Improving IT Compliance Return on Investment
Wed, 02/18/2009 - 6:38am
Just 25¢ of every 1$ you spend on information technology goes to new projects; the rest of your money simply keeps the lights on. Is it any wonder that less than 15% of pharmaceutical executives see information technology departments (IT/ICT) as enabling business success?1 In a tight global economy, with pharmaceutical companies facing a steep revenue decline over the next two years, IT needs to improve its image something that will be increasingly difficult as companies trim capital investments and IT budgets face cuts of 18% or greater.
Improving IT's overall return on investment (ROI) is beyond the scope of any column many books have been written and academic studies undertaken in pursuit of IT's ROI but what we can cover are ways to improve the cost effectiveness of IT in regulatory and quality systems compliance.
Role of IT in Compliance
For several years now, I've been a guest lecturer at various Virginia business schools on the role of IT in compliance (you can get a recorded version of one talk at http://www.ceruleanllc.com/seminars. Under a conservative interpretation, IT's role is limited to automation (and thus the purchase of new software systems and computer hardware) and administration of that automation (often resulting in outsourcing to lower costs). While this "glorified mechanic" role of IT may suit technology vendors and consultants, it does not sit well with a single one of the up and coming executives I've counseled.
In my lectures and workshops, I advocate a more advanced service role where IT's emphasis is less on technology and more on information stewardship. As a I point out in my presentation, there are no legal statutes governing technologies or computers, but there plenty of rules and requirements governing information integrity, controls and retention. To quote the words of one newly risen Chief Information Officer (unwittingly echoing FDA officials), "We cannot buy compliance."
And therein lies the key to unlocking a greater IT return on investment when it comes to regulatory compliance pharmaceutical quality systems.
Three Things Money Can't Buy
As I note in my talks, and in counseling management teams and quality systems executives struggling to put in place reasonable 21 CFR Part 11 strategies, there are three tactics you can adopt that will cost you next to nothing but pay big dividends when the inspector shows up: garbage prevention, accurate documentation, and up to date policies and procedures.
Garbage Prevention. Push aside all the complicated legal wordsmithing of statutes, set down the guidance documents and regulatory preambles. If you had to define compliance in plain English, what are you left with? Compliance is valid proof (e.g., documents, records, data, signatures) of following the rules. The records are the facts, the proof of your intent to play by the rules. Under this simplified approach, IT's role is to safeguard the electronic integrity of this proof.
There is an old adage in IT, "Garbage in, garbage out." A good IT compliance strategy with a high rate of return revolves around a single question: How will this XYZ activity / project / technology keep good proof from becoming garbage? Put it in a real world context: How will buying a new laboratory information management system (LIMS) keep your laboratory data from becoming corrupted, lost or manipulated?
You are the only who can force this threshold question. Requiring an answer to this question will help you gain the confidence, the know-how and the understanding of how to prevent garbage in the context of your organization. Just requiring an answering to this question alone will put you above the majority of your competitors.
Accurate Documentation. No one wakes up in the morning excited about getting to work documenting anything at least I've never met them. In all my years in IT, coming up through the help desk ranks all the way up to CIO, I had to drag myself kicking and screaming to write the documentation for any system or project much less keep it up to date.
As a result, many IT organizations jeopardize their credibility by adopting what I call the "driver's license" model of documentation. Think of your driver's license. Are you really that weight on your license or did you skim a few pounds? Did you add an extra half-inch of height? Do you still have that much hair? The same holds true for computer system documentation (e.g., the proof that your system is capable of maintaining other records with integrity). More often than not, computer system documentation is woefully out of date.
One of the best ways to improve efficiency, particularly when dealing with validated systems, is too keep that documentation up to date. When money is tight, decisions are often delayed. Chances are, you have a project or support team or two with time to fill. Document, document, document.
Up-to-Date Policies and Procedures. The same driver's license model can be applied to your policies and standard operating procedures (SOPs). As part of the best practices I recommend to my clients, use an IT departmental annual quality systems management review to regularly assess your policies and procedures. Identify the ones that need to be updated, written or retired. You can see a simple, straightforward method to tackle this in my recorded seminar, Best Practices for Quality Systems Management Reviews http://www.ceruleanllc.com/seminars.
The same computer economics report I cited at the beginning of this article also stated the number one benefit agreed upon by non-IT executives of good IT compliance: the improvement of business processes. Unfortunately, as long as IT departments center themselves on technology commodities, IT will never achieve a high standing in the boardroom.
Focus on the goal of IT compliance: electronic proof integrity. Craft an IT compliance strategy of record integrity, documentation accuracy, and policy and SOP currency to achieve better results, better compliance, and a better bottom line.
Are you ready?
About the Author John Avellanet is the founder of the regulatory intelligence and lean compliance program for executives and business owners, SmarterCompliance. He is the author of more than 30 articles on lean compliance and quality systems, a co-author of the book, Best Practices in Biotechnology Business Development, and a frequent speaker with FDA officials. He can be directly reached through his independent advisory firm, Cerulean Associates LLC, on the web at http://www.ceruleanllc.com.
1 "IT Spending, Staffing & Technology Trends: Pharmaceutical and Medical Device Sector," Computer Economics, 2007.