Let's Collaborate on IT Best Practices

Pharmaceutical Technology, Pharmaceutical Technology-07-02-2005, Volume 29, Issue 7

The industry should develop a set of best practices for managing information technology systems and not wait for FDA to take the lead.

Pharmaceutical firms today confront a daunting array of problems—expiring patents, dwindling pipelines, counterfeit drugs, and more. Profits are slowing and share prices plummeting. Is it any wonder that pharmaceutical firms are making billion-dollar cutbacks?

Keith Parent

Information technology (IT) budgets are on the chopping block, yet CEOs are asking IT departments to play a bigger role in drug discovery, clinical trials, and manufacturing automation. It's up to IT to figure out how to do more with less.

The US Food and Drug Administration regulations make cost-cutting all the more difficult. Although FDA requires companies to comply, it rarely tells them how. Agency guidance documents provide insight into regulatory requirements, but they do not provide a step-by-step quality management framework that IT departments can follow.

Pharmaceutical IT departments could do better. They must adopt repeatable IT quality practices designed to cope with FDA-regulated environments. The Information Technology Infra-structure Library (ITIL) is a comprehensive set of best practices developed in 1989 by Great Britain's Office of Government Commerce. In essence, ITIL is a series of books that provides detailed guidance on a wide array of IT services. Hundreds of companies use ITIL processes to improve their delivery of everything from change management to systems availability.

Unfortunately, although ITIL is a powerful quality management framework, it was never designed to accommodate FDA's rigorous regulatory regime. There is currently no standard set of evolving best-practices for IT management in the pharmaceutical industry. That is why the industry has had so much trouble coping with 21 CFR Part 11 in recent years, and why even today, IT managers dread the thought of consolidating servers in a validated environment, even though most large firms could save millions per year by doing so.

One need only visit pharmaceutical data centers and count the hundreds of obsolete servers running at 5–10% of capacity to realize that vast sums of money are wasted every year. Why? Because companies have neither developed nor adopted a battle-tested set of best-practices that is designed to accommodate FDA regulations.

Instead, every pharmaceutical firm has its own approach to managing IT services, validating systems, consolidating servers, and managing clinical trials. Indeed, IT management practices frequently vary widely among departments and business units within the same company.

ITIL could serve as the foundation of an industry-wide suite of IT best practices, but first it must be substantially modified to accommodate FDA's specific requirements. That task is far too big for any one company. Imagine the difficulty of developing IT management processes for next-generation manufacturing plants employing the latest process analytical technologies, while also developing soup-to-nuts guides for automating drug discovery, clinical trials, outsourcing, and data center management. The effort would require extensive collaboration between a wide array of pharmaceutical IT practitioners, vendors, and consultants for years to come.

During the past 10 years, my consulting firm has developed a small portfolio of ITIL-based best-practices for pharmaceutical firms—the by-product of numerous consulting engagements—but we have only scratched the surface. We think it is time for IT practitioners, vendors, and consultants in the pharmaceutical and other FDA-regulated disciplines to take a page from ITIL's book and collaborate on industry best practices that will enable every participating company to improve its IT product and service delivery, tackle challenging new opportunities such as IT in drug discovery or process analytical technology manu-facturing automation, while capping or reducing the cost of information technology.

We think this effort should have a name appropriate to the pharmaceutical industry and, borrowing from FDA's nomenclature for quality in manufacturing, laboratory and clinical trials management, decided on "Good Systems Practice (GSP)" to balance "Good Manufacturing Practice (GMP)."

We all understand the purpose of GMP on the plant floor and GLP in the laboratory. Why don't we have GSP in our data centers? I propose that we develop a Good Systems Practice that will become an open standard for all FDA-regulated companies to adopt. We should not wait for FDA to regulate how we manage our IT systems. Instead, industry should lead the way to Good Systems Practice. We have already started. Call me if you want to join in.

Keith Parent is the CEO of Court Square Data Group, Inc., 1441 Main Street, Suite 223, Springfield, MA 01103 413.746.0054, parent@csdg.com.