Why pharma companies need a zero trust approach to mitigate compliance issues


By Nandan Bhatkal

The outbreak of the pandemic Covid-19 has made many businesses limp, stumbling upon travel restrictions, supply chain disruptions, failures of partner businesses, data leakage issues, etc. Dealing with corporate regulatory compliance issues in a digital world, by itself, is challenging enough. The prevailing uncertainties created by the Covid-19 pandemic have made it all the more difficult.

While talking about regulatory compliances, one industry that tops the list is the pharmaceutical industry, and rightly so. As pharmaceutical industry directly affects the health and life of millions across the globe, every government takes extra care in making sure that drug manufacturers strictly comply with all regulatory norms.

The regulations for a product or a category of drugs may differ from nation to another (and sometimes within a nation), due to reasons like different norms on IP laws in different regions, infrastructural strength of different countries.

Recently, there has been a spike in the demand for hydroxychloroquine medicine in the USA and many other countries. Though there is no proof that the said medicine is effective in treating Covid-19, India, which had put a hold on its exports, has lifted the restrictions. The rise in demand-supply gap may sometimes lead to a relaxation of regulation norms for the time being. But, manufacturers must not compromise with the quality and strictly adhered to the guidelines to not only protect lives but also keep their reputation intact for sustainability in the long run.

Unprecedented Compliance Challenges In A Digital World

Compliance to FDA standards, like 21 CFR Part 11 (or those prescribed by the MHRA and WHO), requires all data related to development, production and test processes to be authentic i.e. captured in real time or near real time with date/time stamps and is never ever manipulated, tampered or otherwise changed with or without intent. Most of this data capture in pharmaceutical processes is in digital form and some of this data could be in paper form, for example the graphical outputs from a test and measuring device could be printed results which then need to be preserved.

Since the data stands as evidence of the work carried out along with all intermediate results or process artifacts, regulations require this data capture to be tamper/change/leak proof and such a capture process also needs to enforce such a prevention of tampering, change or leak. Unintentional data changes/tampering can also happen because of cultural issues or human error/oversight.

This data capture starts with the development and testing of new drugs, onto the production and thence to the release in the markets. This requirement of sanctity and integrity of data is material to the approvals of new drugs and the release of a batch (or many batches) of drugs to market. A few examples of data are quality and quantity of raw material utilized, humidity and temperature control records, instrument calibration records, out of specification investigations, incidents that happened during the execution of the process, deviations from the process, employee access to restricted files/areas, etc.

Why Regulatory Compliance Should Be Sacrosanct

The following are some of the many disastrous consequences that regulatory non-compliance can have on a pharmaceutical company

  • Loss or suspension of specific drug licences
  • ‘Suspect’ status in future audits by regulatory organizations
  • Direct loss of business as product release plans would be derailed
  • Loss of reputation among all stakeholders
  • In worst cases, cessation of business

A point worth mentioning is that it does not need an actual regulatory non-compliance for any of the above to take place. A perceived non-compliance is enough to wreak havoc, as fear, uncertainty and doubt will cloud the minds of healthcare community, patients, and other stakeholders.

How A Zero Trust Approach Can Help Mitigate Issues

A single point of responsibility to enforce compliance across all stages of a product’s life cycle, from R&D to the market release, is the need of the hour. This requires implementation of the ‘Zero-Trust’ approach. Zero-Trust Approach is an IT Security framework based on the idea that no organization should trust any resource inside or outside its perimeter at any given time. It entrusts an organization with all IT infrastructure needed to secure, manage, and monitor every device, app and network being used to access business data.

Some explicit ways through which an organization can benefit from a zero-trust model are given below:

  • Zero-Trust authentication of users, machines, devices, and applications ensuring complete security and prevention against unauthorized access, alteration, or deletion to guarantee sanctity and integrity.
  • Zero-Trust records management ensuring tamper-proof records, as the electronic audit continuously trails the records, and any change to the records can be rooted back to the source of change through authenticated digital signature. Thus, after an organization implements zero-trust approach, most regulatory compliance issues take care of themselves, as there is no scope for tampering around with the real-time data, as all data and changes made can be tracked.
  • Testing into compliance, wherein all intermediate test results, whether success or failure, must be recorded and all related data and calculations (which would be provided for a successful test) be available. Regulators and audit teams can then track all generated data and changes as per the compliance needs.
  • Control over blank forms and blank fields in semi-filled forms. This could be either process related, or systems related.
  • Apart from mitigating the regulatory compliance issues, a zero-trust model can also help a business reduce the costs it incurs by mitigating the chances of reworks because of compliance issues
  • A zero-trust model can essentially quicken up the release of a product, avoiding any lag that is typically caused by regulatory issues. This can result in added value to customers and better utilization of a company’s resources, both of which translates into higher profits

Benefits Of The Zero Trust Approach

  1. Reduced risk and ease of regulatory compliance/audits. Build resilient robust systems for processes leading to quicker regulatory compliance. If the auditors/regulators see robust systems monitoring or enabling and assuring processes towards compliance, they will be that much more assured and closer towards granting approvals.
  2. Increase business due to faster time to market. Since you are assured of integrity of data and records, the time required to prove assurance of compliance will be lesser and the products can be brought to market that much faster.
  3. Better value to your customers. Reduce costs of releasing drugs into market thus optimizing value. Any serious rework required during the compliance audits will increase costs.
  4. Bring new products to market. Free up your intellectual space from fear, uncertainty, and doubt towards meeting compliance requirements. Be rest assured that the company’s reputation is safe in the market and use that bandwidth to bring new products to market.

(The author is the VP – Enterprise Solutions, Accops Systems) 


Please enter your comment!
Please enter your name here