Operating in a highly regulated sector, the company is required to strictly abide by the Food and Drug Administration's (FDA) Good 'X' Practices (GXP) standards, including Good Clinical Practice (GCP), Good Distribution Practice (GDP), and Good Laboratory Practice (GLP). It also needs to adhere to cyber security standards such as the Critical Security Controls (CSC) and those set by the National Institute of Standards and Technology (NIST). Non-adherence to these rules could result in loss of credibility for the company, as well as potentially heavy penalties and reduced stakeholder confidence.
The firm was using a heterogeneous set of information technology (IT) tools to automate each compliance process, which hampered an enterprise-wide perspective on regulatory compliance.
These disparate applications were not scalable, raised the overall cost of compliance, and increased the risk of non-conformance to GXP norms.
Faced with these challenges, the drug major decided to leverage Pegasus InfoCorp's extensive expertise in delivering on complex software development projects to implement an integrated, on-demand compliance management solution.
At the outset, Pegasus InfoCorp analyzed the firm's existing landscape of compliance applications to understand the prevailing gaps. The company was using disparate IT systems to automate GXP-linked processes, and did not have a consolidated interface for eliminating manual workflows concerning cyber security norms. The client’s in-house IT team developed a blueprint for an integrated, on-demand compliance management system, based on the RSA Archer eGRC suite. The blueprint was shared with us and our team of experts led by a Delivery Manager studied it in detail.
Though this project was humongous, it was successfully completed with the help of a team of 20 resources - which included technical leads, senior software developers, UI developers and software testers. Role-based access was configured for different users, facilitating compliance record retrieval and automating the associated workflow. Pegasus InfoCorp integrated the compliance management system with all other dependent applications, orchestrating processes to ensure communication between the various programs. Data from the existing platform was smoothly migrated to the new system through an automated solution.
Pegasus InfoCorp created over 50 complex reports–including compliance summaries and compliance requirement reports–that enhanced visibility for key stakeholders.
The on-demand compliance management system provided the pharmaceutical behemoth with a centralized, web-based mechanism to track regulatory issues across the enterprise.
The system proactively flags potential errors and lapses early on, and also identifies personnel responsible for fixing them, thus helping the firm achieve complete adherence to regulatory norms.
The new solution is much more intuitive and interactive, making it user-friendly. Further, as the system automatically identifies compliance requirements and compiles related data from enterprise-wide applications, the company has been able to significantly reduce the associated processing time.
The solution also issues on-demand alerts regarding compliance records, and reminds stakeholders about pending tasks, thus enhancing the drug maker's control over its regulatory assessments. Business reports automatically generated by the system–replete with dashboards and graphical representations–have significantly enhanced the management team's visibility into firm-wide compliance processes.
Overall, the implementation of an integrated compliance management solution has substantially simplified the company's business processes, and enabled the firm to manage its regulatory issues in an effective and efficient manner.