Companies in the pharmaceutical industry find compliance and issues related to enterprise content management (ECM) challenging. Compliance is becoming a greater challenge internally because of external requirements from authorities.


The public demises of Enron, Arthur Anderson, and other Wall Street scandals have resulted in massive legal costs, fines and even sentences. This has highlighted the need for electronic information to be saved and indexed for easy retrieval. What was once only true for paper records is now becoming necessary for electronic documents, email and instant messaging.

Reacting to these scandals, public authorities have produced legislation such as the Sarbanes-Oxley Act and DoD5015.2, where the penalties for non-compliance have increased; corporate employees can be charged with criminal obstruction for failure to preserve documents or communications.

Naturally, because of the way financial information is processed, stored and accessed, this creates challenges for pharmaceutical companies. Systems that provide document management, access to financial data or long-term storage of information must now
provide auditing capabilities.

For pharmaceuticals, auditing is not new. The industry is regularly audited by the US FDA. 21 CFR part 11 sets out requirements for electronic records and electronic signatures, and places requirements on organisations to implement controls, including audits, validation systems, and documentation for software and systems.

In addition to legislative requirements, many companies are toughening their internal compliance regulations because of the costs and risks involved with litigation. Finding the right document at the right time – or not finding it – can mean the difference between winning and losing millions. Projects relating to legal discovery have consequently been moving steadily up the ranks in many IT and project governance evaluations.

ECM is also becoming increasingly complex. For many pharmaceutical companies, it is delivered through a range of point solutions. Content for purposes such as regulatory affairs documentation, marketing, standard operating procedures (SOPs), contracts with CROs, intellectual property and research, US FDA/EMEA submissions, validation documentation, HR material and labelling documentation are often kept in separate systems. These content silos result in knowledge silos, cost silos and technical competency silos, resulting in growing complexity and costs.

Business challenges

The situation described above creates several challenges for pharmaceutical companies. Naturally, they must be sensitive to Sarbanes-Oxley and DoD5015.2 requirements. After all, they will be held responsible. But at the same time, compliance with Sarbanes-Oxley 404 and other regulatory requirements is expensive.

Financial Executives International (FEI)’s survey of 217 companies with average revenues above $5 billion, found that the cost of compliance was more than $4 million on average because of costs associated with auditing. The high cost means that compliance remains a major driver for IT implementations. For NNIT’s customers in the pharmaceutical industry, this has meant that more than 60% of investments happen because of compliance needs. With growing compliance requirements (Figure 1), the business case for simplifying ECM becomes evident.

Another challenge for pharmaceutical companies is to ensure that the organisation’s systems effectively support core business processes. Not only are these separate systems, but requests for changes have also created highly customised solutions. These can have their own special logic that may be far removed from the business processes they were once set up to support. IT departments may focus on the daily management of systems and lose sight of both the key drivers for change and new core business processes that the systems should be supporting.

Other factors include data entry, which is time consuming and tedious (yet many organisations manually enter information that should be available across departments and functional areas), and the challenge of making strategic decisions in terms of what systems and processes should be integrated after mergers and acquisitions.

IT challenges

From an IT perspective, the situation is not sustainable either. Hard-pressed by executive management to provide the knowledge needed to make strategic decisions, many IT departments are struggling just to respond to the most urgent requests for changes and maintain a validated system in and out of upgrade cycles.

The high levels of customisation mean a high dependency on specialised knowledge, extensive documentation or people who know the systems to effectively support problem solving, maintenance and upgrades. This increases risk and cost compared with the acquisition of more generic competencies.

A way out

So what can be done to meet these challenges? NNIT’s experience as a system integrator has shown that ECM vendors have significantly progressed in terms of the maturity of their products. This now means that vendors are able to supply:

  • Single platform solutions that support integration of various systems and are able to cover the entire value chain of the pharmaceutical sector
  • Single vendor solutions that are able to support the compliance with regulatory requirements such as 21 CFR part 11

Configurable standard solutions exist within the areas of regulated content management, record management, SOP management and submission management. The optimal ECM approach must address the triangle of objectives of both businesses, IT and QA & RA (see Figure 2). Consequently, an organisation has new business opportunities in terms of the ability to:

  • Capitalise on IT investments because solutions can be enterprise-wide and support the entire value chain. Overall, this will result in a lower total cost of ownership
  • Minimise litigation risks and costs, and the risk of security breaches

Think big, start small

Where does an organisation start? The NNIT recommendation is to start at the beginning and from the top. Technology-driven programmes tend to be tactical and rarely get support from line of business. For this reason, it is critical that senior management visibly supports the enterprise-wide project. NNIT’s recommendations for success are:

  • Identify a business leader to take on the enterprise-wide integration plan.
  • Focus on corporate benefits, not technology, and use business cases and KPIs
  • to deliver the project.
  • Use a top-down approach for planning, where the focus is on processes that can be integrated and on clear performance improvement opportunities.
  • Use a bottom-up approach for implementation, integrating departments or new systems one at a time. Such a phased approach will need to prioritise the areas where the highest regulatory risks exist such as processes close to manufacturing, product safety and submissions to the authorities.

NNIT’s approach uses the above recommendations and aligns core business processes across the organisation with what is possible in configured standard solutions. This knowledge is used to provide a step-by-step roadmap for the organisation. A consistent enterprise-wide approach to managing records and information helps organisations mitigate legal risk and operate more efficiently and competitively.