Cloud Computing in a Regulated Environment
Perhaps the key hallmark of pre-clinical safety assessment that differentiates it from all other forms of non-human research activities is that much of this work is conducted under the strict oversight mandated by Federal Good Laboratory Practice (GLP) regulations. These Code of Federal Regulation directives provide clear expectations for security, traceability, and validation/qualification of software products and therefore the natural question becomes: Is there a place for cloud computing in a GLP environment?
Clearly others are much more qualified to discuss and pontificate over the technical details and merits of cloud computing in a GLP environment, so this column will focus on the perceived advantages/disadvantages such a tool set could offer from the perspective of one that had the responsibility to make the business of GLP safety assessment as high quality and yet as cost effective as possible. There was a time in my career when pharmaceutical pre-clinical safety assessment had an air of “spare no expense”. While we certainly did not have a blank check, we did have a lot of resources and funding to do the job right. However with all the cost cutting pressures on pharma these days, this mandate for “quality at any cost” has certainly been muted. This pressure for cost containment has progressed to the point where many pharmas—even very large pharmas—have completely discontinued all GLP operations in-house and now conduct these studies at Contract Research Organizations (an unimaginable development when I entered the business nearly 30 years ago). Overall I do not see this migration of GLP into the out-sourcing and off-shoring arena as a significant loss to the integrity of early safety assessment, but I do wonder about what this commoditization of safety assessment means in terms of retaining in-house expertise.
Therefore, given both the need to manage costs and the need to maintain fundamental or firsthand experience with a required element of new drug development, one could ask what does cloud computing bring to the table? And the overwhelming answer is of course saving the incredible costs that GLP safety assessment organizations currently invest in purchasing, qualifying and maintaining extensive IT infrastructures to support their regulated studies. In my career I have often marveled at how much time and money we spend on these IT issues (actually just the time spent arguing about these IT issues) and the idea that I could simply contract this out to some cloud-based (cloudy?) service provider sounds nearly irresistible to me. On the other hand, when asked what would be my major concern about moving to such a cloud-based system it would have to be security. Again, the traditional view of preclinical safety data was that they were an essential element of the family jewels and as such needed to have a level of protection befitting that status. Therefore the question becomes: can cloud-based solutions be as—or even more—secure than in-house data systems? I have heard both pro and con arguments on that position, but I must say the rather constant drum beat of security breaches at financial institutions gives me reason to worry.
So it would appear there are strong and compelling business reasons to consider or avoid cloud-based services in a GLP environment. But what would keep me up at night would not be the question of whether we can achieve a certain level of cost savings or maintain appropriate levels of security and integrity. Rather it would be whether we had yet again fallen victim to the hyped-up rhetoric surrounding the introduction of new technology. In my experience only about 1 in 10 new technology introductions actually end up having a truly positive or game-changing impact over the long haul. Most new technologies (say 5 or 6 of 10) end up offering some advantages and some disadvantages and therefore sum up to a low or zero net impact. And some, on the order of 2 of 10, actually end up costing us more than we recovered in benefit. Will “cloudy” solutions be that 1 in 10 big leap forward, or are they just another resource drain whose benefits never live up to their sunny promise?
Ernie Bush is VP and Scientific Director of Cambridge Healthtech Associates. Email. email@example.com
This article also appeared in the November-December 2011 issue of Bio-IT World magazine. Subscribe today!