Improving IT Compliance Return on Investment
In a tight global economy, with pharmaceutical companies facing a steep revenue decline over the next two years, IT needs to improve its image – something that will be increasingly difficult as companies trim capital investments and IT budgets face cuts of 18% or greater.
Just 25¢ of every 1$ spent on information technology goes to new projects; the rest of the money simply keeps the lights on. Is it any wonder that less than 15% of pharmaceutical executives see information technology departments (IT/ICT) as enabling business success? (“IT Spending, Staffing & Technology Trends: Pharmaceutical and Medical Device Sector,” Computer Economics, 2007)
Improving IT’s overall return on investment (ROI) is beyond the scope of any article – many books have been written and academic studies undertaken in pursuit of IT’s ROI – but what I can cover are ways to improve the cost effectiveness of IT in regulatory and quality systems compliance.
Role of IT in Compliance
For several years now, I’ve been a guest lecturer at various Virginia business schools on the role of IT in effective compliance. Under a conservative interpretation, IT’s role is limited to automation (and thus the purchase of new software systems and computer hardware) and administration of that automation (often resulting in outsourcing to lower costs). While this “glorified mechanic” role of IT may suit technology vendors and consultants, it does not sit well with most up and coming executives I’ve counseled.
In my conference lectures and corporate workshops, I advocate a more advanced service role where IT’s emphasis is less on technology and more on information stewardship. As a I point out in my presentation, there are no legal statutes governing technologies or computers, but there plenty of rules and requirements governing information integrity, controls and retention. To quote the words of one newly risen Chief Information Officer (unwittingly echoing FDA officials), “We cannot buy compliance.”
And therein lies the key to unlocking a greater IT return on investment when it comes to regulatory compliance pharmaceutical quality systems.
Three Things Money Can’t Buy
When I counsel management teams and quality systems executives struggling to put in place reasonable 21 CFR Part 11 strategies, there are three tactics I help them adopt that cost next to nothing but pay big dividends when the inspector shows up:
- garbage prevention
- accurate documentation
- up-to-date policies and procedures
Push aside all the complicated legal wordsmithing of statutes, set down the guidance documents and regulatory preambles. If you had to define compliance in plain English, what are you left with? Compliance is valid proof (e.g., documents, records, data, signatures) of following the rules. The records are the facts, the proof of your intent to play by the rules. Under this simplified approach, IT’s role is to safeguard the electronic integrity of this proof.
There is an old adage in IT, “Garbage in, garbage out.” A good IT compliance strategy with a high rate of return revolves around a single question: How will this XYZ activity / project / technology keep good proof from becoming garbage? Put it in a real world context: How will buying a new laboratory information management system (LIMS) keep your laboratory data from becoming corrupted, lost or manipulated?
You are the only who can force this threshold question. Requiring an answer to this question will help you gain the confidence, the know-how and the understanding of how to prevent garbage in the context of your organization. Just requiring an answering to this question alone will put you above the majority of your competitors.
No one wakes up in the morning excited about getting to work documenting anything – at least I’ve never met them. In all my years in IT, coming up through the help desk ranks all the way up to CIO, I had to drag myself (and my teams) kicking and screaming to write the documentation for any system or project – much less keep it up to date.
Many IT organizations jeopardize their credibility by adopting what I call the “driver’s license” model of documentation. Think of your driver’s license. Are you really that weight on your license or did you skim a few pounds? Did you add an extra half-inch of height? Do you still have that much hair? Is it really still all brown? The same holds true for computer system documentation (e.g., the proof that your system is capable of maintaining other records with integrity). More often than not, computer system documentation is woefully out of date.
One of the best ways to improve efficiency, particularly when dealing with validated systems, is to keep that documentation up to date. When money is tight, decisions are often delayed. Chances are, you have a project or support team or two with time to fill. Document, document, document.
Up-to-Date Policies and Procedures
The same driver’s license model can be applied to your policies and standard operating procedures (SOPs). As part of the best practices I recommend to my clients, use an IT departmental annual quality systems management review to regularly assess your policies and procedures. Identify the ones that need to be updated, written or retired. You can see a simple, straightforward method to tackle this in my recorded seminar, Best Practices for Quality Systems Management Reviews.
The same computer economics report I cited at the beginning of this article also stated the number one benefit agreed upon by non-IT executives of good IT compliance: the improvement of business processes. Unfortunately, as long as IT departments center themselves on technology commodities, IT will never achieve a high standing in the boardroom.
Focus on the goal of IT compliance: electronic proof integrity. Craft an IT compliance strategy of record integrity, documentation accuracy, and policy and SOP currency to achieve better results, better compliance, and a better bottom line.
Are you ready?Adapted from an article published in Pharmaceutical Processing, March 2009