eLifeSciences White Paper

e-Life Sciences 2010 – Enabling a Trusted Electronic Value Chain Jacques Francoeur VP Strategic Aliances Proofspace, Inc. (650) 255-6516 [email protected]

Table of Contents

Acknowledgements .................................................................................................................3

Executive Summary ................................................................................................................4

1 The Electronic Drug Development, Approval, Marketing & Sales Value Chain...........5

1.1 Electronic Value Chain Transition Pressures ............................................................ 5

1.2 Electronic Value Chain Overview .............................................................................. 7 e-Supply Chain........................................................................................................................................8 e-Collaboration.......................................................................................................................................9 e-Detailing ...............................................................................................................................................9 e-Submissions .......................................................................................................................................10 e-Clinical Trials .....................................................................................................................................12 Online Physician-based Initiatives.....................................................................................................14 Online Patient-based Initiatives .........................................................................................................15

1.3 Electronic Value Chain Challenges...........................................................................16 The Electronic Risks............................................................................................................................17 Interpretation and Differences in International Standards............................................................17 Measuring, Verifying and Demonstrating the Electronic State.....................................................18 Absence of Legal Precedence.............................................................................................................18 Controlling the Transition and Management Assertions ...............................................................19 Enterprise-Wide e-Implementations .................................................................................................20

1.4 Electronic Value Chain ROI .....................................................................................21

2 Vision and Strategy for Enterprise Risk Management .................................................22

2.1 Vision - A Trusted Digital Enterprise ...................................................................... 22

2.2 Strategy - Enterprise Digital Trust Management .................................................... 23 2.2.1 Enterprise-Wide Strategy ..................................................................................................24 2.2.2 Business Centric Strategy..................................................................................................26 2.2.3 Comprehensive Risk Management..................................................................................27 2.2.4 Integrated Risk Management Strategy ............................................................................33

3 Enterprise Risk Management Method: The Digital Chain of Trust Methodology .....36

3.1 Management & Organizational Benefits ................................................................. 37

e-Life Sciences 2010 – Enabling a Trusted Electronic Value Chain

© Jacques Remi Francoeur, 2003. All Rights Reserved Page 3 of 39

Acknowledgements The knowledge embodied in this white paper represents the culmination of a long and hard journey that could not have been realized without the support of family, friends and a number of colleagues along the way. I wish to acknowledge the contributions of a few. To my sister Joanne, who has always believed in me and supported my efforts since the beginning. To my Mother and my other sisters Nicole and Helene, who have always been supportive of the choices I have made. A very special thanks to my partner Tani Rivera, who exhibits great patience and continues to provide support in innumerable ways. A special thanks to Frank Raimondo, a friend and colleague who continues to provide support to realize the vision set out in this paper. A very special thanks to Eric Leighninger, a friend and colleague who has provided encouragement and support over the years and especially for the words he authored below and affixed his name to.

“The Digital Chain of Trust Methodology is a significant contribution to the body of work on

trusted systems theory and practice.

The methodology is constructive and evidentiary in nature in that it provides a process modeling, design

and evaluation framework for building systems to create, manage, and preserve

trustworthy electronic forensic evidence. Such forensic evidence – the sequence of events

involving who, what, when and how – is essential for audits and a posteriori analyses required as the basis for legal enforcement and adjudication of electronic

business processes and practices.”

Eric Leighninger Chief Security Architect, Allstate Insurance Company



Executive Summary The Life Sciences’ industry is undergoing fundamental changes as a result of the advent of genomics and proteomics. Combined with the current market and regulatory conditions, Life Sciences Organizations (LSOs) find themselves under an unprecedented set of industry, market, regulatory and competitive pressures that are creating significant challenges to the current “way of doing business” and driving for fundamental changes to its core business models and practices. Currently there exist significant downward price pressures on the demand side. Price premiums are increasingly difficult to justify and will only be acceptable for first-to-market new drugs that are not “me too” in their benefits. The trend towards smaller target communities as a result of the transition to genomics is driving up the number of drugs that need to be successfully brought to market. Combined with the loss of patent protection for a number a key drugs, it will be extremely difficult to maintain revenue levels let alone build share value. These factors are driving the need for a radically reduced time-to-market, a significantly lower drug development cost and a move towards a service-based therapeutic value proposition that requires knowing a great deal more about the customer than current norms. This cannot be achieved with the current paper-based, manual, semi-electronic and physical-world business models and processes. To maintain the status quo equates to decreasing profitability and its consequent reduced lower shareholder value. Accordingly, the transition to an electronic value chain is essential to the viability of the Life Sciences’ industry and the competitiveness and profitability of LSOs. Enabling laws providing legal effect and validity to electronic records and signatures has been enacted around the world, effectively ensuring non-discrimination for being electronic. Regulations driving the adoption of electronic record and signature systems for medical information (HIPAA) and New Drug Applications (21 CFR Part 11) are in effect. Yet, the transition to an electronic value chain has been slow – Why? This is due in large part to the difficulty and complexity of controlling and managing the business, technical, legal and regulatory risks of transitioning to and maintaining an electronic value chain. There is currently no enterprise-wide, multi-stakeholder and global strategy to manage the transition to an electronic value chain and there is no integrated and comprehensive method to control and manage the business, technical, legal and regulatory risks in making the transition from the “physical” to a more efficient and effective “electronic” value chain. This white paper presents such a vision and strategy called Enterprise Digital Trust Management and outlines a risk mitigation and transition management method called the Digital Chain of Trust Methodology. This vision, strategy and methodology provides benefits to “C”- class executives, legal counsel, and senior executives by providing confidence for making management assertions to regulators, investors and business partners; to middle managers by enabling a controlled and measurable transition and a risk mitigation approach that enables the effective allocation of scarce resources; and to practitioners and internal auditors by providing a structured and automated method of performing audits. The overall organization will benefit from more effective control over risks, lower cost-of-compliance, greater “consistent intended performance” across the enterprise and a framework for continuous improvements.

The end result – a Life Science Organization that operates an electronic value chain that brings new drugs to market in a significantly shorter time and lower cost while being demonstrably trustworthy and compliant (from both legal and regulatory perspectives).



1 The Electronic Drug Development, Approval, Marketing & Sales Value Chain The adoption of Internet-based electronic business models and channels has the potential to dramatically reduce costs and revolutionize the speed, responsiveness, reach, efficiency, and effectiveness of each phase of the drug research, development, approval, manufacture and commercialization value chain. A number of creditable authorities including IBM Life Sciences 1, Tufts Center for the Study of Drug Development 2 and Cap Gemini Ernst & Young 3 have articulated strong business cases for the need to radically change how drugs are discovered, developed, approved, brought to market and administered to patients. The gains require focus on delivering three main bottom-line outcomes – a shorter new drug development cycle, from an average of 10 - 12 years to 3 - 5; a lower pre-launch total cost of development of $200 million down from an average of $800; and a more effective way of understanding and leveraging the customer relationship. For example, the Tuft CSDD analysis 4 indicates that reducing the total development time by 50% would reduce the cost of development by 29%. Realizing these gains require Life Science Organizations (LSOs) to not only convert their core business models and processes to “trusted electronic equivalents,” but to also take the unique opportunity to make improvements to processes and to consider new ways of doing business. One of the areas most critical to the industry is forming better long-term mutually beneficial relationships with their customers – physicians and patients. However, adopting the Internet-based electronic paradigm requires stakeholder cohesion and integration, and creates many new legal and technical challenges that will radically change the methods of managing risks, adhering to legal standards and maintaining regulatory compliance. Key to meeting the challenges and delivering a superior Return on Investment (ROI) is implementing a comprehensive and integrated enterprise-wide strategy and method to control risks that reduces uncertainty and the cost-of-compliance. This white paper presents an enterprise vision, strategy and outlines a methodology for making a controlled transition that will demonstrably deliver the cost reductions and efficiency and effectiveness gains mentioned above.

1.1 Electronic Value Chain Transition Pressures The pressures forcing the transition to an electronic value chain are significant and originate from several sources – industry, market, competitive and regulatory, combining synergistically to create the necessary conditions to implement changes – the adoption of electronic initiatives and ultimately an end-to-end electronic value chain. Industry Dynamics: The Life Sciences industry is undergoing radical changes. The advent of Genomics is causing a trend towards smaller target communities and personalized medicine that are in turn causing fundamental changes to the current “way of doing business.” The shift from “one size fits all” drug treatments to targeted treatments and service-based value propositions is mandating a higher level of knowledge of customer needs, preferences and behaviors that has already clashed with the personal information privacy “revolution” underway around the world.

1 IBM Business Consulting Services, “Pharma 2010: The Threshold of Innovation,” Future Series. 2 Tufts Center for the Study of Drug Development Outlook 2003. 3 “The Quantum Shuffle – the Impact of e on the Pharmaceutical and Medical Device Industries,” Gap Gemini Ernst & Young. 4 Tufts Center for the Study of Drug Development – Outlook 2003

An Electronic Drug Development, approval and commercialization value chain delivers a

Shorter drug development cycle Lower pre-launch total cost of

development, and A more effective physician and

patient relationship.



Market Expectations: In recent years a number of events have caused a significant downturn in share values and a return to conservative business values. The pressure exerted by investors to regain share value is higher than ever. There are no silver bullets – value must be created by the traditional business metrics of revenue growth through increasing market share and reaching previously untapped markets and profitability through increasing profit margins. Competitive Pressures: Premium profit margins go to those who make it to market first with innovative products. Follow-on “me too”-like drugs have similar development costs but do not command the same price premiums and they have to dislodge the incumbent. It is therefore a fierce race to get to market first. This creates significant pressures to increase business efficiency and reduce cycle times and calls for considering new ways of doing business to increase effectiveness. Regulatory Requirements: The emergences of industry specific regulations are requiring the transition to electronic information management and signature systems and electronic business process and transactions. The regulations define standards of data privacy protection and security and standards of trustworthiness for electronic systems, processes, signatures, records and audit trails. Some of the most significant regulations are those issued by the US Health and Human Services. They include the FDA’s 21 CFR Part 11 Electronic Records and Signatures regulation governing electronic submissions for New Drug Applications (NDA). Part 11 establishes the standards of security and electronic systems trustworthiness for all aspects of information and decision-making that impact or contribute to the submission requirements for NDA The industry must also ensure that its clinical trials comply with HIPAA. This regulation affects the collection, use and disclosure of personally identifiable medical information during clinical trials. Under HIPAA the health industry is transitioning to electronic records and transactions as the medium to manage personally identifiable health information and to deliver health care services. HIPAA require the protection of patient data privacy and the security and integrity of information and is backed by stringent penalties, including imprisonment in the case of malicious or profit-based intent. For multinationals, the European Union Data Privacy Directive and the European Union Electronic Signature Directive also have to be adhered to as relates to personally identifiable health information on Europeans and the execution of legally admissible electronic signatures, respectively. To facilitate single NDA filings in the US and the European Union, the Electronic Common Technical Document (e-CTD) standard is being established to enable a common approach to meeting the U.S. and European Union filing requirements.

MarketExpectations

IndustryDynamics

Com

petit

ive

Pres

sure

sR

egul

ator

yR

equi

rem

ents

LSO



1.2 Electronic Value Chain Overview The Internet has already delivered significant benefits to the drug development, approval, manufacture, marketing and sales value chain, hereinafter referred to as the “e-Value Chain.” In order to more effectively define the domain to which the enterprise risk management strategy will be applied, it is useful to provide an overview of key domains in the e-Value Chain. The core electronic initiatives, referred to as e-Programs, within the value chain can be divided into the seven main domains of e-Supply Chain, e-Submissions, e-Clinical Trials, e-Detailing and Online Physician and Patient Initiatives, as illustrated in Figure 1 below. The illustration depicts the domains as independent from one another but should be considered integrated and operated by an enterprise-wide network system of electronic resources. Each domain has its own set of business drivers and risks. The objective of this paper is to describe an enterprise-wide strategy that will yield an integrated risk management approach that will deliver greater management assurance while driving a lower cost-of-compliance.

Discovery Development Manufacture Marketing & Sales

Ele

ctro

nic

In

itia

tive

s: e

-Pro

gram

s

Electronic Value Chain

© J

acqu

es F

ranc

oeur

200

3

Drug Specific Portal

Direct-to-PatientMarketing

Patient RelationshipManagement

OnlinePatient Initiatives

e-Supply Chaine-Procurement

e-Auctione-Marketplace

e-Distribution

Knowledge Management

e-Collaboration

Intranet/Extranet/Wireless

e-Prescribing

OnlinePhysicianInitiatives

Disease ManagementPortal

Direct-to-PhysicianMarketing

Customer Service Center

e-ClinicalTrials

Remote Monitoring

e-Recruitment

Electronic DataCapture Physician Relationship

Management

Sales Force Automation

e-Detailing

Electronic Records Management

e-SubmissionsElectronic Signature Applications

Electronic Identity Management

Electronic Time Management

Audit Trail Management

Figure 1



It is not the intent of this paper to discuss the strategies, issues and specific risks of each electronic initiative. For this purpose the reader is referred to references made throughout the paper and the following two sources: “Digital Strategies in the Pharmaceutical Industry” 5 and “The Quantum Shuffle – the Impact of e on the Pharmaceutical and Medical Device Industries” 6. The following is an overview of each of the seven main e-Value Chain domains illustrated in Figure 1 above. The e-Value Chain domains contain different logically associated e-Programs that are based on different business models, communities of individuals, processes, workflows and transactions. However, all e-Programs rely on a common networked information infrastructure whose risk can be managed on a similar common basis.

e-Supply Chain

The e-Supply Chain covers transactions related to the procurement of goods and services that contribute to the cost of goods sold and to the distribution and sales of the final product. Corporate Intranets are a proven e-Supply chain initiative delivering internal operational efficiencies between stakeholders within the organization.

Extranets extend this operational efficiency to all external participants of the manufacturing and distribution value chain such as suppliers, distributors, Contract Research Organizations and increasingly contract manufacturers. The Internet and web-based applications play a critical role in tying all workflows together. Extending beyond the enterprise, the cost of procurement can be greatly reduced and the effectiveness of supplier relationships greatly increased through either proprietary e-Procurement initiatives such as a corporate Extranet or public member-based initiatives such as B2B e-Marketplace. With pre-established relationships among certified suppliers, the mechanics of procurement according to standardized policies and procedures can be automated. Without pre-established relationships, e-Marketplaces allow reverse auctions to be conducted for the competitive tendering of commodity-like products that drive prices down. However, it remains a challenge to conduct e-Auctions for highly specialized and regulated products.

On the distribution side, fears of being eliminated from the value chain (i.e., disinter-mediation) and control over the customer relationship are still being played out. However, the value-point is shifting given the increase in customer power, in particular the payee. What is certain is that LSOs must shift their focus to owning the customer relationship, understanding the customer pain-points and how to cost effectively provide relief without adding further encumbrances.

5 Leonard Lerer and Mike Piper, “Digital Strategies in the Pharmaceutical Industry,” Gap Gemini Ernst & Young. 2003. 6 INSEAD and Gap Gemini Ernst & Young, “The Quantum Shuffle – the Impact of e on the Pharmaceutical and Medical Device Industries,” 2001.

“All respondents [100 Pharmaceutical executives] consistently cited the supply chain as the area where e-implementation is most likely to bring cost benefits.” 5

“We believe the relationship between distributors and manufacturers will change dramatically in the medium term driven by who owns the customer interface.” 5



e-Distribution



e-Distribution



e-Collaboration

Common to all phases of bringing a drug to market is the generation of sensitive information exchanged between individuals who must make decisions. The efficiency and effectiveness of this process is critical to the competitiveness of the LSO. The

implementation of corporate Intranets and Extranets has greatly enhanced the ability of employees and partners to collaborate. However, data and business information are created and stored in independent silos and knowledge is not being generated and leveraged. That is, solutions and lesson learnt are not made available to those who need-to-know and they are not applied consistently through out the enterprise. This results in significant loss of value and competitive advantage. For example, the lack of awareness of the existence of specific information and fragmented information sources cause the need for data to be regenerated, adding additional costs. Inaccessible historical information inhibits learning and impairs the transformation of information into predictive and actionable knowledge. e-Collaboration based on a foundation of knowledge management is essential to an electronic drug development, approval, marketing and sales value chain - a tightly integrated, seamless, and near real-time “enterprise electronic value chain” that links together all phases of the drug development cycle and all stakeholders through a trusted distributed networked community. Information is no longer static; making its transformation from descriptive data to dynamic information and finally to predictive knowledge that can be acted upon to drive revenues. Confidential information and knowledge domains are generated, captured, transmitted, preserved, secured, linked and made available to all authenticated and authorized stakeholders. It is maintained current, accurate and complete, verified for authenticity and displayed in human readable form when and where required - facilitating e-Collaboration. e-Collaboration is being greatly enhanced in terms of near real-time collaboration by the use of wireless technology, which has and continues to improve dramatically in terms of available bandwidth, area coverage and available personal devices, such as Personal Digital Assistants. However, ensuring the confidentiality and integrity of this information over its life cycle (capture, transmission and storage) remains a critical challenge and barrier to adoption.

e-Detailing

The needs of physicians are changing in concert with the dramatic changes in the industry and the nature of the treatment solutions. The amount and complexity of information is dramatically increasing while the bandwidth of physicians to access and assimilate the information continues to decrease. In addition, physicians must not only absorb the latest information but also synthesize it into knowledge they can use to improve the quality of care of their patients.

This new reality represents a critical challenge for LSOs in general and sales agents in particular. First, LSOs must shift their physician-facing value proposition from providing information to meeting the increasingly sophisticated needs of the physician that are focused around specific disease management knowledge. This will require the sales agent to have access to this information in a form that can be easily assimilated by the physician.

“ E-detailing implies web-enabling an existing (supplier-driven) process rather than addressing the

basic need, which is how to get the information a physician needs to him or her in the right place at the right time. If this need can be met, the role of

the sales force will be much more that of a relationship manager, satisfying other needs rather

than simple information requirements. .” 5


e-Collaboration



e-Collaboration


Physician RelationshipManagement


e-Detailing

Physician RelationshipManagement


e-Detailing



Second, this new value-added proposition must use the appropriate channel(s) to reach the physician, the sales agent being one of many possible touch-points. Others include Internet Physician-based initiatives such as Customer Service Centers, discussed later. Consequently, as it relates to the sales channel, Sales Force Automation needs to involve not only increasing the efficiency of the sales function (“Automate”) to improving the effectiveness of the sales agent function. For this to occur, detailed knowledge of the physician’s needs, preferences and behavioral patterns must be captured and analyzed and delivered to the agent in a way that enables the delivery of the needed services. This is accomplished by physician focused Customer Relationship Management, also referred to as Physician Relationship Management, covered in the following sections. The Internet in general is a cost-effective e-Detailing channel for all the traditional reasons: the cost of information distribution is low, especially to hard to reach regions; a large distribution of physicians can be reached; information can be accessed on the physician terms; and communication with sales agents can be conducted via email and other more sophisticated techniques such as instant messaging and video conferencing. The battle for the physician’s attention is extremely competitive and consequently, establishing a value-added relationship with physicians will be critical toward getting through the noise, drawing their attention and obtaining the desired action. Physician Relationship Management: Effective Customer Relationship Management (CRM) is key to the formation of sustained value-added relationships with physicians, patients, or payees. The nature and extent of information that can be captured through the Internet, such as preference and behavioral patterns, is unparalleled and very controversial. A decade of data collection abuse involving the unauthorized tracking and sale of personal data has resulted in significant mistrust by customers. If the main purpose of CRM is data collection with only nominal benefits to the customer, initiatives will continue to be rejected. CRM must not only focus on improving existing processes, such as message targeting and customer service, but also bringing tangible value to the customer in the form of reducing information clutter and facilitating complex decisions. However, issues of privacy, security and trust remain the main barriers to the success of electronic “get to know your customer” practices. By bringing significant value to the customer, they will richly reward the organization with behavioral and preference information that can be used for effective Direct-to-Customer marketing and personalized web services. A CRM can take on a specific “customer” focus. Physician Relationship Management is focused on physicians as customers while Patient Relationship Management is focused on patients as customers. Given that physician and patients are very different types of customers with very different needs, each CRM will manage a very distinct set of data and value propositions. CRM must also integrate and leverage complementary initiatives, the boundaries of which are not clear, such as Disease Management Portals, Product Specific Portals, Sales Force Automation, e-Detailing and Customer Support Centers. These are covered in the next sections.

e-Submissions

“e-Detailing will become the mainstream way of doing business. I believe in five years from now 70 per cent of all detailing will be done electronically.” 5



The New Drug Application (NDA) submission process is highly regulated and complex, as all phases of the drug development process contribute to the documentation requirements. 21 CFR Part 11 (“Part 11”) defines the basis upon which the FDA will consider electronic records and signatures as equivalent to paper records and handwritten signatures, enabling the adoption of paper-free processes and the transition to electronic NDA submissions. Part 11 defines how the life-cycle of electronic records, signatures, time stamps and audit trails must be managed in order for an e-Submission to be considered regulatory

compliant. Although the potential for cost and time savings by the adoption of electronic submissions is significant, the transition to Part 11 compliance should be taken as an opportunity to re-engineer workflows and processes to improve the effectiveness and efficiency of the submission process. Although implementing a closed system (restricted access) reduces the complexity of the compliance requirements, deploying an open system that supports a wider base of business applications will leverage the compliance investment, delivering greater effectiveness and efficiency gains to the enterprise, thereby increasing the ROI. The ability to deliver a compliant NDA e-Submission is predicated on e-Systems that operate compliant electronic identity, record, time, signature and audit trail management systems.


Reliable electronic identity management is mission critical as it is the key to keeping critical information assets and business operations secure. Therefore, central to the trustworthy operation of all the electronic initiatives in the e-Value Chain is the effective management of electronic identities. Effective electronic identity management must not only authenticate in real-time the true identity of an individuals and link them to current access privileges but also capture and preserve the identities of individuals involved in electronic transactions in order to ensure their accountability. The reliability of an electronic identity is central to the legal admissibility and therefore the enforceability of electronic signatures and agreements. Electronic identities must therefore be sufficiently reliable to ensure their admissibility for purposes of accountability, dispute resolution and court adjudication. An enterprise must manage a large number of identities across heterogeneous environments that represent members of different communities of interest (e.g., employees, partners and customers) that have different service requirements. The level of identity reliability, and therefore technology solution used (e.g., username/password versus digital certificate) for these different communities will vary depending on the nature and risk of the application, the sensitivity of the information being accessed and the business function. The different identity communities required by the various business units naturally drive towards a decentralized identity management approach that creates many management and operational problems such as isolated information silos, administrative duplication, data inconsistencies, policy and procedural conflicts and inconsistent security standards. In order to minimize these problems and provide efficient access to users across multiple applications and environments, identity management should be centralized according to standard enterprise-wide policies and procedures with decisional control for provisioning and managing identities and privileges delegated at the operational unit level. This will reduce management complexity and duplication, thereby reducing costs and reduce user down time involved in gaining access to information needed, increasing the time focused on value added activities. Greater consistency will allow for increased access interoperability across the enterprise and allow increased responsiveness to changing dynamic communities.

“The pharmaceutical industry is beginning to see significant operational improvements through implementation of e. For example, companies are reporting a 40% reduction in the time it takes to move from finishing clinical trials to submitting dossiers for regulatory approval. 5














Time is one of the most critical components of the e-Value Chain and the business it enables. The ability to manipulate time underpins the reliability of information systems, the integrity of electronic signatures and the authenticity of information. The ability to reliably source legal time from a National Timing Authority, synchronize networks and applications and to embed time stamps in electronic records and signatures is fundamental to the integrity, legal admissibility and regulatory compliance of the business transactions flowing through the e-Value Chain. The reader is referred to a white paper produced by the author on this subject – “Trusted Time – Essential to e-Business Risk Mitigation.” 7

Electronic Signature Applications

Signatures are required for many business functions such as acceptance, approval and agreement. Under 21 CFR Part 11 the FDA requires management to assert that their electronic signatures are legally equivalent to handwritten signatures. This requirement is integral to the FDA’s definition of an electronic signature “… a computer data compilation of any symbol… executed, adopted or authorized by an individual to be the legal equivalent of the individual’s handwritten signature.” 8 Electronic signatures merge content and informed consent with identity and time. The trustworthiness of an electronic signature is predicated on the reliability of the identity, information and time management systems described above and the process used to execute the signature. The system must be able to capture, preserve and verify the integrity of signatory’s identity, the content of what was signed and the time of signature. It should be noted that the admissibility of an electronic signature is dependent not only on technology but a number of other factors such as sole control over the act of signing and a state of informed consent during the act of signing. These issues are discussed in a white paper by the author entitled “The principles and Measurement Metrics of Electronic Agreement Admissibility.” 9


Common to all phases of e-Value Chain is the generation of commercially sensitive information, ranging from R&D results (e.g., Intellectual Property) to pricing and competitive information. Creating and maintaining information in electronic form will deliver significant paper life-cycle cost reductions, facilitate the near real-time update, access and exchange of information and greatly reduce cycle times and response times. However, information in electronic form creates significant risks and challenges including ensuring the confidentiality, restricted access and integrity of the information over its life-cycle - creation, transmission, rendering, storage and archival.


Accountability has become a critical enterprise requirement due to the risks of being digital. Given that the risk of identity, information and time manipulation and unauthorized alteration may come from within the enterprise, security measures must also apply to IT administrators and others who have access to the information systems that manage identity, information and time. Key to the ability to make individuals accountable is the ability to track and capture tamper resistant audit trails that log who accessed what when in a manner that can be verified for integrity. This especially relates to individuals who set policy and rules for identity, information and time management systems. The need to report on who has what access to what information and resources and the fact that their access is limited to what is needed to perform their function is not only a good security practice but also increasingly a regulatory requirement.

e-Clinical Trials

7 “Trusted Time – Essential to e-Business Risk Mitigation,” Jacques Francoeur, March 2000 8 FDA 21 CFR Part 11: 11:3 Definitions 7 9 “The Principles and Measurement Metrics of Electronic Agreement Admissibility,” March 2003, Jacques Francoeur, www.trustera.com.



The clinical development phase is complex, rigid, currently manual, paper-based, static and therefore very resource intensive. It is one of the most costly stages in the drug development process. Consequently, it is currently a critical problem area and with the increasing number of new drug prospects targeted to smaller treatment populations, the industry will face some even greater challenges in the years to come. 10 These factors are driving the need to change how clinical trials are designed and conducted. Through the adoption of the

Internet and electronic technologies,11 such as Electronic Data Capture, Remote Monitoring and e-Recruitment, there are opportunities to dramatically improve the current approach and alleviate the current bottlenecks. e-Clinical trials provide the opportunity to streamline and integrate processes to yield efficiency and effectiveness gains. This includes reducing the resources expended on patient recruitment and tracking and work flow logistics. Real-time feedback on trial progress allows for protocol corrections, while preserving the statistical validity of the information, and early terminations if necessary.

The use of Electronic Data Capture (EDC) techniques and the Internet are slowly emerging to enable e-Clinical Trials. EDC can drastically improve the quality of raw data and value-added information by increasing the accuracy of the data collected, reducing data entry errors and ensuring complete data collection at the time of data entry and patient assessment.

The immediate access to clinical trial information is essential to more informed decision making concerning needed corrections to protocols or even cost saving benefits that can be derived from terminating trials early. “In fact, it is estimated that quick identification of failing studies could save companies as much as $1M per study.” 12 The Internet can be used in two ways to conduct EDC and provide immediate access to the results. The first is in a “batch” mode where the information is captured offline and downloaded to a web portal. However, this “client-side” method of Internet EDC has the disadvantages of requiring validation of the device and software and addressing local client side problems. Another approach eliminates these disadvantages. Through the adoption of high-speed Internet connectivity, server-side EDC can be implemented. This involves maintaining the software at the server side and downloading the data to the server in near real-time as it is captured. This removes many of the

10 “Streamlining Clinical Trial Processes for Improving Time to Market”, IBM Life Science, 2002 11 “Technology in clinical trials,” Pharmafocus Feature, March 2003, Stella Holford. 12 “Streamlining Clinical Trial Processes for Improving Time to Market”, IBM Life Science, 2002

Nearly 90% of them [respondents] believe the process for conducting clinical trials will be radically transformed over the next five years.” 5

“It has been estimated that increasing the efficiency and effectiveness of clinical trial process could reduce the total drug development costs as much as $240 million out of an average of $800M, a 30% reduction.” Tufts Center for the Study of Drug Development –

Outlook 2003.

“Firms will expand their use of e-technologies to reduce the length and

costs of clinical development by improving the investigator site selection

process, reducing delays in recruiting patients for clinical trials, lowering trial

monitoring costs, and permitting quicker, cheaper collection of clinical trial data.”

Tufts Center for the Study of Drug Development –

Outlook 2003

e-ClinicalTrials

Remote Monitoring

e-Recruitment

Electronic DataCapture

e-ClinicalTrials

Remote Monitoring

e-Recruitment

Electronic DataCapture



client-side validation problems. Both methods dramatically improve the nature and responsiveness of the relationship between the clinical data manager and the clinical research associate, enabling the efficient resolution of data queries. With recent advances in wireless technology and its increasing coverage and wide spread use combined with advances in sensing and monitoring technology, it is possible to conduct Remote Monitoring of clinical trial patients, reducing some of the logistical burdens placed on patients and capturing data in a more realistic life-like situation. Online Patient Recruitment: The greatest bottleneck in the clinical development process is patient recruitment, retention and trial completion. The costs and loss opportunity related to patient recruitment, complications and delays are significant and as the number of drugs on the market increases and the target populations decrease, this problem will increase dramatically. Using the Internet to identify and recruit patients for clinical trials (e-Recruitment) is controversial as it circumvents the patient-physician relationship creating the potential for damage to the critical physician-pharmaceutical relationship. Even though the Internet is a low cost medium for reaching potential patients, it is not an effective method for Online Patient Recruitment due to complexity of the decision related to participating in a clinical trial and the significant privacy concerns. However, once the relationship is started, the Internet is a very cost effective method of maintaining patient commitment and compliance to the trial protocol and to implement techniques such as EDC and remote monitoring of patients. If trust is built and value provided, the patient may be available throughout the life of the ailment and for more than one trial.

Online Physician-based Initiatives

The physician generally controls the patient relationship and remains the key driver for creating product demand. Consequently, the pharmaceutical-to-physician relationship remains the main focus of marketing. However, the nature and form of these relationships are changing due to fundamental changes in the industry, the shift in power towards the patient and the impact of the Internet. There are a number of possible electronic initiatives focused around improving physician marketing and sales methods and the pharmaceutical-to-physician relationship, as described below The portal business model of the 1990s has come and gone. Its failure was due in large part to a business model sustained by advertising that was

strongly linked to extensive data collection and mining of preference and behavioral patterns. In many cases the collection occurred without the knowledge and consent of individuals and without providing adequate protection to the sensitive data. Portals must first and foremost deliver real tangible value when and where needed in a form readily usable. In Disease Management Portals this value must relate to improving how physicians provide quality-of-care to their patients and reduce the complexities of conducting their business. Disease Management Portals should not only provide useful and current information concerning particular diseases but also provide services that aid physicians in providing disease management services to their patients.

“This is an area ripe for change, as for pharmaceutical companies, marketing and sales costs account for 25% of revenues – about twice what the industry is spending on R&D.” 5

“The opportunity costs of one day’s delay in clinical development can equal

millions of dollars; every day a drug candidate is delayed decreases the

potential revenue for that product.”

Patient Recruitment: The Growing Challenge for Pharmaceutical Companies.

IBM Global Industries, June 2002

e-Prescribing




Customer Service Centere-Prescribing




Customer Service Center



A Customer Service Center (CSC) is an innovative and effective way of providing real-time and interactive support to physicians in an ever-increasing complex drug and treatment environment using a “pull” service-based model. The initial “push” based portal model was inherently positioned for failure. A CSC extends the CRM model to the point of value delivery, overcoming one of the main previous reasons for failure. This is where the gap is closed between value provided for the exchange of customer knowledge and ability to more effectively target. A CSC integrates multi-channel service delivery and marketing (phone, Internet, face-to-face) into a comprehensive support package that leverages synergies between the needs of the physician and that of the LSO. A CSC has the potential of transforming the descriptive nature of CRM data into predictive information and eventually actionable knowledge. Making the link between physicians and patients through a Customer Service Center can provide valuable services to patients; however, it remains a risky proposition given the insertion of an intermediary in the coveted patient-physician relationship. A Customer Service Center is an ideal channel for e-Detailing given the “pull” based model where information is provided by request and consequently has a significantly greater changed of being reviewed and reacted upon. However, if e-Detailing follows the path of SPAM in Direct-to-Physician Marketing, a backlash will occur which will take considerable time to rebuild.

Online Patient-based Initiatives

The patient being the consumer of prescription drugs ultimately drives demand. Traditionally the physician has been the sole intermediary to the consumer and they are extremely averse to releasing control of this critical relationship. However, the Internet has changed the character and power of consumers. Patients are better informed and come armed with medical advice of all kinds. Consequently patients are making choices with less and less influence from any one physician and demanding particular treatments.

Consequently, physicians are slowly losing their exclusive control over the patient. The industry’s entry into pharmaco-genomics and evolution into segmented medicine, offering diagnostic techniques, preventive treatments and therapeutic choices, is causing a value proposition transition to a service-based treatment model that provides value over the life-cycle of the patient’s condition. Realizing that the patient relationship is central to this new value proposition, pharmaceutical companies are investing considerably efforts towards reaching and understanding patients in an effort to target them more effectively through a number of different touch-points, build brand recognition and build sustained relationships with strong exit barriers. This is all in an effort to drive sustained sales of not only the drug product but also complementary disease management services. The Internet has provided a legal and cost-effective avenue to reach patients and to deliver service-based value propositions that were previously not possible. Targeted Direct-to-Consumer (D2C) marketing initiatives are being used to identify and capture consumers and Online Patient Communities, such as Drug Specific Portals, are an efficient patient point-of entry.

“Our respondents were quite uniform in where they believe e will have the greatest impact. One marketing manager was very clear that, “The big opportunity [of e] is that we can communicate directly with patients.” Nearly 70% of pharmaceuticals said that e will have the biggest impact on how they go to market.” 5











Once a patient enters the Internet portal, a cost-effective way of managing the relationship over their ailment duration is required. A custom application of CRM called Patient Relationship Management (PRM) can be used to ensure an effective extraction of behavioral and preference information and delivery of value such as personalization features (diaries, reminders) to encourage treatment compliance and loyalty incentives to retain the patient over the lifetime of their ailment. PRM requires patient tracking and profiling to deliver a “personalized” online experience, data analysis to determine needs and preferences from which targeted marketing can be conducted and interactive exchanges over multiple channels of communication to deliver services. However, this focus on patient preference and behavioral patterns comes at a time when issues of privacy and security of sensitive medical information is at an all time high. Given that D2C interactions and medical information are heavily regulated, PRM techniques create significant compliance and brand name risk. Patients do not trust that their highly sensitive medical information will be protected from unauthorized use and disclosure. As well, they do not trust that it will be secure from unauthorized access. Consequently, central to the success of Internet Patient-based Initiatives is complying with the data privacy and security related regulations and overcoming the barriers of mistrust patients have towards such initiatives. The early days of the Internet and its data collection abuses have created this presumption of mistrust that must be overcome.

1.3 Electronic Value Chain Challenges Before laws providing for the legal effect and validity of electronic records and signatures were enacted, the legally binding use of the electronic medium had to be enabled by expensive proprietary, rigid, and closed electronic networks and covered by complex business agreements. The advent of the Internet provides the potential for a flexible, open and inexpensive alternative based on a public infrastructure. However this public infrastructure creates many new risks and uncertainties that have created barriers to the widespread use of the Internet as a medium for executing mission critical business. Figure 1 illustrated the e-Programs that can be implemented across the value chain. A number of challenges are creating barriers to the deployment of such initiatives. Even though technologies of mitigating the risks of doing business electronically are available, significant vulnerabilities remain, especially as it relates to mission critical applications. The issue is not one of technology but one of weaknesses with people not following policy and poorly designed processes. Even with laws recognizing electronic records and signatures, there remains uncertainty as to the legal enforceability of electronic transactions, especially given the absence of case law. The absence of best practices for the measurement and verification of electronic integrity and regulatory compliance creates apprehension as to the ability to make management assertions with confidence. Finally, the current atmosphere of customer mistrust as to the collection, use and disclosure of their personal information is a significant barrier to initiatives intended to profile customers. There are a number of vulnerabilities and business risks common to all electronic initiatives across the value chain. The cost and complexity to manage these risks in isolation, where investments and experience cannot be leveraged, is enormous. An enterprise vision and strategy that addresses these issues holistically and a methodology that manages these requirements in an aggregated and integrated manner will deliver significant benefits to the LSO. It should be noted again that this white paper assumes the availability of a reliable network information system and therefore does not consider the risks associated with availability and reliability of the network and its systems.



The Electronic Risks

In the paper-based/physical world, a business mitigates its risks by implementing physical and logical security measures, ensures its transactions adhere to laws and legal standards and ensures its methods are compliant to Good Laboratory Practices, Good Manufacturing Practices and Good Clinical Practices. The “conversion” to electronic equivalents makes no difference to that fact that these same technical, legal and regulatory requirements must still be met. What are different however are the methods of mitigating the risks, adhering to laws and complying with regulatory requirements. As illustrated in Figure 2, electronic risks can be separated into three primary classes called technical, legal and regulatory risks. Technical risks can be in-turn divided into three independent secondary sources - Identity Risks (“who”), Information Risks (“what”) and Time-of-event Risk (“When”). The resistance to alteration, manipulation or falsification without detection or traceability of electronic identities, information and time is a measure of the level of risk mitigation. The same can be said of the resistance of e-Systems, e-Processes and e-Transactions to alteration, manipulation or falsification without detection or traceability. This is collectively referred to as e-Integrity. Controlling these three risk sources is central to maintaining a trustworthy digital enterprise, specifically authentic information, which is essential for reliable decision-making, and dependable identities, which are essential for restricting access to information and for ensuring that individuals can be held accountable for their electronic acts. Capturing accurate and auditable time stamps is also essential for all aspects of operations and in particular for meeting audit trail requirements. Legal risks are those related to adhering to legal standards and electronic signature laws. They are measured by the degree to which the method of conducting electronic transactions, creating electronic records and executing electronic signatures adhere to legal standards and e-Sign laws. The is collectively referred to as “e-Enforceability.” The authenticity of electronic records –“what,” the reliability of signatures – “who,” and the auditability of time stamps –“when,” must be sufficiently trustworthy to be deemed admissible by regulators and adjudication authorities. Compliance risks are those related to complying with its own internal requirements, industry best practices and external regulations such as HIPAA and 21 CFR Part 11. They relate to the ability to measure, verify and demonstrate compliance of e-System, e-Processes and e-Transactions to specific regulatory requirements. This is collectively referred to as e-Compliance.

Interpretation and Differences in International Standards

e-Sign laws around the world have been recently enacted recognizing the legal effect and validity of electronic records and signatures. Even though these laws are consistent with the United Nations Commission on International Trade Law (UNCITRAL) Model Law 13 on Electronic Signatures, there are substantive difference in approach and interpretation. For example, the United States Electronic Signatures in Global and National Commerce Act 14 is technology neutral while the European Union Electronic

13 Model Law and Guide to Enactment: http://www.uncitral.org/english/texts/electcom/ml-elecsig-e.pdf 14 United States Electronic Signatures in Global and National Commerce Act: http://www.ecommerce.gov/ecomnews/ElectronicSignatures_s761.pdf

RegulatoryRisks

LegalRisks

TechnicalRisks

e-Risk

Figure 2



Signature Directive 15 has given strong favor to cryptographic-based signatures for legal admissibility purposes. This has created the challenge of not only differences in interpretation of a given law but having to deal with variations between territories. The regulatory side has been much better in its harmonization efforts. Significant efforts are being made by regulatory agencies around the world to create a standard format for submitting applications. Under the International Conference on Harmonization 16 the Electronic Common Technical Document (e-CTD) standard is being created that will greatly simplify international applications. However, given that all NDA regulations such as Part 11 require the assertion that electronic signatures are “legally” equivalent to handwritten signatures, the connection to e-Sign law requirements is clear.

Measuring, Verifying and Demonstrating the Electronic State

Given the relatively recent enactment of laws and industry regulations driving the transition to an electronic business models and processes, methods to measure, verify and demonstrate the electronic integrity, legal admissibility and regulatory compliance of e-Systems, e-Processes and e-Transactions are misunderstood, early in their development and are unproven. Enterprise Digital Trust Management and The Digital Chain of Trust Framework, Architecture and Methodology, the subject of this white paper, are such methods.

Absence of Legal Precedence

The U.S.17, Canada 18 and the members of the European Union 19 have all passed enabling legislation and legal frameworks (“e-Sign”) providing for the non-discrimination against electronic signatures and records solely on the basis that they exist in electronic form. In legal parlance this means electronic signatures and records have equivalent “legal effect and validity” to their paper-based counterparts. However, this does not guarantee their “legal admissibility,” which is a prerequisite for the basic business requirement of ensuring the “legal enforceability” of electronic signatures and agreements. The e-Sign laws and frameworks are still subject to significant interpretation and the lack of legal precedence. The requirement of executing “legally equivalent” electronic and paper-based signatures is made clear by the FDA in their definition of an electronic signature – “… means a computer data compilation of any symbol … executed, adopted or authorized by an individual to be the legal equivalent of the individual’s handwritten signature.” 20 This statement has the effect to require the compliance not only to Part 11 but also to e-Sign laws and established legal standards.

15 European Union Electronic Signature Directive: Directive 1999/93/Ec Of The European Parliament And Of The Council of 13 December 1999 on a Community framework for electronic signatures. http://europa.eu.int/ISPO/ecommerce/legal/documents/1999_93/1999_93_en.pdf 16 International Conference on Harmonization, http://www.ich.org/ichctd.html 17 U.S.: “Electronic Signatures in Global and National Commerce Act (E-Sign) 18 Canada: “Personal Information Protection and Electronic Documents Act” 19 EU: European Union Electronic Signature Directive 20 FDA 21 CFR Part 11: 11.3 Definitions, (b) 7.

“The survey found that legal and regulatory issues were indeed viewed as the second biggest external barrier

to realizing the benefits of e.”

The Quantum Shuffle – the Impact of e on the Pharmaceutical and Medical Device Industries,” Gap Gemini Ernst & Young.



This assertion is substantiated by the FDA statement:

“At the same time, [Part 11] ensures that individuals will assign the same level of importance to affixing an electronic signature, and the records to which that signature attests, as they currently do to a handwritten signature.” 21.

This statement reflects an attempt to adhere to the established legal standard of “Legal Sufficiency.” This means that a signature has a legal significance and consequently, a commensurate level of awareness must exist as to what is being signed and the implications, irrespective of whether the signature is executed electronically or physically. In fact, the organization must make a management assertion to the FDA as follows:

“Persons using electronic signatures shall, … certify to the agency that electronic signatures … are intended to be legally binding equivalent to traditional handwritten signatures.” 22

Even though this assertion can be made at the organizational level, the FDA reserves the right to request “additional certification or testimony that a specific electronic signature is the legally binding equivalent to the signer’s handwritten signature.” 23 Meeting the requirements of legal admissibility is contingent on meeting a number of technical and more importantly non-technical requirements that are discussed in detail in a white paper by the author entitled “The Principles and Measurement Metrics of Electronic Agreement Admissibility 24”. Irrespective of meeting the highest standards of executing electronic signatures and agreements, there are very few adjudicated legal cases that can be used as legal precedence. This represents a legal risk that must be managed.

Controlling the Transition and Management Assertions

In making the transition from the current state of paper-based, manual and semi-electronic (“physical world”) drug development business models and processes to end-to-end electronic equivalents, management must make assertions that during the transition they have maintained demonstrable levels of electronic integrity, that is security and controls over their e-Systems, legal enforceability, that is legal admissibility of e-Transactions and regulatory compliance that otherwise could compromise existing business revenues. The risks not only lie in the design and operation of electronic value chain initiatives. They also exist in making a structured and measurable transition to the desired electronic state in a manner that does not compromise existing operations. The transition must be sufficiently controllable and measurable to enable executives to make management assertions with confidence to their stakeholders as to the electronic integrity, legal admissibility and regulatory compliance of any given electronic initiative.

21 FDA 21 CFR Part 11, Final Rule Page 13462, Column 3, A. Objectives. 22 FDA 21 CFR Part 11 Subpart C – Electronic Signatures, 11.1 General Requirements c) 23 FDA 21 CFR Part 11 Subpart C – Electronic Signatures, 11.1 General Requirements c), 2) 24 “The Principles and Measurement Metrics of Electronic Agreement Admissibility,” Jacques Francoeur, March 2003.



Privacy Mistrust There is significant mistrust by the general public as to the confidentiality, security, control over and use of their personal information. The sensitivity is drastically greater as it relates to medical and genetic information. This concern is one of the most significant barriers to getting to know and understand the consumer – patients. LSOs must presume an existence of mistrust that will take time and special practices to overcome. The existence of this information in electronic form combined with automated and integrated systems makes the risks of this information getting into the hands of an unauthorized individual very real.

Critical to both online physician and patient initiatives are issues of the privacy of personally identifiable information. This still remains the number one barrier to the adoption of the new “personalized medicine” value proposition. It is also a regulatory requirement of HIPAA and laws enacted in the European Union as a result of the European Union Data Privacy Directive. Many of the core critical concepts essential to the success of online communities are discussed in a book called “Net Worth – Shaping Markets When Customers Make the Rules.25

Enterprise-Wide e-Implementations

Enterprise implementations of electronic initiatives are extremely complex and difficult to carry out successfully 26 as they require a cohesive team of business and technical leaders and effective coordination between many stakeholders often driven by different agendas. Adding to this complexity is that fact that the boundaries of today’s virtual and dynamic enterprise are difficult to define as they are constantly changing. In order to ensure the success of enterprise electronic initiatives, the current reactive, fragmented, technical and IT approach to risk management must change. Managing the risks of an electronic value chain must be recognized as mission critical and therefore it must be sponsored and driven top down by executive management. Only with such a clear commitment will the required cultural change in mindset take place throughout the organization in a sustained manner. In order for risk management to be considered an enabler, overcoming the current perceived notion of a constraint, the risk management objectives must be aligned with the business objectives and risk tolerance of the organization. And finally given the fluid nature of the virtual enterprise, a proactive and formal approach to risk management must be taken that monitors and continuously adjusts to dynamic situations. 27 However, for those who take on such significant challenges, the benefits to the organization are commensurate.

25 “Net Worth: Shaping Markets When Customers Make the Rules, The Emerging Role of the Infomediary in the Race for Customer Information,” John Hagle III and Marc Singer. 26 “Enterprise-wide Implementations: Helpful Tips for CIOs Who Take on the Universe,” Health Data Management, Greg Gillespie, July 8, 2003. 27 “Defending the Digital Frontier – A Security Agenda,” Mark W. Doll, Sanjay Rai and Jose Granado, Ernst & Young, John Wiley & Sons, Inc., 2003.

“The widespread adoption of the Internet and the web has shifted cultural attitudes toward

privacy. Heightened privacy sensitivity will require online and offline businesses to

re-examine existing information practices.

Through 2006 information privacy will be the greatest inhibitor for

consumer-based e-business."

Gartner Group



1.4 Electronic Value Chain ROI The return on investment associated with reducing the cost and time of bringing successful drugs to market are substantial. Reducing drug development time will drastically increase the competitiveness of the LSO by increasing the number of drugs that can be processed through the pipeline and increase the probability of being “first to market,” thereby commanding premium pricing and avoiding the commodity effect of “me too” drugs. It will also allow much greater profits from a longer patented sales cycle. A Tuft Center for the Study of Drug Development analysis 28 indicates that reducing the total development time by 50% will reduce the cost of development by 29%. Reducing the pre-launch total cost of development has an immediate bottom line effect – lower cost of development means higher profit margins or higher sales volumes through lower prices. The key question is how will this be achieved? The adoption of e-Programs such as those illustrated in Figure 1 can significantly reduce the cost and time of drug development by delivering the following improvements to the drug development, approval, marketing and sales value chain:

Changing the Medium of Business from physical, manual and paper-based to electronic will

eliminate the paper-life cycle costs of printing, copying, faxing, and physical sending, receiving, storage and archival.

Increasing the Speed of Business will drastically reduce the cycle and response time of doing

business. For example by reducing approval times and increasing access and dissemination of information to near real-time will not only drastically accelerate business but allow for greater transaction volumes.

Increasing Business Efficiency. The transition to the electronic paradigm is an opportunity to re-

engineer workflows and business processes to eliminate non value-added components, reduce work duplication and error rates.

Improving Business Effectiveness: The transition to the electronic paradigm is an opportunity to

reconsider how business is done and to adopt new business models that improve the interaction between all the stakeholders.

28 Tufts Center for the Study of Drug Development – Outlook 2003



2 Vision and Strategy for Enterprise Risk Management The previous section outlined an electronic value chain that was composed of a number of different electronic initiatives, referred to as e-Programs that serve very different business objectives. Each e-Program executes transactions with differing levels of corporate and legal significance, requires different levels of risk mitigation, depending on the nature and risks of the application, and has its own specific set of regulatory requirements. However, even with the mandate of each e-Program being different, a finite and common set of electronic resources must deliver all e-Programs within the value chain. In addition, all e-Programs involve the management of technical, legal and regulatory risks and the same three fundamental components of – identity, information and time. It therefore makes good business sense that an enterprise vision and strategy be formulated that allows all stakeholders across the enterprise to perceive and manage in a cohesive manner all e-Program risks consistently and to allow investments and solutions by one stakeholder to be leveraged by another. This section will describe a vision of a trustworthy digital enterprise and the characteristics of an enterprise risk management strategy to transition to such an enterprise. Section 3 will then present an outline of a risk audit methodology that can implement the strategy and transition to a measurable and demonstrable trusted digital enterprise.

2.1 Vision - A Trusted Digital Enterprise Recall that the e-Value Chain involves a number of e-Programs, as was illustrated in Figure 1. If one assumes that the enterprise has implemented all its e-Programs in such a way that its actual practices are in compliance with all its risk mitigation requirements, whether technical, legal or regulatory risks, then one could describe the enterprise as being in a state of Enterprise Digital Trust. In other words, Enterprise Digital Trust means the organization can measure and demonstrate specific design levels of electronic integrity (e-Integrity), electronic enforceability (e-Enforceability) and electronic compliance (e-Compliance) for each of the e-Programs within the electronic value chain. This is illustrated in Figure 3 to the right. e-Integrity relates to the electronic technical perspectives of the e-Program. Its principle mandate is to ensure the authenticity of electronic records, identities, and time stamps to ensure that individuals can be held accountable for their electronic acts and that information is reliable. e-Enforceability relates the electronic legal perspectives of the e-Program. Its principle mandate is to ensure that all electronic transactions conducted by the e-Program are sufficiently trustworthy to be deemed legally admissible by an adjudication authority, such as an arbiter or a judge of a court of law. This is a pre-requisite of enforceable electronic transactions.

“Clearly, successful targeted drug development will require enterprise-wide

changes in the pharmaceutical industry.”

Pharmaceutical Clinical Development: The future of clinical trials – How genomics, proteomics, and technology are changing the clinical

development process, IBM Life Sciences, June 2002

Enterprise Digital Trust

e-Integrity e-Enforceability e-Compliance

Authenticityof Electronic

Records,Identities &

Time Stamps

Adherenceto Legal

Standards ande-Sign Law

Complianceto Industry

Regulations &Best Practices

Accountability& Reliable

Information

Admissible& EnforceableeTransactions

BusinessContinuity

Figure 3



e-Compliance relates the electronic regulatory compliance requirements of the e-Program. Its principle mandate is to ensure that all electronic resources involved in the delivery of the e-Program are in compliance with relevant regulations to ensure business continuity. It should be noted that e-Integrity, e-Enforceability and e-Compliance are heavily interrelated and one cannot be achieved without the others. In terms of information system architectures, Digital Trust for each e-Program means, demonstrable levels of e-System security and controls; e-Process integrity that captures, preserves, retrieves, verifies, renders and makes available in human readable form the e-Transaction authentic content, context, notice, intent, consent, identity and time; that meet the enterprise requirements for accountability and reliable information, regulatory compliance and for legal admissibility of electronic forensic evidence, to a level of confidence commensurate with the nature and level of risk of the e-Program and the legal significance of the e-Transaction. Enterprise Digital Trust means a constant level of Digital Trust over time of each e-Program being operated by the enterprise (e.g., e-Submissions, e-Clinical Trials and Online Patient/Physician communities). The level of Digital Trust is a customized characteristic of each e-Program given that the nature and level of risks 29 can vary dramatically. Now that the ultimate goal is established, a management strategy must be defined to guide the enterprise towards its attainment.

2.2 Strategy - Enterprise Digital Trust Management In the transition to an electronic enterprise, many new challenges, uncertainties and risks are created. In order to effectively address these issues, a new form of e-management must emerge to ensure that the ROI is captured, adequate controls over the risks are maintained and management can make assertions to its stakeholders with confidence. This new form of “e” management is called Enterprise Digital Trust Management (EDTM). Its mandate is three-fold. Mitigate the technical, legal and regulatory risks to the required level in a manner that can be measured,

verified and demonstrated, Coordinate the decisions and work deliverables of all stakeholders at all management levels in a

hierarchical mechanism where decisions can be executed and verified for completion, Plan and manage the transition from the current state to an Internet-based end-to-end “trusted”

electronic equivalent 30 in a structured and integrated manner. The EDTM strategy encompasses four attributes, as illustrated in the Figure 4 to the right, as follows: Enterprise-wide: Deploying e-Programs

involves many internal organizational functions (e.g., business, audit, legal, IT, security, data privacy, records management, marketing and sales) and extends outward to partners, suppliers and customers. Therefore, the EDTM strategy takes a multi-stakeholder perspective and integrates all business domains.

29 The nature and level of risk is determined by the business context and degree of sensitivity of the application, the environment in which the e-Program is carried out, the specific external regulatory requirements that apply and internal risk sensitivities. 30 “equivalent” shall not mean “only as good” but allows for process reengineering and optimization.

Enterprise Wide

Business Centric

Comprehensive & Integrated

Digital Trust Management

Manageable

Figure 4



Business-Centric: The business objectives are to reduce costs, increase efficiency and effectiveness,

and deliver strong ROI by enabling new business models and delivery channels. Therefore, the EDTM strategy has a strong business focus.

Comprehensive & Integrated: The transition involves many business risks, technical challenges, legal

issues, and regulatory requirements that must be managed at all architectural levels. Consequently, the EDTM strategy is comprehensive in its scope and integrated in its relationships and associations between systems, processes, transactions, events and data.

Manageable: In order to ensure a successful implementation that controls business risks so as not to

compromise existing business and provides management assertion confidence, the EDTM strategy enables a structured and measurable transition process.

The following will describe each of the key attributes in more detail.

2.2.1 Enterprise-Wide Strategy There are three main characteristics to enterprise–wide strategy, as illustrated in Figure 5. It must be Multi-Domain in that it addresses the technical, legal and regulatory aspects of the electronic business risks; Multi-Stakeholder to provide an inclusive framework for all stakeholders and organizational functions and it must be Multi-National to ensure to the extent possible a normalization of business practices across the greatest territory. The three main characteristics are discussed in more detail as follows.

Multi-Domain

The transformation from a “physical world” paper-based medium of business to an electronic one makes no difference to the need for adhering to legal standards, meeting e-Sign legislative requirements and complying with regulatory requirements. However, the electronic paradigm will create many new legal and technical challenges and present risks that will radically change the methods of meeting the standards and requirements and demonstrating their adherence and compliance. The EDTM strategy is a multi-domain strategy designed to address the technical, legal and regulatory risks of adopting an electronic value chain. The goal is to ensure the integrity of electronic business (e-Integrity), the legal enforceability of electronic transactions (e-Enforceability) and the compliance of electronic systems and processes (e-Compliance), defined as follows: e-Integrity: the degree to which the e-Program; its e-System, e-Processes and e-Transactions cannot be altered or manipulated without detection or traceability. e-Enforceability: the degree of confidence that (1) the method of conducting the electronic transaction adhered to legal standards and (2) the content of its audit trail (electronic records –“what,” signatures –“who,” and time stamps –“when,”) will be deemed sufficiently trustworthy to be admissible by an adjudication authority for dispute resolution through arbitration or by the courts.

Multi-Domain

Enterprise-Wide

e-Integrity e-Enforceability e-Compliance

Multi-National

North American European Union Asia Pacific

Multi-Stakeholder

IT QA Security eRM

Business Audit PrivacyLegal

Figure 5



e-Compliance: the degree of assurance that the e-Program, its e-System, e-Processes and e-Transactions are in compliance with relevant regulations, industry best practices and internal requirements. It is critical to understand that the e-Integrity, e-Enforceability and e-Compliance requirements are interrelated and interdependent. e-Sign law provides for the legal effect and validity of electronic records and signatures, that is, records and signatures cannot be discriminated against solely for being in electronic form. However, this does not guarantee that electronic records, signatures and agreements will be deemed legally admissible in a court of law, a prerequisite of legal enforceability. That is in fact what a trusted digital enterprise is seeking to achieve. This is illustrated in Figure 6. Starting at the bottom of the diagram with Legal Effect & Validity, provided by electronic signature laws, one moves through three distinct domains to reach a state of a Trusted Digital Enterprise. The first domain is e-Integrity. Its mandate is to ensure authentic electronic identities, records and time stamps – the core building blocks. Without this, no electronic business will be admissible or regulatory compliant. It will also be impossible for individuals to be held accountable or for the organization to make reliable decisions. The second domain is e-Enforceability. Based on a solid foundation of identity, information and time, one must then design and execute transactions involving electronic signatures that adhere to legal standards and electronic signature laws. This involves mostly non-technology issues such as notice, the security of the signing key, control over the act-of-signing and creating a state of informed consent in the act-of-signing. The reader is referred to a white paper by the author on the subject entitled “The Principles and Measurement Metrics of Electronic Agreement Admissibility” for more details. The third and final domain before creating a Trusted Digital Enterprise is e-Compliance. Based on a solid foundation of identity, information and time and electronic signatures and admissible electronic signatures and transactions, one must operate e-Programs in a manner that complies with regulatory requirements. In summary, the strategy of Enterprise Digital Trust Management is to achieve operational compliance, transactional enforceability and identity, information and time integrity. It is clear from this discussion that many corporate department and functions must integrate to achieve a Trusted Digital Enterprise. Consequently, Enterprise Digital Trust Management requires a multi-stakeholder strategy.

Multi-Stakeholder

Given that Digital Trust Management is enterprise-wide, business centric, and comprehensive in nature it will involve the contributions and cooperation of many stakeholders, including representatives of external organizations such as the regulatory agencies. The adoption of the e-Value Chain must be driven by business needs, enabled by IT, protected by security, continually assessed by audit and advised by legal with records manager custodianship. Consequently, the fact that stakeholders do not speak the same language, do not agree on the same objectives, are driven by different agendas and approach problems differently presents many problems to the enterprise. A reference framework is required to organize the

Electronic Systems

Executein Adherence to

LegalStandards

Render

AuthenticElectronic

Signatures,Records& Time

Stamps

eAdmissibility

eIntegrity

e-Enforceability

e-Integrity

Legal Effect & Validity

Trusted Digital Enterprise

e-Compliance

AuthenticElectronic Identities,

Records and Time Stamps

ReliableElectronic Signatures& Transactions that

Adhere to Legal Standards &e-Sign Legislation

that Comply with Regulations

Electronic Systems and Processes

Figure 6

1

2

3



problem into domains that more clearly illustrate how collectively stakeholders relate to one another and understand what requirements they need from one another. In summary, the strategy of Enterprise Digital Trust Management enables a cohesive management team, integrated planning and coordinated deployment of electronic initiatives between all key stakeholders -essential for an efficient and successful implementation.

Multi-National

Given that large LSOs are international in character, having operations and customers all around the world, combined with the intrinsic nature of e-business, they must not only adhere to local laws and regulations but also they must comply with multiple national regulations that govern either where they conduct business or where their consumers are located. However, in order to reduce costs and complexity an Enterprise Digital Trust Management strategy is multi-national (international), ensuring compliance to the requirements of each nation yet taking an integrated and harmonized approach to its compliance methods to the fullest extent possible. The goal is to establish a common audit standard and corresponding policies and practices that will ensure compliance across the greatest geographical area. In summary, the strategy of Enterprise Digital Trust Management is to manage the technical, legal and regulatory risks in an integrated manner (multi-domain), bring together all key stakeholders into a cohesive management team (multi-stakeholder), and take an integrated and normalized international legal and regulatory approach (multi-national).

2.2.2 Business Centric Strategy The primary objective of adopting the e-Value Chain is to reduce costs, increase business efficiency and effectiveness. This is illustrated in Figure 7. The strategy of Enterprise Digital Trust Management is to be business centric and use metrics that measure in quantitative terms the nature and degree of the benefits. The strategy focuses on the following: Reducing paper costs by deploying business

processes that eliminate the paper life cycle - printing, copying, faxing, couriering, storage and archival. This is achieved by ensuring that electronic records and signatures are deemed a legally binding alternative to paper and handwritten signatures.

Reducing the cost-of-compliance by using a consistent framework throughout the audit life-cycle, leveraging audit practice knowledge across the enterprise and employing work automation techniques.

Increasing Business Effectiveness by re-engineering workflows and business processes to eliminate inefficiencies and reviewing how business is being done to consider new business models and channels to optimize the value chain.

Increasing the Business Efficiency by making available in real-time authentic and complete information when and where required and greatly reducing cycle times, response times and transaction times to enable more business to be conducted within the same time period.

Reduce Costs

Business Centric

Increase Effectiveness

Increase Efficiency

Cycle Time Real Time

Business Models Channels

Paper Costs Cost of Compliance

Figure 7



2.2.3 Comprehensive Risk Management Today’s approach to risk management is fragmented. LSOs operate e-Programs that require a system-level risk management approach and the adoption of a broad base of industry best practices to manage those risks. LSOs in turn operate many e-Programs that require an enterprise-level risk management approach. Consequently, given the multi-domain, multi-stakeholder and multinational character of the challenge, a comprehensive risk management strategy is required to effectively manage the diverse scope of electronic risks. This is illustrated in Figure 8. As was mentioned previously, enterprise risks can be classified into three primary classes - e-Integrity (technical), e-Enforceability (legal) and e-Compliance (regulatory) risks.

e-Integrity

The primary risk class of e-Integrity can be further divided into three secondary classes - Identity Risk, Information Risk, Time-of-Event Risk, as illustrated in Figure 9 and defined as follows.

Identity Risk relates to the ability to authenticate in real-time the true identity of an individual, to capture and preserve the electronic forensic evidence related to the activities of that individual and to hold that individual accountable for their electronic act. Information Risk relates to the ability to create, preserve, retrieve, access, and verify the integrity of information and to make it available in human readable form. Time-of-Event Risk relates to the ability to source legal time, synchronize networks and applications and “affix” time stamps to electronic records, signatures and events and to capture, preserve, retrieve, and verify the integrity of time-of-events.

Many other additional risks follow from these three secondary route sources, such as Access Control, Authorization, Confidentiality and Audit Trails, which are not covered in this paper.

Comprehensive

Industry Best Practices

Identity Mgt. e-Records Mgt. Time Mgt.

Risk Mitigation

AccessInformation

IntegrityTime-of-Event

Confidentiality Regulatory Admissibility

eSignatures SecurityData

PrivacyTrusted

e-Systems

Electronic Forensic Evidence

Figure 8

e-Integrity

IdentityRisks

InformationRisks

Time-of-EventRisks

e-Risks

Figure 9



e-Enforceability

The primary risk class of e-Enforceability can be further categorized into two secondary classes of Adherence Risks and Admissibility Risks. This is illustrated in Figure 10.

Adherence Risks: Electronic signature laws and established legal standards represent the minimum standard that electronic transactions

must adhere to in order for the transaction to be deemed “legal.” An electronic agreement must indicate the signatory’s approval of the information in the document being signed and the agreement to be bound by its terms. This clearly falls outside of the technology of capturing and preserving an electronic signature and into the softer domain of “awareness” of what is being signed and acceptance of the implications of the act of signing – being bound by its terms. This requirement is embodied in what is called Legal Sufficiency 31, which is an established legal standard ensuring that a state of informed consent is present during the act-of-signing. Legal Sufficiency involves two basic concepts referred to as “Writing” and “Signature,” which combine measurable parameters such as notice and content with less demonstrable notions of context, intent and consent. Legal Sufficiency requires that certain transactions, such as agreements (i.e., contracts), must be reduced to writing on paper to be legally enforceable. The requirement of “writing” is an established legal standard whose “functional purpose” must be respected in the execution of an electronic agreement. The requirement of writing is important as it forces a type of ceremony that builds awareness that a process of agreement formation is taking place and appreciation as to the obligations under the agreement and the consequences for failing to fulfill the obligations. The second component of Legal Sufficiency is called “Signature.” Legal Sufficiency requires that certain transactions, such as contracts, must not only be reduced to writing but also contain a signature in order to be legally enforceable. The act of signing meeting the requirement of “signature” must clearly establish the identity of the signatory, established by the application of the individual’s unique mark, a clear expression of awareness as to the intent of signing and a clear expression of understanding as to the content and, most importantly obligations of the agreement. The requirement of “signature” is an established legal standard whose “functional purpose” must be respected in the execution of an electronic agreement.

Admissibility Risks: In order for an electronic record, signature or agreement to be enforceable, they must first be deemed admissible by adjudication authorities, whether it is the employer, arbiter

or judge. This relates to the “trustworthiness” of the information forming the transaction, usually contained in an audit trail. There are two components to the trustworthiness of an audit trail. The trustworthiness of the information it contains and the ability to demonstrate the integrity of the audit trail itself. The trustworthiness of the information contained in the audit trail is based on the level of reliability of the electronic signatures, the ability to demonstrate the authenticity of the electronic records and the accuracy and auditability of the electronic time stamps. In general, the level of trustworthiness of all aspects of the electronic execution process must be appropriate for the purpose of the agreement, the legal significance of the act of signing, and the nature and level of the risks, including consideration of the damages that can

31 US Department of Justice, “Legal Considerations in Designing and Implementing Electronic Processes: A guide for Federal Agencies”, November 2000. http://www.cybercrime.gov/eprocess.htm

e-Enforce-ability

AdmissibilityRisks

AdherenceRisks

eRisks

Figure 10



Electronic Agreement Legal Admissibility Requirements

Agreement Intent:

Legal Significance of Signatures:

Environment of Agreement Execution:

Nature of Risks and Liabilities:

Nature of Agreement and Risks

Basis of Repudiation:

Electronic Signature Reliability

Criteria 1: Electronic Signature to Electronic Document Binding

Criteria 2: Identity Authentication

Criteria 3: Electronic Signature Integrity

Principle1

Criteria 4: Electronic Document Integrity

Sole Control over Act of Signing Criteria 5: Privacy of Unique Identifier

Criteria 6: Sole Control Over Unique Identifier

Principle2

Criteria 7: Revocation of Unique Identifier

A State of Informed Consent in the Act of Signing

Criteria 8: Awareness of Engaging in a Process of Agreement Formation

Criteria 9: Awareness of Intent and Implications of Act of Signing

Principle3

Criteria 10: Notice of Rights

The Digital Chain of Admissibility

Criteria 11: Audit Trail of How, Who, What and When Principle

4 Criteria 12: Retention

Electronic Agreement Trustworthiness

Criteria 13: Level of Electronic Signature Reliability

Criteria 14: Degree of Control over the Act of Signing

Criteria 15: Extent of a State of Informed Consent

Principle5

Criteria 16: Trustworthiness of the Digital Chain of Admissibility

ensue from the failure of any party to fulfill its obligations. This may be different depending on the nature of the transaction, the environment in which it is being conducted and the requirements of law and regulations. Consequently, this is a case-by-case set of requirements. The trustworthiness of the audit trail is also related to the technical mechanisms used to preserve and protect its content over time and the ability to verify its integrity at any future time. Methods should be used to verify and demonstrate that the audit trail has not been altered or manipulated in any way since it was created - that is, its integrity has been maintained. This is a fundamental prerequisite. If this cannot be demonstrated, it invalidates the audit trail irrespective of the level or reliability of the information it contains. In the case of electronic transactions, e-Enforceability relates to whether the process of electronic agreement formation, in terms of its design architecture and method of execution, results in the legal admissibility of the agreement. In the case of Business-to-Employee transactions, admissibility means meeting the prerequisite requirements necessary to demonstrate the electronic forensic evidence necessary to hold an individual accountable for their electronic act or signature. In the case of Business-to-Business or Business-to-Consumer transactions, admissibility means meeting the prerequisite requirements necessary to demonstrate the electronic forensic evidence necessary to obtain a successful dispute resolution judgment or to obtain favorable court adjudication.

There are five principles that contribute directly to the legal admissibility of an electronic agreement. The first principal is the reliability of an electronic signature, in terms of the robustness of how the signature is linked to the record, the reliability of the chain-of-trust related to identity authentication and the ability to verify the integrity of the signature and record after the signature is affixed. The second principal relates to reliability of the act of signing itself - the ability of the signatory to be the only one that can exercise sole control over the act-of-signing. The third principal relates to the state of mind of the individual at the time of signature. That is, whether a state of informed consent did exist during the act of signing. Was the individual aware that they were engaged in an agreement formation process, were they fully informed of their rights, were they cognizant of their obligations under the agreement and were they aware that they were affixing their legally binding signature that will



result in enforceable obligations. The fourth principal relates to the requirement to capture, preserve and retain for as long as necessary all material information related to the transaction in a way that can be verified and shown to be accurate and complete. The fifth and final principal relates to the need to design and operate an agreement formation process that is sufficiently reliable and trustworthy commensurate with the legal significance of the act of signing and the nature and risk of the transaction. These five principals are collectively sufficient to ensure that the electronic agreement, its electronic signature and records will be granted legal admissibility in a court of law. This framework of principles can be further broken down into sixteen measurement criteria (outlined in the Table above) that can be used to assess the Admissibility Risk and Adherence Risk of a particular agreement formation process. This is discussed in more detail in a white paper by the author entitled “The Principles and Measurement Metrics of Electronic Agreement Admissibility,” published in March 2003.

e-Compliance

The primary risk class of e-Compliance can be categorized into three secondary basic classes of requirement - Security, Data Privacy and Trusted Electronic Systems. This is illustrated in Figure 11. For example, HIPAA has requirements related to security and data privacy of medical information and trustworthy e-Systems to ensure the integrity of the information. 21 CFR Part 11 has requirements related to security and Trusted e-Systems to ensure the trustworthiness of electronic submissions. The three classes of requirement are interrelated, for example, security is at the core of meeting both Data Privacy and Trusted e-Systems regulations. However, security is necessary but insufficient to meeting the requirements of Data Privacy and Trusted e-Systems.

Security: Security is at the core of mitigating organizational threats and vulnerabilities and meeting many (but not all) of the regulatory requirements of HIPAA and 21 CFR Part 11. Security aims to

ensure the integrity and confidentiality of sensitive information assets and to make them available to those who need to know when and where required. At the core of meeting these security requirements is Entitlement Management – Authentication and Authorization. Authentication is the critical component of Access Control. The ability to verify in real-time the true identity of individuals seeking access to information assets is the first line-of-defense. The ability to capture and preserve that identity with a certain level-of-confidence is essential to the ability to establish accountability for electronic acts. Methods of ensuring the accountability of individuals for their electronic acts are an increasing requirement of business and emerging regulations. For example, tracking and logging the activities of authorized personal to sensitive systems is a regulatory requirement. Authorization is a second line-of-defense. Once authenticated, access to specific digital assets, whether information or applications, should be restricted based on the “principle of least privilege” - ensuring access privileges are granted based on a need-to-know basis. Security is insufficient as it relates meeting the data privacy and Trusted e-Systems compliance requirements of HIPAA and 21 CFR Part 11 and building on the traditional perimeter defense approach of security towards an Intrinsic Trustworthiness model – security at the object level.

e-Compliance

Security

DataPrivacy

Trustede-Systemse-Risks

Figure 11



Fair Information Practice Principles

Accountability Principle

1 An organization is fully accountable for all personal information under their control. A person shall be designated to be responsible to ensure that all processing of personal information is conducted in compliance with all the relevant privacy legislation.

Purpose Principle

2 The purpose(s) for which the personal information is being collected shall be defined at or before the time of collection and unambiguous notice shall be given to the individual before collection

Consent Principle

3 The unambiguous and informed consent of the individual is required for the collection, use, and disclosure of personal information, except where inappropriate. Explicit consent (proof) is required in the case of “sensitive” information (racial or ethnic origin, religious beliefs, health or sex life).

Collection Principle

4 The collection of personal information shall be limited to that which is necessary for the fulfillment of the purpose(s) identified. Information shall be collected by fair and lawful means.

Limited Use Principle

5 Personal information collected shall not be used or disclosed for any other purpose(s) other than those for which it was originally collected, except with the consent of the individual or as required by law.

Retention Principle

6 Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

Accuracy Principle

7 Personal information shall be as accurate, complete, and up-to-date as is necessary for the fulfillment of the purposes for which it is collected.

Safeguards Principle

8 Personal information shall be protected by security safeguards commensurate with the nature of risks and degree of sensitivity of the information.

Openness Principle

9 Information on the organization’s personal information management policies and practices shall be disclosed to the individual.

Access

Principle10

Upon request, an individual shall be provided access to personal information held and shall be informed as to its use and disclosure to third parties. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Complaints Principle

11 An individual shall be able to file a concern or complaint with the designated individual as to the organization’s compliance with the principles.

Data Privacy: Traditionally, privacy has been linked to confidentiality (keep it private) and security

(lock it up, prevent unauthorized access). Privacy, in the context of the digital economy, has shifted to a new paradigm based on a set of ten privacy principles. These principles have as their foundation the Fair Information Practice Principles issued by the Organization for Economic and Cooperative Development (OECD) in 1980 32, outlined in the table to the right. At the forefront of global privacy legislation is the European Data Privacy Directive,33 the de facto international standard, which took effect October 25th, 1998. The Directive is designed to normalize the national data privacy laws of the 15 member states of the European Union (United Kingdom, Germany, France, Portugal, Spain, Italy, Austria, Luxembourg, Belgium, Greece, Ireland, the Netherlands, Denmark, Sweden, and Finland), allowing for the unrestricted free flow of personal information within the EU. The Directive governs all personally identifiable information held by an organization, including employee and customer information, and covers its collection, storage, processing, and transfer. Processing generally means everything (storage, alteration) except transit. The legislation applies to all organizations conducting business in legislated territories, and controls the flow of personal information to countries (organizations) outside the EU. This has been a driver of international legislation resulting in approximately fifty 34 countries who have enacted, or are in the process of enacting, privacy legislation that is “equivalent” to the Directive.

32 Organization for Economic & Cooperative Development: “Guidelines on the Protection of Privacy and Transborder Flow of Personal Data: Fair Information Practice Principles,” www.oecd.org 33 “None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive,” Peter P Swire and Robert E. Litan, The Brookings Institution, ISBN 0-8157-8239-X. 34 “Privacy and Human Rights – An International Survey of Privacy Laws and Developments,” Global Internet Liberty Campaign, October 1998, www.gilc.org.



Trusted e-Systems: The domain of “electronic trustworthiness” addresses aspects of electronic risks that are distinct from and fall outside the purview of classical security. Security has

traditionally focused on threat analysis and vulnerability mitigation from a “perimeter defense” perspective, although it does address risks from within the perimeter, such as system administration access. The risk assumption is that threats will originate from within the perimeter, communications will be intercepted, sources will be spoofed, identities will be misrepresented, information will be altered without authorization, time will be manipulated, transactions will be repudiated and fraud will take place. In many respects, the risks of falsification, misinterpretation and alteration without leaving evidence are much higher with electronic records, identities and time stamps than with their physical counterparts. Electronic trustworthiness builds on security towards what is called “Intrinsic Trustworthiness.” This means trustworthiness at the object level – the inherent property of an electronic record, identity, signature, time-stamp and audit trail to be resistant to alteration or manipulation without detection or traceability and verifiable for integrity and authenticity over their lifetime. An example of Intrinsic Trustworthiness related to identity is a biometric – a unique attribute that is intrinsic to one individual. Examples include fingerprints, retinal scans, facial patterns, voiceprints and signature dynamics. These methods of identity authentication are clearly more trustworthy and less vulnerable than passwords and private keys given their higher confidentiality and access control risks. Another example of Intrinsic Trustworthiness is a Digital Signature, a cryptographic-based electronic signature. The unique content of the document and the unique identifier (private key) are intrinsically bound through a cryptographic process to yield a unique electronic signature. The document that was signed can be verified that it has not been modified since the application of the signature (content integrity), and the corresponding Digital Certificate uniquely linked to the private key used to execute the signature can be identified, verified for integrity and validity at the time of signature. These attributes of electronic trustworthiness are essential for reliable decision-making, ensuring the accountability of individuals for their electronic acts, demonstrating regulatory compliance, controlling the basis of repudiation and ensuring enforceable electronic transactions. Trusted e-Systems are the means by which Intrinsic Trustworthiness is implemented in e-Programs. They involve the ability to prove the “who, what and when” of electronic transactions, collectively referred to as capturing and preserving electronic forensic evidence. A trustworthy e-System will operate e-Processes that capture, preserve, retrieve, verify, render and make available in human readable form the e-Transaction authentic content, context, notice, intent, consent, identity and time to a level of confidence commensurate with the nature and level of risk of the e-Program and the legal significance of the e-Transaction. It delivers accountability - that a party involved in electronic acts can be demonstrated to be the actual party who committed the act. It also delivers reliable information - records whose content can be demonstrated to be a complete and accurate representation of the transaction, related activities, or facts to which it attests; and can be depended upon for subsequent actions. The requirements of electronic trustworthiness and trusted e-Systems are relatively new and are best embodied in the FDA regulation on electronic records and signatures - 21 CFR Part 11. However, Part 11 is still controversial, under revision and subject to interpretation and compliance industry best practices are still emerging.

Comprehensive Risk Management: In summary, the strategy of Enterprise Digital

Trust Management provides for the comprehensive management of the technical, legal and regulatory risks of conducting electronic business, as illustrated in an integrated framework in Figure 12.

e-Integrity

Identity

Information

Time-of-Event

e-Compli-ance

Security

DataPrivacy

Trustede-Systems

e -Enforce-ability

Admissibility

Adherence

EnterpriseDigital TrustManagement

Figure 12



2.2.4 Integrated Risk Management Strategy An enterprise has many internal and external security, data privacy and trusted e-Systems requirements it must address. Currently, these risks are addressed on a regulation-by-regulation basis and even on a territory-by-territory basis. This has resulted in an extremely high level of complexity, significant duplication and a very high cost-of-compliance. It is agreed that ultimate compliance must be for each regulation in each territory. However, the risk management and compliance methods for these regulations can be integrated. This allows for investments made in one area to be effectively leveraged by others, both on a regulation and territory basis. In order to reduce the cost-of-compliance and control management complexity, Enterprise Digital Trust Management strategy is integrated. This is accomplished by 1) adopting a unified approach to addressing the diverse but closely interrelated requirements; 2) viewing both the internal and external requirements in a common perspective where one meets the requirements of the other and 3) taking an architectural approach to the problem which allows the specific nature of a vulnerability to be precisely identified and its interdependencies understood. This is illustrated in Figure 13 and will be discussed in greater detail below.

Unified Compliance Approach

The e-Value Chain illustrated in Figure 1 requires compliance to a number of laws and regulations that govern the privacy of personally identifiable medical information, the security and trustworthiness of information systems, the reliability of electronic signatures and the admissibility of electronic transactions. Many laws and regulations from different sources, whether they are from different industry segments or territories, have the same essential intent – trustworthiness of the electronic state. Consequently, many requirements are similar and therefore should be managed in a unified approach. The following are examples of the similarity of requirements. Data Privacy. The European Union Data Privacy Directive establishes a minimum standard by which all EU national legislation must govern the collection, use and disclosure of personally identifiable information, irrespective of its industry segment or application. The U.S. Health and Human Services has issued its final rule (HIPAA) for the privacy protection of medical records. Both of the data privacy directive and the HIPAA privacy rule are consistent with the OECD Fair Information Practice Principles. Consequently, there is a common foundation between the two and the management of the compliance requirements should leverage this commonality. Electronic Signatures. The European Union Electronic Signature Directive establishes a minimum standard by which all national legislation must governs the validity and admissibility of electronic signatures and agreements. The U.S. has its own electronic signature legislation. Both are consistent with the United Nations model law on electronic signatures. The U.S. Health and Human Services under HIPAA will be issuing its final rule establishing the standards for the use of electronic signatures and the FDA has issued its regulation governing in part standards for electronic signatures. There is also a significant body of legal standards that electronic signatures must adhere to in addition to e-Sign laws. Consequently, there is also a

Integrated

ArchitecturaleSystems eProcesses eTransactions eEvent eFunction

Unified

Security Privacy Trust eSign

Common

Internal External

Figure 13



significant common foundation between the two and the management of these requirements should leverage this commonality. Security. The U.S. Health and Human Services under HIPAA will be issuing its final rule establishing the security standard for the protection of medical records. The FDA’s 21 CFR Part 11 regulation also has requirements governing in part standards for electronic records security. These two regulations, both of which govern different e-Programs within the e-Value Chain, require compliance to the common set of requirements. The security practices that will meet these requirements under HIPAA for protecting the confidentiality of medical information of clinical trial patients are the same security best practices that will also fulfill the requirements under 21 CFR Part 11. Trustworthy e-Submissions. The FDA has issued 21 CFR Part 11, a regulation governing New Drug Application submissions and the International Conference on Harmonization is developing the Electronic Common Technical Document (e-CTD) standard. Both are designed to be consistent, that is, a submission compliant to Part 11 will be considered e-CTD compliant, and vice versa. All these laws and regulations are driving towards a common objective – the creation of a Trusted Digital Enterprise where patient personal information is secure, electronic signatures are reliable, electronic records are authentic, time stamps are auditable, electronic transactions are admissible and electronic systems and processes are trustworthy. Many requirements from different sources can be aggregated into “governing” requirements that can be managed using a common and consistent approach. Enterprise Digital Trust Management adopts a compliance strategy that is unified – managing the Data Privacy, Security, and Trusted e-Systems regulatory requirements, e-Sign legislative requirements and the requirements of legal standards into an integrated set of enterprise Digital Trust requirements.

Common Compliance Approach

The FDA has explicitly stated that there are higher risks of manipulation and falsification in conducting business electronically and being in electronic form than there are in their paper-based counterparts.

“The FDA view is that the risks of falsification, misinterpretation, and change without leaving evidence are higher with electronic records than paper records.” 35

Consequently, in order to address this new reality, the FDA has articulated through Part 11 a minimum standard of security and electronic integrity to ensure the trustworthiness of electronic submissions for New Drug Applications.

“The regulation … [21 CFR Part 11] set forth the criteria under which the agency considers electronic records, electronic signatures, … to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.” 36

The business case for adopting e-Programs and transitioning to an electronic value chain is sufficiently compelling even without regulatory pressures. The very same risks as those articulated by the FDA exist for the LSOs that make the transition. Consequently, the internal risk mitigation requirements that each LSO will seek to implement to ensure a trustworthy enterprise will be very similar to those established by external regulators such as the FDA. In fact, 21 CFR Part 11 is the first articulation of a “standard” as to the trustworthiness of electronic records and signature systems that will eventually evolve into an industry best practice. Part 11 should be viewed as a useful reference standard to guide an organization’s own transition to an electronic value chain. It makes no business sense to define and manage two separate standards –

35 “Good Practice and Compliance for Electronic Records and Signatures, Part 2, page 9, section 1.1” 36 FDA 21 CFR Part 11.1 Scope.



internal and external requirements. A common standard should be established, to the extent possible, where the exception can be managed on a case-by-case basis. The Enterprise Digital Trust Management strategy integrates internal and external (regulatory) requirements into a common compliance approach that reduces the overall level of complexity and cost-of-compliance.

Architectural Compliance Approach The technical, legal and regulatory risks previously discussed exist at many different levels within an organization. These require different types of expertise and forms of mitigation involving technology, people and process. The vulnerability can be a business or liability risk at the e-program level, a regulatory compliance issue at the e-Process level, an enforceability risk at the transaction level or a technical risk at the function level. Digital Trust is a state of trustworthiness that must exist throughout all architectural levels of the electronic resources engaged in the delivery of an e-Program. There must be a structure of relationships and associations that start with the electronic systems that are networked, the processes and applications operated by the systems, the transactions run by the processes, the events executed by the transactions, the functions executed by the events and finally the relational data upon which it all rests. This is illustrated in Figure 14. The Enterprise Digital Trust Management strategy adopts a systematic and architectural approach to defining the generic types of risks that must be addressed, the identification of those risks that apply, the classification of those risks by probability, frequency and severity and the subsequent prioritization in terms of which risks should be mitigated for the greatest return on investment – increased trustworthiness.

e-Program

Enterprise Digital Trust

e-Systems

e-Processes

e-Transactions

e-Events

e-Functions

Data

Ap

plic

atio

ns

Figure 14



3 Enterprise Risk Management Method: The Digital Chain of Trust Methodology

Notice: This section is proprietary and confidential. To obtain the information under a Non-Disclosure, please contact Jacques Francoeur at: [email protected] or call 650-255-6516.

Framework

Manageable

Methodology

Concept Language Structure

Measure Monitor Demonstrate

KnowledgeManagement

WorkAutomation

CIP/CI

Architecture

Figure 15



3.1 Management & Organizational Benefits There are a number of organizational and management benefits to Enterprise Digital Trust Management – the enterprise management of the technical, legal and regulatory risks of an electronic value chain. The return on investment from a 3 - 5 year drug development cycle, down from an average of 10 - 12 years and a $200 million pre-launch total cost of development, down from an average of $800, is self-evident. The cost of not achieving this goal is certain corporate death – share value devaluation. Enterprise Digital Trust Management contributes to reaching these goals as follows:

Effective Allocation Scarce

Resources - Identify, Classify and Prioritize The complexity of risks involved in an e-Program is substantial, let alone a number of e-Programs forming the e-Value Chain. One of the main challenges facing the organization is the comprehensive and systematic identification of risks, the classification of those risks by probability, frequency and severity and the subsequent prioritization in terms of which risks should be mitigated for the greatest return on investment. The comprehensive and architectural nature of the Digital Chain of Trust Methodology enables the effective allocation of scarce resources for risk mitigation.

Controlled and Measurable Risk Mitigation – Reduced Uncertainty

Enterprise Digital Trust Management controls the transition from the current state to the desired end state by applying a comprehensive and integrated reference framework consistently throughout the entire transition period. The DCTF is used to first inventory and classify all the electronic resources involved in a particular e-Program. The DCTF then is used to identify and structure all electronic risks by class, type and function, assess and classify each e-Risk by level of severity and frequency probability and help prioritize and allocate scarce resources to mitigate selected e-Risks. The Digital Chain of Trust Architecture is then used to build the three e-Program reference architectures to subsequently measure the current state of identity, information and time practices against a desired state. Finally, the Digital Chain of Trust Methodology automates the process of auditing against the three DCTA reference architectures to transition through the engagement lifecycle (assessment, gap analysis and remediation) to reach and maintain the desired state. The DCTM allows for a precise determination of the current status of any electronic system, process and transaction anytime during the transition. Enterprise Digital Trust Management provides a systematic method of measuring and demonstrating to all key stakeholders that the organization’s e-Programs are trustworthy. That is, each e-Program mitigates its risks to a specific design level (e-Integrity), adheres to legal standards and electronic signature laws (e-Enforceability) and is regulatory complaint (e-Compliance) to all relevant requirements. From this level of management and measurement structure, effective decisions and management assertions can be made to stakeholders with confidence.

“Perhaps one reason for the slow adoption rate [of e-Clinical Trials] is that the implementation of EDC solutions needs to be at the enterprise level and must be fully supported by related process and infrastructure changes. Without a commitment at the enterprise level, an organization is unlikely to be able to access and view disparate data sources in one place, within a single clinical trial, across a development program, and ultimately across the enterprise – which is fundamental to realizing the sought-after business benefits. There is little value in having data available electronically if it remains siloed and largely inaccessible.”

Pharmaceutical Clinical Development: The future of clinical trials – How genomics, proteomics, and technology are changing the

clinical development process, IBM Life Sciences, June 2002.



Reduced Cost-of-Compliance

The Life Sciences industry is heavily regulated and therefore the cost-of-compliance is a significant cost burden that will only increase. In a letter to the FDA, SmithKline Beecham stated the following concerning the one-time internal cost-of-compliance for 21 CFR Part 11: “The total cost of these initiatives for SmithKline Beecham is estimated to exceed 214 million dollars.” 37 This includes the costs for SOPs, training, inventory and assessment, corrective action plans, implementation of corrective action plans, capital expenditure, validation, electronic archival, data migration and certification. This excludes the cost of assuring compliance of third party vendors such as Contract Research Organizations.

A Gartner G2 report 38 on the impact of Part 11 stated, “A common concern is that a global company could spend more than $100 million in administrative and technology expenses to become compliant.” The report goes on to say, “For this industry, the cost of compliance will have at least the same impact, if not more, than Y2K.” Enterprise Digital Trust Management and the Digital Chain of Trust Methodology will reduce the cost-of-compliance by implementing a consistent framework throughout the compliance life-cycle, leveraging audit practice knowledge across the enterprise and employing work automation techniques. A consistent framework for analysis is applied throughout the audit life-cycle.

Knowledge management methods are used to make available all related information such as audit

control objectives, assessment templates, etc, to practitioners to facilitate the audit and to leverage existing information. The same information is made available throughout the enterprise resulting in a consistent implementation of audit practices across all systems.

Work automation techniques are implemented to automate the audit process including data capture,

data management and reporting. The DCTM brings together all stakeholders involved in the successful delivery of an electronic

initiative. From the structure inherited from the framework (DCTF), all stakeholders can identify their role and functions, understand those of other stakeholders, understand how different stakeholders interrelate, understand the source and reasoning of decisions and their implications, and defined actions and deliverables between stakeholders. The increased cohesion of the multi-disciplinary team and reduced confusion and misunderstanding between all stakeholders greatly increases the effective management of the compliance process.

Requirements Aggregation: There are a number of different regulations and internal requirements

that require a specific system, process, or transaction to be a particular characteristic. It is not cost effective to manage these requirements as if they were independent of each other. The same requirement from multiple sources can be aggregated and audited once for compliance. This will save considerable time and resources. The actual compliance to a particular control objective from a specific regulation can still be easily demonstrated.

37 SmithKline Beecham letter to Dockets Management Branch (HFA-305), Food and Drug Administration, Docket No. 99N-4166, 29 November, 1999. 38 Gartner G2, “Truth and Misconceptions: The Federal Electronic Records Statute”, May 2002.



Consistent Intended Performance & Continuous Improvements

In order to reduce the risk management cost and complexity, it is important that the organization create as much “predictability” in terms of “consistent intended performance” in their systems across the enterprise as possible. The application of a consistent risk management framework across multiple e-Programs will result in a greater “consistency of risk mitigation” of systems, processes and transactions. It is also important to the organization’s return on investment that it effectively leverage investments and knowledge allocated to solve one problem to the resolution of other similar problems. This consistency of approach to risk mitigation will allow for solutions applied to one system to be applied to others with lower expenditure of resources and a higher predictability of outcome.

The Management Process

Enterprise Digital Trust Management provides measurable benefits to all levels of management, as follows: “C”-level executives and Legal Counsel with greater certainty and confidence that management

assertions concerning the electronic integrity, regulatory compliance and legal admissibility of their business practices are reflective of their actual practices; including confidence that this can be demonstrated to external stakeholders.

Senior Executives with a structured method to identify the nature and level of risks involved in an e-

Program, determine the desired level of risk mitigation and to manage the implementation of those decisions in a verifiable manner.

Middle Managers with a practical implementation method for delegating individual practitioners to

conduct particular tasks, monitoring the execution of those tasks and aggregating the results of those tasks for systematic reporting. A method that allows the allocation of resources attached to a scope of work and to identify the resource shortfalls.

Practitioners with a step-by-step guide to the completion of a task by providing a structured and well-

defined scope of work, a method of defining input requirements necessary for the completion of a task and of defining deliverables to other practitioners.

Auditors with a systematic way of measuring and reporting compliance to corporate policies and

practices.