manner.
But what does this mean in practice? Faster reviews will naturally benefit both the organizations making the submissions and the regulatory agencies viewing the data. But the real benefit is how an expedited submission process can reduce the time it takes to get a new drug to market, which benefits the consumer.
Managing ever-increasing quantities of data
Because electronic systems generally make it easier for users to capture and report on their data compared to paper-based processes, most organizations are now seeing an increase in the amount of data that is being collected and stored within their computerized systems. In turn, with more information available than ever before, regulatory agencies are also demanding more information to ensure they can be confident that the data being collected and reviewed are complete, as demonstrated in the FDA guidance document previously mentioned.
There is an obvious knock-on impact also. Organizations creating more data will need to find an effective way of storing this new and valuable information; for some, this will mean evaluating and ultimately improving the computing infrastructure that they have in place. Historically, companies have provisioned the infrastructure ‘on-premise’ either in a location on-site or in a third-party hosted data centre. Increasing the amount of on-premise computing infrastructure usually means that extra servers need to be purchased, which can take a considerable amount of time and does not necessarily meet the ever-changing needs of the businesses involved.
Finding new, flexible solutions to effectively store regulated data
Wary of the limitations of on-premise solutions, many organizations are looking for different ways to run their data management systems with a focus on flexibility to meet the changing needs of their business.
Some are using private or public clouds—which can be scaled to meet demands—for the provision of the computing infrastructure to host the software, or are turning to vendors that provide software-as-a-service (SaaS), which provides the ultimate control when it comes to flexibility by allowing organizations to pay for what they use. As well as providing an environment that can easily be changed to meet the demands of the organization, using the cloud can also have a number of other benefits to the organization producing data for regulated use. In particular, data security, which in turn helps provide data integrity.
The benefits of moving to the cloud
A cloud provider will generally have more specialized staff members focused on providing a secure infrastructure when compared to organizations providing on-premise data centres. Because security is a crucial part of a cloud provider’s business model, the increase in staff numbers is expected. Without this emphasis, the cloud would simply not be viable, particularly for scientific domains where data security is of the utmost importance.
Also associated with this is a clear separation of duties when using a cloud provider. The cloud works in a similar way to a laboratory environment, where you have a separation of duties between the user collecting the data versus the person who is responsible for reviewing that the data are correct.
For a cloud environment, access to servers is restricted to only allow people who both have to interact with the hardware and do not know what is stored on the machines there. This provides a significant level of protection because it would take more than one person to perform an adverse event.
Moving from an on-premise environment to the cloud
Moving to the cloud can pose several challenges for organizations moving from an on-premise deployment. These challenges mainly concern how the regulations are interpreted and what controls are put in place. For example, when deploying software on premise, it is possible to visually inspect the infrastructure, whereas this is not possible with the cloud—as providers rightly view access to their sites as a security risk.
While this could easily be interpreted as a limitation, these constraints can also be a benefit for software deployments where data integrity is paramount, as discussed previously. To support this, industry groups, such as PhUSE, have created cross-functional working groups to help break down barriers and make it easier for organizations to move their regulated deployments from on-premise to the cloud.
Asking more of the cloud and new technologies
Organizations that have made the move to the cloud are now asking how it can provide even more benefits. Businesses are turning to emerging technologies such as machine learning and artificial intelligence to see if the data collected can be enhanced to gain more value and speed up the decision-making processes.
To successfully use machine-learning techniques, organizations need to produce large amounts of data. But as highlighted earlier, a large amount of data is one of the main reasons that organizations are moving to the cloud.
One area where machine learning has been successful is around image analysis, where the time it takes to analyze the image can be reduced alongside the additional benefit of accuracy being improved.
The question is, can machine learning help in other areas, such as the data review process performed by organizations or regulatory agencies? Could the time and accuracy of the process be further improved to get drugs to market faster?
Future-proofing using the cloud
Historically, organizations with data management applications that capture good practice data for regulatory purposes have been responsible for the whole deployment. This included the provision of the infrastructure, the installation and configuration of the software, and confirmation that user requirements were met.
Today, the use of electronic data management systems is widespread and the move from using software on-premise to the cloud is gathering pace. These strategies can provide organizations with a number of efficiencies, even for those with the important task of managing regulated data.
In addition, the new technologies, such as machine learning, which can be accessed through the cloud, should be able to provide some further improvements around how data for regulated purposes can be captured, analyzed, and reported on.
1. FDA, Data Integrity and Compliance with Drug CGMP–Questions and Answers Guidance for Industry (CDER, December 2018).