KBuzz

Sector Insights
Issue 8 August 2011 kpmg.com/in

Indias central bank RBI recently released its survey of professional forecasters. The result of the survey, which was conducted between April and June 2011, projected the GDP growth for the economy to be 7.9 percent for the current fiscal, and 8.8 percent over a 10-year period. Apart from GDP growth projections, the survey also provided forecasts on other short-term and medium-term economic developments for the Indian economy. In July, headline inflation dropped to an eight-month low and the wholesale price Index (WPI), which is perhaps the most widely watched measure of prices in the country, rose 9.22 percent, from a year ago. With the RBIs next policy review scheduled for midSeptember, it is likely to take the WPI for August and the IIP figures for Julyboth key data parametersinto consideration as it continues to strive to balance out boosting growth and stemming inflation. On a silver lining, Indian President Pratibha Patil concluded a two-nation visit to Korea and Mongolia recently, during which India strengthened its ties with both nations through agreements in the areas of nuclear energy, social security, defence and mutual cooperation. I hope you find this edition of KBuzz informative and insightful. Regards, Rajesh Jain Head Markets KPMG in India

2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

PHARMACEUTICALS

2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

29

Pharmaceuticals

KPMG view Information Security in Pharma

Information Security Risk Protection of confidential and sensitive information is one of the major concerns facing companies globally. Poor information security systems have put the profitability and reputation of many organizations at risk and led to significant security breaches. Pharmaceutical industry is faced with security risks far greater than those faced by other industries due to large amounts of highly confidential information (including clinical data) and the value associated with its Intellectual Property (IP). The graph below gives the number of incidents of data loss as a percentage of total incidents by sector in 2010.1 By Sector: number of incidents as a % of total for 2010

Anthony Crasto Head, Pharmaceuticals acrasto@kpmg.com

A number of business processes, which require pharma companies to share confidential information with third parties, make them vulnerable to information security breaches. Increased number of licensing deals and collaborations Increased outsourcing of manufacturing and clinical trials to third parties Increased usage of social media and other technologies for information exchange and communication There are several types of information security risks such as denial of service attacks, hackers, viruses, warms, spyware, employee frauds, unauthorized access to system or networks, accidental or intentional disclosure, modification, loss or theft of intellectual property (IP) and natural disasters. Out of these, IP protection is the most complex and potentially expensive information security problem.2 Huge quantifiable as well as non-quantifiable costs are associated with these information security breaches.3 In the United States alone, the US Commerce Department estimates that IP theft costs companies USD 250 billion annually and results in the loss of approximately 750,000 US jobs each year. According to the International Chamber of Commerce, the loss amounts to more than USD 600 billion globally each year.4
1. 2. 3. 4. KPMG Issues Monitor IP protection in service offshoring: a self-assessment model Brainloop_ Protecting Sensitive Information In Life Sciences Organizations: Top Three Misconceptions that Put Companies at Risk US Chamber of Commerce

2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

30

Pharmaceuticals

KPMG view Information Security in Pharma

Outsourcing and Information Security Global companies are increasingly adopting outsourcing as a key strategy to improve profitability and gain a competitive advantage. Pharmaceutical companies are increasingly outsourcing manufacturing and clinical research to Contract Manufacturing Services (CRAMs) playerscontract research organizations (CROs) and contract manufacturing organizations (CMOs)in India and other emerging markets. This increased dependence has led to an increased focus on the information security standards. Countries as well as companies are taking measures to prevent data loss and strengthen their IP and IT frameworks and enforcement systems.5 Breach of data security can occur during any data transaction. For example, while outsourcing clinical trials to a CRO, security breach can occur anytime during transfer of data within or among clinical study sites, from clinical trial CRO to data management CRO and from CRO to central lab. This data (investigator's brochure, regulatory dossier for IND submission, raw data, statistical tables, and final study report etc.) could be in the form of paper or electronic documents.6 Information Security Management Companies should adopt a risk-based approach to manage their information assets. The information lifecycle of the company from its generation, use, transfer, transformation, storage, archival and finally its destruction should be understood in order to adopt a holistic approach to information security. The security approaches should include implementation of both technical and organizational measures. Technical measures: Include physical procedures (swipe cards, restricted entry to visitors and vendors, locked cabinets for paper documents and CDs disallowing mobile phones with camera, CDs, pen drives, record of laptop model and numbers etc.) as well as electronic procedures (secure passwords or biometric identification for logging in, automated screen savers and log-out to inhibit access to unattended displays after particular time firewalls to isolate internal and external networks, etc.).6,7 Organizational measures: Include security policies, awareness programs for employees, training and educating the users in information security issues to reduce human error, regular and irregular audits to check human theft, fraud or misuse.7 While outsourcing, security policies and procedures should be negotiated within the contract and should also discuss necessary action in case of a breach of security. Moreover, some informal methods of protection such as creating trust-based relationship, lead time advantage over competitors, complementary capabilities can also be implemented, beyond the contractual-legal methods of protection. The key elements that govern any companys information security strategy and governance, access management, life cycle management, security integration and eDiscovery must be carefully evaluated by the company before it formulates and implements any information security strategies.5

5. 6. 7.

KPMG Issues Monitor Express Pharma_How safe is your data IP protection in service offshoring: a self-assessment model

2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

31

This document has been compiled by the Research, Analytics, and Knowledge (RAK) team at KPMG in India.

kpmg.com/in

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.