Information overload

Today, all companies are faced with managing the explosive growth of data, securing the data, managing the infrastructure to provide and protect the data, and meeting industry regulations. Additionally, each industry may have unique regulations and needs to meet and constrained IT budgets. Starting new IT projects becomes a challenge when basic projects such as adding more capacity or implementing systems and processes to meet new cross-industry regulations such as Sarbanes Oxley consume the balance of the IT budget. On average, 10-20 percent of pharmaceutical IT budgets are allocated to regulatory compliance and system validation including legal discovery, eCTD, GxP, and 21 CFR Part 11 requirements.

Clinical trial periods are longer than in the past. There is a need to collect and manage more data, ensure the integrity of the data, and have it online instead of offline to meet access and research needs. On average, it takes an additional 15 months for the clinical and approval phases, totalling 8.2years. Keeping more data online for longer periods of times challenges IT departments to find cost effective solutions to keep data available as well as robust practices to transcend computer and data storage device technology advancements and changes.

Information lifecycle management is a key component of successful data management. The Storage Networking Industry Association (SNIA) has defined a well accepted ILM industry roadmap. The first three phases of ILM are available today. Establishing a tiered storage environment sets the stage for ILM solutions. Tiered storage also enables IT departments to realize a set of cost savings through lower cost technologies in the tiers and through consolidation of storage into a larger pool accessible via a network. Improvements in basic drive capacities and low cost/medium performance interconnects have enabled second tier storage, virtual tape storage, fixed content storage, and longer term online archival storage to be part of a strategy that fits between typical primary storage and offline storage.

Data and information classification, phase 2, sets the framework for service level objectives for the data, to be matched against tiered storage. Typically the data is classified for availability and performance objectives, recovery objectives, frequency and performance of access, immutability of the data, and access privileges.
Typical ILM solutions deployed today into pharmaceutical companies leveraging ILM include e-mail archiving and document management. The purpose and benefits of these solutions are to

• Streamline and secure information flow from drug discovery to patient care.
• Gain immediate access to “live” and archived data to expedite drug discovery decisions.
• Store, move, and protect data as information value and regulatory demands change

Data protection and compliance are also vital, not only to conform to regulations but they are also a major cost factor. There are many places to look to for advice. These include industry associations like SNIA, industry consultants and analysts, technology suppliers, ones own vertical industry, and ones own supply chain.

The first set of decisions to make, as a pharmaceutical company, is to take on the effort solely or utilize the services of a consultant or technology supplier. Trying to save costs by doing it solely can introduce incomplete planning and implementations which expose a company to risk, especially for data and systems in place to meet regulations. Working with consultants and technology vendors allows one to leverage accumulated knowledge gained from similar IT projects.
Once beyond the advice, you have implemented solutions. You need to select solutions that meet regulations and have a proven track record in the industry, most preferably ones own industry. The balance of the solution is proper IT management and putting the solutions through its paces to ensure the solution is robust before it has to be perform in live conditions. Don’t wait for a regulatory audit, structure up a trial audit. Many IT departments are turning to ITIL for their methods and practices, to ensure completeness, uniformity, consistency, and predictability. Associations like SNIA are working across the industry to bridge the knowledge gaps and create the natural linkages for planning and solutions. By doing so, the industry association takes some of the burden from the IT department. The SNIA Data Management Forum and Security Forum are making these industry linkages, so the disciplines of security officers, records managers, business manager, and the IT department come together into a unified view.

Even though data protection has always been an issue, now retention and destruction are just as important and should be planned for as an integral part of the lifecycle management strategy, and not as standalone activity. The retention periods would be identified and mapped to the storage tiers deployed. Destruction is twofold, where a point in time in the retention cycle is carried out and then the process of destruction is carried out.

Having a records manager as part of the team in setting up the data management strategies, destruction methods would need to be defined for all copies and all forms of the data, both electronic and non-electronic, such as paper copy. An IT only department approach may overlook the paper copies stored in the company and at offsite storage service providers. A records managers only approach may overlook the IT departments strategy for business continuance and not realize there are three or more copies of the data stored in different data centers plus an offline storage service provider.

There are a range of destruction methods and services that have emerged that include selective deletion, erasure and physical destruction. Regardless of the methods, plan for an audit or search after the destruction was to have been carried out as an extra assurance measure.

One aspect of retention is retrieval, for both speed and completeness. Vendors are introducing solutions and methods to support electronic discovery effort to meet regulatory audits, more so now with e-mail. Another aspect of retention is the time period and the form the retention will be in. Retention periods for electronic records that span five or more years need to consider the underlying storage technology lifespans. Special strategies may be needed to perform data migration across product technology generation lifecycles.