"Over the next few years, we're going to see a lot of folks providing major investments, and you really have to think proactively,"
Sabogal says. "It has to be, 'I invested a year ago in a certain technology, and now I have to do another investment. But
it's going to have to last me three or four years, and I want to be able to address all these different compliance issues.'
A lot of it will be driven by what's your landscape, what components do you have in it?"
For some larger companies that have grown through mergers, the problem is complicated by the fact that when they made acquisitions,
they also acquired disparate legacy IT systems. "Where traditionally they might have had a greater degree of confidence in
their compliance within their own companies, they're now responsible for compliance across this much greater landscape than
they had before," says Oracle's Constantinou. "That's making them nervous."
In the long run, companies may end up shifting to enterprise-wide applications, designed to be what Oracle's Doug Souza calls
"the single source of truth." But for the foreseeable future, it's likely that most companies will be stitching components
together. Technology suppliers are looking more closely at issues of system architecture to see how multiple components can
be made to work together better.
At the Drug Information Association annual meeting in July, for instance, Microsoft unveiled its new Digital Pharma initiative,
designed to make it easier for life sciences companies to share information, collaborate across sites, and implement new technological
solutions. The initiative has a number of components:
» written guidance on how to use Microsoft products in a life-science setting
» improvements to specific products based on life-science customer needs (for example, adding PKI electronic signature
capabilities to Microsoft Office)
» building the company's internal readiness to deal with customers
» working to create industry consensus.
For many customers in the pharmaceutical industry, the most significant part of the initiative may well be what Microsoft
calls its prescriptive architecture guidance for the industry, which aims to document the fine points of handling IT systems
in the life sciences. "For example," says Jason Burke, industry strategist for healthcare and life science for Microsoft,
"if you get SQL Server and you install it in your data center, in addition to the normal prescriptive architecture patterns
that we've given you already, what are the specific things that pharmaceutical companies should be doing in terms of fine-tuning
the way they install and manage and operate that server in a regulated environment? Or with a product like SharePoint, which
many companies use for collaboration, we might make some specific recommendations on the way they use Active Directory with
an LDAP [a common sort of electronic directory] as the authentication method to make sure that the requirements for 21 CFR
Part 11 are being satisfied within that collaborative environment."
Microsoft is also looking closely at ways to facilitate the hand-off between unregulated and regulated systems. For example,
a clinical trial protocol might start its lifecycle with notes on a napkin at lunch, move on to being an uncontrolled file
in Microsoft Word, and undergo revision in a protected collaborative environment, such as SharePoint, before finally being
moved to a content management system. "At some point," Burke says, "that document moves from an unregulated state to a regulated
state, and in most organizations, the transition period is a bit undefined. They know when it finally gets to the regulated
state, but it may be difficult for them to identify the exact point when it occurs. So we're looking at solutions that bridge
the gap and that implement electronic policy based controls that are electronically driven, as opposed to paper, SOP–driven."