Programming a Seamless Supply Chain

November 2, 2007
Michelle Hoffman
Pharmaceutical Technology

Volume 31, Issue 11

Information technology is the glue that should unify a company while ironically, it enables further fragmentation. Experts talk about the successes and challenges for IT in helping a company function efficiently.

Gone are the days when drug making was the province of the lone pharmacist or herbalist. Today, drug making is a sprawling operation—functionally and geographically—requiring the joint efforts of hundreds of people separated by oceans and job titles to produce a single drug. How do they manage to operate together? The answer in a single acronym is IT, or information technology. Disparate workers' operational procedures become standardized when they all plug into a single platform brought to them by Oracle, or SAP, or IBM. In that way, business procedures, workflows, documentation, and reporting structures become uniform across the entire organization. Indeed, for better or worse, IT is probably the single most important factor in enabling corporate sprawl. Add to operational management, the drug business is also regulated, more than any other industry, and that entails documentation—a lot of documentation. So the software companies have also produced compliance packages, risk-management packages, and incident-reporting packages. The challenge for software producers and users is twofold. First, does the software program do what it's supposed to? But second, and more critical for the overall success of an enterprise, is how seamless is the software? Whether it's a single package to manage every function and aspect of the business—which to date just does not exist, or whether it's a number of software applications—how well do they work together to maximize organizational efficiency and productivity while minimizing regulatory and financial risk?

Illustration by Melissa McEvoy. Photography: photos.com

To learn a little bit more about the software landscape for the pharmaceutical industry, I sat down with Roger Bottum, vice-president of marketing at Axentis, Ran Flam, president and chief executive officer of Sparta Systems, and Jim Sabogal, vice-president for industry solutions for the Life Sciences Product Technology Unit at SAP. Our conversations focused on the present and future of software for enterprise and risk management, regulatory compliance, and incidence tracking. Arvindh Balakrishnan, senior director of the Life Sciences Industries Business Unit at Oracle, was unable to attend the live event, but responded to my questions later—virtually, of course. (For the flow of this article, I have inserted his comments where they seem appropriate.) What follows is an excerpted transcript of our discussion.

Organizational management

The organization is the palette on which the entire operation is drawn. So it makes sense to look at the software that manages the entire enterprise. As we started talking about enterprise software, I found myself remembering a theory I'd studied in a linguistics class—the Sapir-Whorf theory, which says:

"We dissect nature along lines laid down by our native languages. The categories and types that we isolate from the world of phenomena we do not find there because they stare every observer in the face; on the contrary, the world is presented in a kaleidoscopic flux of impressions which has to be organized by our minds—and this means largely by the linguistic systems in our minds. We cut nature up, organize it into concepts, and ascribe significances as we do, largely because we are parties to an agreement to organize it this way—an agreement that holds throughout our speech community and is codified in the patterns of our language."

Applied to organizational management, I wondered whether the underlying structure dictated the software and its configuration, or whether it really was the other way around: The structure of the software determines the organization's structure.

Jim Sabogal started off the discussion of the relation between software and organizational structure by noting that "Life sciences has been one of the [industries] where they have a varied IT landscape." And that, he says, is because the industry itself is so "fragmented."

Sabogal: There are different pieces.... When you look at a life science form, there's a whole world called research and development, there's a whole world called manufacturing, and there's a whole sales and marketing world. They've not been tied together. And our goal at SAP, at least, is to try and provide common business processes across all three areas, knowing that this is a regulated industry. Because at the same time what we're trying to do is look for ways to shorten that new product development time.... So the challenge really becomes: What's the formula for doing that? How do I grow the business?

Roger Bottum suggested that among Axentis customers that are "doing particularly well, they have put in place the organizational structure to support that."

Sabogal: [One can] boil it down to a couple of key things.... [One of these is the ability to] derive operational excellence. It's manufacturing on a global scale. It's supply chain on a global scale. So it doesn't matter if you're a biotech with one product, we want to have the same solution for you as a medium-size company with a couple of products to one of these large pharmaceutical companies with far-flung operations all over the place. What we're seeing in the market is they're all looking for the common platform, because [the company's management has] got to grab everybody's attention because [they're] trying to drive revenue for [the] company.... SAP's in the business of solving that problem. That's really what it boils down to: a common business process with a business platform, with a lot of business applications. But what is the next step? What is the next thing that we have to get to if we're going to multiply this by 100 products, by 200 products, by 1000 products? The amount of paperwork and regulation we have to go through is astronomical. So that's the challenge.... And that is where I think [a] business platform and common business processes get to be ... what we want to focus on.

Ran Flam agreed that the common goal of all three software manufacturers at the table was that they offer their customers the means to "enable them to run their business in a systematic way."

Flam: Whatever the process is, [we want to use the software to] handle different business processes, as well as action to be taken [to assist employees to make decisions based on SOPs, to follow predefined enterprise business rules and guidelines.] I think we all share this. [Sparta's QMS software, TrackWise, does not] hard-code any of those behaviors in the software itself but rather enables the businesses themselves to [configure their database applications so that the software maps the desired business practices and forces users to follow the same].

Compliance

The factor that distinguishes the pharmaceutical industry from just about any other is the degree to which it is regulated. The US and foreign governments alike monitor drugs throughout their development and production life-cycle for safety, efficacy, and purity of ingredients and the final product. Needless to say, compliance software is of supreme importance to pharmaceutical manufacturers. Accordingly, we focused our discussion primarily there.

Sabogal raised the notion that the compliance issues faced by a company with only one product will only grow in complexity when companies produce hundreds of products—as is likely once many targeted products replace the single blockbuster—in tens of countries, each with their own set of regulations. The paperwork alone, he notes, is staggering.

Bottum followed up by noting that in addition to the number of products managed in-house that, "Big Pharmas are being more aggressive about leveraging third parties for supporting services on clinical trials and sales and marketing."

Bottum: The circle of the people that touch the development through the delivery of your product in any market is much more complex even than is inside your four walls. And so [Axentis] is specifically focused on risk management and compliance .... The risk a lot of times isn't the person that's sitting next to you in the cubicle—it's the person that's sitting a city away in a totally different company and carries a different business card but for whatever reason is doing work for you on that day. In particular, what we do is provide an overall consistent way to manage all the elements of governance, risk, and compliance.

Sabogal: It's not uncommon for us to think about the problem in China being based in California.... You have to take compliance and you really have to push it to a point where you institutionalize it. Everybody must comply with the regulations.

Bottum: We're definitely seeing more of the mid-market pharmaceutical companies and the medical device companies take a more aggressive view to government-regulated compliance.... And we see the big pharmaceutical companies take the more aggressive view about managing the risks of their business partners....

Flam notes that while software vendors should be current with regard to the regulatory landscape, most changes to regulations affect how companies conduct their business rather than the underlying software they use.

Flam: [When the FDAdecides to update or change any of its GMP, GCP, or GLP regulations, such changes will most often impact the companies directly. However, it is our responsibility to ensure that additional requirements on our software are rapidly implemented so that our customers remain compliant. This is particularly relevant] when a company is using electronic records.

Bottum: There's really two pieces [to what we do]. The first is: How do I manage my response to that regulation? [And second,] whether my response is to change a policy or procedure in the company or implement a whole new set of controls in an automated fashion.... Some of those decisions are enabled by software.... Fifteen years ago...one of the key things was lot traceability: How do I know ... what got made where, so if there's a problem, I could take it back? ... [companies at the time didn't have that feature producing software for enterprise resource planning (ERP)]. So it was a way through the inventory process...because it was a fundamental business process [it] was dealt with within software. But the decision ultimately of what to do is the business's decision... If [they're] doing a good job at running a compliance program...[they] need to assign somebody who's responsible. If there's a compliance issue, and there's nobody in the organization who is singularly responsible, that's a problem.

Balakrishnan: ....for the first time, the life sciences industry is feeling the need to manage regulatory compliance across regulations on a risk-based approach. Often, there is one officer in the company who is charged with regulatory compliance, and this officer is keenly interested in mitigating risk proactively in a unified governance framework for the company.

Bottum: [Companies] need a way to communicate....[they] need a way to track issues that occur and manage them in a consistent way.... The very simple economics of doing the right things are ... if I have an effective compliance program, and I can prove it, and this is where software comes into place.... So the elements of an effective compliance program is sort of the recipe to a process model that one, lets you have a clear view, and two, when the inevitable occurs and somebody comes after you, you have a defensible position that you can prove.

Flam: That is really the essence of keeping track of anything that happens. [The steps to be taken to investigate incidents, actions to be taken as a remedy, and what needs to be done to prevent incidents from happening again].

At this point, I asked the discussants to talk about particular requirements that are most challenging.

Balakrishnan: For each company, a given regulation could impose challenges that are particularly difficult within their specific business. Sarbanes-Oxley provides great challenges because the extent to which companies interpret and implement regulatory compliance is sometimes subjective. As a result, companies usually go overboard in an attempt to remove regulatory risk altogether. On the other hand, with regulations such as 21 CFR Part 11 and the like, the scope is well understood, but the challenge with these initiatives is the cost of validation. Often the cost and complexity of validation are extremely high, enough to thwart continuous improvement initiatives.

Bottum: We've helped a number of the large pharmaceutical companies with corporate integrity agreements, and that is where they've gotten typically into trouble around Medicare–Medicaid billing fraud.

Sabogal: All the products that [pharmaceutical companies] make today require a certain amount of increased focus on product safety, increased focus on regulatory reporting. We have to meet the regulations, or else we're not sitting here as a vendor true to the market.... So from a SAP perspective, yep, we do electronic signature. Yep, we do [21 CFR] Part 11. Yep, we do Sarbanes-Oxley. Yes, we do all these different things, but at the end of the day, the cycle is still seven years, a billion dollars, to bring a new product to market. So how do we scrunch that down?

Flam: I think we all agree that consistency and the ability to put on the brakes, all of these are very important. But the challenge that we've seen as far as the FDA is concerned [is that] they put this little letter "c" in front of GXP [where the] "c" really means "current" [i.e., the agency's current expectations with regard to handling compliance]. The Code of Federal Regulations has not changed that substantially or drastically, [however,] the interpretation by regulatory bodies [as to what is current] is changing. [For instance, one important aspect of compliance, about which] our customers [care very much] is the ability to automatically trend and keep track of incidents that may happen across their [organization]. [Customers need] the means to always have their fingers on the pulse and make sure that if something goes wrong, they can catch it as fast as possible. [This is] one way to [address such] challenges. [Take] corrective action and preventive actions in real time rather than [rely on individuals to run reports and independently determine appropriate actions].

Sabogal: Knowing that is not good enough.... At the end of the day, it's what business processes allow you to go back to product safety ? Several key customers...can manufacture products that are in compliance, that manage the risk aspects of it, but may I suggest to you that there are those types of players that are out there...that can actually counterfeit these products, introduce them to the market, and threaten product safety from that perspective.

Risk management

And here the conversation veers into what a company can do to prevent such events from happening and how to respond once they do. Bottum replied that the ability to prevent counterfeiting constituted a "very narrow view of risk."

Bottum: What is relatively new in the life sciences companies and relatively new among vendors like us, is offering organized ways for management to manage risk... Your perspective is largely based on where you sit. Many of the risks we deal with are not risks that can be systematized. Risk cannot be eliminated.

Balakrishnan: Compliance is always a combination of process documentation and recording of deviations (potential or real) from such processes.

Flam: What do you do when the safety of a product has been compromised? What do you do if a drug...does not have the ingredients that it's supposed to have? [Nowadays, the automatic detection and trending is available ... it wasn't] 10 or 20 years ago.... [The quality system] needs to kick in and [raise a red flag], and say, '[You should apply] those brakes.' [The system may even automatically launch an investigation... [A good program should have a built-in 24/7] business rule engine [where companies configure] all their business rules [to enforce processes,] trending, and all actions to be taken.

[An ERPtool] is an essential solution to do exactly what it's meant to do... introduce standard, predictable, and consistent processes. When you look at what we do, what TrackWise does, it's actually putting in place a quality system to manage all the actions to be taken [when incidents happen ... the products are really very complementary].

Integration

Flam and the other participants noted that their software products work together. However, I have heard people in industry comment that some add-ins work very poorly with platform software (not necessarily with regard to the panelists' software). I asked the panelists to address the question of integration.

Sabogal: What SAP's done in the last two years has been to provide infrastructure in terms of how we partner....The first tier is we publish, from our perspective, all the ways in which you can connect SAP. Second, we have a certified program that allows particular vendors to actually come in and say, 'OK, we're going to run our software on [SAP's] platform. And any time we have something that SAP doesn't do, we look for a partner that actually fills that space.'

Flam: There are a number of strategic systems out there: ERP lab information management systems (LIMS), document management systems... and QMS...[a term] we coined some years ago for quality management system. [QMS plays a core function as it] is getting feeds from numerous sources such as a problem with a certain batch number or lot number, etc. We have developed an open programming interface [which allows] other [software] systems to communicate directly with TrackWise, [for instance], to create and update issues, [to query the status of an open issue, and to be able to make decisions based on such information. This takes the concept of quality management to an enterprise-wide level].

Balakrishnan: Standards adoption is the most challenging aspect of integration projects. If two technologies adopt open standards, integration becomes a non-issue. On the other hand, if two proprietary standards-based technologies need to be integrated, the result is expensive and complex integration. Oracle [bases its] integration platform on open standards. Similarly, our application integration architecture, an open, standards-based platform for business process management across Oracle, third-party and custom applications, is based on open standards, and this makes it easy to integrate our products with others.

The traditional point-to-point integration model has outlived its utility. In most industries, chief information officers are asking us for a hub-based integration framework that can incorporate an enterprise-wide common object model. Such an architecture makes it easy to plug and play applications over time, without undertaking massive integration projects. Pharmaceutical companies are beginning to adopt this model as well and are trying to understand the impact of regulatory constraints on the adoption of such models.