Leading Pharmaceutical Company

Challenge

To meet regulatory requirements for computer systems validation, GxP compliance and FDA 21 CFR Part 11 implementation, while securing valuable digital assets against unauthorized access or changes

Solution

Serena Dimensions

Results/ROI

• Reduced regulatory risk through increased traceability
• Corporate assets leveraged effectively and efficiently
• Validated systems and practices established for GxP compliance

Serena Dimensions Addresses Regulatory Risk, Computer Systems Validation and Digital Asset Security

Serena Change Governance™ solutions are used by more than 200 life sciences organizations to effectively track, manage, and control changes to software code, web content, operating procedures, and other business-critical assets. By ensuring GxP compliance and computer systems validation, Serena’s products both improve efficiency and decrease regulatory risk. The following is an overview of the implementation of Serena Dimensions at a Fortune 500 pharmaceutical company.

Challenge

Companies in this life sciences market find themselves in a difficult environment from an IT perspective. Not only do they face the same IT challenges found in any large enterprise, namely how to better identify, track and control the state of their digital assets in order to maximize return and reduce risk, but they are also in an industry whose systems are heavily regulated by the Food and Drug Administration. According to GxP regulations and FDA 21 CFR Part 11, pharmaceutical companies must have specific controls for automated systems to ensure the integrity of data is not compromised by invalidated systems. Non-compliance can result in heavy fines and even the possible delay or removal of products from the market.

In order to better manage risks while improving compliance and ROI, this New Jersey-based pharmaceutical industry leader wanted a system to audit and control changes to its software code, electronic records, and other digital assets. So the company turned to Serena for a solution.

Solution

Though at this time paper-based configuration audit trail and version management systems are still common, a growing number of companies are starting to rely on automated change tracking and documentation to generate electronic audit trails and evidence for compliance. Automated systems are more accurate and reliable than traditional paper-based systems with respect to detecting and documenting configuration software change, and provide the functionality that a paper-based system lacks, thus reducing corporate risk. Automated systems also offer significant cost savings by reducing configuration change tracking costs, by speeding modifications and deployment, and by freeing engineering staff from tasks better handled by the automated system. This means more efficient use of resources and a greater return on investment.

Several years ago, this pharmaceutical customer began to implement just such a system based around Serena Dimensions. The initial impetus was a desire for a shared repository for the company’s software source code. Up until that point, this code base was scattered, mishandled, and not as controlled or secure as the company wanted. The evaluation of the company’s requirements soon blossomed into a detailed analysis of the development process itself, in order to identify other missing elements such as software checks, version control, etc.

The company formed a small evaluation team comprised of various project managers to analyze the different tools on the market. The team soon honed in on Dimensions as both the best solution for existing requirements and as the product offering far and away the greatest promise for meeting future requirements as the company expanded its implementation. After members of the team evaluated a similar Dimensions deployment at a leading financial firm, the choice quickly became clear.

“Our team was extremely impressed with the product’s implementation and the reference that they received from the financial firm,” recalls Grant Livermore, a long-term consultant with the pharmaceutical company. “They quickly decided that Dimensions was the superior product.”

Dimensions helps companies identify, track, and control changes to their business-critical assets, including code, content, processes, systems, etc., thus reducing risk by helping to ensure regulatory compliance. Moreover, this change control enables companies to improve efficiency, better secure their assets, minimize errors and costs, and ultimately speed products to market. Dimensions’ change-control components enable companies to proactively define and document their processes, preventing unauthorized changes and creating an audit trail. System Development Lifecycle (SDLC) components provide secure permissions-based system access and manages the software validation process, as well as delivering snapshots of baseline systems and enabling rollback of implemented changes. The integration of this change control and SDLC helps automate workflow, increase auditability and traceability, and provide risk-based change assessment.

The company launched a pilot computer systems validation project, deploying Dimensions across four different development departments within the research division to create baseline code snapshots, test conversion and migration, model new capabilities and real world implementations, etc. The ultimate goal for the pilot was to begin bringing the company’s digital assets — including code, content, documentation, etc. — under version control using a secure repository.

Throughout the pilot and initial implementation, the company repeatedly identified new things they could be doing with Dimensions. “We had to be pretty strict about not increasing the scope in order to keep the pilot on schedule,” said Livermore. “As these new elements came up we kept expanding the list of activities for phase II of the implementation.” For example, the company really liked Dimensions’ process modeling features, and put plans in motion to implement a structured process that would allow authorization within different development levels and states.

To speed deployment and lower costs, the company leveraged the PDA’s audit repository center in evaluating and implementing its solution. PDA, a non-profit industry association involved in the development, manufacture, quality control, and regulation of pharmaceuticals and related products, provides a Pharmaceutical Industry Software Supplier Quality Audit, which verifies that vendors use documented quality management procedures to deliver their products. Serena is one of the only vendors of change management software to have passed this rigorous audit. “Having a vendor with documented compliance helps mitigate a large portion of the requirements for us,” explained Livermore. “This frees us to focus on compliance at the point of implementation, rather than having to look at the tool itself.”

Result

The company has been very pleased with the results of the initial phases and is now in the process of a much broader deployment of Dimensions throughout the enterprise. “It’s important that our systems and practices are validated to be GxP compliant; in fact, this sort of regulatory compliance is critical,” summarized Livermore. “But in the grander scheme of things, it also makes sense to ensure that your corporate assets are secure and that you’re efficient about how you leverage them. These assets are important to our ultimate success, and if they get misused or lose their integrity, there’s a huge associated cost to the organization. Serena Dimensions is really helping us to better control and leverage these assets.”