Professional Documents
Culture Documents
Jacques Francoeur
VP Strategic Aliances
Proofspace, Inc.
(650) 255-6516
jacques@proofspace.com
Table of Contents
Acknowledgements .................................................................................................................3
Executive Summary ................................................................................................................4
1 The Electronic Drug Development, Approval, Marketing & Sales Value Chain...........5
1.1 Electronic Value Chain Transition Pressures ............................................................ 5
1.2 Electronic Value Chain Overview .............................................................................. 7
e-Supply Chain........................................................................................................................................8
e-Collaboration.......................................................................................................................................9
e-Detailing ...............................................................................................................................................9
e-Submissions .......................................................................................................................................10
e-Clinical Trials .....................................................................................................................................12
Online Physician-based Initiatives.....................................................................................................14
Online Patient-based Initiatives .........................................................................................................15
1.3 Electronic Value Chain Challenges...........................................................................16
The Electronic Risks............................................................................................................................17
Interpretation and Differences in International Standards............................................................17
Measuring, Verifying and Demonstrating the Electronic State.....................................................18
Absence of Legal Precedence.............................................................................................................18
Controlling the Transition and Management Assertions ...............................................................19
Enterprise-Wide e-Implementations.................................................................................................20
1.4 Electronic Value Chain ROI .....................................................................................21
2 Vision and Strategy for Enterprise Risk Management .................................................22
2.1 Vision - A Trusted Digital Enterprise ...................................................................... 22
2.2 Strategy - Enterprise Digital Trust Management .................................................... 23
2.2.1 Enterprise-Wide Strategy ..................................................................................................24
2.2.2 Business Centric Strategy..................................................................................................26
2.2.3 Comprehensive Risk Management..................................................................................27
2.2.4 Integrated Risk Management Strategy ............................................................................33
3 Enterprise Risk Management Method: The Digital Chain of Trust Methodology .....36
3.1 Management & Organizational Benefits ................................................................. 37
e-Life Sciences 2010 – Enabling a Trusted Electronic Value Chain
Acknowledgements
The knowledge embodied in this white paper represents the culmination of a long and hard journey that
could not have been realized without the support of family, friends and a number of colleagues along the
way. I wish to acknowledge the contributions of a few.
To my sister Joanne, who has always believed in me and supported my efforts since the beginning. To my
Mother and my other sisters Nicole and Helene, who have always been supportive of the choices I have
made. A very special thanks to my partner Tani Rivera, who exhibits great patience and continues to
provide support in innumerable ways. A special thanks to Frank Raimondo, a friend and colleague who
continues to provide support to realize the vision set out in this paper.
A very special thanks to Eric Leighninger, a friend and colleague who has provided encouragement and
support over the years and especially for the words he authored below and affixed his name to.
Eric Leighninger
Chief Security Architect, Allstate Insurance Company
Executive Summary
The Life Sciences’ industry is undergoing fundamental changes as a result of the advent of genomics and
proteomics. Combined with the current market and regulatory conditions, Life Sciences Organizations
(LSOs) find themselves under an unprecedented set of industry, market, regulatory and competitive
pressures that are creating significant challenges to the current “way of doing business” and driving for
fundamental changes to its core business models and practices.
Currently there exist significant downward price pressures on the demand side. Price premiums are
increasingly difficult to justify and will only be acceptable for first-to-market new drugs that are not “me
too” in their benefits. The trend towards smaller target communities as a result of the transition to
genomics is driving up the number of drugs that need to be successfully brought to market. Combined with
the loss of patent protection for a number a key drugs, it will be extremely difficult to maintain revenue
levels let alone build share value.
These factors are driving the need for a radically reduced time-to-market, a significantly lower drug
development cost and a move towards a service-based therapeutic value proposition that requires knowing
a great deal more about the customer than current norms. This cannot be achieved with the current paper-
based, manual, semi-electronic and physical-world business models and processes. To maintain the status
quo equates to decreasing profitability and its consequent reduced lower shareholder value.
Accordingly, the transition to an electronic value chain is essential to the viability of the Life
Sciences’ industry and the competitiveness and profitability of LSOs.
Enabling laws providing legal effect and validity to electronic records and signatures has been enacted
around the world, effectively ensuring non-discrimination for being electronic. Regulations driving the
adoption of electronic record and signature systems for medical information (HIPAA) and New Drug
Applications (21 CFR Part 11) are in effect. Yet, the transition to an electronic value chain has been slow –
Why?
This is due in large part to the difficulty and complexity of controlling and managing the business,
technical, legal and regulatory risks of transitioning to and maintaining an electronic value chain.
There is currently no enterprise-wide, multi-stakeholder and global strategy to manage the transition to an
electronic value chain and there is no integrated and comprehensive method to control and manage the
business, technical, legal and regulatory risks in making the transition from the “physical” to a more efficient
and effective “electronic” value chain.
This white paper presents such a vision and strategy called Enterprise Digital Trust Management and
outlines a risk mitigation and transition management method called the Digital Chain of Trust
Methodology. This vision, strategy and methodology provides benefits to “C”- class executives, legal
counsel, and senior executives by providing confidence for making management assertions to regulators,
investors and business partners; to middle managers by enabling a controlled and measurable transition and
a risk mitigation approach that enables the effective allocation of scarce resources; and to practitioners and
internal auditors by providing a structured and automated method of performing audits. The overall
organization will benefit from more effective control over risks, lower cost-of-compliance, greater
“consistent intended performance” across the enterprise and a framework for continuous improvements.
The end result – a Life Science Organization that operates an electronic value chain that brings
new drugs to market in a significantly shorter time and lower cost while being demonstrably
trustworthy and compliant (from both legal and regulatory perspectives).
1 The Electronic Drug Development, Approval, Marketing & Sales Value Chain
The adoption of Internet-based electronic business models and channels has the potential to dramatically
reduce costs and revolutionize the speed, responsiveness, reach, efficiency, and effectiveness of each phase
of the drug research, development, approval, manufacture and commercialization value chain. A number of
creditable authorities including IBM Life Sciences 1, Tufts Center for the Study of Drug Development 2 and
Cap Gemini Ernst & Young 3 have articulated strong business cases for the need to radically change how
drugs are discovered, developed, approved, brought to market and administered to patients.
Key to meeting the challenges and delivering a superior Return on Investment (ROI) is implementing a
comprehensive and integrated enterprise-wide strategy and method to control risks that reduces uncertainty
and the cost-of-compliance. This white paper presents an enterprise vision, strategy and outlines a
methodology for making a controlled transition that will demonstrably deliver the cost reductions and
efficiency and effectiveness gains mentioned above.
The pressures forcing the transition to an electronic value chain are significant and originate from several
sources – industry, market, competitive and regulatory, combining synergistically to create the necessary
conditions to implement changes – the adoption of electronic initiatives and ultimately an end-to-end
electronic value chain.
Industry Dynamics: The Life Sciences industry is undergoing radical changes. The advent of Genomics is
causing a trend towards smaller target communities and personalized medicine that are in turn causing
fundamental changes to the current “way of doing business.” The shift from “one size fits all” drug
treatments to targeted treatments and service-based value propositions is mandating a higher level of
knowledge of customer needs, preferences and behaviors that has already clashed with the personal
information privacy “revolution” underway around the world.
1 IBM Business Consulting Services, “Pharma 2010: The Threshold of Innovation,” Future Series.
2 Tufts Center for the Study of Drug Development Outlook 2003.
3 “The Quantum Shuffle – the Impact of e on the Pharmaceutical and Medical Device Industries,” Gap Gemini Ernst & Young.
4 Tufts Center for the Study of Drug Development – Outlook 2003
Market Expectations: In recent years a number of events have caused a significant downturn in share
values and a return to conservative business values. The pressure exerted by investors to regain share value
is higher than ever. There are no silver bullets – value must be created by the traditional business metrics of
revenue growth through increasing market share and reaching previously untapped markets and profitability
through increasing profit margins.
Competitive Pressures: Premium profit margins go to those who make it to market first with innovative
products. Follow-on “me too”-like drugs have similar development costs but do not command the same
price premiums and they have to dislodge the incumbent. It is therefore a fierce race to get to market first.
This creates significant pressures to increase business efficiency and reduce cycle times and calls for
considering new ways of doing business to increase effectiveness.
Competitive
Pressures
electronic business process and transactions. The
regulations define standards of data privacy protection and
security and standards of trustworthiness for electronic
systems, processes, signatures, records and audit trails.
Requirements
Regulatory
security and electronic systems trustworthiness for all
aspects of information and decision-making that impact or
contribute to the submission requirements for NDA
The industry must also ensure that its clinical trials comply with HIPAA. This regulation affects the
collection, use and disclosure of personally identifiable medical information during clinical trials. Under
HIPAA the health industry is transitioning to electronic records and transactions as the medium to manage
personally identifiable health information and to deliver health care services. HIPAA require the protection
of patient data privacy and the security and integrity of information and is backed by stringent penalties,
including imprisonment in the case of malicious or profit-based intent.
For multinationals, the European Union Data Privacy Directive and the European Union Electronic
Signature Directive also have to be adhered to as relates to personally identifiable health information on
Europeans and the execution of legally admissible electronic signatures, respectively. To facilitate single
NDA filings in the US and the European Union, the Electronic Common Technical Document (e-CTD)
standard is being established to enable a common approach to meeting the U.S. and European Union filing
requirements.
The Internet has already delivered significant benefits to the drug development, approval, manufacture,
marketing and sales value chain, hereinafter referred to as the “e-Value Chain.”
In order to more effectively define the domain to which the enterprise risk management strategy will be
applied, it is useful to provide an overview of key domains in the e-Value Chain. The core electronic
initiatives, referred to as e-Programs, within the value chain can be divided into the seven main domains of
e-Supply Chain, e-Submissions, e-Clinical Trials, e-Detailing and Online Physician and Patient Initiatives, as
illustrated in Figure 1 below. The illustration depicts the domains as independent from one another but
should be considered integrated and operated by an enterprise-wide network system of electronic resources.
Each domain has its own set of business drivers and risks. The objective of this paper is to describe an
enterprise-wide strategy that will yield an integrated risk management approach that will deliver greater
management assurance while driving a lower cost-of-compliance.
e-Submissions Online
Electronic Initiatives: e-Programs
Physician
Electronic Signature Applications
Initiatives
Electronic Records Management Disease Management
Portal
Electronic Identity Management
Direct-to-Physician
Electronic Time Management Marketing
Patient Relationship
e-Auction Management
e-Collaboration
Knowledge Management
Intranet/Extranet/Wireless
It is not the intent of this paper to discuss the strategies, issues and specific risks of each electronic initiative.
For this purpose the reader is referred to references made throughout the paper and the following two
sources: “Digital Strategies in the Pharmaceutical Industry” 5 and “The Quantum Shuffle – the Impact of e
on the Pharmaceutical and Medical Device Industries” 6.
The following is an overview of each of the seven main e-Value Chain domains illustrated in Figure 1
above. The e-Value Chain domains contain different logically associated e-Programs that are based on
different business models, communities of individuals, processes, workflows and transactions. However, all
e-Programs rely on a common networked information infrastructure whose risk can be managed on a
similar common basis.
e-Supply Chain
e-Supply
e-SupplyChain
Chain
The e-Supply Chain covers transactions related to
the procurement of goods and services that
e-Procurement e-Distribution contribute to the cost of goods sold and to the
e-Procurement e-Distribution distribution and sales of the final product.
e-Marketplace
e-Marketplace Corporate Intranets are a proven e-Supply chain
e-Auction
e-Auction initiative delivering internal operational efficiencies
between stakeholders within the organization.
Extranets extend this operational efficiency to all external participants of the manufacturing and distribution
value chain such as suppliers, distributors, Contract Research Organizations and increasingly contract
manufacturers. The Internet and web-based applications play a critical role in tying all workflows together.
5
Leonard Lerer and Mike Piper, “Digital Strategies in the Pharmaceutical Industry,” Gap Gemini Ernst & Young. 2003.
6
INSEAD and Gap Gemini Ernst & Young, “The Quantum Shuffle – the Impact of e on the Pharmaceutical and Medical
Device Industries,” 2001.
e-Collaboration
Common to all phases of bringing a drug to
e-Collaboration
e-Collaboration market is the generation of sensitive
information exchanged between individuals
Knowledge Management
Knowledge Management who must make decisions. The efficiency and
Intranet/Extranet/Wireless
Intranet/Extranet/Wireless effectiveness of this process is critical to the
competitiveness of the LSO. The
implementation of corporate Intranets and Extranets has greatly enhanced the ability of employees and
partners to collaborate. However, data and business information are created and stored in independent
silos and knowledge is not being generated and leveraged. That is, solutions and lesson learnt are not made
available to those who need-to-know and they are not applied consistently through out the enterprise. This
results in significant loss of value and competitive advantage. For example, the lack of awareness of the
existence of specific information and fragmented information sources cause the need for data to be
regenerated, adding additional costs. Inaccessible historical information inhibits learning and impairs the
transformation of information into predictive and actionable knowledge.
e-Collaboration is being greatly enhanced in terms of near real-time collaboration by the use of wireless
technology, which has and continues to improve dramatically in terms of available bandwidth, area
coverage and available personal devices, such as Personal Digital Assistants. However, ensuring the
confidentiality and integrity of this information over its life cycle (capture, transmission and storage)
remains a critical challenge and barrier to adoption.
e-Detailing
The needs of physicians are changing in concert with the dramatic
e-Detailing
e-Detailing changes in the industry and the nature of the treatment solutions. The
amount and complexity of information is dramatically increasing while the
Sales Force Automation bandwidth of physicians to access and assimilate the information
Sales Force Automation
Physician Relationship continues to decrease. In addition, physicians must not only absorb the
Physician Relationship
Management latest information but also synthesize it into knowledge they can use to
Management
improve the quality of care of their patients.
Second, this new value-added proposition must use the appropriate channel(s) to reach the physician, the
sales agent being one of many possible touch-points. Others include Internet Physician-based initiatives
such as Customer Service Centers, discussed later.
Consequently, as it relates to the sales channel, Sales Force Automation needs to involve not only
increasing the efficiency of the sales function (“Automate”) to improving the effectiveness of the sales agent
function. For this to occur, detailed knowledge of the physician’s needs, preferences and behavioral
patterns must be captured and analyzed and delivered to the agent in a way that enables the delivery of the
needed services. This is accomplished by physician focused Customer Relationship Management, also
referred to as Physician Relationship Management, covered in the following sections.
The Internet in general is a cost-effective e-Detailing channel for all the traditional reasons: the cost of
information distribution is low, especially to hard to reach regions; a large distribution of physicians can be
reached; information can be accessed on the physician terms; and communication with sales agents can be
conducted via email and other more sophisticated
techniques such as instant messaging and video “e-Detailing will become the mainstream
conferencing. The battle for the physician’s attention is way of doing business. I believe in five
extremely competitive and consequently, establishing a years from now 70 per cent of all
value-added relationship with physicians will be critical detailing will be done electronically.” 5
toward getting through the noise, drawing their attention
and obtaining the desired action.
Physician Relationship Management: Effective Customer Relationship Management (CRM) is key to the
formation of sustained value-added relationships with physicians, patients, or payees. The nature and extent
of information that can be captured through the Internet, such as preference and behavioral patterns, is
unparalleled and very controversial. A decade of data collection abuse involving the unauthorized tracking
and sale of personal data has resulted in significant mistrust by customers. If the main purpose of CRM is
data collection with only nominal benefits to the customer, initiatives will continue to be rejected. CRM
must not only focus on improving existing processes, such as message targeting and customer service, but
also bringing tangible value to the customer in the form of reducing information clutter and facilitating
complex decisions. However, issues of privacy, security and trust remain the main barriers to the success of
electronic “get to know your customer” practices. By bringing significant value to the customer, they will
richly reward the organization with behavioral and preference information that can be used for effective
Direct-to-Customer marketing and personalized web services.
A CRM can take on a specific “customer” focus. Physician Relationship Management is focused on
physicians as customers while Patient Relationship Management is focused on patients as customers. Given
that physician and patients are very different types of customers with very different needs, each CRM will
manage a very distinct set of data and value propositions. CRM must also integrate and leverage
complementary initiatives, the boundaries of which are not clear, such as Disease Management Portals,
Product Specific Portals, Sales Force Automation, e-Detailing and Customer Support Centers. These are
covered in the next sections.
e-Submissions
An enterprise must manage a large number of identities across heterogeneous environments that represent
members of different communities of interest (e.g., employees, partners and customers) that have different
service requirements. The level of identity reliability, and therefore technology solution used (e.g.,
username/password versus digital certificate) for these different communities will vary depending on the
nature and risk of the application, the sensitivity of the information being accessed and the business
function. The different identity communities required by the various business units naturally drive towards a
decentralized identity management approach that creates many management and operational problems such
as isolated information silos, administrative duplication, data inconsistencies, policy and procedural conflicts
and inconsistent security standards. In order to minimize these problems and provide efficient access to
users across multiple applications and environments, identity management should be centralized according
to standard enterprise-wide policies and procedures with decisional control for provisioning and managing
identities and privileges delegated at the operational unit level. This will reduce management complexity and
duplication, thereby reducing costs and reduce user down time involved in gaining access to information
needed, increasing the time focused on value added activities. Greater consistency will allow for increased
access interoperability across the enterprise and allow increased responsiveness to changing dynamic
communities.
Electronic signatures merge content and informed consent with identity and time. The trustworthiness of
an electronic signature is predicated on the reliability of the identity, information and time management
systems described above and the process used to execute the signature. The system must be able to
capture, preserve and verify the integrity of signatory’s identity, the content of what was signed and the time
of signature. It should be noted that the admissibility of an electronic signature is dependent not only on
technology but a number of other factors such as sole control over the act of signing and a state of
informed consent during the act of signing. These issues are discussed in a white paper by the author
entitled “The principles and Measurement Metrics of Electronic Agreement Admissibility.” 9
Key to the ability to make individuals accountable is the ability to track and capture tamper resistant audit
trails that log who accessed what when in a manner that can be verified for integrity. This especially relates
to individuals who set policy and rules for identity, information and time management systems. The need to
report on who has what access to what information and resources and the fact that their access is limited to
what is needed to perform their function is not only a good security practice but also increasingly a
regulatory requirement.
e-Clinical Trials
7
“Trusted Time – Essential to e-Business Risk Mitigation,” Jacques Francoeur, March 2000
8 FDA 21 CFR Part 11: 11:3 Definitions 7
9 “The Principles and Measurement Metrics of Electronic Agreement Admissibility,” March 2003, Jacques Francoeur, www.trustera.com.
e-Clinical trials provide the opportunity to streamline and integrate processes to yield efficiency and
effectiveness gains. This includes reducing the resources expended on patient recruitment and tracking and
work flow logistics. Real-time feedback on trial progress allows for protocol corrections, while preserving
the statistical validity of the information, and early terminations if necessary.
The immediate access to clinical trial information is essential to more informed decision making
concerning needed corrections to protocols or even cost saving benefits that can be derived from
terminating trials early. “In fact, it is estimated that quick identification of failing studies could save companies as much as
$1M per study.” 12
10 “Streamlining Clinical Trial Processes for Improving Time to Market”, IBM Life Science, 2002
11 “Technology in clinical trials,” Pharmafocus Feature, March 2003, Stella Holford.
12
“Streamlining Clinical Trial Processes for Improving Time to Market”, IBM Life Science, 2002
client-side validation problems. Both methods dramatically improve the nature and responsiveness of the
relationship between the clinical data manager and the clinical research associate, enabling the efficient
resolution of data queries.
With recent advances in wireless technology and its increasing coverage and wide spread use combined with
advances in sensing and monitoring technology, it is possible to conduct Remote Monitoring of clinical trial
patients, reducing some of the logistical burdens placed on patients and capturing data in a more realistic
life-like situation.
A Customer Service Center (CSC) is an innovative and effective way of providing real-time and interactive
support to physicians in an ever-increasing complex drug and treatment environment using a “pull” service-
based model. The initial “push” based portal model was inherently positioned for failure. A CSC extends
the CRM model to the point of value delivery, overcoming one of the main previous reasons for failure.
This is where the gap is closed between value provided for the exchange of customer knowledge and ability
to more effectively target. A CSC integrates multi-channel service delivery and marketing (phone, Internet,
face-to-face) into a comprehensive support package that leverages synergies between the needs of the
physician and that of the LSO. A CSC has the potential of transforming the descriptive nature of CRM
data into predictive information and eventually actionable knowledge.
Making the link between physicians and patients through a Customer Service Center can provide valuable
services to patients; however, it remains a risky proposition given the insertion of an intermediary in the
coveted patient-physician relationship.
A Customer Service Center is an ideal channel for e-Detailing given the “pull” based model where
information is provided by request and consequently has a significantly greater changed of being reviewed
and reacted upon. However, if e-Detailing follows the path of SPAM in Direct-to-Physician Marketing,
a backlash will occur which will take considerable time to rebuild.
Consequently, physicians are slowly losing their exclusive control over the patient.
The Internet has provided a legal and cost-effective avenue to reach patients and to deliver service-based
value propositions that were previously not possible. Targeted Direct-to-Consumer (D2C) marketing
initiatives are being used to identify and capture consumers and Online Patient Communities, such as
Drug Specific Portals, are an efficient patient point-of entry.
Once a patient enters the Internet portal, a cost-effective way of managing the relationship over their
ailment duration is required. A custom application of CRM called Patient Relationship Management
(PRM) can be used to ensure an effective extraction of behavioral and preference information and delivery
of value such as personalization features (diaries, reminders) to encourage treatment compliance and loyalty
incentives to retain the patient over the lifetime of their ailment. PRM requires patient tracking and
profiling to deliver a “personalized” online experience, data analysis to determine needs and preferences
from which targeted marketing can be conducted and interactive exchanges over multiple channels of
communication to deliver services.
However, this focus on patient preference and behavioral patterns comes at a time when issues of privacy
and security of sensitive medical information is at an all time high. Given that D2C interactions and
medical information are heavily regulated, PRM techniques create significant compliance and brand name
risk. Patients do not trust that their highly sensitive medical information will be protected from
unauthorized use and disclosure. As well, they do not trust that it will be secure from unauthorized access.
Consequently, central to the success of Internet Patient-based Initiatives is complying with the data privacy
and security related regulations and overcoming the barriers of mistrust patients have towards such
initiatives. The early days of the Internet and its data collection abuses have created this presumption of
mistrust that must be overcome.
Before laws providing for the legal effect and validity of electronic records and signatures were enacted, the
legally binding use of the electronic medium had to be enabled by expensive proprietary, rigid, and closed
electronic networks and covered by complex business agreements. The advent of the Internet provides the
potential for a flexible, open and inexpensive alternative based on a public infrastructure. However this
public infrastructure creates many new risks and uncertainties that have created barriers to the widespread
use of the Internet as a medium for executing mission critical business.
Figure 1 illustrated the e-Programs that can be implemented across the value chain. A number of challenges
are creating barriers to the deployment of such initiatives. Even though technologies of mitigating the risks
of doing business electronically are available, significant vulnerabilities remain, especially as it relates to
mission critical applications. The issue is not one of technology but one of weaknesses with people not
following policy and poorly designed processes. Even with laws recognizing electronic records and
signatures, there remains uncertainty as to the legal enforceability of electronic transactions, especially given
the absence of case law. The absence of best practices for the measurement and verification of electronic
integrity and regulatory compliance creates apprehension as to the ability to make management assertions
with confidence. Finally, the current atmosphere of customer mistrust as to the collection, use and
disclosure of their personal information is a significant barrier to initiatives intended to profile customers.
There are a number of vulnerabilities and business risks common to all electronic initiatives across the value
chain. The cost and complexity to manage these risks in isolation, where investments and experience
cannot be leveraged, is enormous. An enterprise vision and strategy that addresses these issues holistically
and a methodology that manages these requirements in an aggregated and integrated manner will deliver
significant benefits to the LSO. It should be noted again that this white paper assumes the availability of a
reliable network information system and therefore does not consider the risks associated with availability
and reliability of the network and its systems.
Controlling these three risk sources is central to maintaining a trustworthy digital enterprise, specifically
authentic information, which is essential for reliable decision-making, and dependable identities, which are
essential for restricting access to information and for ensuring that individuals can be held accountable for
their electronic acts. Capturing accurate and auditable time stamps is also essential for all aspects of
operations and in particular for meeting audit trail requirements.
Legal risks are those related to adhering to legal standards and electronic signature laws. They are
measured by the degree to which the method of conducting electronic transactions, creating electronic
records and executing electronic signatures adhere to legal standards and e-Sign laws. The is collectively
referred to as “e-Enforceability.” The authenticity of electronic records –“what,” the reliability of
signatures – “who,” and the auditability of time stamps –“when,” must be sufficiently trustworthy to be
deemed admissible by regulators and adjudication authorities.
Compliance risks are those related to complying with its own internal requirements, industry best practices
and external regulations such as HIPAA and 21 CFR Part 11. They relate to the ability to measure, verify
and demonstrate compliance of e-System, e-Processes and e-Transactions to specific regulatory
requirements. This is collectively referred to as e-Compliance.
e-Sign laws around the world have been recently enacted recognizing the legal effect and validity of
electronic records and signatures. Even though these laws are consistent with the United Nations
Commission on International Trade Law (UNCITRAL) Model Law 13 on Electronic Signatures, there are
substantive difference in approach and interpretation. For example, the United States Electronic Signatures
in Global and National Commerce Act 14 is technology neutral while the European Union Electronic
Signature Directive 15 has given strong favor to cryptographic-based signatures for legal admissibility
purposes. This has created the challenge of not only differences in interpretation of a given law but having
to deal with variations between territories.
The regulatory side has been much better in its harmonization efforts. Significant efforts are being made by
regulatory agencies around the world to create a standard format for submitting applications. Under the
International Conference on Harmonization 16 the Electronic Common Technical Document (e-CTD)
standard is being created that will greatly simplify international applications. However, given that all NDA
regulations such as Part 11 require the assertion that electronic signatures are “legally” equivalent to
handwritten signatures, the connection to e-Sign law requirements is clear.
Given the relatively recent enactment of laws and industry regulations driving the transition to an electronic
business models and processes, methods to measure, verify and demonstrate the electronic integrity, legal
admissibility and regulatory compliance of e-Systems, e-Processes and e-Transactions are misunderstood,
early in their development and are unproven. Enterprise Digital Trust Management and The Digital Chain
of Trust Framework, Architecture and Methodology, the subject of this white paper, are such methods.
The requirement of executing “legally equivalent” electronic and paper-based signatures is made clear by the
FDA in their definition of an electronic signature – “… means a computer data compilation of any symbol
… executed, adopted or authorized by an individual to be the legal equivalent of the individual’s
handwritten signature.” 20 This statement has the effect to require the compliance not only to Part 11 but
also to e-Sign laws and established legal standards.
15 European Union Electronic Signature Directive: Directive 1999/93/Ec Of The European Parliament And Of The Council of 13 December 1999
In fact, the organization must make a management assertion to the FDA as follows:
“Persons using electronic signatures shall, … certify to the agency that electronic
signatures … are intended to be legally binding equivalent to traditional
handwritten signatures.” 22
Even though this assertion can be made at the organizational level, the FDA reserves the right to request
“additional certification or testimony that a specific electronic signature is the legally binding equivalent to
the signer’s handwritten signature.” 23
Meeting the requirements of legal admissibility is contingent on meeting a number of technical and more
importantly non-technical requirements that are discussed in detail in a white paper by the author entitled
“The Principles and Measurement Metrics of Electronic Agreement Admissibility 24”. Irrespective of
meeting the highest standards of executing electronic signatures and agreements, there are very few
adjudicated legal cases that can be used as legal precedence. This represents a legal risk that must be
managed.
In making the transition from the current state of paper-based, manual and semi-electronic (“physical
world”) drug development business models and processes to end-to-end electronic equivalents,
management must make assertions that during the transition they have maintained demonstrable levels of
electronic integrity, that is security and controls over their e-Systems, legal enforceability, that is legal
admissibility of e-Transactions and regulatory compliance that otherwise could compromise existing
business revenues.
The risks not only lie in the design and operation of electronic value chain initiatives. They also exist in
making a structured and measurable transition to the desired electronic state in a manner that does not
compromise existing operations. The transition must be sufficiently controllable and measurable to enable
executives to make management assertions with confidence to their stakeholders as to the electronic
integrity, legal admissibility and regulatory compliance of any given electronic initiative.
21 FDA 21 CFR Part 11, Final Rule Page 13462, Column 3, A. Objectives.
22 FDA 21 CFR Part 11 Subpart C – Electronic Signatures, 11.1 General Requirements c)
23 FDA 21 CFR Part 11 Subpart C – Electronic Signatures, 11.1 General Requirements c), 2)
24 “The Principles and Measurement Metrics of Electronic Agreement Admissibility,” Jacques Francoeur, March 2003.
Privacy Mistrust
There is significant mistrust by the general public as to the
confidentiality, security, control over and use of their personal
information. The sensitivity is drastically greater as it relates to
medical and genetic information. This concern is one of the most
significant barriers to getting to know and understand the consumer –
patients. LSOs must presume an existence of mistrust that will take
time and special practices to overcome. The existence of this
information in electronic form combined with automated and
integrated systems makes the risks of this information getting into the
hands of an unauthorized individual very real.
“The widespread adoption of the Internet and Critical to both online physician and patient initiatives
the web has shifted cultural attitudes toward are issues of the privacy of personally identifiable
privacy. Heightened privacy sensitivity will information. This still remains the number one barrier
require online and offline businesses to to the adoption of the new “personalized medicine”
re-examine existing information practices. value proposition. It is also a regulatory requirement of
HIPAA and laws enacted in the European Union as a
Through 2006 information privacy result of the European Union Data Privacy Directive.
will be the greatest inhibitor for Many of the core critical concepts essential to the
consumer-based e-business." success of online communities are discussed in a book
called “Net Worth – Shaping Markets When
Gartner Group
Customers Make the Rules.25
Enterprise-Wide e-Implementations
Enterprise implementations of electronic initiatives are extremely complex and difficult to carry out
successfully 26 as they require a cohesive team of business and technical leaders and effective coordination
between many stakeholders often driven by different agendas. Adding to this complexity is that fact that
the boundaries of today’s virtual and dynamic enterprise are difficult to define as they are constantly
changing.
In order to ensure the success of enterprise electronic initiatives, the current reactive, fragmented, technical
and IT approach to risk management must change. Managing the risks of an electronic value chain must be
recognized as mission critical and therefore it must be sponsored and driven top down by executive
management. Only with such a clear commitment will the required cultural change in mindset take place
throughout the organization in a sustained manner. In order for risk management to be considered an
enabler, overcoming the current perceived notion of a constraint, the risk management objectives must be
aligned with the business objectives and risk tolerance of the organization. And finally given the fluid nature
of the virtual enterprise, a proactive and formal approach to risk management must be taken that monitors
and continuously adjusts to dynamic situations. 27 However, for those who take on such significant
challenges, the benefits to the organization are commensurate.
25 “Net Worth: Shaping Markets When Customers Make the Rules, The Emerging Role of the Infomediary in the Race for
Customer Information,” John Hagle III and Marc Singer.
26 “Enterprise-wide Implementations: Helpful Tips for CIOs Who Take on the Universe,” Health Data Management, Greg
The return on investment associated with reducing the cost and time of bringing successful drugs to market
are substantial. Reducing drug development time will drastically increase the competitiveness of the LSO by
increasing the number of drugs that can be processed through the pipeline and increase the probability of
being “first to market,” thereby commanding premium pricing and avoiding the commodity effect of “me
too” drugs. It will also allow much greater profits from a longer patented sales cycle. A Tuft Center for the
Study of Drug Development analysis 28 indicates that reducing the total development time by 50% will
reduce the cost of development by 29%. Reducing the pre-launch total cost of development has an
immediate bottom line effect – lower cost of development means higher profit margins or higher sales
volumes through lower prices.
The key question is how will this be achieved? The adoption of e-Programs such as those illustrated in
Figure 1 can significantly reduce the cost and time of drug development by delivering the following
improvements to the drug development, approval, marketing and sales value chain:
Changing the Medium of Business from physical, manual and paper-based to electronic will
eliminate the paper-life cycle costs of printing, copying, faxing, and physical sending, receiving, storage
and archival.
Increasing the Speed of Business will drastically reduce the cycle and response time of doing
business. For example by reducing approval times and increasing access and dissemination of
information to near real-time will not only drastically accelerate business but allow for greater
transaction volumes.
Increasing Business Efficiency. The transition to the electronic paradigm is an opportunity to re-
engineer workflows and business processes to eliminate non value-added components, reduce work
duplication and error rates.
However, even with the mandate of each e-Program being different, a finite and common set of electronic
resources must deliver all e-Programs within the value chain. In addition, all e-Programs involve the
management of technical, legal and regulatory risks and the same three fundamental components of –
identity, information and time. It therefore makes good business sense that an enterprise vision and
strategy be formulated that allows all stakeholders across the enterprise to perceive and manage in a
cohesive manner all e-Program risks consistently and to allow investments and solutions by one stakeholder
to be leveraged by another.
This section will describe a vision of a trustworthy digital enterprise and the characteristics of an enterprise
risk management strategy to transition to such an enterprise. Section 3 will then present an outline of a risk
audit methodology that can implement the strategy and transition to a measurable and demonstrable trusted
digital enterprise.
Recall that the e-Value Chain involves a number of e-Programs, as was illustrated in Figure 1. If one
assumes that the enterprise has implemented all its e-Programs in such a way that its actual practices are in
compliance with all its risk mitigation requirements, whether technical, legal or regulatory risks, then one
could describe the enterprise as being in a state of Enterprise Digital Trust.
e-Enforceability relates the electronic legal perspectives of the e-Program. Its principle mandate is to
ensure that all electronic transactions conducted by the e-Program are sufficiently trustworthy to be deemed
legally admissible by an adjudication authority, such as an arbiter or a judge of a court of law. This is a pre-
requisite of enforceable electronic transactions.
e-Compliance relates the electronic regulatory compliance requirements of the e-Program. Its principle
mandate is to ensure that all electronic resources involved in the delivery of the e-Program are in
compliance with relevant regulations to ensure business continuity.
It should be noted that e-Integrity, e-Enforceability and e-Compliance are heavily interrelated and one
cannot be achieved without the others. In terms of information system architectures, Digital Trust for each
e-Program means, demonstrable levels of e-System security and controls; e-Process integrity that captures,
preserves, retrieves, verifies, renders and makes available in human readable form the e-Transaction
authentic content, context, notice, intent, consent, identity and time; that meet the enterprise requirements
for accountability and reliable information, regulatory compliance and for legal admissibility of electronic
forensic evidence, to a level of confidence commensurate with the nature and level of risk of the e-
Program and the legal significance of the e-Transaction.
Enterprise Digital Trust means a constant level of Digital Trust over time of each e-Program being
operated by the enterprise (e.g., e-Submissions, e-Clinical Trials and Online Patient/Physician
communities). The level of Digital Trust is a customized characteristic of each e-Program given that the
nature and level of risks 29 can vary dramatically.
Now that the ultimate goal is established, a management strategy must be defined to guide the enterprise
towards its attainment.
In the transition to an electronic enterprise, many new challenges, uncertainties and risks are created. In
order to effectively address these issues, a new form of e-management must emerge to ensure that the ROI
is captured, adequate controls over the risks are maintained and management can make assertions to its
stakeholders with confidence.
This new form of “e” management is called Enterprise Digital Trust Management (EDTM). Its
mandate is three-fold.
Mitigate the technical, legal and regulatory risks to the required level in a manner that can be measured,
verified and demonstrated,
Coordinate the decisions and work deliverables of all stakeholders at all management levels in a
hierarchical mechanism where decisions can be executed and verified for completion,
Plan and manage the transition from the current state to an Internet-based end-to-end “trusted”
electronic equivalent 30 in a structured and integrated manner.
29 The nature and level of risk is determined by the business context and degree of sensitivity of the application, the environment in
which the e-Program is carried out, the specific external regulatory requirements that apply and internal risk sensitivities.
30 “equivalent” shall not mean “only as good” but allows for process reengineering and optimization.
Business-Centric: The business objectives are to reduce costs, increase efficiency and effectiveness,
and deliver strong ROI by enabling new business models and delivery channels. Therefore, the EDTM
strategy has a strong business focus.
Comprehensive & Integrated: The transition involves many business risks, technical challenges, legal
issues, and regulatory requirements that must be managed at all architectural levels. Consequently, the
EDTM strategy is comprehensive in its scope and integrated in its relationships and associations
between systems, processes, transactions, events and data.
Manageable: In order to ensure a successful implementation that controls business risks so as not to
compromise existing business and provides management assertion confidence, the EDTM strategy
enables a structured and measurable transition process.
The following will describe each of the key attributes in more detail.
Multi-Domain Multi-National
The transformation from a “physical world” North American European Union Asia Pacific
paper-based medium of business to an electronic one
makes no difference to the need for adhering to legal
standards, meeting e-Sign legislative requirements and Figure 5
complying with regulatory requirements. However, the electronic paradigm will create many new legal and
technical challenges and present risks that will radically change the methods of meeting the standards and
requirements and demonstrating their adherence and compliance.
The EDTM strategy is a multi-domain strategy designed to address the technical, legal and regulatory risks
of adopting an electronic value chain. The goal is to ensure the integrity of electronic business (e-Integrity),
the legal enforceability of electronic transactions (e-Enforceability) and the compliance of electronic systems
and processes (e-Compliance), defined as follows:
e-Integrity: the degree to which the e-Program; its e-System, e-Processes and e-Transactions cannot be
altered or manipulated without detection or traceability.
e-Enforceability: the degree of confidence that (1) the method of conducting the electronic transaction
adhered to legal standards and (2) the content of its audit trail (electronic records –“what,” signatures –
“who,” and time stamps –“when,”) will be deemed sufficiently trustworthy to be admissible by an
adjudication authority for dispute resolution through arbitration or by the courts.
e-Compliance: the degree of assurance that the e-Program, its e-System, e-Processes and e-Transactions
are in compliance with relevant regulations, industry best practices and internal requirements.
It is critical to understand that the e-Integrity, e-Enforceability and e-Compliance requirements are
interrelated and interdependent. e-Sign law provides for the legal effect and validity of electronic records
and signatures, that is, records and signatures cannot be discriminated against solely for being in electronic
form. However, this does not guarantee that electronic records, signatures and agreements will be deemed
legally admissible in a court of law, a prerequisite of legal enforceability. That is in fact what a trusted digital
enterprise is seeking to achieve.
The second domain is e-Enforceability. Based on a solid foundation of identity, information and time, one
must then design and execute transactions involving electronic signatures that adhere to legal standards and
electronic signature laws. This involves mostly non-technology issues such as notice, the security of the
signing key, control over the act-of-signing and creating a state of informed consent in the act-of-signing.
The reader is referred to a white paper by the author on the subject entitled “The Principles and
Measurement Metrics of Electronic Agreement Admissibility” for more details.
The third and final domain before creating a Trusted Digital Enterprise is e-Compliance. Based on a solid
foundation of identity, information and time and electronic signatures and admissible electronic signatures
and transactions, one must operate e-Programs in a manner that complies with regulatory requirements.
In summary, the strategy of Enterprise Digital Trust Management is to achieve operational compliance,
transactional enforceability and identity, information and time integrity. It is clear from this discussion that
many corporate department and functions must integrate to achieve a Trusted Digital Enterprise.
Consequently, Enterprise Digital Trust Management requires a multi-stakeholder strategy.
Multi-Stakeholder
Given that Digital Trust Management is enterprise-wide, business centric, and comprehensive in
nature it will involve the contributions and cooperation of many stakeholders, including representatives of
external organizations such as the regulatory agencies. The adoption of the e-Value Chain must be driven
by business needs, enabled by IT, protected by security, continually assessed by audit and advised by legal
with records manager custodianship. Consequently, the fact that stakeholders do not speak the same
language, do not agree on the same objectives, are driven by different agendas and approach problems
differently presents many problems to the enterprise. A reference framework is required to organize the
problem into domains that more clearly illustrate how collectively stakeholders relate to one another and
understand what requirements they need from one another.
In summary, the strategy of Enterprise Digital Trust Management enables a cohesive management team,
integrated planning and coordinated deployment of electronic initiatives between all key stakeholders -
essential for an efficient and successful implementation.
Multi-National
Given that large LSOs are international in character, having operations and customers all around the
world, combined with the intrinsic nature of e-business, they must not only adhere to local laws and
regulations but also they must comply with multiple national regulations that govern either where they
conduct business or where their consumers are located. However, in order to reduce costs and complexity
an Enterprise Digital Trust Management strategy is multi-national (international), ensuring compliance to
the requirements of each nation yet taking an integrated and harmonized approach to its compliance
methods to the fullest extent possible. The goal is to establish a common audit standard and corresponding
policies and practices that will ensure compliance across the greatest geographical area.
In summary, the strategy of Enterprise Digital Trust Management is to manage the technical, legal and
regulatory risks in an integrated manner (multi-domain), bring together all key stakeholders into a cohesive
management team (multi-stakeholder), and take an integrated and normalized international legal and
regulatory approach (multi-national).
e-Integrity
The primary risk class of e-Integrity can be further divided into three secondary classes - Identity Risk,
Information Risk, Time-of-Event Risk, as illustrated in Figure 9 and defined as follows.
Many other additional risks follow from these three secondary route sources, such as Access Control,
Authorization, Confidentiality and Audit Trails, which are not covered in this paper.
e-Enforceability
The primary risk class of e-Enforceability can be further categorized into two
secondary classes of Adherence Risks and Admissibility Risks. This is
illustrated in Figure 10. eRisks
This requirement is embodied in what is called Legal Sufficiency 31, which is an established legal standard
ensuring that a state of informed consent is present during the act-of-signing. Legal Sufficiency involves
two basic concepts referred to as “Writing” and “Signature,” which combine measurable parameters such as
notice and content with less demonstrable notions of context, intent and consent. Legal Sufficiency
requires that certain transactions, such as agreements (i.e., contracts), must be reduced to writing on paper
to be legally enforceable. The requirement of “writing” is an established legal standard whose “functional
purpose” must be respected in the execution of an electronic agreement. The requirement of writing is
important as it forces a type of ceremony that builds awareness that a process of agreement formation is
taking place and appreciation as to the obligations under the agreement and the consequences for failing to
fulfill the obligations.
The second component of Legal Sufficiency is called “Signature.” Legal Sufficiency requires that certain
transactions, such as contracts, must not only be reduced to writing but also contain a signature in order to
be legally enforceable. The act of signing meeting the requirement of “signature” must clearly establish the
identity of the signatory, established by the application of the individual’s unique mark, a clear expression of
awareness as to the intent of signing and a clear expression of understanding as to the content and, most
importantly obligations of the agreement. The requirement of “signature” is an established legal standard
whose “functional purpose” must be respected in the execution of an electronic agreement.
The trustworthiness of the information contained in the audit trail is based on the level of reliability of the
electronic signatures, the ability to demonstrate the authenticity of the electronic records and the accuracy
and auditability of the electronic time stamps. In general, the level of trustworthiness of all aspects of the
electronic execution process must be appropriate for the purpose of the agreement, the legal significance of
the act of signing, and the nature and level of the risks, including consideration of the damages that can
31US Department of Justice, “Legal Considerations in Designing and Implementing Electronic Processes: A guide
for Federal Agencies”, November 2000. http://www.cybercrime.gov/eprocess.htm
ensue from the failure of any party to fulfill its obligations. This may be different depending on the nature
of the transaction, the environment in which it is being conducted and the requirements of law and
regulations. Consequently, this is a case-by-case set of requirements.
The trustworthiness of the audit trail is also related to the technical mechanisms used to preserve and
protect its content over time and the ability to verify its integrity at any future time. Methods should be
used to verify and demonstrate that the audit trail has not been altered or manipulated in any way since it
was created - that is, its integrity has been maintained. This is a fundamental prerequisite. If this cannot be
demonstrated, it invalidates the audit trail irrespective of the level or reliability of the information it
contains.
In the case of electronic transactions, e-Enforceability relates to whether the process of electronic
agreement formation, in terms of its design architecture and method of execution, results in the legal
admissibility of the agreement. In the case of Business-to-Employee transactions, admissibility means
meeting the prerequisite requirements necessary to demonstrate the electronic forensic evidence necessary
to hold an individual accountable for their electronic act or signature. In the case of Business-to-Business or
Business-to-Consumer transactions, admissibility means meeting the prerequisite requirements necessary to
demonstrate the electronic forensic evidence necessary to obtain a successful dispute resolution judgment
or to obtain favorable court adjudication.
result in enforceable obligations. The fourth principal relates to the requirement to capture, preserve and
retain for as long as necessary all material information related to the transaction in a way that can be verified
and shown to be accurate and complete. The fifth and final principal relates to the need to design and
operate an agreement formation process that is sufficiently reliable and trustworthy commensurate with the
legal significance of the act of signing and the nature and risk of the transaction.
These five principals are collectively sufficient to ensure that the electronic agreement, its electronic
signature and records will be granted legal admissibility in a court of law. This framework of principles can
be further broken down into sixteen measurement criteria (outlined in the Table above) that can be used to
assess the Admissibility Risk and Adherence Risk of a particular agreement formation process. This is
discussed in more detail in a white paper by the author entitled “The Principles and Measurement Metrics
of Electronic Agreement Admissibility,” published in March 2003.
e-Compliance
Security: Security is at the core of mitigating organizational threats and vulnerabilities and meeting
many (but not all) of the regulatory requirements of HIPAA and 21 CFR Part 11. Security aims to
ensure the integrity and confidentiality of sensitive information assets and to make them available to those
who need to know when and where required. At the core of meeting these security requirements is
Entitlement Management – Authentication and Authorization. Authentication is the critical component of
Access Control. The ability to verify in real-time the true identity of individuals seeking access to
information assets is the first line-of-defense. The ability to capture and preserve that identity with a certain
level-of-confidence is essential to the ability to establish accountability for electronic acts. Methods of
ensuring the accountability of individuals for their electronic acts are an increasing requirement of business
and emerging regulations. For example, tracking and logging the activities of authorized personal to
sensitive systems is a regulatory requirement. Authorization is a second line-of-defense. Once authenticated,
access to specific digital assets, whether information or applications, should be restricted based on the
“principle of least privilege” - ensuring access privileges are granted based on a need-to-know basis.
Security is insufficient as it relates meeting the data privacy and Trusted e-Systems compliance requirements
of HIPAA and 21 CFR Part 11 and building on the traditional perimeter defense approach of security
towards an Intrinsic Trustworthiness model – security at the object level.
Data Privacy: Traditionally, privacy has been linked to confidentiality (keep it private) and security
(lock it up, prevent unauthorized
access). Privacy, in the context of the Fair Information Practice Principles
digital economy, has shifted to a new
paradigm based on a set of ten
privacy principles. These principles Accountability
have as their foundation the Fair Principle An organization is fully accountable for all personal information under their
1 control. A person shall be designated to be responsible to ensure that all
Information Practice Principles processing of personal information is conducted in compliance with all the
issued by the Organization for relevant privacy legislation.
Economic and Cooperative Purpose
Principle
Development (OECD) in 1980 32, 2
The purpose(s) for which the personal information is being collected shall be
defined at or before the time of collection and unambiguous notice shall be
outlined in the table to the right. given to the individual before collection
At the forefront of global privacy Consent
legislation is the European Data
Principle The unambiguous and informed consent of the individual is required for the
Privacy Directive,33 the de facto 3 collection, use, and disclosure of personal information, except where
international standard, which took inappropriate. Explicit consent (proof) is required in the case of “sensitive”
information (racial or ethnic origin, religious beliefs, health or sex life).
effect October 25th, 1998. The
Directive is designed to normalize the Collection
Principle
national data privacy laws of the 15 4
The collection of personal information shall be limited to that which is necessary
for the fulfillment of the purpose(s) identified. Information shall be collected by
member states of the European fair and lawful means.
Union (United Kingdom, Germany, Limited Use
France, Portugal, Spain, Italy, Austria, Principle Personal information collected shall not be used or disclosed for any other
Luxembourg, Belgium, Greece, 5 purpose(s) other than those for which it was originally collected, except with the
Ireland, the Netherlands, Denmark, consent of the individual or as required by law.
Sweden, and Finland), allowing for Retention
Principle
the unrestricted free flow of personal 6 Personal information shall be retained only as long as necessary for the
information within the EU. The fulfillment of those purposes.
Directive governs all personally Accuracy
identifiable information held by an Principle
7 Personal information shall be as accurate, complete, and up-to-date as is
organization, including employee and necessary for the fulfillment of the purposes for which it is collected.
customer information, and covers its
Safeguards
collection, storage, processing, and Principle
transfer. Processing generally means 8 Personal information shall be protected by security safeguards commensurate
with the nature of risks and degree of sensitivity of the information.
everything (storage, alteration) except
transit. The legislation applies to all Openness
Principle
organizations conducting business in 9 Information on the organization’s personal information management policies
legislated territories, and controls the and practices shall be disclosed to the individual.
flow of personal information to Access
countries (organizations) outside the Principle Upon request, an individual shall be provided access to personal information
EU. This has been a driver of 10 held and shall be informed as to its use and disclosure to third parties. An
international legislation resulting in individual shall be able to challenge the accuracy and completeness of the
information and have it amended as appropriate.
approximately fifty 34 countries who
have enacted, or are in the process of Complaints
Principle
enacting, privacy legislation that is 11 An individual shall be able to file a concern or complaint with the designated
“equivalent” to the Directive. individual as to the organization’s compliance with the principles.
32
Organization for Economic & Cooperative Development: “Guidelines on the Protection of Privacy and Transborder Flow of
Personal Data: Fair Information Practice Principles,” www.oecd.org
33 “None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive,” Peter P Swire and
Electronic trustworthiness builds on security towards what is called “Intrinsic Trustworthiness.” This
means trustworthiness at the object level – the inherent property of an electronic record, identity, signature,
time-stamp and audit trail to be resistant to alteration or manipulation without detection or traceability and
verifiable for integrity and authenticity over their lifetime. An example of Intrinsic Trustworthiness related
to identity is a biometric – a unique attribute that is intrinsic to one individual. Examples include
fingerprints, retinal scans, facial patterns, voiceprints and signature dynamics. These methods of identity
authentication are clearly more trustworthy and less vulnerable than passwords and private keys given their
higher confidentiality and access control risks. Another example of Intrinsic Trustworthiness is a Digital
Signature, a cryptographic-based electronic signature. The unique content of the document and the unique
identifier (private key) are intrinsically bound through a cryptographic process to yield a unique electronic
signature. The document that was signed can be verified that it has not been modified since the application
of the signature (content integrity), and the corresponding Digital Certificate uniquely linked to the private
key used to execute the signature can be identified, verified for integrity and validity at the time of signature.
These attributes of electronic trustworthiness are essential for reliable decision-making, ensuring the
accountability of individuals for their electronic acts, demonstrating regulatory compliance, controlling the
basis of repudiation and ensuring enforceable electronic transactions.
Trusted e-Systems are the means by which Intrinsic Trustworthiness is implemented in e-Programs. They
involve the ability to prove the “who, what and when” of electronic transactions, collectively referred to as
capturing and preserving electronic forensic evidence. A trustworthy e-System will operate e-Processes
that capture, preserve, retrieve, verify, render and make available in human readable form the e-Transaction
authentic content, context, notice, intent, consent, identity and time to a level of confidence commensurate
with the nature and level of risk of the e-Program and the legal significance of the e-Transaction. It
delivers accountability - that a party involved in electronic acts can be demonstrated to be the actual party
who committed the act. It also delivers reliable information - records whose content can be demonstrated to
be a complete and accurate representation of the transaction, related activities, or facts to which it attests;
and can be depended upon for subsequent actions.
In order to reduce the cost-of-compliance and control management complexity, Enterprise Digital Trust
Management strategy is integrated. This is accomplished by 1) adopting a unified approach to addressing
the diverse but closely interrelated requirements; 2) viewing both the internal and external requirements in a
common perspective where one meets the requirements of the other and 3) taking an architectural
approach to the problem which allows the specific nature of a vulnerability to be precisely identified and its
interdependencies understood. This is illustrated in Figure 13 and will be discussed in greater detail below.
The e-Value Chain illustrated in Figure 1 requires compliance to a number of laws and regulations that
govern the privacy of personally identifiable medical information, the security and trustworthiness of
information systems, the reliability of electronic signatures and the admissibility of electronic transactions.
Many laws and regulations from different sources, whether they are from different industry segments or
territories, have the same essential intent – trustworthiness of the electronic state. Consequently, many
requirements are similar and therefore should be managed in a unified approach. The following are
examples of the similarity of requirements.
Data Privacy. The European Union Data Privacy Directive establishes a minimum standard by which all
EU national legislation must govern the collection, use and disclosure of personally identifiable information,
irrespective of its industry segment or application. The U.S. Health and Human Services has issued its final
rule (HIPAA) for the privacy protection of medical records. Both of the data privacy directive and the
HIPAA privacy rule are consistent with the OECD Fair Information Practice Principles. Consequently,
there is a common foundation between the two and the management of the compliance requirements
should leverage this commonality.
Electronic Signatures. The European Union Electronic Signature Directive establishes a minimum
standard by which all national legislation must governs the validity and admissibility of electronic signatures
and agreements. The U.S. has its own electronic signature legislation. Both are consistent with the United
Nations model law on electronic signatures. The U.S. Health and Human Services under HIPAA will be
issuing its final rule establishing the standards for the use of electronic signatures and the FDA has issued its
regulation governing in part standards for electronic signatures. There is also a significant body of legal
standards that electronic signatures must adhere to in addition to e-Sign laws. Consequently, there is also a
significant common foundation between the two and the management of these requirements should
leverage this commonality.
Security. The U.S. Health and Human Services under HIPAA will be issuing its final rule establishing the
security standard for the protection of medical records. The FDA’s 21 CFR Part 11 regulation also has
requirements governing in part standards for electronic records security. These two regulations, both of
which govern different e-Programs within the e-Value Chain, require compliance to the common set of
requirements. The security practices that will meet these requirements under HIPAA for protecting the
confidentiality of medical information of clinical trial patients are the same security best practices that will
also fulfill the requirements under 21 CFR Part 11.
Trustworthy e-Submissions. The FDA has issued 21 CFR Part 11, a regulation governing New Drug
Application submissions and the International Conference on Harmonization is developing the Electronic
Common Technical Document (e-CTD) standard. Both are designed to be consistent, that is, a submission
compliant to Part 11 will be considered e-CTD compliant, and vice versa.
All these laws and regulations are driving towards a common objective – the creation of a Trusted Digital
Enterprise where patient personal information is secure, electronic signatures are reliable, electronic records
are authentic, time stamps are auditable, electronic transactions are admissible and electronic systems and
processes are trustworthy. Many requirements from different sources can be aggregated into “governing”
requirements that can be managed using a common and consistent approach.
Enterprise Digital Trust Management adopts a compliance strategy that is unified – managing the Data
Privacy, Security, and Trusted e-Systems regulatory requirements, e-Sign legislative requirements and the
requirements of legal standards into an integrated set of enterprise Digital Trust requirements.
The FDA has explicitly stated that there are higher risks of manipulation and falsification in conducting
business electronically and being in electronic form than there are in their paper-based counterparts.
“The FDA view is that the risks of falsification, misinterpretation, and change
without leaving evidence are higher with electronic records than paper records.” 35
Consequently, in order to address this new reality, the FDA has articulated through Part 11 a minimum
standard of security and electronic integrity to ensure the trustworthiness of electronic submissions for New
Drug Applications.
“The regulation … [21 CFR Part 11] set forth the criteria under which the agency
considers electronic records, electronic signatures, … to be trustworthy, reliable,
and generally equivalent to paper records and handwritten signatures executed on
paper.” 36
The business case for adopting e-Programs and transitioning to an electronic value chain is sufficiently
compelling even without regulatory pressures. The very same risks as those articulated by the FDA exist for
the LSOs that make the transition. Consequently, the internal risk mitigation requirements that each LSO
will seek to implement to ensure a trustworthy enterprise will be very similar to those established by external
regulators such as the FDA. In fact, 21 CFR Part 11 is the first articulation of a “standard” as to the
trustworthiness of electronic records and signature systems that will eventually evolve into an industry best
practice. Part 11 should be viewed as a useful reference standard to guide an organization’s own transition
to an electronic value chain. It makes no business sense to define and manage two separate standards –
35
“Good Practice and Compliance for Electronic Records and Signatures, Part 2, page 9, section 1.1”
36
FDA 21 CFR Part 11.1 Scope.
internal and external requirements. A common standard should be established, to the extent possible,
where the exception can be managed on a case-by-case basis.
The Enterprise Digital Trust Management strategy integrates internal and external (regulatory) requirements
into a common compliance approach that reduces the overall level of complexity and cost-of-compliance.
Applications
enforceability risk at the transaction level or a e-Transactions
technical risk at the function level.
e-Events
Digital Trust is a state of trustworthiness that must
exist throughout all architectural levels of the e-Functions
electronic resources engaged in the delivery of an e-
Data
Program. There must be a structure of relationships
and associations that start with the electronic systems
Figure 14
that are networked, the processes and applications
operated by the systems, the transactions run by the processes, the events executed by the transactions, the
functions executed by the events and finally the relational data upon which it all rests. This is illustrated in
Figure 14.
The Enterprise Digital Trust Management strategy adopts a systematic and architectural approach to
defining the generic types of risks that must be addressed, the identification of those risks that apply, the
classification of those risks by probability, frequency and severity and the subsequent prioritization in terms
of which risks should be mitigated for the greatest return on investment – increased trustworthiness.
Methodology
Knowledge Work
CIP/CI
Management Automation
Figure 15
The complexity of risks involved in an e-Program is substantial, let alone a number of e-Programs forming
the e-Value Chain. One of the main challenges facing the organization is the comprehensive and systematic
identification of risks, the classification of those risks by probability, frequency and severity and the
subsequent prioritization in terms of which risks should be mitigated for the greatest return on investment.
The comprehensive and architectural nature of the Digital Chain of Trust Methodology enables the
effective allocation of scarce resources for risk mitigation.
Enterprise Digital Trust Management controls the transition from the current state to the desired end state
by applying a comprehensive and integrated reference framework consistently throughout the entire
transition period. The DCTF is used to first inventory and classify all the electronic resources involved in a
particular e-Program. The DCTF then is used to identify and structure all electronic risks by class, type and
function, assess and classify each e-Risk by level of severity and frequency probability and help prioritize
and allocate scarce resources to mitigate selected e-Risks. The Digital Chain of Trust Architecture is then
used to build the three e-Program reference architectures to subsequently measure the current state of
identity, information and time practices against a desired state.
Finally, the Digital Chain of Trust Methodology automates the process of auditing against the three DCTA
reference architectures to transition through the engagement lifecycle (assessment, gap analysis and
remediation) to reach and maintain the desired state. The DCTM allows for a precise determination of the
current status of any electronic system, process and transaction anytime during the transition.
Enterprise Digital Trust Management provides a systematic method of measuring and demonstrating to all
key stakeholders that the organization’s e-Programs are trustworthy. That is, each e-Program mitigates its
risks to a specific design level (e-Integrity), adheres to legal standards and electronic signature laws (e-
Enforceability) and is regulatory complaint (e-Compliance) to all relevant requirements.
From this level of management and measurement structure, effective decisions and management assertions
can be made to stakeholders with confidence.
Reduced Cost-of-Compliance
The Life Sciences industry is heavily regulated and therefore the cost-of-compliance is a significant cost
burden that will only increase. In a letter to the FDA, SmithKline Beecham stated the following concerning
the one-time internal cost-of-compliance for 21 CFR Part 11: “The total cost of these initiatives for
SmithKline Beecham is estimated to exceed 214 million dollars.” 37 This includes the costs for SOPs,
training, inventory and assessment, corrective action plans, implementation of corrective action plans,
capital expenditure, validation, electronic archival, data migration and certification. This excludes the cost
of assuring compliance of third party vendors such as Contract Research Organizations.
A Gartner G2 report 38 on the impact of Part 11 stated, “A common concern is that a global company
could spend more than $100 million in administrative and technology expenses to become
compliant.” The report goes on to say, “For this industry, the cost of compliance will have at least
the same impact, if not more, than Y2K.”
Enterprise Digital Trust Management and the Digital Chain of Trust Methodology will reduce the cost-of-
compliance by implementing a consistent framework throughout the compliance life-cycle, leveraging audit
practice knowledge across the enterprise and employing work automation techniques.
Knowledge management methods are used to make available all related information such as audit
control objectives, assessment templates, etc, to practitioners to facilitate the audit and to leverage
existing information. The same information is made available throughout the enterprise resulting in a
consistent implementation of audit practices across all systems.
Work automation techniques are implemented to automate the audit process including data capture,
data management and reporting.
The DCTM brings together all stakeholders involved in the successful delivery of an electronic
initiative. From the structure inherited from the framework (DCTF), all stakeholders can identify their
role and functions, understand those of other stakeholders, understand how different stakeholders
interrelate, understand the source and reasoning of decisions and their implications, and defined actions
and deliverables between stakeholders. The increased cohesion of the multi-disciplinary team and
reduced confusion and misunderstanding between all stakeholders greatly increases the effective
management of the compliance process.
Requirements Aggregation: There are a number of different regulations and internal requirements
that require a specific system, process, or transaction to be a particular characteristic. It is not cost
effective to manage these requirements as if they were independent of each other. The same
requirement from multiple sources can be aggregated and audited once for compliance. This will save
considerable time and resources. The actual compliance to a particular control objective from a specific
regulation can still be easily demonstrated.
37 SmithKline Beecham letter to Dockets Management Branch (HFA-305), Food and Drug Administration, Docket
No. 99N-4166, 29 November, 1999.
38 Gartner G2, “Truth and Misconceptions: The Federal Electronic Records Statute”, May 2002.
It is also important to the organization’s return on investment that it effectively leverage investments and
knowledge allocated to solve one problem to the resolution of other similar problems. This consistency of
approach to risk mitigation will allow for solutions applied to one system to be applied to others with lower
expenditure of resources and a higher predictability of outcome.
Enterprise Digital Trust Management provides measurable benefits to all levels of management, as follows:
“C”-level executives and Legal Counsel with greater certainty and confidence that management
assertions concerning the electronic integrity, regulatory compliance and legal admissibility of their
business practices are reflective of their actual practices; including confidence that this can be
demonstrated to external stakeholders.
Senior Executives with a structured method to identify the nature and level of risks involved in an e-
Program, determine the desired level of risk mitigation and to manage the implementation of those
decisions in a verifiable manner.
Middle Managers with a practical implementation method for delegating individual practitioners to
conduct particular tasks, monitoring the execution of those tasks and aggregating the results of those
tasks for systematic reporting. A method that allows the allocation of resources attached to a scope of
work and to identify the resource shortfalls.
Practitioners with a step-by-step guide to the completion of a task by providing a structured and well-
defined scope of work, a method of defining input requirements necessary for the completion of a task
and of defining deliverables to other practitioners.
Auditors with a systematic way of measuring and reporting compliance to corporate policies and
practices.