In this online exclusive, Brady Haggstrom, IDBS, looks at the changing landscape of drug development and delivery, which is more and more outsourced nowadays, and how technology can help protect sensitive research data.
Digital pharma
Historically, the process for the development and delivery of new pharmaceutical drugs has operated behind closed-doors in a closed-off, singular facility.
From drug ideation to manufacturing, organisations would drive the entire R&D process under one roof often located out of a large corporate campus in North America or a European suburb. For many years this was the standard in the drug development and delivery world. In this system, the protection of intellectual property (IP) was ensured through these controlled campuses, as well as by the technology deployed and used on premises.
Times have changed, however, and in 2018 the gauntlet of drug development and delivery now operates much more differently than it once did. Any researcher or IT informatics professional in traditional pharma or newer biopharma is acutely aware of the relevance of contract research organisations (CRO) in their business models.
The benefits of CROs have been widely covered over the years: basic resource and time savings, decreasing large, upfront capital investments, allowing source organisations to focus on their specialisations, creation of strategic alliances to ease drug pipeline bandwidth — are but a few. As a result, both legacy and new organisations in the drug development and delivery industry have increasingly leaned on these CRO players more and more. In a highly competitive industry like this one, any advantage available can be worthwhile to create more in the pipeline, save on costs and improve throughput.
R&D data vulnerability
With this shift in the business models of how R&D organisations create and bring new innovative drugs to market, the vulnerability of highly sensitive IP data in connected systems has also changed.
Existing tools and legacy technology leveraged to collaborate and share this outsourced work create significant data security and vulnerability concerns. With blockbuster drugs on the market sometimes returning billions in annual revenue to their research organisation owners, lost or stolen IP data could result in millions of lost sales. Especially considering new drug patents are awarded upon filing, R&D data ending up in someone else’s hands could deliver a fatal blow to any new drug project.
So why is this process so exposed? Existing tools being leveraged throughout it, such as paper laboratory notebooks, email, and direct VPN connectivity behind a partnering source organisation’s firewall, create their own critical security issues.
Let’s review:
- Paper laboratory notebooks, considered the quintessential tool for scientists over many decades, contains the recorded scientific and experimental data recorded throughout the R&D process. These notebooks are rich with context and are used as an integral part of the regulatory approval process. Lost or stolen notebooks mean lost results, research and the inability to prove ownership of IP. The use of paper notebooks also inherently means there is no central, accessible repository of R&D data available.
- SharePoint or Dropbox-like applications can be a useful tool for collaboration in the digital workspace environment. However, they are not designed with scientific work in mind and lack the kinds of controls needed to ensure data security. Without capabilities like system history auditability to understand who changed what data, or user permissions to control access, they offer users the same as paper lab notebooks with little control on proper version control or the security of data.
- In certain cases, we’ve learned about CROs being given direct access to R&D data environments for streamlining collaborative projects with their source organisations. This creates massive data security and integrity concerns. This manner isn’t advisable for collaborating with outsourced partners: While such collaboration enables easy sharing of experimental work and scientific results, control over who the CRO is allowing to access your system is lost.
Key considerations for data security
Securing data while still streamlining the drug delivery and development processes, and improving throughput, is the goal of most biopharma organisations today. There are key considerations to make in any technology leveraged in this collaborative environment. Providers offering collaborative environments need to:
- Demonstrate that rigorous controls are in place for your organisation and partners to protect access to your data. You should look for vendors who have their systems externally audited and are compliant to an industry standard, such as the ISO27001.
- Ensure that data and users are protected from malicious code or actors in the technology solution. This means the environment should be able to share reports of the tests performed on the system, ensuring security.
- Finally, deliver a technology solution that is easy-to-use and has low maintenance costs (both time and money).
Outsourcing and externalised work is here to stay as an important part of the pharmaceutical drug delivery and development processes. R&D organisations must adopt technology that ensures data security of sensitive work — that can ultimately become IP — while streamlining their processes and improving efficiency. With the right technology solution considered for their organisation, this outcome is completely achievable.