by Bruce Salkovitz
This is the third in a series of blogs that look at the essential requirements for document management solutions for small teams: SIMPLE, SECURE and COMPLIANT. You can check out our previous blogs in the series:
This blog will focus on COMPLIANCE.
Whether your team’s goal is to take a product through development to market authorization or simply to get to Phase II and sell the asset, you still need to think about COMPLIANCE as you store and manage your research and development documents (aka – your assets). Most small teams start off using a shared drive or a free online storage tool to hold documents. Though this appears to be a simple and fast way to store and share documents, it is not sustainable. As the team grows and the collection of documents grows, access to the collection starts to change as well.
- Do you have documents where multiple people review and add content prior to approval?
- Do you have people or organizations with whom you wish to share documents, but restrict editing (think Due Diligence).
- Do you have a need to lock a document to ensure it won’t be changed?
- What about recovering a document that’s been accidentally over-written?
Though all these scenarios may be possible to manage on a shared drive, there is no mechanism for tracking those changes. This is an additional essential part of establishing 21 CFR Part 11 compliance.
A Brief Case Study
A small pharmaceutical company worked with multiple vendors to conduct a Phase 2 clinical trial. The CRO and other contributors sent all required documentation to the sponsor. The sponsor team stored everything on a shared network drive or laptop hard drives. The sponsor received an inquiry from the health authority, but could not produce the correct documentation in a timely way to support their positions on the study’s conduct. Ultimately, there were two negative outcomes from the audit: t
- The responses to the health authority were significantly delayed
- The delay raised additional health authority questions about both the integrity of the sponsor’s documentation and their study management processes.
The harsh truth is that using a network drive to share documents is neither compliant, nor as simple as it seems… and can put your valuable intellectual property at risk!
Traditionally, larger organizations have spent millions creating customized, strictly controlled, compliant environments. However, the advent of cloud-based solutions has brought a whole new generation of tools to the marketplace that require neither large initial investment, nor expensive maintenance.
Non-compliance can have many implications for growing teams. Delays in health authority reviews can mean delays in health authority approvals. Non-compliance can trigger additional questions and more extensive inquiries, audits and damage to a sponsor’s good name. Often, resulting program delays are only one impact on a company’s development plan. A negative view of a company from an interaction with a health authority can have broader and longer lasting impacts.
Gemstone Document Management
Compliance doesn’t have to be costly. Gemstone is an affordable, easy-to-use and easy-to-implement submission planning and document management application that mitigates the risks of non-compliance. It is designed for small teams with a zero-footprint technology that is easily and securely accessible via a web browser.
Gemstone compliance is rooted in a deep understanding of FDA’s requirements for management of electronic documentation: 21 CFR Part 11 and applicable predicate rules. We have developed a detailed response to 21 CFR Part 11 to help customers understand how we address these requirements. You can download the document here:
Compliance is key for document management. In addition to 21CFR Part 11, Gemstone also complies with many international standards that may be relevant to your organization. We describe this in greater detail here. Please contact us to learn more about Gemstone and how we can help small teams with big goals.