While the world is desperately waiting for the big announcement on a COVID-19 vaccine, and the global powers are competing for primacy, all eyes are on the ongoing clinical trials. The complex and stringent procedures behind drug development have never been so apparent to laymen as they are today.
In our discussion with Matt Barthel, CTO and Data Protection Officer at Adamas Consulting Group, we shed light on some details behind clinical research and its data handling mechanisms. The facts that the way to the market launch of a new drug is long, and that data security and compliance must govern the entire clinical research are explained by Matt in an enlightening manner.
Adamas Consulting Group provides independent quality assurance services and consultancy to the pharma industry. Founded in 1998, Adamas has a long history in supporting pharmaceutical companies, especially in the clinical research phase, to fulfill compliance in a highly regulated environment.
With Matt being an adept in the world of clinical trials, his story draws an overarching picture of this industry’s evolution, with special attention to healthcare data security and the data validation process. As Matt navigates us through the beginnings of drug development by highlighting some dramatic examples of the pharma history – think of the Thalidomide or the Theralizumab story –, we learn that everything happens in favor of the patients’ health.
Matt points out the tension between scientific discovery and the strong pressure to bring new medicines to the market. On the other hand, the noble goal to improve the patients’ quality of life can turn into the opposite if the series of mandatory steps isn’t followed. As Matt explains: “The regulation exists to make sure that the balance between those two imperatives is reached and make sure that the ultimate subjects are protected from any potential harm or abuse.”
New treatments and medicines must usually pass four phases, from initially testing the intervention on a small group of people to gradually widening the research to a mass of participants. It is easy to see that during these controlled phases, a vast amount of data will be generated. This forms the foundation for the evaluation and the approval by regulatory agencies.
Adamas plays an essential role in helping clients and sponsor companies to find their way through these healthcare data security challenges and regulatory requirements. They make sure that data involved in the research and captured by computer systems is reliable and compliant. All in all, this will decide on the successful launch of a highly desired new treatment.
As we move on to the topic of technology disruption in the pharma sector, the sunny and shady sides of digital transformation become obvious. As data collection and data sharing happen on a larger scale in the digital space, there is a constant data flow spanning the globe from doctor’s offices to clinics and development sites. This sensitive health data running from point to point in a complex network of systems calls for special protection. Not just its transmission route must be safeguarded, and patient data security maintained, but with it being part of a research evidence base, its entire lifecycle is subject to regulatory requirements. To ensure that clinical trials are reconstructible, data - alongside with the audit trail - must be retained and kept safe for 25 years.
When it comes to the new remote era forced by COVID-19, Matt reports about multiple challenges. Even though they have a remote-friendly infrastructure, their on-site audits have been hindered greatly due to lockdown and travel restrictions. Fortunately, with the use of innovative cloud solutions, they are now able to perform audits and risk assessments remotely.
Regarding COVID as a catalyst for innovation, Matt predicts a continued strong momentum for tech evolution in the pharma industry. Just like we started our discussion with a patient-centric view as the key motivator for this sector, Matt closes with another positive example: The pandemic has elicited unprecedented collaboration among research groups globally, which means the future of clinical research is going in the right direction.
Paul: Hi everyone! Welcome to the ninth episode of "under CTRL". My name is Paul Bartlett, and on today's show is Matt Barthel, who is the CTO and Data Protection Officer of Adamas Consulting Group. We will discuss how drug researchers and pharma companies are facing new challenges due to COVID-19 and how can remote auditing work with ultra sensitive data? Hi Matt! Welcome to "under CTRL". How are you doing there today?
Matt: Hi Paul! Yeah, I'm doing very well, thank you.
Paul: Good. So Matt's from Adamas Consulting, based out of the UK, working in the pharmaceutical and biotech industries. You have a small consultancy firm there. And I’d like to find out- I'll let you take the mic. But I'd like to find out a little bit about yourself, as a background. You know, you've got the title of the Chief Technology Officer and the DPO.
Paul: And also- also, you know, where did you come from? So I think I just hand it over to you, I could give you some time to talk about yourself. And about Adamas.
Matt: Yeah. Okay. Perfect. Thanks, Paul! And thanks also for the opportunity to contribute to the podcast. I'm looking forward to it.
Paul: You're welcome.
Matt: Yeah, so. My name is Matt Barthel. I’m the Chief Technology Officer for Adamas Consulting Group. We are headquartered in the UK, and we provide independent quality assurance services and consultancy to the pharma industry, as you just said. We are one of the largest and longest established organizations of this kind. We were- we're still privately owned. We were founded in 1998, so we’ve just celebrated our 22-year anniversary. And with the company...
Matt: Thank you very much! Yeah, the company focuses on supporting pharmaceutical companies, in the industry they're known as sponsors, particularly when it comes to clinical research, they're known as sponsors. So I might refer to the "sponsor" in this conversation, and that just means the people who are developing the new product. So these organizations – it's the likes of, you know, GSK, Pfizer, people like that. Big global organizations that are developing new drugs, vaccines and medical devices. So we support them. We have offices in the UK, the US and India, because now drug development is a global undertaking, you know. We need to have people globally. We’ve got about 50-60 full-time employees spread across the globe, so we can reach the- you know, the right places geographically, where we need to do the work. So I joined Adamas about four years ago. I've worked actually though in regulated clinical trials for most of my career. I started in the UK National Health Service, and I got the- more years ago than I care to remember. And I got my first taste of regulated clinical trials working in a clinical pharmacological research unit. This is a place that does the very early stages of testing on health- healthy subjects. This is before a drug has gone anywhere near a patient, who may be, you know, having issues with a disease. This was a long time ago, back- I started back in 1991. I may be showing my age: we didn’t have- we didn't even have email in those days! So...
Paul: Yeah, I think I was just finishing school then, so that's...
Matt: Oh, stop it! Okay. Yeah, so I've worked in quality assurance, in some capacity, ever since then. I've worked for usually large organizations, like the contract organizations that undertake research on behalf of sponsors, or the sponsor organizations themselves. So I've worked for GSK, and I've worked for AstraZeneca. And my specialty is in regulated computer system validation and computer systems compliance. When a sponsor develops a new drug, nowadays much of this involves technology or computer systems. Those computer systems come under regulations, which I'll go on to talk about in a little bit. And there are some requirements to make sure that all the computer systems that are working in that regulated environment are actually fit for purpose, that, you know, they're reliable. And the results that we're getting can be relied upon, effectively.
Matt: Okay. So my role as the CTO of Adamas is really to help the business grow through the use of technology. I’m responsible for creating and implementing our IT strategy, so, you know, what are we- how are we going to do that in the short, medium and long term? I am also, you know, kind of responsible on the practical level for IT service delivery. And I'm also Adamas' Data Protection Officer, which means that I'm also responsible for the company's data privacy compliance as well.
Paul: Yeah. Yeah. That's the one that interests me, is the Data Protection Officer. So that's a new role that's come along because of GDPR. So yeah, keen to know a little bit more about what that means for you.
Matt: Yeah, it's interesting, because if you look purely in terms of GDPR, we are arguably not obliged to have a DPO under the strictest interpretation of the regulations. But actually, it's our customers’ expectations that we do have a DPO, or at least somebody who is, you know, very firmly responsible for, you know, data privacy matters. So I think, you know, we decided to go the whole hog and appoint a DPO.
Matt: What that looks like in, you know, kind of day-to-day terms is, first of all: reviewing agreements and data processing agreements with our customers to make sure that when we're working with them, we are complying in the right way with data privacy requirements. And also that they're- you know, if we're talking about transferring data, we also need to make sure that they're going to, you know, deal with data responsibly. It also means looking at our data privacy standard operating procedures and policies, being responsible for, in many cases, the creation and implementation of those things, and also for monitoring compliance to a certain extent. And then it's also- I guess I see this also as partly an advocacy role as well. I'm the person that people come to in our organization if they've got a question or concern about how their data is being dealt with. And, of course, I'm open to approaches from data subjects outside. So if they want to exercise- if any of our data subjects want to exercise their rights under GDPR – so right to be forgotten, or, you know, they want to look at the data that we have for them – then that falls to me as well.
Paul: Right, I see. You got your hands pretty full then over there.
Matt: It's a varied role.
Matt: I really enjoy it, you know. And I think it really... it really is actually quite an honor to be able to say that, you know, along with my colleagues, we're involved or we contribute to the development of, you know, some important new medicines that really impact on patients’ quality of life. And that's- it's easy to lose sight of that fact perhaps, when, you know, we're talking about, you know, what some people may see as fairly dry subjects – data privacy and IT and, you know, regulated computer systems. But at the end of all of that is a patient we're there... we're there to serve. And that's, you know, something that we try to keep an awareness of all the time.
Paul: Yeah, yeah. Well, that's good, Matt, because I think that's also the same for us here, in the industry working of technologies that- it can be pretty vague and... you think that- what's the end result of impacting any change at all? But for us as well, I mean, we work with some NGOs that are collecting huge amounts of data and that data is paramount, potentially, to changing somebody’s life, or changing something.
Matt: Yeah, absolutely.
Paul: And I think it's easy to get stuck into the mundane task, but if you keep that in mind, what about- what you're doing about... everyday showing up and thinking that you're actually making a difference. And recently we've- yeah, recently we've taken on some pretty big NGOs that are doing some pretty impressive things. And to be part of that is slightly overwhelming, so... Yeah, when you go a little bit deeper beyond that, it's a little bit more than technology, it's more about the humans.
Matt: Yeah, absolutely.
Paul: So coming into the point about what you do, is... the pharma is a big- like, it is vast, right? It's- there's biotech, there's... everyone seems to sometimes put it under the same umbrella. Is it under the same umbrella? Is biotech separate from pharma? Or do we just... give us some insight into- into that field, into that industry.
Matt: Yeah, it's a good question! I think, if you like, biotech is a subset of the pharma industry, it comes under the umbrella of, you know, pharmaceutical development. And it's focused on smaller, innovative companies, who are perhaps using different or new approaches to reach effectively the same goal, you know. The objective here is to develop a new treatment, which will contribute to, you know, a patient’s quality of life. And it's- really, we're just talking about how you go about it: there's, you know, the traditional medicinal products route, there's the- you know, the biotech route. Vaccines, of course, very relevant at the moment. And that's a different, you know, route of development, if you like. It's still under the same umbrella. And also nowadays, we're seeing, you know, medical devices. So there's a, you know, kind of a technology aspect to, you know, maybe a new way of delivering a medicine rather than a medicine itself. And, of course, that is also subject to, you know, regulation as well. So yeah, the pharma industry is- you know, in general, is very broad, and there are kind of specialties or different development routes within it. There are also different phases of development, which I'll talk about later on as well.
Paul: Okay, so- are you- you're pretty spread right across the field of pharma. So you can potentially be working with all of these different subsets of companies or biotech or whatever that means?
Matt: Yes. Yeah, yes. Yeah, yeah. That's exactly right. So I mean- yeah, I'm sure listeners will be aware that all of those development routes, the development of new products, pharmaceutical new products, is very tightly regulated, you know. And rightly so. It has been for many years. There are government agencies who are responsible for oversight of the development process. So in the States, it's the FDA, the Food and Drug Administration. In Europe, it's the EMA, the European Medicines Agency. And in the UK, it's the MHRA, Medicines and Healthcare Products Regulatory Agency. So we deal with any activities, any development activities which fall under the auspices of those regulatory authorities. They- the broad umbrella is good clinical practice, which covers clinical trials, good laboratory practice, which covers the preclinical activities, and good manufacturing practice, which is focused on the actual physical production of the tablet or the vaccine or whatever it should be.
Paul: And... let’s just take a look at the industry then, from what it was to where it's coming now. So obviously every industry goes through a lot of challenges, and particularly in clinical research, I mean... it's more visible today than probably it ever has been to the general public.
Matt: Yeah, yeah, absolutely.
Paul: Because of the situation, because of the climate that we're in. So... but going back, I mean, where- you've seen it evolve and you've seen things change. So what's been the highlights on your journey, or on the Adamas journey about bringing in new technology or whether it's regulation? Maybe you can give some background about, you know, the clinical research area itself and how it's evolved?
Matt: Yeah, absolutely. Yeah. And I was just slightly chuckling there, because it's a really good point. That actually, regulation of drug development has been going on for years, but it has been, you know, behind the scenes. And I think there isn't necessarily a great awareness of everything that goes into it. So absolutely, this is- you know, you're right. This is now becoming much more in- you know, front and center in terms of the public consciousness, as we're talking about COVID vaccines and getting those to market as quickly as possible. So... you know, good thing in terms of raising awareness. But in- you know, in terms of background: Obviously, it's crucial to individual and public health that new medicines are safe and effective and, you know, the regulations exist to make sure that subjects have been- that medicines , sorry, have been subject to the rigorous testing that's necessary, before they're made available to the public. Obviously the consequences of releasing a drug, you know, to millions of people, if it’s not safe and efficacious, could be pretty serious. So there's a series of mandatory development steps that you have to take, from the preclinical steps, before they even get anywhere near a human being, through to much lengthier clinical development phases, from very small studies in healthy volunteers – maybe only 4 or 6 or 8 healthy volunteers – receive a very small amount of the test drug in the first instance. Right through to what we call "phase III clinical trials", which are involving thousands and sometimes tens of thousands of subjects or patients to ensure that when this new treatment does come to market, then it is safe and it works. I think it's easy to see that there's a tension between the need for scientific discovery and the need to bring new medicines to market, and commercial pressures. I mean, we've seen this with COVID, haven't we? There is a strong desire, understandably, to get that vaccine to market as soon as possible. But also, we need to make sure that when we do that, it's actually safe and it is going to protect people, you know, as anticipated. So the regulations really exist to make sure that the balance is reached between those two imperatives, you know, the discovery and commercial sides of the argument. And to make sure that ultimately subjects are protected, you know, from any potential harm or abuses that may come about if the- if one or the other, you know, begins to take precedence. So I guess many listeners will no doubt remember the Thalidomide scandal from the 50s and 60s, when women were given Thalidomide to treat nausea during pregnancy, and that resulted in severe birth defects. It's very easy, from a dramatic example like that, to see, you know, why drug development has to be, you know, very stringently regulated. More recently, in 2006, we had an issue in an early phase clinical trial in the UK, at Northwick Park Hospital. There was a study of a drug produced by TeGenero called TGN 1412 that had some very dramatic and unanticipated side-effects. And, you know, this "only", in inverted commas, affected 6 or 7 individuals, but still the effects on them was, you know, quite significant – they were hospitalized or in intensive care, and potentially, you know, suffering longer term... you know, issues. So, you know, drug development is not without risk, it's not without commercial pressures. And, you know, we need to be careful that, you know, the rights of the subjects who are participating in that process, are protected. But actually, regulation of drug development goes back even way further than the 50s and 60s. Actually to the aftermath of the Second World War. The Nuremberg Trials – you know, many people will be familiar, heard, you know, harrowing details of unregulated human medical experiments that could never be allowed to happen again. And actually it was that that really sparked the beginnings of the regulatory framework for clinical trials, which is still in place to this day. So issues and regulations in response to those issues have been around for- you know, for quite some time. Our role, Adamas' role, is to visit the sites doing this regulated research today, and to evaluate the quality and regulatory compliance of the data, you know, that’s being generated through those research activities. The consequences of poor quality or non-compliance with regulations can be significant. You know, those regulatory authorities that I mentioned earlier, FDA and EMA, evaluate applications from marketing approval of new drugs based on that data. And they also perform on-site inspections to determine how the data supporting those applications was obtained. And if the sponsors are not doing it right – if there's poor data quality, poor compliance – that can lead to enforcement action, which could delay the approval of a new treatment, or result actually in the application's rejection completely. So, you know, not only does that have financial implications for the pharma company, it means that a potentially desperately needed new treatment that could improve the quality of life of patients is delayed, which is obviously, you know, very undesirable.
Paul: Matt... okay, Matt. Yeah, I've just- I'm just curious to go back and let's just think about the journey around clinical trials of data. So you mentioned, of course, going back after the Second World War, probably everything was done with pen and paper.
Paul: And it was put in a filing cabinet.
Paul: And stored away.
Matt: If you were lucky, yeah.
Paul: Yeah. But so- what is it- how has it evolved now, the journey of data, from collecting it initially from those volunteers, when they go into a clinical trial? How is it kept safe? What does Adamas do, consulting-wise, as you mentioned, as a DPO, around that journey of data? And what's the obligations on every party to ensure that data is kept confidential?
Matt: Yeah, yeah. Absolutely. I mean, it's a great point. And, you know, the biggest difference between then and now is complexity and technology. So and yeah, the two things kind of go hand in hand. As the technology develops, you can do more things with that technology, you can elicit more data, you can find out more things, and you can use that data to support the safety and efficacy claims of a new product. But, of course, in order to do that, the whole... the journey of the data, as you call it, becomes more complex. New technology is kind of disrupting almost every aspect of life, and drug development is no exception. Data compliance with data privacy legislation is also a very hot topic. You know, modern clinical trials involve the collection of a huge amount of data – this is kind of going on around the clock globally in doctors’ offices, clinics, and hospitals. There is, you know, nowadays, an exchange of data between investigative sites and third-party trial management organizations, maybe data management specialists, statisticians and statistical analysis groups and so on. So there is a- you know, a vast flow of data around the globe almost 24 hours a day. You know, Adamas’ concern is all about helping our clients ensure that that data flow, necessary though it is, is- remains compliant. So... how do we do that? We evaluate processes and the actual data that are being followed and data that's being produced, you know. Clinical trial subjects have consented to their data to, you know, being used in this manner, so that's not an issue. But it is still incumbent on all the parties that touch that data to act responsibly with the data and in compliance with the regulations. As I mentioned, the data trail is complex. So we help clients first of all understand the data trail, because that can be challenge in it- in itself. You know, the data might start off in a doctor’s office, but then be entered into a system which then communicates with another system, which then sends data to a laboratory, which then communicates with a safety database, in case there are, you know, unwanted effects of the drug and so on. So we- first of all, I think, you know, it's key to understanding what that data flow actually looks like and then it's about, you know, teasing out the actual process steps and what controls are in place to promote quality and compliance. I think the- I guess the key thing is, is that some of this data, although it's pseudonymized, is sensitive or special-category data that relates to health. So there's, you know, rightly a heightened sensitivity about how that data is handled. So much of our attention is focused on exactly that, you know. How is that data managed? And is it robust? And, you know... and I think the other really important aspect of clinical trials is that they can be reconstructed. Sometimes we might be called upon to reconstruct a trial decades after it’s finished. So the data must still be available, everything must have what they call an audit trail, which means that you can identify where it came from, who recorded it, when and also that any subsequent changes to that data are retained. And that kind of audit trail or metadata has to be retained alongside the original data as well, sometimes for, you know, it could be 25 years. So quite a lot of our efforts are focused on making sure that, you know, the relevant individuals have access to- well not- access is the wrong word. But the ability to retain that data, yeah. That they can access the data when they need to, but that the data will not be accidentally deleted or, you know, somehow rendered inaccessible in the future.
Paul: Yeah. And I think, to the point, I wanted to jump in here and say, we just saw something the other day, is that: We had some clinical trials, of course, with the COVID situation and then one person became- or they had some side effects, they were hospitalized, or they assumed that. And there's such a magnifying glass or spotlight on that situation, and who that person is, and what went wrong. It's like the vultures want to know all the details that they can expose, not necessarily the individual, but, you know, the company it was related to. And making sure that that data is kept secure, I mean, that's absolutely paramount. And obviously, at the same time, keeping the privacy of the patient is really important as well, right?
Matt: Yeah, absolutely. And I think, you know, many organizations have been challenged by COVID, because there's is a public health element to this. And, you know, I guess people, you know, rightly or wrongly, feel that there is a kind of right to know. You know, I forget who it was, but somebody said famously a long time ago that what’s in the public interest is not necessarily what interests the public. So there is a- you're right, a right to- you know, a right to confidentiality, and this is true for any clinical trials, in fact, not just COVID. But yeah, we- the industry works very hard to make sure that that’s the case. All the data is pseudonymized, so it should never be possible outside of the investigational site to identify even who has participated in a clinical trial, you know, never mind what the outcomes are. But yeah, you're right. Because of the complexity of the data trail, there are multiple opportunities for that IT security and privacy measures to fail. So, you know, I think this comes back to what we were saying about understanding the data trail in the first place. You need to know that in order to be able to anticipate where the risks to the data, yeah, might be. And that's an important aspect of our work as well. It's not just about, "Oh, you know, here's a regulation, and you've failed to comply with the regulations. So, you know, that's an issue that you need to address." We do do that, of course. But also, it's about looking at quality in a broader sense, and trying to identify where there may be risks to data that haven’t happened yet, and then you put mitigation in place to prevent the issue from occurring. And that, for me as a quality professional is the Holy Grail, you know. It's of limited value to come in and point out things that have already happened. What is more valuable is to take that proactive approach and say, you know, "If you do x, y and z, then you’ll prevent a data breach, or you'll prevent a- you know, an underlying issue or something of that nature."
Paul: And, you know, when we look at the current climate as well, there are malicious actors as well, and some would say state actors that are looking to take on business secrets or disrupt or feed fake news into the system. Because this is the- this is very much in the spotlight. I mean, from my perspective, all of those have gone a little bit off-track at the moment. And it- somebody- you know, for a lot of people, maybe the listeners as well, it can be a little bit scary about what’s going on out there, you know, when we hear all of these things in the news that foreign actors are trying to get hold of clinical data, or trying to get hold of trial data. So do you see a huge challenge at this moment in time with the...?
Matt: Absolutely. Yeah. I mean, I think IT or cybersecurity is just... it's the issue du jour, you know, generally anyway. And I think, you know, that's, you know... a lot of motivation behind modern data privacy legislation is to make sure that yes, there are, you know, important principles to be adhered to, I think, when it comes to collecting data. But it doesn’t just stop there. There's storage and there's security of that data, and the use of that data is equally important. So it's something that I think about a lot in my role as CTO. Interesting that, you know, if you cast your mind back, 10, 15 years, I guess, IT security measures were not as common as they are today. And nowadays organizations like both of ours, I imagine, certainly for Adamas, has extensive, you know, intrusion alerts, firewalls, obviously anti- you know, the basics anti-virus, anti-malware, anti-ransomware... But we run, you know, sophisticated simulations now. We have surprise training for our people that presents a potential security breach to them and they have to navigate their way through that. And there's all kinds of, you know, new methods for trying to combat those malicious actors. And yeah, it's absolutely essential to any, you know, sophisticated IT security setup. Absolutely. I don't think these challenges are not- they're not just the pharmaceutical industry, you know. It's everybody that's facing these.... facing these threats. But I think the intellectual- the value of the intellectual property that is associated with pharmaceutical products is- makes it an attractive target. And I think we have to be, you know, very careful in terms of keeping our disaster recovery environments up-to-date and accessible, so we can combat those without a significant interruption to our business.
Paul: And as COVID-19 is the topic of the moment, very much so, and it's disrupted so many industries, how is it disrupting your- the pharmaceutical industry? Because apart from the people coming in and- going into Cambridge, coming into the clinics or whatever that may be, there are a number of supporting staff that potentially are working remotely as well. And is that something that's a challenge for these companies?
Matt: Yeah, yeah. I think working remotely for us has not been that much of a challenge, because we are a distributed workforce anyway. I would say 80% of us work from home, and have always worked from home. So we are well set up with the systems and the procedures and the equipment that we need, you know, to do that in a fairly seamless manner. Where COVID has provided us with a big challenge is actually in the conduct of our work. So, you know, it's not an easy undertaking at the best of times to ensure that, you know, sometimes these very complex clinical trials comply with the quality and, you know, regulatory requirements. And, you know, we, the industry employs significant resource to do that. Until recently, many of those measures relied upon visits to research sites, so the place where the research is actually being done, in order to monitor the trial conduct and, in our case, to evaluate the quality and compliance, as we've been doing at Adamas for a number of years. The ability to visit trial sites now has obviously been severely impacted since March, with lockdowns and travel restrictions. And also, you know, a significant factor is that the institutions who are doing the research are also part of the local health service infrastructure. So they're overwhelmed with other problems, you know. So clinical research might not be the top of their priority list, when you’ve got a bunch of COVID-patients to try to care for. The challenge, the difficulty is that for clinical trials though, you can’t just stop them, you know, because there are ill people in these trials, they may be relying upon the care and the medication that they're getting through the clinical trial. You just can’t pull the rug out from under them. So to a certain extent for clinical trials, it's business as usual, including, of course, new clinical trials that are specifically focused on, you know, a COVID-19 vaccine. So these trials are still ongoing, there's still a need for- and the sponsor companies have a responsibility to continue to ensure the safety of the people in those trials, even in the middle of a pandemic. The regulatory inspections that we mentioned earlier are still ongoing. And, you know, perhaps there's even an added layer, which is that the impact of COVID-19 on those data collection processes and the trials themselves also needs to be evaluated and taken account of. So the duality of the challenge there is that the audits that Adamas do are needed more than ever. But in contrast, they're actually more difficult than ever to conduct, because we can't travel to the sites. But as I think we're probably going on to talk about, we have developed some solutions to that.
Paul: Yeah. Yeah, because that's what I wanted to get to, is that, I mean... a lot of the staff that are supporting staff around the auditing and that, are basically office-based. Potentially, they're not in the office any longer, they are working remotely. That’s a headache for the pharmaceutical IT managers, that they've got to start thinking about other security and helping those people being able to conduct their job every day. And you're not able to face the auditors, and yet that data somehow has got to be exchanged, right? So, like you say, the clinical trial doesn't stop.
Matt: Yes, exactly. Yeah.
Paul: But you're not there on-site anymore. Your office is based in, you know, the comfort of your home, and also the auditors are based in the comfort of their home.
Paul: And you need to do that. So how is that challenge being overcome for you guys now?
Matt: Well, it's a good question, because this has really been the focus of my entire working life for probably about the past year. It's how we manage those challenges. I mean, I think... and, you know, as I said previously, we're pretty much covered in terms of working from home. We have all the IT security practices and processes and systems and monitoring and all of the stuff that you would expect in place already. And it’s been like that for, you know, for quite some time. We are- because we work in a regulated environment, we're fairly stringent in terms of the control that we exert over things like work stations and the freedom that people have to you know, to manage their own IT issues, which is frankly not very much. Because we need to make sure that, you know, we are obliged to maintain mobile device management, we're obliged to maintain, you know, proper security regime, we're obliged to maintain a disaster recovery environment, so we can switch over, you know, if we need to, very quickly. And so I think all of those things are in place. You know, we’ve got reasonably good training and frequent and ongoing training as well, to make sure that people are aware of, you know, their IT security responsibilities. The impacts on actually the ability of those individuals to do their work is probably where the bigger challenge is. So we have really had to change... a great deal of how we work. So, for example, we've implemented a process whereby we can do audits remotely. We have a- we've developed a set of new, innovative tools to allow quality indicators to be evaluated quickly and in a targeted manner, using a modular quality assessment approach. We have a cloud-based platform for risk-based quality management, which allows sponsors to identify real and emerging risks to data and compliance. So we are accessing the data remotely, so we're not travelling, but we're still getting good quality and timely data that allows our clients to make decisions. And one of the big decisions is, you know, they have the same restrictions, of course, in terms of travel, so they have a limited ability, if there is an issue, they have a limited ability to fix that. So they need to know where to focus their resources. And that’s where we help with the risk-based quality management platform. It tells them immediately, "You got a problem here." Or, "You've got an emerging problem over there that you might need to think in a couple of weeks, or you might need to start mitigating." How we've done that... sorry. Go ahead, Paul.
Paul: Yeah, just wanted... sorry! Just- yeah, go ahead, Matt. I just want to jump in there, because one of the things that we're seeing at the moment is: there is a lot of companies coming to us, large companies, saying, "This is something new for us. We’ve got our workforce working remotely, we’ve got sensitive data that we need to exchange. Typically everything would have been on-premise. Anything that needs to be audited, we would come onto the premise and we would access it from those systems. Now the headache is, it's like: okay, so how are we going to get it out of the system, how are we going to allow our auditor, who's sitting at home in Oxford or whatever, get that over to somebody down in the southwest, who needs to audit that, those documents and that information?"
Paul: And this is what we're seeing time and time again, now it's coming up, is that, "We've got existing tools, but are those existing tools efficient enough from an audit perspective, from a security perspective, to get that job done and fulfill the legal requirements from the regulator?"
Matt: Yeah. No, it's a good- it's a great point. And I think it's a work in progress. I mean, I think Adamas has risen to the challenge, you know, quite effectively. The foundation for the initiatives that I just mentioned is really a comprehensive and preexisting quality management system that incorporates strong data protection principles, and implementing mechanisms such as secure document storage- sharing, rather, with investigative sites and auditees and sponsors. So that, you know, I mentioned the heightened sensitivity about sharing data. If you've got a good GDPR-compliant platform, then, you know, that- many aspects of that sensitivity is addressed. You know, I think we’ve made a significant investment in compliance ourselves. So there is a level of comfort amongst our clients that, if they are sharing data or we are custodians of data on their behalf, that it is secure, that it is protective- protected. You know, we have the technical and organizational measures required by GDPR, to, you know, meet the requirements and expectations. But also at the same time, being able to help our clients to meet their obligations, you know. We're- I think we see ourselves truly as partners with them. We are an extension of their good practices and their good processes. And it is important to us that we remain that kind of trusted pair of hands, when there is such a focus on data and security.
Paul: I mean, that's really the key here, Matt. It is about the trust, because, you know, these companies particularly are very much in silos, you know, they work on-premise. There's not a lot of cases where they've gone out to the cloud with such sensitive data.
Paul: So I just wanted to sort of see where that’s happened, because COVID has brought that situation to us now. And that's why we obviously get a lot of interest in what we do, is to help those companies with the end-to-end encryption, but mostly also about the audit trail capabilities that need to be presented as well. So I just wanted to touch on- because we're staring to get- the clock's running down, as I can see. But I just wanted to move towards to the future, you know. Do you think the solutions will remain in place, the way that we're working now? Or is it likely going to be back- that you're going to go back on-site? Or do you think there's going to be a mix of both? You know, you're going to be partially on-site, more remotely. Is- in fact, is your customers going to be work more remotely in the future as well? Of course, this is all unknown. But what does the future for clinical trials and research or your particular industry look like?
Matt: It's really interesting. I mean, the future of clinical trials is a really interesting question right now. I think, you know, because of the regulatory requirements that apply to the drug development process, I think, yeah, it's to fair to say that the industry has been relatively slow to adopt new technology and methodology, like remote monitoring and auditing. You know, we’ve been discussing these kinds of initiatives for a long time as an industry, but we've held back from implementing them. Perhaps that's out of fear of criticism from regulatory agencies, or perhaps it's internal bureaucracy. I think, you know, COVID has changed all of that, and really forced our hand to a certain extent. Now we're going to have to implement these new technologies and techniques to ensure that we can bring the next generation of new medicines to market. And it's- frankly, it's too important not to do that. It's essential that we do. You know, the good news is that regulatory agencies are now becoming more open to this. And some of them have actually already come out and said, you know, "Look, it's okay to use remote or technology-driven solutions in certain circumstances." You know, and some have even actually issued guidance on what- their expectations are around this. If you choose to go down that route, which is great, you know. So I think we will see more uptake of new methodology and new solutions. I think the longer that clinical trials are affected by COVID, the more distributed they'll become, so they'll be less site-centric. So we're going to see more- or we're- actually, we're already seeing more activities taking place in other locations than the traditional hospitals and clinics. You know, even in the homes of the subjects themselves. And, you know, it's going to be a challenge to get to grips with that and, you know, what the implications are on quality and compliance. But, you know, I see the industry is moving in that direction. I think at the beginning of COVID, I think it was a “wait and see” approach. And it was, "Oh, you know, we think this might last a couple of weeks or a couple of months." Now that we're talking about a second wave, you know, and we're seeing cases rise in France, Spain, the UK, you know, still significant numbers in the US and India – it's becoming apparent that that, you know, return to normal is some distance, some time away, you know. If in fact it's ever going to come. So the future, I think, is definitely going to be technology-driven, it's going to be less site-centric. And I see industry and the regulators working together, more closely, to determine what is and is not acceptable, you know, in terms of data privacy, sharing of data and access to sensitive health data, which is the- you know, the foundation of most clinical trials.
Paul: Yeah. And I think the last point I wanted to finish on before we wrap this up is: what we're seeing as well now, is there's an opportunity for some of the smaller companies, smaller- there's some on the biotech side, to jump onboard, because there's cloud adoption there. It's starting to become more popular. And because of the COVID situation, there is more collaboration happening now. Probably more than ever before, which is a fantastic thing for that particular industry, and probably society as a whole. That people are now able to share, or companies are now able to share that information with each other. They're able to see and move forward a lot quicker than maybe previously in the past. Because, as you mentioned, you've got offices established everywhere, but so- we've got customers that are doing clinical trials in different countries, and they're able to compare that information through cloud adoption technologies. Obviously prevailing that security is paramount as well. So yeah, is that something that you're also witnessing as well?
Matt: It is, yeah! It's interesting, isn't it? That we started off with a discussion about, "Oh yeah, where is Adamas based geographically?" And actually, you know, on reflection, geographic location is actually becoming less and less significant. It's great that we have- we do have that global reach, but as we develop these technological solutions, actually, where that solution geographically is coming from is not so relevant. I think also the point about these things is that these service offerings or, you know, innovations in terms of, you know, data sharing and data security are much more easily scalable than they ever used to be. And that was the problem, in our- well, one of the challenges in the Q©A industry was that, you know, if you needed to do more audits, you needed more people. You needed more travel, it was more expensive, you know, and the costs and the resources went up exponentially. Nowadays, that's not the case. And we can have a much more, you know, agile response. We can get quality data much more easily and much more quickly, and yeah, that is going to increase access, which can only be a good thing.
Paul: Great. Matt, it's been absolutely fascinating talking to you today about this industry, and about what Adamas is doing. I hope that, you know, you'll gain from these difficult times and you'll overcome them. But it's been a pleasure having you on the show today.
Matt: Fantastic. Thank you very much, Paul. It's been absolutely my pleasure.
Paul: Take care now!
Matt: Thanks a lot! You, too.
Paul: Talk to you again. Bye, bye!
Matt: Cheers! Bye!
Paul: And that is all for today's episode of "under CTRL". You can find links to all our social platforms and to our guests in the episode description. If you like the show, make sure you subscribe and leave a review. Join me again in two weeks' time for the next episode.