CIOApplications
  • Home
  • Applications
      • Bioinformatics
      • Blockchain
      • BPM
      • Business Continuity
      • Business Intelligence
      • Collaboration
      • Configuration Management
      • CPQ
      • Container Management
      • CEM
      • Data Platform
      • Data Preparation
      • DMS
      • e-Discovery
      • Employee Engagement
      • EAM
      • Enterprise Communications
      • Enterprise Mobility
      • ERP
      • GIS
      • GRC
      • Human Resource
      • Innovation Management
      • Inventory Management
      • IT Infrastructure
      • IT Service Management
      • IT Services
      • Low Code Platform
      • Managed IT Services
      • Marketing
      • Master Data Management
      • Mobile Application
      • Portal Software
      • Procurement
      • Project Management
      • Remote Monitoring
      • Remote Support
      • Sales
      • Software Asset Management
      • Software Testing
      • Supply Chain
      • Task Management
      • Unified Communications
      • Voice Recognition
      • Workflow
  • Verticals
      • Aerospace & Defense
      • Automotive
      • Banking
      • BioTechnology
      • Casino Management
      • Construction
      • Contact Center
      • E-commerce
      • Education
      • Field Service
      • Fintech
      • Food and Beverages
      • Government
      • Healthcare
      • Insurance
      • Legal
      • Life Sciences
      • Logistics
      • Manufacturing
      • Media and Entertainment
      • Oil & Gas
      • Retail
      • Space Tech
      • Telecom
      • Travel and Hospitality
      • Utilities
  • Technologies
      • API
      • Artificial Intelligence
      • Augmented Reality
      • Big Data
      • Chatbot
      • Cloud
      • Content Delivery Network
      • Cyber Security
      • Data Center
      • DevOps
      • Distributed Technology
      • Drone Technology
      • Enterprise Architecture
      • Enterprise Search
      • Enterprise Startups
      • Graphics Tech
      • HPC
      • IoT
      • Java
      • Load Balancing
      • Machine Learning
      • Machine to Machine
      • Machine Vision and Imaging
      • Nano Technology
      • Predictive Analytics
      • Robotic Process Automation
      • Robotics
      • Security
      • Telematics
      • Testing
      • Video Surveillance
      • Virtual Assistant
      • Wireless
  • Partner Network
      • Adobe
      • Amazon
      • Avaya
      • ESRI Partner
      • IBM
      • Infor Solutions
      • Microsoft
      • Mitel Partners
      • National Instruments
      • NetSuite
      • Nintex
      • Oracle
      • Progress
      • Salesforce
      • SAP
      • ServiceNow
      • SiteCore
  • News
  • conferences
  • Newsletter
  • About us
×
news

Subscribe to our Newsletter

Become a member of our mailing list for the latest articles, news, and exclusive insights.

news
news

Enter Your Email Address:

Thank you for subscribing with us. We sent you an email regarding this.

loading
SUBSCRIBE
  • Home
  • GRC
Editor's Pick (1 - 4 of 8)
left
Build a Cyber Security Ecosystem to Reduce Risk in the Public Sector

Build a Cyber Security Ecosystem to Reduce Risk in the Public Sector
Jonathan Behnke, CIO, City of San Diego

Digital Innovation Energizes Global Compliance Management

Digital Innovation Energizes Global Compliance Management
Daniel Hughes, CIO, Elementis Global LLC

Leveraging Compliance to Your Advantage

Leveraging Compliance to Your Advantage
Mark Bloom, Global CIO, Aegon [NYSE: AEG]

Data Analytics: Driving Actionable Business Improvement

Data Analytics: Driving Actionable Business Improvement
Rich Richardson, VP & CIO, Spirit AeroSystems

Innovative Digital Support to Leverage the Banking Sector

Innovative Digital Support to Leverage the Banking Sector
Wanderley Baccala, CIO, Banco Original

Leveraging GRC Technology to Improve Security Program

Leveraging GRC Technology to Improve Security Program
Nemi George, Senior Director of Information Security & Service Operations, Pacific Dental Services

Cybersecurity and Responsibility in the Organization

Cybersecurity and Responsibility in the Organization
Robert McFarlane, Chief Revenue Officer, Mosaic451

Avoid Non-Compliance by Getting Your SSH Keys under Control

Avoid Non-Compliance by Getting Your SSH Keys under Control
Fouad Khalil, Director of Compliance, SSH Communications Security

right

Balancing Compliance and Operational Efficiency

By Andy Newsom, CIO, CSL Behring

Tweet
content-image
IT professionals in the pharmaceutical industry have adapted to numerous changes, none more challenging than Best Practices established by agencies such as the U.S. Food & Drug Administration (FDA) to ensure regulatory compliance.

For years, the primary focus of regulators has been core pharmaceutical manufacturing processes, and not IT systems. However, in recent years the FDA established specific regulations such as CFR 21 Part 11 that apply to and impact electronic systems.

The problem was that the new regulations were vaguely written. Some were loosely interpreted and the FDA struggled with enforcement, while others were strictly applied. This put pharmaceutical IT organizations into something of a tailspin. The FDA decided to make adjustments in the regulations in order to better manage them.

Managing GxP applications has always been a challenge across the industry because of the importance of achieving balance between regulatory compliance and operational efficiency. The primary tool to manage regulatory compliance is the IT Quality Management System (ITQMS). Our ITQMS is the guiding framework made up of a set of policies and procedures to ensure compliance. It is based on ISPE GAMP5, an effective methodology that’s recognized by FDA and otherregulatory agencies. GAMP5 provides IT organizations with a risk based approach to life cycle management of GxP systems.

Pharmaceutical IT organizations are required to develop, maintain and operate GxP systems as well as non-GxP systems. CSL Behring is a biotherapeutics company that researches, develops, manufactures and markets biotherapies that are used to treat medical conditions. King of Prussia, PA based CSL Behring has a market cap of $33.52 Bn.

However, if properly developed, the ITQMS is scalable to accommodate both GxP and non-GxP systems and ensure that requirements for both systems are met. Again, a major struggle IT groups have today is balancing full compliance with regulations while maintaining operational efficiency.

The key is to not tip the scale too far in either direction. From a business risk perspective, the scale should be tipped to the compliance side. The first priority of most IT organizations is to ensure they’re developing, maintaining and operating GxP systems in a compliant state. The two primary considerations are people and process.

ITQMS, if properly developed, is scalable to accommodate both GxP and non-GxP systems and ensure that requirements for both systems are met

On the people side, establishing a global IT Quality organization is essential to ensure the structure, document, processes and sub-processes that define how the company maintains its environment in a compliant state.

The head of IT Quality is responsible for interacting with both IT and the business,keeping up with regulatory changes and addressing process improvements. Regulators want to ensure that pharmaceutical companies do not have an IT Quality organization that functions independent of GxP Quality, but rather, as a component of the company’s Quality structure. For this reason, the IT Quality head should have an organizational connection such as a dotted line into the GxP Quality organization so that the two stay connected.

This is important because when FDA performs an audit they consider the GxP Quality organization responsible for overall compliance, so the two must work well together. FDA audits of a pharmaceutical company’s IT system aren’t uncommon and can lead to an examination of operational, validation,and other supporting documentation.

First and foremost, it is important to have the right people in place. Consider the type of culture that best supports a quality mindset. In the pharmaceutical industry we like to look for people that have a background in pharmaceutical manufacturing. We feel these employees have the right culture already established.

In the past, it was widely accepted that IT skills are highly transferable across industries. For this reason, pharmaceutical companies often hired people who came out of varied industries. However, we learned over time that it’s a bit of a culture shock for those employees who are not used to the level of regulatory scrutiny in our industry, due to the added level of documentation and controls that are required. As an example, many of them weren’t prepared for the rigors of GxP change control.

The evolution of the pharmaceutical business has driven the replacement of manual processes and paper based systems with electronic computer systems. As an example, CSL Behring’s subsidiary, CSL Plasma, automated the majority of their manual systems with an electronic computer system resulting inbetter regulatory compliance along with significant efficiency gains. Regulators may still look at SOPs, but instead of paper forms and other documentation, we direct them to our computer system in which these documents are maintained electronically in a compliant GxP environment.

The fact is—some of the best technical folks are often lousy at documentation. It takes the full package to be the kind of person needed to maintain systems in a pharmaceutical business. At the end of the day, we have systems that can truly impact the efficacy of the products we produce, and that people are putting in their effort. This is why we must hold to such a high standard.

One of the big challenges in IT is finding and retaining good talent. There’s more demand than supply right now. The fact that we need to drill further down in the recruiting process for pharma experience makes it that much more difficult, as the pool of qualified candidates is further reduced.

We continue to evolve and are making good progress as an industry. Regulators are developing a better understanding of electronic systems, and IT leaders are developing a better understanding of the importance of maintaining complaint systems. This is a good thing for the industry and for business. You’re able to leverage the capabilities of an IT organization to make a difference and impact the productivity of the company.

Read Also

Innovative Digital Support to Leverage the Banking Sector

Innovative Digital Support to Leverage the Banking Sector

Wanderley Baccala, CIO, Banco Original
Leveraging GRC Technology to Improve Security Program

Leveraging GRC Technology to Improve Security Program

Nemi George, Senior Director of Information Security & Service Operations, Pacific Dental Services
Cybersecurity and Responsibility in the Organization

Cybersecurity and Responsibility in the Organization

Robert McFarlane, Chief Revenue Officer, Mosaic451
Avoid Non-Compliance by Getting Your SSH Keys under Control

Avoid Non-Compliance by Getting Your SSH Keys under Control

Fouad Khalil, Director of Compliance, SSH Communications Security

GRC Special

  • Nasdaq Bwise: A Holistic Approach to GRC
  • OCTOPUS: Unifying Security Management for a Safer Tomorrow

Featured Vendors

  • OCTOPUS: Unifying Security Management for A Safer Tomorrow
    OCTOPUS: Unifying Security Management for A Safer Tomorrow
  • ITSourceTEK: Implementing and Automating GRC
    ITSourceTEK: Implementing and Automating GRC
  • Allgress: Navigating GRC Complexity through A Bonafide Integrated GRC Platform
    Allgress: Navigating GRC Complexity through A Bonafide Integrated GRC Platform
  • ViClarity: Solid Foundation for Risk and Compliance Monitoring
    ViClarity: Solid Foundation for Risk and Compliance Monitoring

Copyright © 2019 CIOApplications. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap  |  Subscribe

follow on linkedin follow on twitter follow on rss
This content is copyright protected close

However, if you would like to share the information in this article, you may use the link below:

https://grc.cioapplications.com/cioviewpoint/balancing-compliance-and-operational-efficiency-nid-382.html