Document integrity and security are critical to ensure compliance and approval for life science companies. Amazingly, the industry has chosen systems that put their documents at risk of loss, tampering, and regulatory penalties.

It might surprise many both inside and outside the industry to discover that critical documents, even those containing sensitive information such as patient data and test results, are routinely transferred from sponsor to CRO to consultant and back via unsecured e-mail. E-mail can be misdirected to the wrong people inside the company, sent to competitors, and can easily be read by any hacker.

Additionally, the same organizations often use loosely guarded systems such as network file shares to store and manage documents. A network file share does not provide version control, document locking, and minimal access control. With so many people working on a document, one is never sure who has the latest version leading to wasted time and resources tracking down the correct version.

Organizations who believe that they are using best practices may be unwittingly at risk. Some document management systems, including the largest and most expensive, have significant security flaws that are rooted deep within their aging architectures.

THE UBIQUITOUS NETWORK FILE SHARE
It seems like a great place to start. The collaboration tool of choice. The network file share. A single place where everyone stores their documents — and gives everyone access to those documents. Yet again, it is a risky decision. Imagine a disgruntled employee who has access to that share who decides to alter it, steal it, or wipe it out. Even with routine backups, the user still has broad access to other peoples work. The loss in productivity and resources adds up quickly. For example, if ten peoples’ work is stored on theshare and a days worth of data is lost, that is ten man days of work lost.

Network file shares also allow for corruption. A user could manipulate others work with little or no evidence of tampering. What prevents a manager, who has a project at stake, from opening completed documents and changing data to meet their needs? If this is discovered by a regulatory body, all data would be considered suspect and cost a life science company significant delays andfines, as well as lost revenue and corporate reputation.

THE E-MAIL ATTACHMENT
E-mail has become the communications platform of choice for today’s business, including the life sciences space. The vast number of participants collaborating in the development of life science products makes e-mail even more important.Is there any other way to comu-nicate with such speed and ease?

E-mail is a critical business tool that clearly is not going to be replaced any time soon. However, the use of e-mail and the security policies chosenwill have a major influence on business processes. The role of an attachment and how it is handled is extremly important and impacts security and regulatorycompliance.

E-mail is bounced from server to server across multiple Internet Service Providers before it arrives in the inbox. During its travels outside of your corporate firewall, it is unsecured. Using this mechanism to transfer critical documents puts those documents and the company at risk. Proprietary information may begiven up and patient data exposed.

An additional issue with e-mail, primarily if it is used for collaboration, is the inability to identify who is in poss-esion of a document and whether any alterations to the data have been made. Muddying the water further, several people may be making changes or updates to multiple versions of a document simultaneiously. Imagine being put in charge of producing a single, updated master document.

Life science companies of all sizes feel that their IT staff has a handle on this e-mail situation. E-mail may be secure for intra-office transfer but inevitably documents need to be accessed by others outside of the corporate firewall. There is only one way to deal with the problem; do not allow sensitive or mission critical documents to be e-mailed.

So what system should replace e-mail for the transfer of documents? A Web-based document management system that is made selectively available to the users who need access to documents. A port is opened, a user is created on the system. The document management system allows the user to access the document and tracks when the user has it checked out, creates a version when he checks it back in, and ensures that no one else is updating the same document while it is checked out. A full audit trail is maintained all the while.