2007 is shaping up to be an interesting year for highly regulated organizations including life sciences. Over the past several years, regulated communities across all industries have seen a flurry of activity to regulate everything from drug manufacturing to corporate behavior. As the economy shapes up and instability in the Middle East becomes more prevalent, it is clear that all companies, including highly regulated ones, will begin shifting focus to “bottom line” concerns and begin to step up their strategic initiatives. With the start of any new year, I will summarize my predictions and their impact on compliance process control in the coming year.
1. Outsourcing Will Be Hot!
If I could characterize 2007, it will be the “year of outsourcing”! Oh, yes… I know… you are probably saying “… we have been outsourcing for some time now… what’s new about that…?” Well, outsourcing is not a new phenomenon, but the pace will be accelerated in 2007 due to several macro factors that will have potential negative impact on the economy in North America. What will be outsourced and what is the impact on processes? Companies are seeking ever-creative ways to maximize internal resources. One way of doing this is to outsource. An interesting phenomenon that has occurred over the past few years is that non-traditional, mission-critical business processes are being outsourced. Please don’t confuse outsourcing necessarily with “offshore outsourcing”. The distinction is that some companies will use domestic talent in their outsourcing endeavors.
All of this has an impact on process. Now the question becomes, “how do we maintain the integrity of our processes when we outsource mission-critical business processes…?” This question is fascinating and has multiple answers/scenarios for prospective outsourcers. One thing though is very clear - you must maintain control of your compliance processes at all time regardless of the source of your labor talent. With increasing global competition comes an ever-increasing talented pool of labor. It is anticipated that in 2007, many companies will increasingly begin taking advantage of this labor pool for mission-critical activity and will need to develop effective process control strategies to ensure compliance and continuity of business operations.
2. De-emphasis on Corporate Governance Technology - I was absolutely fascinated by the Enron case. However, many are starting to say that excessive regulation could be as harmful as insufficient regulation. My take on the whole scandal is that regulation alone would have never prevented this debacle. The problem at its core was a lack of tight process controls to prevent such occurrences in the first place. Some companies rushed out and developed “SOX” technologies to address the problem. After four years, many have discovered that they don’t have a technology problem, they have a PROCESS problem.
I think 2007 will be the year that companies start to take corporate governance seriously. There is no one-size-fits-all technology to address the problem. It will take controlling both internal and external processes in a coherent manner to achieve the spirit of what Sarbanes-Oxley attempted to do through rushed legislation.
3. Companies Will Renew Focus On Audit Management - Over the past few years, companies across all industries have treated audit management as a necessary evil. Many companies still tackle this challenge manually. I think in 2007, there will be a welcomed renewed focus on audit management as many companies seek to become PROACTIVE about their compliance initiatives.
Everyday when I read the Wall Street Journal, I am fascinated by company after company REACTING to negative consequences that ensnare their companies. Sometimes it’s a financial audit that causes a restatement of earnings, or a quality audit that shuts down a plant, or a bank audit that reveals a lack of internal control. Whatever the situation, the company REACTS. In my work with clients on compliance issues, I am seeing an awakening among many. It is far less costly to be proactive than reactive.
I think many companies are warming up to a trend I have been talking about for years - that compliance is not a “necessary evil” but a “legal best practice”. If addressed in a strategic manner, compliance can help organizations proactively address issues before they become crises.
I am very optimistic about 2007! I think it will be another year of challenge and opportunity. Compliance process control is still a dominant trend and will be for years to come. As organizations seek to renew their compliance focus in the coming years and mature in their approach, current wisdom says that getting control of compliance processes over time is a winning strategy with clear and compelling economic benefits.
February 25th, 2007 by Valarie King-Bailey
Posted in Uncategorized, Compliance Trends & Strategy | 1 Comment »
Global organizations have increasingly been talking about accelerating business velocity - that is, increasing internal and external processes to improve bottom line performance. Although most of the discussion always leans towards improving revenue, many companies have not come to grips with the fact that none of this is achievable without effective control of processes.
In highly regulated companies, controlling mission-critical compliance processes is not just a business objective - it is a mandate through domestic and international regulations. Compliance processes are those that ensure conformance with current regulatory requirements and promote quality. As forward-thinking organizations discuss business performance objectives, they are turning to proven methodologies such as the balanced scorecard to measure their performance towards stated business goals.
As I speak to clients within the financial, life sciences, manufacturing, and process industry market sectors, a common theme emerges when discussing compliance and business performance: enterprise compliance governance. Many of these companies concede that their compliance initiatives were not addressed in a holistic manner either from a technology or business perspective. For example, my life science colleagues lament that most of their existing compliance systems infrastructure looks like a maze of disparate technology solutions. They have siloed document management systems, CAPA systems that don’t talk to their document management systems, ERP systems that are not effectively controlling their supply chain, audit management processes that are a hybrid of manual and automated procedures and so forth. This fractured approach has led to unprecedented compliance violations across the industry as some pundants site statistics such as “…over 50% of all FDA 483’s are CAPA-related…”
With all of the advanced technology on the market today, organizations are still wrestling with the most fundamental issues when driving towards the goal of accelerating business velocity. What can be done to reverse this trend which is all too common? I recommend a practical, yet pragmatic approach. My recommendations for highly regulated companies are as follows:
1. Address compliance in a holistic manner: this is the most fundamental principle to ensure sustained compliance and increase business velocity. You can turn your compliance initiatives into a competitive advantage and an effective means to accelerate your business velocity by coming to grips with the fact that achieving process efficiency can only be accomplished if your people, processes, and technology are working harmoniously together for the good of your organization. You can no longer afford to ignore this principle and keep your systems and processes segmented.
2. Embrace technology to ensure process control: most companies realize today that technology is at the foundation of the achievement of their business objectives. We cannot imagine a world without our Blackberries, email, internet, or desktop publishing technologies. You need to embrace technology and make it work to your advantage. In times past, many system implementations were fragmented because integrated solutions did not exist. There are now integrated systems on the market now that couple audit management, content management, CAPA, and other essential process management tools for your consideration. To accelerate your business velocity, you must embrace technology as a fundamental tool in your arsenal to achieve ultimate success.
3. Think Records Management: records are the derivatives of any process. Think of your HR process. Out of it comes the job application, W4’s, and all sorts of documents which are official corporate records that must be maintained according to predicate rules and government requirements. As you seek to accelerate your business velocity, you must consider how to manage the RECORDS that will most assuredly fall out of these processes. Most records developed today are in fact “electronic” records. Electronic Records Management is a technology whose time has come. Think about how you can be both efficient AND compliant.
It is facinating for me to have observed the evolution in compliance over the past two decades moving from the notion that to achieve compliance, you must get control of your DOCUMENTS to the reality that to achieve compliance, you must get control of your PROCESSES and your RECORDS.
Compliance Process Control is the key to your ultimate success.
November 9th, 2006 by Valarie King-Bailey
Posted in Uncategorized | No Comments »
Today’s Wall Street Journal (12/9/2005) has an article on corporate governance. An interesting quotation was highlighted from Kris Lovejoy, chief technology officer for Kroger who said “…Sarbanes-Oxley changed the world…” This comment begs the question, what was the world like before Sarbanes-Oxley? Good corporate governance just makes good business sense. Although the article focused on the scandal aspect of this, the real issue for organizations is managing the breadth of information that ultimately is used in managing the company. If your company is like most, you probably have multiple systems and technologies within the company and they are most likely not well integrated.
Sarbanes-Oxley is not just a technology problem as the article tends to imply. To achieve real compliance, organizations must tackle SOX with a clear strategy for corporate governance and apply technology in an optimal manner. The issue that caused many of the scandals had nothing to do with strategy or technology - there were ethical lapses of the most profound nature. However, if there were systems with comprehensive audit trails, storage management systems like EMC’s technology mentioned in the article, unethical corporate raiders would have a harder time perpetuating their deeds in secret. For example, with an electronic records management system in place, destruction of official corporate records would be virtually impossible since the electronic record is deemed the “official copy” and cannot be deleted if properly classified. Thus, you could shred all of the documents and not destroy your corporate memory.
SOX has truly awakened organizations awareness of the impact of technology applied to compliance management programs. To achieve full compliance you need an integrated system which captures your corporate memory and provides a clear audit trail of activity as a preventive measure. The term corporate governance only has meeting if the corporation is governed by sound policy. Your approach to SOX should consist of a combined tactical and strategic plan.
How’s your compliance program?
December 9th, 2005 by Valarie King-Bailey
Posted in Corporate Governance | No Comments »
I’m sure you have probably heard it all by now… I mean the theories on how to improve corrective and preventive actions. Most systems on the market today are database-driven and provide the ability to enter, track and manage the corrective and preventive action (CAPA) process. Although these systems have been on the market for years, many organizations still struggle with CAPA processes. Over 50% of all 483’s are CAPA-related. At the heart of this statistic is inefficient, hybrid processes which sometimes leave open tasks lingering well beyond an observation or event. Closing the loop on open tasks is essential to the effective management of corrective and preventive actions.
With CAPA, the process is king. To understand and achieve sustained compliance, you have to get control of the process of managing CAPA events. Process control will enable you to establish, automate, and manage corrective and preventive actions effectively.
The outcry from the industry “Can Anyone Please Assist” is a result of the frustration felt by many with the time, effort, and money spent on compliance only to find that they are still out of compliance. There are several key technologies essential to effective management of corrective and preventive actions:
1. Relational Database - CAPA events are data-driven. A robust database at it core is essential.
2. Content Management - Most often, CAPA events reference both controlled and uncontrolled documents. A good content management system is essential to ensure compliance.
3. Compliance Intelligence - Just as businesses measure key performance indicators (KPI) for actionable business intelligence, it is strongly recommended that companies leverage business intelligence technologies to deliver “actionable” compliance intelligence. This technology will yield reports and views into compliance information across the enterprise.
4. Collaboration - A good collaboration tool is at the heart of a CAPA system. Managing and implementing corrective actions is a VERY collaborative process. It mandates a level of organizational visability that goes beyond the capabilities of email and telephones. Good collaboration happens real time.
5. Process Workflow - Corrective action processes may be simple or complex. Organizations must have tools at their fingertips that allow them to map their unique processes into the system with relative ease. Emphasis on the word “relative”. The process engine must be robust and able to handle multiple processes effectively.
6. Records Management - Everything created within a CAPA system is a legal record. Emerging from all discussions on compliance is an awakening to the reality that compliance records are legal corporate records. Records management technology can be leveraged to manage this essential documentation associated with CAPA audits and their subsequent resolution. Records management has evolved as an essential foundation component of compliance.
7. Desktop Applications - Of course, Microsoft Office technology and other desktop applications are essential for documented evidence.
You might be asking, who has all of this and where can I buy it? Where’s the validation? There are forward thinking software vendors who are ahead of the curve on this. Amadeus offers a comprehensive solution for CAPA management.
July 18th, 2005 by Valarie King-Bailey
Posted in CAPA, 21 CFR part 11, The Compliance Experts Corner, Technology Strategies for Compliance, Compliance Trends & Strategy | No Comments »
Looking back to March of 1997 when the “final rule” was first introduced, many companies took literally each clause and began developing systems with biometric and non-biometric electronic signatures and audit trails that captured nearly every action of a typical user. These systems were traditionally built on electronic document management, LIMS, and other related technology and spawned a circuit of “compliance experts” that created endless PowerPoint presentations with tips on compliance. In response to overwhelming industry demand, software vendors “built-in” Part 11 features in their software to ease the burden of compliance.
“…The agency will use its enforcement discretion…” became the mantra of the FDA in the latest release of industry guidance in 2003. this clause lead many to pre-maturely proclaim that Part 11 was dead. Some in the industry breathed a collective sigh of relief as they read through the very brief guidance document. However, when the final guidance was released, many discovered that indeed Part 11 is not dead. Interestingly enough, not only is it not dead, forward-thinking companies have come to realize that compliance with Part 11 can make good business sense if implementation is aligned with strategic business objectives. Organizations therefore, should look at taking a fresh approach to compliance with Part 11 guidelines.
Retention of legally defensible records, security, and management of electronic signatures is essential with or without a mandate. Thus, many of the elements of Part 11 are common sense. For those that view compliance with Part 11 and others regulations in light of strategic objectives quickly find that the regulatory burden may result in a return on technological investment if properly implemented.
Some key points to consider when deploying or upgrading Part 11 systems:
1. Never over-customize - custom solutions are both expensive and difficult to manage.
2. Consider enterprise compliance architecture - processes involving electronic signature and records will require the establishment of electronic collaborative processes that touch many aspects of the organization. Therefore, IT organizations should consider establishing an enterprise “compliance-friendly” architecture versus deployment of “silo” applications based on non-integrated, proprietary technology.
3. Establish clear policies and procedures for electronic records and signatures - many organizations delve into Part 11 without a full understanding of its implications. It is important to have clear policies relating to both records and signatures prior to technology deployment.
4. Understand that Part 11 cannot be met with technology alone - Part 11 is not a technology-only rule. True compliance must be met with BOTH procedural AND technical controls. To address Part 11 without understanding procedural controls and predicate rule requirements is a common mistake.
5. Read the regulation and guidance - Part 11 has a much narrower interpretation than the initial final rule. It is important to review the latest guidance document which offers practical advice for compliance. It is important to understand your processes when seeking to comply with Part 11, not just your documents.
21 CFR Part 11 is perhaps one of the most widely-commented upon, misunderstood regulations in recent memory. Part 11 still lives! The law was developed in response to industry request to deliver legally-defensible signed documents to the agency. With a little practical knowledge and strategy up front, Part 11 can actually help improve business processes which ultimately affect your bottom line.
July 18th, 2005 by Valarie King-Bailey
Posted in 21 CFR part 11, GMP Compliance, Records Management, The Compliance Experts Corner, Technology Strategies for Compliance | 1 Comment »