By leveraging cloud-based software solutions, R&D organizations can ensure both the quality and the quantity of the data produced and processed during the drug development processes. And, by gaining a stronger understanding of the benefits of accelerating the development process, organizations can maximize their efficiencies.
The use of cloud-based software solutions—also referred to as Software as a Service (SaaS)—in drug development can reduce development costs and enable users to access an incredible wealth of data and expertise globally.
The Changing Pharma Industry
SaaS is changing the way the pharmaceutical industry deploys and manages software.
Life science companies are rapidly adopting software that is self-maintaining, has a predictable cost model, updates on a predictable cadence to bring new capabilities to end users, and provides a lower total cost of ownership than self-managed solutions.
SaaS technology can eliminate capex costs allowing reinvestment elsewhere and reduce the ongoing maintenance and development costs to support systems, with some estimates showing up to a 50 percent cost reduction over 10 years.
So, can SaaS work in a regulated environment where compliance is key?
Importantly, systems need to comply with the Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures (21 CFR Part 11):
“We suggest that your decision to validate computerized systems, and the extent of the validation, take into account the impact the systems have on your ability to meet predicate rule requirements. You should also consider the impact those systems might have on the accuracy, reliability, integrity, availability, and authenticity of required records and signatures.”
This 2003 FDA regulation impacts the types of cloud-based solutions that can be adopted in development and regulated parts of research. Below, we take a look at each section of the regulation in turn.
Accuracy, Reliability, Integrity
Traditionally, this is addressed with Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) scripts. This imposes a huge burden on the implementing organization when the installation is on-premise and self-managed.
SaaS can help by moving the cost and delivery of these to the vendors as part of the solution. This also touches on the importance of updates. As software rarely sits in isolation, updates are needed to continually make sure that capability, accuracy, and security are maintained against a backdrop of updates to operating systems, browsers, and hardware/software integrations.
With SaaS solutions, the burden of managing system validation can be partially or wholly automated by the software vendor—essentially an out of the box validated approach—ensuring the software is validated against known outputs. This means Installation Qualification (IQ) and Operational Qualification (OQ) scripts can be provided as part of the service, saving time and money.
However, it is not always possible to automate the Performance Qualification (PQ), as this tests real life conditions on live or near live data. As such, validation often requires key scientific or QA teams to be available—and this is where a predictable update frequency is key.
SaaS GxP solutions should provide a contractual upgrade schedule, where updates are not driven by internal budgets, vendor roadmaps, or IT projects, allowing organizations to leverage the very best new functionality, performance updates, capabilities, and a rate that is consumable.
The SaaS solution should be architected in a way to guarantee high availability and multiple failover of systems, with regular backups and comprehensive disaster recovery restoration procedures. This must be supported by a dedicated part of a vendor’s organization, with staff who have regular training and with documentation to support maintaining a highly available GxP solution. Finally, if a vendor can stand behind, say a 99 percent uptime, ideally this needs to be bound contractually, so any risk is shared.
Can you confirm who did what, when, and, ideally, why?
Look for solutions that provide reporting for QA/QC teams to facilitate producing audit reports on exceptions from expected processes. Modern solutions should be configured to stop error and deviation occurring in the first place, reducing the need for exception reports.
SaaS solutions should track who does what and when in an immutable audit log that can be searched and produced to show that results are authentic and have not been altered.
Finally, systems in development need to allow for digital signatures and complex sign-off workflows to ensure that any completed work has been witnessed and/or approved.
In addition to the list produced by the FDA, you should also consider:
Demands are growing to work with more data, more people, or partners. Systems should aid the collaboration between departments, partners, and suppliers. This enables organizations to meet the regulatory needs while streamlining processes to take effective decisions quickly.
Today’s GxP software solution vendors must offer an SaaS-ready Quality Management System (QMS) that incorporates approaches and processes for GxP. This must cover the setting up and validation of the whole solution, as well as the behaviors needed.
Items such as GxP training for staff, business compliance, separation of responsibilities for managing the solution, and data access, as well as excellent development processes with well-developed audit and control functions, also should be covered.
The vendor should ensure that software is secure by design, incorporating tools to check for malicious code, security holes, and compliance and should be able to produce external audits to show this capability. This all goes to ensuring that the software will be highly available and reliable, with accurate data.
Cloud GxP and non GXP software solutions are an important and growing tool for drug research and drug development. They scale effectively to new data, changed business needs, and provide a predictable cost model to operate with.
These modern tools provide oversight of the workflow (including the execution of specific experiments and the results generated) and allow users to track data, decisions, and outcomes in a transparent way.
It is important to consider that not all solutions or vendors are equal, but the regulation is clear in both allowing SaaS/Cloud systems and also suggesting how these solutions must be expected to behave.
About the Author
Matt Clifford is Product Manager at IDBS, a company that provides cloud-based R&D technology to global companies in a diverse range of industries, including pharmaceuticals, biotechnology, and healthcare.
Filed Under: Drug Discovery