Information Management: A Cornerstone for Compliance and Security in Life Sciences Sponsored by:
Information Management: A Cornerstone for Compliance and Security in Life Sciences Executive Summary and Methodology The explosion of data in society has transformed the business and IT landscape. Life sciences companies need increasingly faster, smarter, more secure and easier-to-use systems to effectively manage and harness information. This White Paper covers the role of enterprise information management (EIM) systems in life science laboratories. Important features and uses are explored in addition to challenges and recommendations related to security and compliance. Finally, the future of information management is discussed in relation to the life science community s increasing reliance on mobile technologies and addressing the need for easy to use systems while also still speaking to compliance and security requirements. In order to ascertain the needs of the life science community with regard to information management, Advantage Business Media conducted a survey of its Bioscience Technology, Drug Discovery & Development, Laboratory Equipment, Pharmaceutical Processing, and Scientific Computing subscriber audience in June 2015. A total of 611 responses were received. 1 Introduction Life sciences companies are often challenged to effectively manage and leverage massive amounts of information that resides in a variety of systems and devices. However, increasingly sophisticated, integrated, secure, and easy-to-use information management systems are enabling these organizations to better optimize their critical operational information by ensuring the right content and data is in the hands of the right people at the right time. Enterprise information management refers to a set of solutions that enable the optimal storage and management of information. This can include data and content for the support of decision-making processes or day-to-day operations like managing and disseminating standard operating procedures (SOP). The difference between EIMs and other kinds of information systems is that EIMs can manage both structured data and unstructured content. Unstructured content refers to information assets that do not have a pre-defined data model or that are not organized in a pre-defined manner. Examples include documents, spreadsheets, images, audio and video files and E-mails. Meanwhile, structured data typically refers to objects within a database application, such as a customer or contact in a CRM solution, or lab equipment in an ERP system. 1 The chance to win a $100 Amazon gift card was used as an incentive to participate. As with most surveys, not all respondents answered each question. Therefore, all percent-of-total calculations are based on the total number of respondents answering each particular question. Due to rounding, totals do not always equal 100 percent. 1
Integration According to the Advantage Business Media survey, EIM integration with other systems is one of the most important capabilities in a platform, and it was also identified as the biggest pitfall of users current information management systems (IMS). An EIM system enables organizations to manage their structured data and unstructured content residing in different business systems from a single unified platform. Metadata serves as the bridge that connects these two data sources. A bridge between content and context that provides a full view of the relationships that exist between all objects. For example, an object in an EIM solution for a lab project can display team members, all documents associated with the project, tasks and assignments, and any other information associated with that specific project. This level of visibility enhances real-time decision making and helps to ensure projects stay on schedule and on budget. An additional benefit of full system integration is the elimination of information silos. Leading EIM solutions integrate easily and seamlessly with commonly-used business applications, thus freeing information from the confines of a specific platform or repository. Many life sciences companies are using multiple and disconnected systems for storing and managing their structured data and unstructured content, said Mika Javanainen, Senior Director of Product Management at M-Files Corporation, an EIM provider. You can t avoid the fact that organizations have many systems in use, and a key capability for an EIM solution is the ability to easily integrate with existing systems so that information is not duplicated or incorrect versions of documents are not being used for making mission-critical decisions. EIM enables companies to eliminate information silos created when important data and documents are scattered among different business systems, departments and devices. With an EIM solution, Most important features in an information management system 0% 10% 20% 30% 40% 50% 60% 70% 80% Automation Availability of templates Compliance Integration with other systems Less paper Mobile phone compatibility No sync issues with documents Policy updates Project management Searchable content Security Training requirements Other 2 Source: Security & Compliance Survey, June 2015.
content is not tethered to a specific location it can be searched for, accessed and synced between various systems and devices with no duplication of content. Via metadata, an EIM solution intelligently links information residing in structured data systems to unstructured content repositories. The result is instant access to the most accurate and up-to-date information from any system or database, which in turn leads to better, more informed decisions and increased profits. The result is instant access to the most accurate and up-todate information from any system or database, which in turn leads to better, more informed decisions and increased profits. Security One of the most important considerations for any life sciences organization is how to effectively secure and protect sensitive information. The exposure of confidential information to unauthorized individuals can be expensive and time consuming to remedy, and puts companies at significant operational risk. Defining and enforcing policies and processes for who is authorized to access, edit and approve specific documents is of paramount importance for companies of all sizes and in all industries. However, a multitude of features built into EIM systems help life sciences companies ensure that confidential information is available to the people who need it, and inaccessible and invisible to those who aren t authorized to access it. EIM solutions enable organizations to mitigate risk through enforcement of information security policies as well as tracking all document access and revision activities. Solutions enable companies to protect and control access to their confidential information with advanced metadata features that make the process of setting permissions for documents and other information both dynamic and automatic. With an EIM solution, life sciences companies can establish access permissions by user, group, role or any metadata property. This provides the ability to support advanced access control policies without scripting, and the flexibility and scalability to address even unforeseen needs that arise in the future. According to Advantage Business Media s survey, 66 percent of respondents are concerned about security when storing company data in the cloud. Furthermore, of the respondents that expressed security concerns, 83 percent identified hacking from outside sources as the top issue. Permanent Concerns with storing information in the cloud 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Hacking from outside sources Permanent loss of data due to technology issues Privacy within company Temporary loss of data due to technology issues Other 3 Source: Security & Compliance Survey, June 2015.
loss of data due to technology issues (67 percent) and temporary loss of data due to technology issues (62 percent) were ranked second and third. But with advancing EIM technology, enhanced policies and controls and multi-level security measures in place, the cloud is considered by most businesses to be a trustworthy platform. For example, a common cloud security measure employed in an EIM system is multi-factor authentication, where users receive a code via text message to log in. Secondary information is also required to grant full access to an individual. This kind of security is similar to what banks employ in the case of online banking. If a user is accessing a bank account from a device they have never used before, or haven t used in a significant amount of time, the bank will not allow the user to log in until a code, that was sent to the users bank-registered telephone number, is entered. Thus, even if an EIM user s password was hacked, the hacker would not be granted access to critical information because the device they are using would not be approved/recognized. Additional security concerns arise when employees must collaborate with business partners, contractors, temporary staff and contacts in other companies using consumer file-sharing solutions. Use of these solutions is often unregulated, uncontrolled and lack the necessary governance controls, workflow management and robust EIM functionality many life sciences companies require. Given an organization s Unauthorized employee use of file-sharing solutions responsibility to protect represent a serious security and non-compliance risk its information assets, because employees can store and share documents with unregulated use of file third parties completely out of an organization s control. sharing solutions represent Given an organization s responsibility to protect its a significant and growing information assets, unregulated use of file sharing solutions represent a significant and growing security threat. security threat. Some EIM systems enable secure cloud-based document sharing and collaboration by integrating with enterprise-grade file sharing applications. This cloud environment enables users to share and collaborate on content with others, while restricting their direct access to an organization s files. This combined solution provides co-authoring capabilities that enable multiple users to edit the same file simultaneously in a controlled manner. In addition, check-in/check-out and versioning features prevent data loss when changes are overwritten and confusion associated with multiple outdated versions. Role-based and metadata-based security controls ensure that access to specific files is restricted only to those who are authorized to view and/or edit them. Compliance Undoubtedly a key compliance concern for life science laboratories is 21 CFR Part 11, which establishes the United States Food and Drug Administration s (FDA) regulations on electronic records and electronic signatures. Part 11 confirms that electronic signatures are as good and trustworthy as paper ones. Electronic signatures supplant the need to print and sign documents, thus eliminating unnecessary paper use. Even without a stack of paper, tracking quality and compliance processes and verifying completion can be extremely time consuming. EIM systems can free up staff time by automating 4
processes like contract lifecycle management. Features such as this also allow faster review and approval as a notification is sent as soon as a document needs to be e-signed. EIM solutions reduce the risk of failing audits and regulatory non-compliance by organizing, recording and automating everything in a business. For example, EIM systems can automate quality workflows like change control tasks, assignments related to CAPAs and training requirements. This allows managers to ensure consistency while the EIM solution verifies that all employees are following procedures. The system can also keep track of all critical tasks, updated protocols and required activities and assignments to make sure changes are implemented and compliance is maintained. An additional compliance challenge identified by respondents to Advantage Business Media s survey is data archiving. The main hardship with data archiving is that records retention rules are so complex. Companies often find it difficult to formulate a retention plan making sure they keep the right records for the right amount of time, especially when using a manual process for doing so. An EIM platform can be used to manage and enforce the retention rules dynamically. In life sciences, retention rules are generated based on the type of record or the end-of-life date of a product, whichever comes first. So, if you attach a document to a product, an automated EIM can then calculate retention time based on which factor will expire first, offering users an immediate, compliance-safe answer. Mobile-enabled Workforce Work still must get done when people are away from the office, and the use of mobile devices to access and process documents has become necessary for life sciences companies operating in the global business environment. Choosing an EIM system with native mobile apps enables business users in highly regulated industries access to data repositories and workflows from iphones, ipads, Androids, Windows Phones and other popular smart devices. If an EIM offers mobile apps, then documents can be both accessed and signed. A mobile e-signature capability allows authorized employees at life sciences companies to approve and monitor processes associated with regulations like 21 CFR Part 11 anytime, anywhere. Users Demand Simple Platforms According to respondents of the Advantage Business Media survey, more user-friendly software is expected to be the biggest improvement to current information management systems in the next five years with 61 percent of the vote. More flexibility (46 percent), faster working times (51 percent) and better integration capabilities (42 percent) were also cited as expected improvements. M-Files Javanainen agrees that ease-of-use is going to be a driving force behind system improvements. Look at how the consumer products are becoming massively successful because they are so easy to use. [The industry] is really focusing on being user-friendly. Two years ago, the main motivation to buy an IMS was to ensure compliance. It s already much more user-driven than it used to be. At the end of the day, researchers accustomed to easy-to-use mobile phones and tablets expect their EIM solution to be just as easy. 5
What improvements to current information management systems do you envision in the next five years? Better training protocols 0% 10% 20% 30% 40% 50% 60% 70% 80% More cost-effective Faster More flexibility More user-friendly More customization Improved integration capabilities Improved mobile user interface Other Source: Security & Compliance Survey, June 2015. Conclusion The increase in data has fundamentally changed the way business is conducted. Faster, smarter and easier-to-use systems have been developed to assist life sciences companies in more effectively managing and harnessing critical information assets. Enterprise information management platforms achieve this by providing intelligent, integrated solutions for businesses to store and manage every kind of data. Content and process management capabilities allow organizations to ensure that compliance regulations and standards are met. Robust security features allow information to be shared for a mobile workforce, and also guarantee protection of important and proprietary data. Lastly, EIMs provide quick and easy access to the right content from any core business system and device, which leads to measurable productivity gains. About M-Files enterprise information management solutions are disrupting the ECM market by eliminating information silos and providing quick and easy access to the right content from any core business system and device. With flexible on-premises, cloud and hybrid deployment options, M-Files places the power of ECM in the hands of the business user and reduces demands on IT by enabling those closest to the business need to access and control content based on their requirements. www.m-files.com About Advantage Business Media Advantage Business Media (www.advantagemedia.com) is a data-driven marketing solutions company leveraging content, technology, and business intelligence to match its audience s job performance needs with its clients solutions. With a diversified portfolio of highly focused websites, e-newsletters, print publications, specialized directories, vertical search databases, conferences, ancillary media vehicles, and associated web-based services, Advantage serves more than one million industry professionals in the manufacturing, science, and design engineering markets. For more information visit www.advantagemedia.com. Copyright 2015, Advantage Business Media. All rights reserved. 6