In this installment we will discuss processes and policies for an information management strategy. We will focus on Data Governance aspects that are especially critical in the Life Sciences industry. When we govern data, we are interested in the following aspects for managing data:
- Identifying the single source of truth for all data entities and attributes
- Documenting all applications that update or use the above data
- Ensuring that data is shared through controlled and audited mechanisms
- Creating a framework that measures and continuously improves data integrity
- Defining and implanting security controls to ensure data is safe and secured
To accomplish the above, we must create a Data Governance framework and organization. This organization can be done very early in the Life Sciences life-cycle. To be effective early on, use a Data Governance construct that is simple, yet enforces discipline for the areas described below. The assignment of data ownership and processes for sharing data are critical to companies in a very heavily regulated industry.
In addition, it is important that organizations map their applications and data flow at all times. An enterprise data flow diagram will be an invaluable guide to understanding ownership and stewardship requirements for all data elements. For each application receiving, storing and sending data, we must identify the following:
- For that application, who is the business owner of the data?
- Who are the data stewards that create or maintain the data? How will you audit change?
- Who is the custodian (IT typically) that ensures the data is secure and backed up? What is the architecture for ensuring a secure system for sharing data?
Once we’ve identified the above, we can begin to create business process flows that identify an appropriate level of change control for the following steps in the life cycle of a data sharing request:
- DEFINE a data sharing agreement amongst organizations. It could be a very simple document or more complex when working with external partners.
- COLLECT the request from the Business/Product Owner
- CLASSIFY the request and the nature of the data requested so it can be reviewed
- CODIFY the implementation details of the request
- CATALOG the request to ensure proper organization of data lake assets and components
Below is an example process flow for the CLASSIFY step in data governance
We MUST begin data governance as early as possible. For example, these processes can be implemented during the Research and Development phase for startup companies. This discipline will make the process of FDA filing and moving to Commercial much easier. It can be difficult to play ‘catch-up’ during the product launch for the first time. In the next blog series, we will discuss the various regulations you may be facing as you move through the drug development life cycle.