FirstDoc & D2 – getting funky together

In an earlier post I discussed how EMC’s are now licencing D2 technology from C6, and that this meant that CSC are having to change their user interface strategy.

Well…on Tuesday, 6th of March, there is a webinar that will reveal what has been going on “behind the scenes”.

Some of my favourite CSC people will be discussing CSC’s “new, improved” customer interface strategy as “FirstDoc embraces D2″ (their words, not mine).

I’ve been following this with interest for awhile, and I’ve registered for the webinar.

I’ll let you know all about it after the 6th.

Related articles

CSC has had to change their plans…

In my earlier post about the FirstDoc User Group conference that was held in Vienna earlier this year, I wrote about CSC’s User Interface strategy.

To recap – CSC produce technology that provides a compliance layer for content management systems. Although available for SharePoint systems (under the name “FirstPoint), the predominant application is “FirstDoc” which is built to work with, and integrate into, EMC’s Documentum.

The native FirstDoc client application is interwoven into Documentum’s client application and, as a result, CSC need to ensure that they shadow any architecture decisions EMC makes.

Over the last few years EMC have been making it clear that their way forward (with regards to their client applications) was to be with a technology called xCP. This would allow developers to create applications through configuring and then assembling components. The core idea is that “complex solutions are composed from interaction of Documentum objects with business processes”. Initially it was made clear that this technology was for case-based applications, but, the later versions were being promoted as the “interface solution”. (You can download EMC’s whitepaper on xCP here).

At the same time, EMC have announced that they had made plans to retire their current client application “WebTop”, and the idea was to replace it with xCP technology. CSC had been invited to be involved with version 2.1 of xCP to ensure that FirstDoc functionality could be tightly integrated with it.

At this year’s Momentum, however, EMC announced that they had licenced D2 technology from a French company called C6. (You can read the announcement here.) C6 have been EMC partners for a long time, and I recall seeing them at many previous Momentum conferences, where they have certainly caught people’s attention.

C6′s products work on the basis of “configuration“, and will be technology for “content-centric” applications.

C6 have also released x3, which is a “widget-based, agnostic browser, client interface that enables to extend the use of D2 Client to various browsers such as: Firefox, Safari, Chrome, Opera.”.

 Obviously this will offer incredible advantages. Especially in this mobile-age, and especially for industries (such as Pharma), that, because of strict compliance requirements (and the overarching mindset that that brings with it), have not been as “agile” as they could.

CSC have announced that they are working together with EMC to ensure that the tight integration between CSC’s FirstDoc client interface, and D2, will be maintained.

I am watching this space with interest…

Total Regulatory Solution – a “complete” offering from CSC – Webinar 1

The other day I received an invitation from CSC to attend a series of three webinars on their “Total Regulatory Solution” offering.

The “Total Regulatory Solution” consists of three “components”:

  • Software
  • As a service offering
  • Business Process Outsourcing.

Having described CSC’s plans for this earlier (In Part 1, and Part 2 of the FirstDoc User Group posts), I was curious to see what CSC would cover.

Webinar 1

The first webinar was entitled “Flicking the Switch: Integration Drives Greater Regulatory Efficiency” and was presented by Jennifer Webstrom. 

Here are some key points from the webinar:

  • CSC’s was primarily driven by technology (that is – what is required to make sure that their products would run on the latest, and upcoming, technology platforms).
    Approximately 18 months ago they decided to change to focus more on how they can solve business problems that their customers were having.
  • They want to be the go-to company for regulatory submissions.
    Or, to quote their mission statement, they want to…

Provide end to end business solutions for processes involving the creation, review, approval, consumption & exchange of regulated and mission critical documents and content within a Life Sciences organization

  • With the recent acquisition of ISI, CSC offer tools that allow for end-to-end regulatory information management process. These include:
    • Tracker  
    • Assembly Planner
    • FirstDoc or FirstPoint
    • eCDTXPress
    • Publisher
    • Viewer
  • These applications are, currently, disparate applications, but CSC are working to integrate these tools so that they share a common data model, have the same interface, and (ultimately) will be “aware” of the other tools, in the sense that operations in one tool trigger certain “pre-emptive” actions in the other tools.
  • The integration roadmap includes the following:
    • ensure that Publisher, eCDTXpress, FirstDoc, and Viewer work together
    • release of Tracker – integrated with Viewer
    • release of Assembly Planner – integrated with Tracker

Strategy Analysis

This had to happen. Providing an application, or a collection applications, that allow users to perform specific tasks is one thing, but to have a truly integrated suite of tools that can work together, is another. Users do not want to have to “think” about what they are doing. They just want to be able to complete a task, in the most efficient way they can, without having to consider the different interfaces that they need to work with, or the different processes that they have to follow for each application they use.

By changing their focus from one of technology to one that is more on the business challenges that pharmaceuticals companies face, means that CSC can streamline the whole regulatory submission process so that there is as little “pain” as possible.

And, naturally, if they can achieve this, they do help to position themselves in the market as the “one-stop shop” that they want to be.

The other webinars

As mentioned above, there are three webinars in which CSC are describing their new “Total Regulatory Solution”. The other webinars are:

  • Data in the Sky: Finding Flexible Solutions in the Cloud
  • Clearing the Path to Innovation: Exploring Total Regulatory Outsourcing

I plan to write posts on these as well.

Reference sites

FirstDoc, FirstPoint, NextDocs – a “rough notes” comparison

21 CFR 11 Compliance evaluationA reader has recently asked if I had any information on the differences between FirstDoc, FirstPoint and NextDocs.

To do a full feature-for-feature comparison of all the solutions is not something that I can easily do.  However I have been able to get my hands on some great documentation, and can put together a “rough notes” comparison of the three solutions with regards to the core system, and how each solution complies with 21 CFR Part 11.

Note – this is version 2 of this post. After publishing the initial version, one of the vendors was able to provide me with a later version of their compliance statements. The table below has been updated as well as the Comparison PDF that can be downloaded. This is marked as Version 2. The link in the references still links back to the original compliance statement.

Important Note 1:

The FDA regulation, 21 CFR Part 11, is often update and modified. The documentation that I was able to find from CSC, and NextDocs appears to have been created at different times. As a result – I found some “discrepancies” between them. Sometimes the wording in the material I had, didn’t match the current version of the regulations. However, the “intent” is still the same.

Important Note 2:

I do not claim to be an expert in 21 CFR 11. Nor do I claim to be an expert in each of the different platforms/applications described in this post. I will list my references at the bottom this, but I make 2 recommendations:

  1. 21 CFR Part 11 can be interpreted in slightly different ways. Discuss with your internal QAV people what the expectations are.
  2. Make contact with the vendors in question to really determine whether their application fits your requirements.


21 CFR Part 11

To get read what is specifically contained in 21 CFR Part 11, click on this link. This will open the FDA’s “CFR – Code of Federal Regulations Title 21” site.

Product Comparison

Below I have listed each vendors response to each of the regulations outlined in 21 CFR 11.

This was compiled using information that can be found on the Internet. (I include reference links at the bottom of this post, as well as in the PDF.)

However, as mentioned – this is intended merely as a guideline. I encourage you to contact each of the vendors directly to get an updated statements of compliance, as well as information on server configuration/sizing & prerequisite software.

(Note to vendors – if you feel that there are errors, please let me know in the comments, and I will make the necessary corrections).

You can also click HERE to download a PDF version.

FirstDoc, SPX, FirstPoint & NextDocs

Subpart B – Electronic Records
§ 11.10 CONTROLS FOR CLOSED SYSTEMS

21 CRFR 11 Requirement FirstDoc FirstPoint NextDocs
(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. FirstDoc is developed in accordance with the CSC LS QMSadvantage™, an ISO 9001:2000 certified Quality Management System.QMSadvantage and FirstDoc have been audited by many pharmaceutical clients. As part of a formal vendor audit, CSC can provide evidence that FirstDoc is developed and tested in accordance with QMSadvantage.

FirstDoc has been validated by many clients. CSC offers a validation package (consisting of validation plan, traceability matrix, and IQ/OQ/PQ protocol templates and OQ protocols) with each release of the FDRD, FDQ&M, and FDTMF products.

FirstPoint is developed in accordance with the CSC LS QMSadvantage™, an ISO 9001:2000 certified Quality Management System. QMSadvantage™ has been audited by many pharmaceutical clients. As part of a formal vendor audit, CSC can provide evidence that FirstPoint is developed and tested in accordance with QMSadvantage™.FirstPoint is “validation ready” for its clients upon completion of installation and configuration. Full IQ, OQ validation scripts, a PQ template and supporting services available from CSC for interested clients. Validation is ultimately the responsibility of the client as validation can only be performed in the environment in which the software will be used, and against specifications defined by system users.NextDocs offers a validation toolkit to streamline the validation process.

The toolkit includes a sample validation master plan and traceability matrix, ready-to-run scripts for IQ and OQ, summary report templates, and sample PQ scripts.

NextDocs also has standard professional services packages that include assistance with validation planning, PQ script preparation, and managing PQ script execution and documentation activities.

(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. Documentum will satisfy this requirement in conjunction with a company’s records management policy. Features of Documentum that support generation of accurate and complete copies in human readable form include the generation of PDF renditions and the ability to view and print these renditions in accordance with a system’s defined security rules.Additional support for this requirement is provided by FirstDoc’s automatic PDF rendition generation feature. Each time the content of a document is modified and the modifications checked in, FirstDoc generates a PDF rendition from an approved rendition generation station if the format supports transformation to PDF. Automatic transformation to PDF ensures that all documents will be readable in the foreseeable future. FirstPoint satisfies this requirement by managing accurate and complete copies of files in human readable form with the tight integration with the Microsoft Office Suite of products and the generation of PDF renditions and the system generated and maintained metadata. The system also provides human readable audit trails and reports. The ability to view and print these files and associated metadata is managed in accordance with a system’s defined security rules.All relevant records are maintained in their native file format within a robust MS SQL database and MS SharePoint environment. FirstPoint generates a PDF rendition from an approved rendition generation station, if the format supports transformation to PDF. Automatic transformation to PDF ensures that all documents will be readable into the foreseeable future.

 

Actual generation of records is a client responsibility. NextDocs facilitates generating copies of records by:

  • Viewing records in native electronic format with any computer running one of several supported browsers.
  • Allowing records to be exported by dragging and dropping to any desired file system location
  • Providing sophisticated controlled, uncontrolled and clean copy printing capabilities

 

(c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.
  • Documents may be retained in the system throughout their retention period, or an archiving process developed to store them outside the system. Documentum’s built-in archiving capability can be used to migrate content offline while maintaining metadata in the docbase.
  • FirstDoc uses Documentum’s robust security, which limits the capability for modifying and deleting records to designated users. FirstDoc automatically applies security to Approved documents that prevents them from being deleted or modified.
  • The FirstDoc product also includes an optional Records Management module which implements retention policies and allows deletion of records which have reached the end of their retention periods in accordance with a standard process.
Documents may be retained in the system throughout their retention period through the use of a built-in lifecycle management system.FirstPoint applies robust security across the entire lifecycle, which prevents and limits approved or historical records from being deleted or modified except by specifically designated users. A document restore feature is available to the system administrator that allows for the retrieval of deleted records.

All FirstPoint content is retained for retrieval until some business rule criteria has been meet to trigger the destruction. Records retention fun includes the ability to purge specific cycles of minor or major versions at the Library Level and purge working comments and draft comments after a specified retention period.

 

NextDocs systems automatically “lock down” official versions of documents so that they cannot be deleted or modified without following system configurable change control procedures.
(d) Limiting system access to authorized individuals.
  • The underlying Documentum application implements a secure username and encrypted password (generally the network password) to limit access to authorized individuals.
  • FirstDoc augments Documentum security by providing automatic application of a client’s defined security scheme. Users cannot modify security outside of the rules defined by the client.
  • FirstPoint provides a secure username and encrypted password for all users in addition to the network access/password system.
  • FirstPoint augments the SharePoint basic Library level security by allowing permission sets to be applied based on any metadata in the system. This allows for content to have a more granular security model based on role, site, project, product etc, and allows for confidential documents to have a restricted access permission set.
  • FirstPoint also provides application level rights to system and business administration function such as setting up workflow and other business rules templates.
In general, an SOP is needed to define the roles and responsibilities for the administration and maintenance of the groups and users for the system and/or network permissions. Access to NextDocs can be controlled by configuration. Security can be configured to use Active Directory or Active Directory Lightweight Directory Services accounts or accounts created within SharePoint. Internal users with on-premises deployments can access NextDocs applications through single sign-on without requiring additional system login unless performing a signature related action in the system.Alternatively, if a client’s Part 11 interpretation requires explicit sign-on to access the system, single sign-on can be disabled. Internal users with hosted deployments access NextDocs applications by providing a user name and password.

External users access NextDocs applications by providing a user name and password. Depending on a client’s security set-up, Virtual Private Network (VPN) access may be required as well.

(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
  • FirstDoc uses the Documentum audit trail capability augmented by audit trail entries produced for custom FirstDoc events. Example events include checkin, save, destroy, status change and user acknowledgements, such as review and approval outcome — including electronic signature. Since the audit trail must be maintained for the life of the record, Documentum’s Purge Audit Trail capability should not be used unless the audit trail has been migrated offline as controlled by a client’s SOP. Note: This assumes that the approved record is the electronic record. Audit trail entries for draft, minor versions of records can be deleted using the FirstDoc purge minor version functionality if the clients’ policies dictate.
  • FirstDoc provides the capability for authorized users to change document metadata on approved records. In this case, an audit trail entry captures the previously recorded values so they are not obscured.
    • SharePoint records all events that occur on documents, the time and date of the and the username of individual (or system account) performing the action.
    • FirstPoint also provides a preconfigured, system generated audit trail report for each document that records the date/time of all critical events that occur during the entire of the document or record from creation, review and approval.
      The username of the individual (or system account) who invoked each action during the history of the document is also shown in the audit trail report.
      Information pertaining to previous document will continue to be displayed in the audit trail report, even as new versions of the document are created.
    • The audit trail report is presented as a single viewable and printable file.
    • The audit trail report is systematically generated, and cannot be overwritten or otherwise modified by any user.
NextDocs records:

  • Record modification events including check-in and check-out.
  • Move, copy, delete and undelete events.
  • Electronic/Digital Signature events.
  • Lifecycle promotions and demotions
  • Workflow events
  • Permission changes
  • Record viewing (configurable).

Audit trail entries include event, user name and server-based time/date stamp. Local time/date stamps can also be configured if desired.

Audit trail records are retained indefinitely unless manually purged from the system.

NextDocs also provides access to and copying of the audit trail. The audit trail can be saved to Excel with a single click for advanced sorting, filtering and analysis.

(f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate. These checks are implemented within a number of system functions. They include client-defined control over:

  1. Enforcing the use of approved templates only in creating documents
  2. Limiting property values to predefined dictionary lists wherever possible
  3. Requiring entry of mandatory attributes
  4. Enforcing storage in a pre-defined hierarchy (cabinet/folder structure)
  5. Enforcing a defined document lifecycle and approval process
  6. Ensuring that all required electronic signatures are obtained (if electronic signatures are used)
These checks are imple mented within a number of system functions. They include client control over:

  • The use of approved templates in creating documents/records.
  • Predefined metadata dictionary lists which structure dependent valid choices.
  • Enforcement of mandatory metadata fields where required.
  • Enforcing a defined document lifecycle requiring a specific, defined review and approval process via document workflow
  • Enforcing the review and approval of the PDF rendition of the document, since that is generally considered to be the approved electronic record
  • Ensuring that all required electronic signatures or electronic approvals are obtained using systematic participant selection and voting rules.

 

These checks are implemented in a number of areas. Some examples include:

  • Ensuring that documents follow a defined lifecycle
  • Ensuring that workflows are used when needed to move a document through its lifecycle
  • Ensuring that documents are properly set up to display digital signatures before they can be signed
  • Ensuring that all required signatures are collected before a document is approved
  • Ensuring that documents meet requirements such as having a valid PDF rendition before becoming approved or effective
  • Ensuring that all required metadata is entered for a document
  • Enforcing the use of approved templates for authoring
  • Limiting pick lists to appropriate values when creating or modifying document properties
(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand. These checks are implemented within a number of system functions. They include client-defined control over authorization for:

  • Document creation
  • Document access (delete, write, read, etc.) (via ACL security)
  • Changing status
  • Initiating and participating in the review and approval process
  • Signing documents (if electronic signatures are used)
  • Establishing document relations including change request relationships
  • Performing various types of business administration functions including dictionary maintenance, training record control, etc.
A series of authority checks are implemented within system functions. They include the following client defined controls:

  • Network access with unique ID and password controlled at the operating system level.
  • The SharePoint permission model controls document security at the Library (a collection of documents) and for draft versus approved documents.
  • FirstPoint enhances this security model which allows additional security layers to be implemented based on document metadata. This is useful for documents required restricted, confidential controls.
  • Documents that are part of a workflow process receive enhanced security in that only those selected participants have access to the in progress document.
  • System configuration, maintenance and other types of business administration functions are accessed only by those individuals with specific access rights.

 

These checks are implemented in a number of areas. Some examples include limiting the following to authorized users:

  • Modifying a document’s content or properties
  • Initiating or participating in workflows
  • Applying digital/electronic signatures
  • Modifying system configurations
  • Generating controlled or uncontrolled copy prints
  • Modifying essential information, such as study investigators
  • Approving requests for system access
(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction. This requirement in general does not apply to FirstDoc since the system does not have any functionality where information is valid only when entered from specific terminals. If a specific client has this requirement, CSC will address the requirement for that client. This requirement in general does FirstPoint since the system does not have any functionality where information is valid only when entered only from specific terminals. If a specific client has this requirement, CSC will address the requirement for that client. This requirement does not apply to NextDocs since the system does not have any functionality where information is valid only when entered from specific terminals.
(i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.
  • CSC maintains resumes and training records on all team members.
  • CSC provides training to key client team members including business users, business administrators, and system administrators.
  • Upon request, CSC can provide developer training to non-CSC developers employed by the client.
  • CSC maintains resumes and training records for all its team members.
  • CSC will also help generate training records to track any training it provides to the client’s personnel.
NextDocs maintains resumes and training records s to provide evidence that our employees who develop and deploy our software are trained and qualified to do so.NextDocs also provides client-specific training documentation to help our clients comply with this requirement. We also offer end user training, train-the-trainer training and administrator training.
(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. N/A This requirement is not applicable at a system level but requires a procedure to be implemented by the client. Client responsibility
(k) Use of appropriate controls over systems documentation including:(1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance.

(2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

Electronic audit trail for the appropriate document types must be enabled if documentation is maintained in electronic format.
  • CSC will provide the client copies or access to system documentation corresponding to the licensing agreement and version of the product.
  • CSC maintains a strict version and change control methodology for its product, product related documentation and training materials.

 

NextDocs’s documentation is maintained in our configuration management system and available for review during audits.However, ultimately it is the client’s responsibility to control system documentation in their environment.

NextDocs’ release notes describe the names and versions of documentation that apply to each product release. In addition, each client receives documentation specific to their NextDocs implementation.

§ 11.30 Controls for Open Systems. Same as § 11.10 plus document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality.
  • If the system is judged to be an open system, it would require encryption and digital signature standards. This is not part of FirstDoc and can be contracted as an option if needed.
CSC believes the FirstPoint products are a closed system so section 11.30 is not applicable. NextDocs systems that are hosted may be considered open based on the specific circumstances and the client’s 21 CFR Part 11 interpretation. The use of digital signature is available in all NextDocs products to fulfill the additional requirements imposed on open systems.

Subpart B – Electronic Records
§ 11.70 SIGNATURE/RECORD LINKING

21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.
  • Signature information is stored as document properties.
  • Signature information is also displayed as non-editable properties on the Properties screen.
  • • Signatures are removed when a document is edited, copied, or otherwise modified.
    • Electronic signatures can only be applied to a document\record through the administrator-configured workflow process and the proper execution of approval rules.
    • The signature page is fused to the PDF rendition of the document and cannot be excised from the document.
    • Signature information is also retained as non-editable data in the database and is displayed in the document’s audit trail report.
    • When a document is revised or copied, the signature page is removed from the new version of the document.
Signatures are bound directly to a specific version of a document.NextDocs digital signatures are based on Public Key Infrastructure (PKI) and are a result of a cryptographic operation that guarantees signer authenticity, data integrity and non-repudiation of signed documents. The digital signature cannot be copied, tampered or altered.

Digital signatures appearing in a document automatically appear as invalid when the document changes in any way.

During change control the signature is removed for the draft version in anticipation of future approval and signing.

Subpart C – Electronic Signatures
§ 11.100 General requirements.

21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.
  • The client will need an SOP on establishing and maintaining user profiles as applied to the assigning of a unique ID code/password combination to only one individual and maintaining a list of user profile information in perpetuity.
  • Documentum can assist with this via the ability to disable (rather than delete) users who are removed from the system. By leaving the users in the system, but disabling them, re-use of their user IDs will not be possible.
  • The network operating system ensures a unique userid which is used to execute the electronic signature.
    FirstPoint allows the administrator to lockout or disable accounts, as well as delete users from the system.
Since NextDocs is generally implemented such that user credentials are supplied via Active Directory (or Active Directory Lightweight Directory Services), compliance is built in.Active Directory will ensure that a user name cannot be re-used within a given domain, and provide the ability to disable (rather than delete) users who are removed from the system. By maintaining a record of previous users, reuse of user IDs will not be possible.

NextDocs signatures authenticate the content of documents by attributing the signer to the signed document. Every signer is identified by an issued certificate (or by that of an external trusted entity). This identification is based on the fact that the user is a recognized employee in the organization.

(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. The client will need SOPs on establishing and maintaining user profiles as applied to the verification of a user identity. This requirement needs to be met with a client’s business processes. CSC can help establish work instructions or training procedures to assist with the on-boarding process Client Responsibility
(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

  1. The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.
  2. . Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.

 

  • The client will need to submit a letter to the FDA certifying that they consider electronic signatures are the legally binding equivalent to handwritten signatures.
  • The client will need SOPs on establishing and maintaining user profiles showing that a given individual accepts that the electronic signature is the legally binding equivalent of handwritten signatures.
  • This requirement needs to be met with a client’s business processes.
Client Responsibility

Subpart C – Electronic Signatures
11.200 Electronic signature components and controls.

21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
(a) Electronic signatures that are not based upon biometrics shall:(1) Employ at least two distinct identification components such as an identification code and password.

(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

(2) Be used only by their genuine owners; and

(3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

NoteContact CSC directly for their comments on how FirstDoc meets this regulation.

 

FirstPoint incorporates the user’s network account and password for general access to the system, which is also used for electronic signature approval. FirstPoint requires the re-entry of both identification components (user ID and password) each time an electronic signature is executed.. Each time a signature is applied, both a user name and password are required.NextDocs supports a configurable automatic time-out during periods of system inactivity. This time-out will also end a user’s continuous and controlled access to the system.
  • (b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.
FirstDoc can support the use of biometric solutions through customizations. Customizations for biometrics are not in the scope of this document. FirstPoint can support the  use of biometric solutions through customizations. Customizations for biometrics are not in the scope of this document. NA – Biometrics are not used by NextDocs.

Subpart C – Electronic Signatures
§ 11.300 CONTROLS FOR IDENTIFICATION CODES/PASSWORDS
Persons who use electronic signatures based upon the use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include:

21 CFR 11 Regulation

FirstDoc

FirstPoint

NextDocs

(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.
  • Documentum and Unix/Windows Server will provide most of this functionality. See Item § 11.10 (a).
  • The client will need an SOP on establishing and maintaining user profiles.
  • The client’s network user authentication methodology provides this functionality.
See item § 11.100 (a).
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).
  • Both Trusted Unix and Windows Server can be used to require periodic aging of passwords.
  • The client will need an SOP on establishing and maintaining user profiles.
  • The client’s network user authentication and password encryption methodology provides this function
This is a client responsibility, generally achieved through settings in Active Directory. Windows and Active Directory infrastructure can enforce password policy for complexity and expiration. Windows integrated authentication and Basic authentication can leverage this automatically.
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.
  • The client will need an SOP covering loss management for passwords.
  • If devices are used, the client must have an SOP covering loss management.
  • NA
NextDocs does not make use of tokens, cards, and other devices that bear or generate identification code or password information.Windows and Active Directory administrators can deactivate users, change users’ passwords, or require users to change passwords after issuing a temporary password. Windows integrated authentication and Basic authentication can leverage this automatically
(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.
  • Both Trusted Unix and Windows Server can be used to disable user accounts after a configurable number of unsuccessful attempts.
  • The client will need an SOP containing the procedure for reactivating accounts.
  • The client’s network user authentication methodology provides this functionality.
  • Windows can disable user accounts after a configurable number of unsuccessful attempt
This is a client responsibility, generally achieved through settings in Active Directory.The Microsoft Windows family of products can audit logon changes and failed attempts. Group policy can enforce account lockout policy to help to prevent brute force password guessing. Lockout policy is based on failed attempts for a time window and users can be locked out for specified times before they can attempt again (or not).
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.
  • If such devices are used, the client must have such a policy in place.
  • NA
NextDocs does not make use of tokens, cards, and other devices that bear or generate identification code or password information.


Audit Trail Functionality

Audit Trails is an included feature in FirstDoc. Documentum has its own audit trail capabilities, with FirstDoc adding on to Documentum’s audit trail system. Table 3 discusses the Audit Trails functionality that FirstDoc provides in support of 21 CFR Part 11.

Subpart C – Electronic Signatures
§ 11.10(E),(K)(2) AUDIT TRAIL

21 CFR 11 Regulation FirstDoc FirstPoint NextDocs
(a) Use of secure, computergenerated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
  • • FirstDoc uses the Documentum audit trail capability augmented by audit trail entries produced for custom FirstDoc events. Example events include check-in, save, destroy, status change and user acknowledgements, such as review and approval outcome — including electronic signature.
  • • Since the audit trail must be maintained for the life of the record, Documentum’s Purge Audit Trail capability should not be used unless the audit trail has been migrated offline as controlled by a client’s SOP. Note: This assumes that the approved record is the electronic record. Audit trail entries for draft, minor versions of records can be deleted using the FirstDoc purge minor version functionality if the clients’ policies dictate.
  • • FirstDoc provides the capability for authorized users to change document metadata on approved records. In this case, an audit trail entry captures the previously recorded values so they are not obscured.
(b) Use of appropriate controls over systems documentation including: 1. Adequate controls over the distribution of, access to and use of documentation for system operation and maintenance. 2. Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.
  • • Electronic audit trail for the appropriate document types must be enabled if documentation is maintained in electronic format.

References

How does FirstDoc “do” 21 CFR Part 11 compliance?

21_CFR_Part_11_compliant

CSC have published (not recently) a whitepaper about the capabilities that FirstDoc products provide for compliance with the FDA’s ruling on Electronic Records and Electronic Signatures (fondly known in the Pharma industry as “21 CFR Part 11″).

The whitepaper is a good one. It starts off with a recap of what is contained in 21 CFR Part 11, and then does an itemised breakdown of the capabilities that the FirstDoc products have to meet the compliance requirements.

You can download it here.

21 CFR Part 11 Compliance Position for FirstDoc Applications

Related Post: FirstDoc, FirstPoint, NextDocs – a “rough notes” comparison

SPX Series – A little bit of history

This is part of the SPX Series

Previous post: SPX Series – SharePoint eXperience – (aka SPX) – Series Introduction

First off – I want to explain that I am, in no shape or form, an SPX “expert”. I’m just a guy who has been using SPX since it was first released. I’m not a coder, so can’t tell you all the cool ways that the web parts can be tweaked, or made to dance. I am able to share with you the some of the “lessons learned”, and tips . that I have picked up over time. Some of what I write might be incorrect. Please feel free to let me know if that is the case.

And, where possible, if there are other resources that explain something better than I can, I’ll point you to it.

So without further delay I will launch into today’s SPX post…”A little bit of history“.

SharePoint

In 2007 Microsoft introduced SharePoint 2007.

As well as providing the ability to store content in its own repositories (doclibs, lists), it also provided web sites that could be populated with web parts that allowed users to interact with internal content (lists and SharePoint repositories), as well as external content. This included other LOB enterprise systems (such as SAP, Siebel, etc). There was no native way to connect SharePoint and Documentum though.

Wingspan

A company called Wingspan had also developed technology that provided Web Services connectivity to Documentum.  This consists of the Docway Server, and Docway “Portlets”, (and for SharePoint – Webparts), and allowed for single sign-on,  cross-docbase browsing, as well as the ability for users to access, create & update content from a Portal.

SPX

CSC’s FirstDoc, provides a layer that sits on top of Documentum, and allows for compliance with many of the Pharmaceutical regulatory requirements imposed by the various regulatory authorities (FDA, EMA,  MHRA, etc.)

Using Wingspans technology, CSC (or, at the time, FCG), were able to create special webparts that allowed users to interact with their FirstDoc system from a SharePoint Portal. These offered about 85% percent of the functionality provided by the native FirstDoc application.

4.3

The first version was released in the 2nd half of 2007, and had the moniker “version 4.3“. This was to keep the version inline with the (then current) version of FirstDoc. It was compatiable with version 5.3 of Documentum.

There were 17 webparts available. These included webparts for browsing cabinets, listing the logged-on users checked-out documents, displaying the Home Cabinet, an inbox webpart, an very handy object-view webpart that could be configured to display one particular folder, or cabinet), an also handy query-view webpart that allowed content to be displayed based on a query, as well as an assortment of other functional webparts, and administration webparts.

Each web part offered a user the ability to further interact with an object via a context menu that showed extra functionality depending on the type of object that was clicked upon.

Courtesy of CSC

This first version was an excellent step towards greater flexibility in creating interfaces for users that better matched their daily work style. For the 80% of users who rarely log into FirstDoc, it provided a quick and easy way to get to specific documents. Links to specific documents could be sent via e-mail, and when a user clicked on it, the document would automatically be opened, without having to go through a process of logging into a client and searching for a document.

But there were also several shortcomings. There was the 20% of hard-core users that quickly discovered that there was still a lot of functionality that was not available. Also the SPX interface did not offer the same flexibility that WebTop did. You couldn’t easily change the columns that you wanted displayed, the search functionality when compared to the WebTop search was very limited, and the way of interacting with the documents was different. The context menu was not found in WebTop.  Performance was also a bit sluggish especially when using the webparts over a WAN.

To be fair, CSC were also restrained by the limitations of the underlying Docway technology.
(However, Wingspan have been making continual improvements to their technology and CSC have been able to take advantage of this).

5.0

CSC listened to the concerns that the hard core users (as well as the administrators) were having. Version 5.0 of SPX was released in the middle of 2008, with Product Alias Search functionality, the ability to limit search results, and also the ability to add multiple documents to a workflow. Version 5.0 was also compatible with Documentum 6.0

6.0

Then later that year, version 6.0 was released. This was based on Documentum 6.5, and an upgraded version of Docway(6.1). It had been designed to be backwards compatible (with configuration, it could work with version 4.3 of FirstDoc). This allowed SPX to work over multiple docbases of different versions. As well as this, the Inbox and Query webparts were tweaked so that values could be automatically passed on the URL. Menu selection was made configurable. A quicklink capability was added that allows a link to be configured that will launch FirstDoc functionality, and the ability to View Relationships, and Audit Trail reports was added.

6.1

Then, in the later part of 2009, version 6.1 was released with even more functionality – Virtual Documents could now be viewed, multiple files could be imported, a new :”My Views” webpart was available, as well as the ability to view the Workflow Status report. Importing related documents was now, also possible. A version 6.1.1. was also released but this was a correction to a limitation that was previously believed to be uncorrectable.

Courtesy of CSC

6.2

In 2010, version 6.2 and 6.2.1 were released. The only difference was that 6.2.1 was certified for use with SharePoint 2010. Both versions also used Docway 7.0.  And there was a bundle of new features and functionality. These included: the ability to register interest, the availability of the WebTop Search app as a webpart, a single-box search (“Google-like”), Saved Searches, the ability to display custom properties in the web parts, clipboard tools, subscription notifications, as well as other functionality.

Future

CSC are working on the next release of  SPX, and it looks like they’ll be adding even more functionality to close the gap between SPX and WebTop.

FirstDoc doesn’t have its own client application – it extends the functionality of the EMC Documentum native client – “WebTop”. EMC has announced that they will be phasing out this out sometime soon.  As a result CSC are dedicated to ensuring that SPX is ready to be a replacement.

So – that’s the end of my “A little bit of history” post. If have made mistakes anywhere, please feel free to let me know.

SPX Series – SharePoint eXperience – (aka SPX) – Series Introduction

This is part of the SPX Series

Hands up those of you who know what SPX is an acronym for.  (Hint – the answer is in the title of this post.)

SPX is the technology that CSC have that allows users, from a SharePoint interface, to interact with documents in a FirstDoc-Documentum system. (And, if you didn’t know - FirstDoc is a CSC’s Life Sciences compliance layer that sits on top of Documentum.) The technology consists of specially constructed web parts and a back-end Docway web server that acts as a “translator” for communication between the web parts and the Documentum server.

In fact, if you look at Andrew Chapman’s list of Reference Models, the SPX web parts would be the 3rd model listed.

Now – I have been working with SharePoint eXperience (SPX) technology for a while now – ever since the first version. I’ve been involved on a technical level as a customer. (That is, someone who has actually had to use the technology in a real-business environment to meet real-world requirements.)

As such, I thought it might be a good idea to start a series of posts on what the technology can do, along with some best practices. Here is a list of the things I will cover:

  • Overview – what SPX is, etc.
  • Best Practices – what are some of the best ways to configure/use SPX
  • Some of the issues that I have had to deal with
  • Anything else that I can think of.

Feedback from Readers is always great to receive, so if you feel that you have a question, or a suggestion, and I can answer it, I’ll certainly do my best.

Next post: SPX Series – A little bit of history

FirstDoc User Group 2011 – a look back at the conference – Part 4

Previous post: FirstDoc User Group 2011 – a look back at the conference – Part 3

EMC FirstDoc User Group FDUG

In Part 3 of the FDUG 2011 series, I described the afternoon session of the first day, which included CSC’s Cloud offering, their UI Strategy, Performance and the social event. In this post, I’ll cover the sessions that took place on the last day.

Feedback

The morning started with feedback. The points compiled from yesterday User session were presented to CSC. These were graciously received, and even a few suggestions where made by CSC staff about ways they, themselves,  could address the concern.

SPX in use

Following the user session, there was a panel discussion involving three of CSC’s clients that had implemented SPX in their environment. For more on SPX, click here (PDF).

It seems that while there was a lot of interest in the technology, and implementing it, this came from a very small group of people. This group, however, were very interested in a number of things, and many questions were still being asked after the session had ended.

eTMF

After the coffee break, another CSC customer gave a presentation on their journey from a manual system for managing their Trial Master Files (TMF) to an electronic system.

This was packed with some very interesting information, and it is always good to learn from others.

Total Clinical Solution

As discussed in earlier “Look back” posts, CSC are offering “Total Solutions”. The “Total Regulatory Solution” has been  discussed, and now we had a chance to learn more about the “Total Clinical Solution”. Fransiska Darma (who I had met the night before) gave this presentation.

Often, in clinical trials, the research is outsourced to a Clinical Research Organisation CRO), and involves collaboration between the CRO and the pharma company. In other word – moving documents between the external CRO, and the internal groups involved.

To achieve this requires being able to capture document, and somehow allow the external party to upload it to the pharma company’s EDMS. Further to this, to allow for an increase in reporting and tracking, documents need to have an expansive amount of metadata.

As with CSC’s Total Regulatory Solution, CSC are trying to leverage the fact that they now have a full range of products to implement these “Total” solutions. For their “Total Clinical Solution” this includes making use of FirstDoc (on Documentum), along with SPX (on SharePoint), as well as other tools that facilitate planning and managing, tracking and reporting, and the auditing process.

Usability

This was another customer presented session. It was very, very interesting. In this case, the customer had done an Usability Assessment of FirstDoc 6.1.

The presenter started off asking why, when we search for, review & order something on a site like Amazon, we can do it easily, without any real effort, while, when do something similar inside a business, a 3 hour training course is required.

The presenter followed this up with the statement that “solutions should not require user to change their way of working for the sake of the system.”

To assess their own system (based on FirstDoc 6.1) the customer did 2 assessments, each time where 28  normal employees (i.e. not specially trained testers), were asked to perform a specific task – review & approve a document.

Using a tool that allowed the user’s mouse movements to be tracked, along with a camera that allowed the user’s face to be seen, gave the testers a good insight into how a new user uses an interface.

Some of the findings were shared with us.

These include the fact that the steps required to accomplish the actual task were not obvious. We were shown a film of the mouse movements of one of the testers as they tried to work out the steps required to complete the task. At the same time, a small screen showed the user face and body. There was  a lot of “i know that feeling” laughter amongst the audience as we watched.

This particular customer had also created a mock-up of an improved design. This included less “clutter” and prompts that would guide the user.

On the one hand, having guidance can be very useful for users who are not familiar with the steps required for the task. And often, even after doing the task for a couple of times, if the same user did not repeat the actions for several months, then that same “learning time” is required. On the other hand, users who perform the task multiple times a day can get frustrated with guidance. In this case, what would be good is if the application had a “dummy mode” for new, or infrequent users, and an “expert mode” for those more “experienced” users. (This was something that was introduced into WebTop – a “simple” user interface, and a more detailed one.)

EMC & Record Management

Tim Marsh from EMC gave us a presentation on Records Management, and Information Governance, and the solutions and tools that EMC has in the area.

Validation

The last session of the day was presented by Peter Branstetter, a Senior Consultant from Arcondis.

Peter’s presentation was a very educational trip through validation. Starting with GAMP5 (Good Automated Manufacturing Process) he touched upon Risk-based approach,  and the GAMP V model. Included in the journey we got to see example of this in use.

CSC offer a Validation Package which contains all the components needed to meet compliance. This allows the customer to fill in the details as required.

This session generated some very interesting discussions. It seems that “what”, or “how much” is required to meet compliance can vary depending on who is making the company policy. As such, the answers to some of the “do I need to do x,y, or z” questions were often – “that depends on what your QA department wants.”

This was the last session of the conference – about a quarter of the participants had already left. However, this topic, whether we love it, or curse it, was something that a lot of people wanted to know about, and Peter definitely seemed knowledgeable about it.

End of Session

So – that was the end of the FirstDoc User Group – Europe Conference. For me, this was one of the best FDUG conference that I have been too. I got a lot of value out of the sessions.

The FirstDoc User Group conference is organised by the FDUG – Europe Steering Committee This is made up of 3 representative from CSC Life Sciences customer base.

They did a really good job this year!

FirstDoc User Group 2011 – a look back at the conference – Part 3

Previous post: FirstDoc User Group 2011 – a look back at the conference – Part 2

In Part 2 of the FDUG 2011 series, I described some business case presentations that a couple of CSC’s customers gave, and also talked about CSC’s “Total Regulatory Solutions”. In this post, we’ll cover some of the sessions that took place in the later part of the day – CSC’s IT Strategy (including their foray into the Cloud, and their User Interface Strategy); Performance; the “User session” and the Social Event.

Note – in the afternoon there were two “double” sessions. That is there were 2 timeslots where there were double sessions. I had to make a choice – and so wasn’t able to attend CSC’s Integration session, or a presentation on an sucessful upgrade project.

Cloud

“Everyone is doing cloud” and so are CSC.

However in the Life Sciences arena, there is still a lot of hesitation about using the cloud.

Pharma companies operate under the regulatory guidelines (21CFR Part11) of the Food & Drug Administration (FDA), as well as those of other regulatory bodies (European Medicines Agency (EMEA), etc). Remaining compliant is of the utmost importance for these companies. And as with any other industry, the main concerns are to do with: security and availability.

From what I can see, CSC have tried to address these concerns, and offer three IaaS models:

Off Premise

  1. Public Cloud, with all the advantages a public cloud offers – at CSC Data Centers
  2. Private Cloud, to give dedicated access – at CSC Data Centers

On Premise

3. Private Cloud – behind the client’s firewall.

These are all built on Vblocks, a technology that combines VMWare, Cisco and EMC technology, spread across 12 data centers spread across North America, South America, Europe, Asia and Australia.

To address the security concerns, the Security Framework for “CSC Trusted Cloud” is touted as covering a plethora of security points. These fall under the following categories: Access Control, Physical Security, Logical Security (the separation and isolation of client data, etc), and (as option) Data Integrity.

At the same time, compliance to 21CFR Part11 requires three primary components: the Installation Qualification (IQ) – that records contains a complete set of detailed information on the hardware environment, the underlying software (from OS to application) and instructions on how to install the system from out of the box; the Operational Qualification (OQ) – that proves that the system is operating correctly, and the Performance Qualification (PQ) that indicates that the system is performing correctly to meet the stated user requirements.

CSC are planning to use their Cloud model as a basis for delivering their Managed Services solution. The also aim to deliver IQ, and OQ, out-of-the box. This’ll be a great advantage for Pharma companies. They only have to worry about the PQ. This allows the benefits of the cloud to be realised, while remaining compliant.

User Interface Strategy

Currently CSC offers two interfaces for their FirstDoc product.

  1. They makes use of Documentum’s native client – Webtop – and adds their own “compliance logic” to it.
  2. SPX web parts – these are specially developed SharePoint web parts that expose (most of) the FirstDoc functionality, and allow users to interact with documents in a Documentum docbase.

EMC has announced that they will be retiring Webtop. CSC UI strategy addresses this.

xCP

EMC have released xCP (xCelerated Composition Platform). This is a new technology that they have developed that offers for quick application development, through configuration rather than coding. (EMC have written a white paper on xCP that you can download).

EMC released xCP to the world a couple of years ago with much fanfare. At the time they were promoting as a technology for “case management”. Since then, they have changed their message, and now promote xCP to be “the” interface solution.

The current version of xCP is 1.5. EMC will be bringing out version 2.0 which will still focus on Case Based applications, but CSC have been invited to be involved with version 2.1. They plan to assess the gap between FirstDoc requirements and xCP version 2.0 capabilities so that they can  contribute suitable requirements.

SPX

CSC plan to continue supporting SPX. SPX stands for SharePoint eXperience and, as mentioned above includes specially designed webparts that can be placed on a SharePoint web site, and allow the users to interact with FirstDocs docbases.

SPX has come a long way since the initial release. CSC’s goal is to close the gap between the functionality available in SPX and that in Webtop. They are not quite there yet, but are getting very close.

While xCP will allow developers to easily create an user interface, SPX has the benefit of being very flexible. The web parts can be dragged easily to different places on the web page, allowing a Portal to be built that matches the way users want to work.

While working on part4 of this series, I noticed a CSC job advertisement for a Senior Product S/W Developer. Looking at the job functions, as well as the qualifications required, it looks like CSC are ramping up their SPX resources.

Performance

As I mentioned in an earlier post (FDUG – Europe – Review of the Agenda), this is one session that I was really looking forward to.

It turned out to be a presentation from one of CSC’s clients, (presented by Bill Meier), outlining what testing that they had done to improve the performance of the FirstDoc system.

This involved some very comprehensive testing. Special environments were set up, and load, and measurement, applications were used to try and determine where the bottlenecks were in the system.

From this came a series of “Corrective Actions”, which were very interesting. I thank the company that provided this information (you know who you are).

User Session

The last session of the day was the User Session. This is where all the CSC staff leave the room, and the users get to really discuss what they find good about CSC, and where CSC could make improvements. This is a half hour event, but it actually went on a lot longer than that.

As always, in the beginning, only one or two compliments, or criticisms are forthcoming, but as always, once the ball starts rolling, the discussion picks up some speed.

During this time, one of the FDUG steering committed (made up of three people from CSC customer base), records the comments.

Normally the next day, the users have a chance to present these to CSC, and give more detail. It’s not a witch hunt, and, I congratulate CSC on giving their clients an opportunity to give them feedback like this.  However, the real test is what they do with the feedback…

Social Event

At about 7pm everyone met in the foyer of the hotel. I had a chance to chat with Christoph Langebner, a senior accout executive at CSC. Chris is a very friendly guy, whom I met at last years EMC’s Momentum in Lisbon.  Back then he was an expecting father, and a bit nervous about it. Now he’s no longer expecting, and no longer nervous.

The entire troop then marched off to a local restaurant “Huth Gewirtschaft“, which I have read is rate No. 4 out of 1034 restaurants in Vienna.  It was a very nice meal, and I found myself sitting opposite Franciska Darmer, a LS Solution Specialist at CSC. (Danish, but living in Florence, Italy – “just for the fun of it”). I was also sitting next to some very interesting people from a couple of different Pharma companies, and at one stage, we all got into an interesting (and friendly) debate over the value of the “electronic signature”. Always interesting to see what other opinions are.

After dinner, the group traipsed off to find a good watering hole. I regret that I didn’t join them…

In Part 4, I’ll discuss the events of the second day.

Next Post: FirstDoc User Group 2011 – a look back at the conference – Part 4

FirstDoc User Group 2011 – a look back at the conference – Part 2

Previous PostFirstDoc User Group 2011 – a look back at the conference – Part 1

In Part 1 of the FDUG 2011 series, I described the location of the meeting, and gave an overview of CSC’s plan and strategies. In Part 2, I’ll talk about the rest of the conference.

Going thin

After the break, two of the Pharma companies gave a presentation on a project that they were each involved with to upgrade their document management system.

I’m not at liberty to discuss the details, but it is obvious that the drivers in the pharmaceutical world are the same as in any other business. Namely,

  • Try and get as much functionality out of a product without writing customized code.
  • Aim to increase the useability of a solution
  • Make use of “thin” technology – (Portals).

The business cases presented described how CSC technology was being used to allow these goals to be met.  Always interesting to see, as this is a common theme.

Partnership Program

In the session  CSC described their “Partner Program” plans.

CSC’s goal here is to “put more effort into Partnerships to increase their usefulness.”  That is, with a good network of “CSC Partners”, CSC can meet client requirements, be able to offer more, and be more responsive (i.e. have more resources available) .

Companies that partner with CSC will fall into of three areas: Technology; Sales; Solution. Each area has its own “model” and KPIs that need to be met to be able to retain their status. “Customer Satisfaction” being the most important.

The message was that CSC want to seriously lift their game here. This will include certification, KPIs, working with the Partners to bring over a “unified” message.

Certification

As mentioned, CSC will be offering a certification program.

This will be made up of 4-tiered capabilities (Installation, Configuration, Customization, and Architecture). CSC are looking at some type of “boot camp” experience where individuals attend a week long course for each capability. This will be followed by several weeks of “shadowing” on client projects.

The fact that CSC mention this, signals that they want to set a standard that people that partner with them will meet. Which is encouraging. The “certification” is for the individual (that is, it’s not transferable to other people at the Partnersite).

Curious to see how this one will pan out.

Total Regulatory Solution

In the keynote presentation, there was mention of CSC’s “Total Regulatory Solution”.

Jennifer Wemstrom (who flew over to this year’s European FDUG) presented CSC’s overview of their “Total Regulatory Solution”.

Underpinning this is CSC’s aim to provide the “Total Business Solution” that supports the creation, management and consumption of regulatory documentation in the Life Sciences industry.

In simple words, CSC have got all the tools (especially since their acquisition of ISI and their Publishing tools) to achieve this, but the tools are still disparate applications. CSC’s goal is that all these disparate systems will be unified. They will have a common interface, and a use a shared data model.

This is definitely the right move. In my years as a ECM specialist I have seen companies grow through the acquisition of other companies that offer a solution that compliments, or even enhances, the parent companies offerings. The next logical step is to integrate the applications that make up the suite so that the user is presented with a seamless “solution”.

At the same time CSC seem to be actively investigating offering more than just a suite of technical products. They have realised that they have a lot of skill and knowledge in this area, and are talking about Business Process Outsourcing, and offering their Total Regulatory Solution as a managed service. (This ties in with CSC’s goal to dive into the cloud.)

New Product Offerings

CSC realise that there are still a few “gaps” in their offering. They are busy with  three new products. These are all to do with the submission end of the process. It looks like CSC are really listening to their customers.

Business Process Outsourcing

In this area CSC have three offerings:

  • Staff Augmentation – where CSC staff will work “side by side” with the customer;
  • Tactical Outsourcing – where CSC will handle specific aspects of the regulatory process.
  • Functional Outsourcing of regulatory activity.

As mentioned above, CSC definitely want to make good use of the skills & experience they have built up, and want to expand into offering services rather than just technology.

To back this up, CSC described how they will be tackling staff training (resource development). They have three levels which includes a sort of “orientation/induction” level, “core training” for regulatory activities, and then, “client specific training” which addresses the activities that a client has outsourced to CSC.

Managed Services

CSC have a series of Managed Service Models. These include the traditional models of “on premise” or “hosted” through to “As a service” which includes “Dedicated”, “Private Cloud”, and “Public Cloud”.  A flavor to suit all requirements.

FirstDocs 6.3

Bill Meier spent some time discussing the CSC’s latest version of FirstDoc (version 6.3) which include a large number of enhancements.

A few of the high points include the fact that this version will be certified on Linux.

…continued in Part 3

Next Post: FirstDoc User Group 2011 – a look back at the conference – Part 3

FirstDoc User Group 2011 – a look back at the conference – Part 1

Previous Post: FDUG – Europe – Review of the Agenda

In this post I discuss the recently held 2011 FirstDoc User Group conference. Because there was so much content I am doing this in multiple posts.

Location and Venue

As described in my earlier post, this year’s FDUG was held in Vienna. At the end of each FDUG Conference , the organizers ask the attendees where they would like the next one to be held. Vienna came up on the list two years ago as a favourite, and clearly made its way to the top of the list. Not a bad choice.

The conference was held at the Marriott Hotel. The conference rooms were great, and the catering was superb. The breakfast available at the beginning of each day was an excellent idea!

Attendees

Pharma Customers

There was a lot of people at this years user group. There were 53 attendees, representing 21 of CSC’s 47 Pharma customers.

CSC Team

  • Marty Magazzolo – Global Practice Director, ECCM Life Sciences
  • Paul Attridge – Head of Life Sciences ECCM Product Development
  • Jennifer Wemstrom – Director, Regulatory Solutions
  • Bill Meier – FirstDoc Product Manager
  • Franciska Darmer – Life Sciences Solution Specialist
  • Christopher Langebner – Senior Account Executive
  • Steve Scrace – Senior Account Executive
  • Pablo Santiago – Manager, CSC Spain
  • Rober Svanetti – Life Sciences Manager, CSC Italy
  • Tobia Griessel – Account Executive, CSC Germany

Sessions

In my last FDUG post I talked about the proposed agenda. Fortunately there weren’t many changes.

You can view the agenda here.

KeyNote & Strategy Update

After a warm welcome by Bill Meier,  the Conference kicked off with the KeyNote.

Marty Magazzolo, the Global Practice Director, took to the stage and gave an update on CSC’s strategy, as well as describing a little bit of the original goal of their purchase of FCG. Namely, it was to “be more inline with their customers’ business needs than rather being a pure IT vendor” (Even though in quotes, the previous statement is, most likely not exact, but gets the same message across.)

Business – CSC nows considers itself a “Global Technology and Business Services Company”, and operates in three lines of business:

  • Business Solutions & Services
  • Managed Services Sector
  • North American Public Sector

Software Strategy – With it’s recent acquisition of ISI, CSC now has a range of products that allow it to offer “Total Business Solutions”.

In fact their Mission Statement is:

Provide end to end business solutions for processes involving the creation, review, approval, consumption & exchange of regulated and mission critical documents and content within a Life Sciences organization

To achieve this, CSC have created several “Total” solutions – These include one for Regulatory, one for Clinical, and one for Quality. These played a large role in this year’s conference.

At the same time, CSC admitted that the solutions are still made up of disparate systems. The goals for the future are to streamline them so that they use a common interface, a common database structure, and work together seamlessly.

Business Process Outsourcing – CSC feel that they can offer the expertise necessary to handle customer’s regulatory, and other, requirements. A benefit of this outsourcing model is that “skills are sharpened and rotated” allowing their (CSC’s) staff to gain skills in a wide area, and these resources can then be called upon, when necessary, for specific tasks. The cost savings, CSC claim, are seen when you compare to having specialist skills in-house full-time.

Cloud – Paul Attridge said “Everyone’s got a cloud”, and  CSC are also “clouding up” and are looking at offering both private and public cloud service models.

System Integration – CSC’s message was that they intend to create better integration with other products. The goal is to be able to offer solutions to their customers that match the “real world” situation. Even if the solution requires integrating with other ECM related products (and is achieved through partnerships).

CSC are also trying to keeping an eye on the progress of the SAFE-BioPharma® Digital Identity and Signature Standard, to determine whether they will need to offer suitable integration capabilities.

User Interface – CSC add FirstDoc functionality to EMC’s “fat” client for Documentum – WebTop. EMC have announced WebTop is being phased out after Version 7 of Documentum. CSC are working to ensure that their SharePoint web part technology (SPX) will have the same features as offered by WebTop.  At the same time CSC will be investing in creating an interface using EMC’s  rapid application development technology, xCP.  (In fact, EMC have asked CSC to help ensure that version 2.1 of xCP will provide complete content management capabilities.)

This brought us to the end of the Keynote and Strategy session. Before the coffee break Bill Meier shared with us an interesting article he had read over  the effects of coffee – caffeine increase alertness in woman, but, in men, there is a drop in performance and confidence. (This link describes a little of what Bill was talking about).

I will cover the other sessions in a later post.

Next post: FirstDoc User Group 2011 – a look back at the conference – Part 2

FDUG – Europe – Review of the Agenda

Previous post: FirstDoc User Group – Vienna

I’ve just arrived at my hotel in Vienna and after kicking off my shoes, and scouring the room for free stuff, I decided to see if there are any updates on the 2011 Europe FirstDoc User Conference.

What’s Planned?

Checking out the CSC page lead me to the FDUG Agenda. It looks like it’s going to be an interesting time with a mixture of Strategy announcements and product discussion by CSC, along with several presentations by several Pharma companies.

The Agenda can easily be viewed on the CSC web site, so I won’t be encroaching any secrecy oath that I may have taken when after hours of grueling initiation into the Regulatory world.

First thing that is noticeable is that the US FirstDoc User Group, recently held in Las Vegas, started half an hour later than the one in Europe. Maybe that says something, maybe not – just mentioning it…

Boehringer Ingelheim, and Bayer will both be presenting a Case study on Global Deployment. This looks interesting. They presented the same thing at the US FDUG, and I think it might be of real value, especially with the expansion of a lot of pharma companies into global operations.

After the lunch break, CSC will be discussing their upcoming versions, as well as discussing a “Total Regulatory Solution”. In the US this was presented by Jennifer Wemstrom, who is the Head of Product Stratergy at CSC. I’m not sure who will be presenting at the Europe conference. In any case – I’m am curious what CSC’s “total regulatory solution” will look like.

In Las Vegas, there was a panel discussion by several Pharma companies regarding “Collaboration and SPX Deployment”. From the Las Vegas agenda I see that Abbott, Amgen and Allergen all participated in this, but from what I have heard, it was a very popular subject, and a lot of other conference participants were also involved. The same “topic” will be addressed at the Vienna conference, and I will be involved with this session.

One thing that they had in Las Vegas, (and which I referred to in an earlier post) is a session on FirstDoc Performance Metrics. In the Vienna agenda the afternoon sessions are split into two streams, and one of these will be on “Performance”. I hope that this will be the same.

In the US, Amgen also presented a session on “Training Strategies”, which is not on the Europe schedule.

On the 2nd day, the are several customer presentations: Abbott will be discussing SPX, and Amgen will be discussing eTMF (electronic Trial Master File). Arcondis will be doing a session later in the day on Validation.

One thing that CSC presented in the US, and will be presenting in Vienna, is on “Total Clinical Solution”. Once again, I’m curious what this will be.

And another thing that CSC presented on in Las Vegas is their “Trusted Cloud Solution”. Which makes sense, I guess, because EMC are promoting their “cloudiness” at lot these days (from what I read on the tweets, and blogs that were written during, and after the recent EMC World/Momentum). The FirstDoc solution is designed to provide the “regulatory logical layer” to Documentum. CSC also have FirstPoint – the same thing, but for SharePoint. Microsoft are also busy putting SharePoint in the cloud (and have done so recently with Office365).

I know that the Pharma world is very “compliance sensitive”, and I’m really looking forward to seeing how CSC intend to address any security concerns, as well as compliance issue. Unfortunately, this does not seem to be mentioned in the Agenda for the Vienna conference. However, I’m going to do some research, and will write a future blog post on this.

Conference sessions

I won’t be blogging “live” from the conference, and I haven’t seen any mention of a hashtag for the FDUG. However I hope to write some review posts, either at the end of each day, or after the conference has finished.

At the same time, I want to see some of the sights in Vienna. the FDUG conferences always have a great social event, and this also gives a great opportunity to see something of the surroundings.

Next Post: FirstDoc User Group 2011 – a look back at the conference – Part 1

Related Posts

FirstDoc User Group – Vienna

I’m going to the FirstDoc User Group (FDUG) conference in Vienna, Europe, this year. (For those that are not familiar with FirstDoc, see the links at the bottom of this post).

Every year CSC hold the FirstDoc User Group conference – first in the US, and then in Europe.

I’m looking forward to it. I’ve been ask to present there so it’s time to put the old thinking cap on, and come up with an interesting way of presenting information. (I don’t want to bore people).

The agenda for the Europe conference hasn’t been posted yet, but the one for the US conference has.

The keynote speech will cover CSC’s Long Term Product Strategy. This will be interesting, as the ECM world is very much a lively, ever-changing thing at the moment, as each large EMC vendor morphs, and adapts to meet the ever-changing environment bought about by such things as SharePoint 2010, and cloud computing.

Next on the schedule is a case study – “Global Deployment”.  This will also be interesting as international companies are, and have been for awhile, looking at the challenges of multiple sites, located in disparate locations around the world. The challenges don’t just include the hardware side of distributed systems, but also taxonomies and metadata (ensuring that everyone uses the same vocabulary), etc.

In the afternoon, there will be a panel discussion by representatives of some of the large Pharmaceutical companies on Collaboration, and SPX. SPX is CSC’s technology that allows users to interact with their FirstDoc system from SharePoint. It consists of two parts – SPX web parts, and Wingspan’s DocWay server component that resides on a web service server (see my earlier post for details on this).
I’ve been involved with this technology for the last 4 years, and I am curious what will be covered here.

Later in the day there is also a discussion on FirstDoc Performance metrics.
Now, this is something that I would be very interested in.  How do you actually measure the performance of a system, especially when there are so many parts involved? For example, if a user is in SharePoint, and they use SPX to access documents that reside in a Documentum docbase, there is so much going on. If performance is poor, how do you actually pinpoint where the bottleneck is? I know that there are ways to get information back on the activities that occur, but this involves making some changes in the configuration, and is not really a simple thing to do. If I was there, this is one session where I would be scribbling notes. (I know – in these days, I should actually be typing notes into my iPad2).

At the end of the first day there will be a User Only session. In the first FDUG conference 2007, this session caused a little bit of concern. The idea was that the users would have a chance to talk frankly with the users about FirstDoc (at that stage FirstDoc was the name of the company also – it was bought by CSC in 2008.) However, the fact that there was someone from FirstDoc present in the room did not engender a feeling of openness. At later conferences this was less of a problem.

On the second day, there are more strategy, and users sessions culminating in product demonstrations.

Naturally there is also a social event planned, and this really gives the attendees the chance to mix, and get to know the others that are using the CSC products. There is an opportunity to share, and learn, from others who may be dealing with, or have dealt with, similar challenges.

Related Posts

Next Post: FDUG – Europe – Review of the Agenda

Find out More about those Red Error Messages in Your SPX Web Part

In the Life Sciences industry, many companies use CSC’s FirstDoc to add a regulatory compliance layer to EMC‘s Documentum.

And, if you are using SharePoint as a Portal solution, CSC also offers web parts that offer 99% of the FirstDoc functionality of the thick client. These are known as SPX web parts. (SPX stands for SharePoint eXperience).

The SPX web parts are built on top of the DocWay UI component that Wingspan offers (refer my earlier post for more details).

I’ve been working with SPX pretty much since the first version, and have often seen red error messages appear in the web part. Some of these error messages are self-explanatory. Others are more cryptic.

To get more information about the error message, use your browser’s “View Source” option. In the HTML that is displayed, there is a large section giving more technical information. Using this, the actual problem can be better identified.

The Wingspan Connection – getting SharePoint & Documentum to talk to each other

This is just a short post.  Just want to show an overview of how Wingspan components  allow a user to access their Documentum documents from SharePoint.

wingspan spx sharepoint documentum firstdoc emc

Taken from Wingspan Documentation

Here you can see that there are two main components:

The DocWay UI is a collection of Web Parts installed on a SharePoint Server .

The DocWay Server comprises two components that are always installed together even though they function independently.

  • The DocWay Web Service provides Search, Content Management, and Workflow services.
  • The DocWay Content Transfer Service (DocWay Transfer Service) provides transfer of content between the user’s desktop and individual Documentum Docbases

So, basically, what happens is:

  • A user logs into their SharePoint site that contains Web Parts supplied by the DocWay UI.
  • These Web Parts display meta-data gathered by the DocWay Server about content stored in the Documentum Docbases.
  • Should the user transfer content between their local storage and a Docbase, the transfer is made by the DocWay Transfer Service, bypassing SharePoint entirely.

Included Web Parts for End Users

  • Home Cabinet
  • Subscriptions
  • Checkouts
  • Recently Accessed Files
  • Inbox
  • My Workflows
  • Virtual Folders
  • Repository Browser
  • DQL Query
  • Object View
  • Search

Included Web Parts for Administrators

  • DocWay System Administrator
  • Menu Designer
  • Component Administration
  • Web Part Group Settings

Included Web Parts for Developers

  • DocWay Diagnostics
  • AJAX Call Viewer
  • HTTP Request Inspector
  • System Information

Wingspan produce several other products that allow integration between Documentum and SharePoint. One of these is eResults that I have posted several times about in this blog (see Tag Cloud).

Related Posts