Last June, at the annual Drug Information Association meeting, a consortium of 12 major pharma companies announced plans to create a new electronic signature standard for the biopharmaceutical industry. The standard, called SAFE (Secure Access for Everyone), was envisioned as a way for drug makers to quickly share information with collaborators and regulatory agencies in a paperless manner, without placing intellectual property at risk, and without the burden of multiple electronic identity credentialing systems.
This year at DIA, June 26-30, the consortium will unveil what it's come up with so far. BioInform spoke to Guy Tallent, program director for the SAFE-BioPharma Association, the non-profit entity that manages the initiative, to get a better idea of what the standard entails, and what kind of affect it will have on early-stage discovery informatics.
How much would you say the SAFE initiative touches on early-stage discovery informatics, as opposed to clinical trials and other downstream steps in the pharmaceutical pipeline?
The SAFE community was actually set up to really affect both the discovery side as well as the later-stage trial side. When you're at the researcher bench level, in the true bio environment, or in the true compound environment, a lot of our users are looking at the applicability of SAFE to be able to put in place a stronger technology bed to protect intellectual property. And with SAFE and the technologies that SAFE embodies PKI, or public key infrastructure you actually get a legally enforceable digital signature, but you also have the ability to provide for document integrity.
With the legal enforceability, you can truly eliminate the paper in the lab notebook environment. And then, with the document integrity, should something ever come to a court of law an interpretation of the facts that support a company's IP claim you can actually use the technology to prove the time, the events, and the integrity of the data. So a lot of our members both bio companies as well as broader-based pharma companies are looking at the applicability of using SAFE for lab notebook applications.
The true discovery side is an area of applicability that all our members have said, 'Yeah, that makes sense.'
I think the legal enforceability side really drives that. Because without legal enforceability, there's not a pharma company or a bio company that would be willing to replace a legally defensible wet signature with an electronic signature unless a lot of the painstaking effort we've done around digital signatures for clinical trials is absolutely appropriate for the discovery side.
So, if a researcher is using an electronic lab notebook, SAFE would automatically create an audit trail to capture every bit of data that they generate once they sign in?
Absolutely. Each company is looking at its current workflow for lab notebook data capture, and in one instance you might have a pharma company with an internal process that at the end of each day, you have a scientist and a witness sign every page of the journal entries from that day. Or you may have multiple witnesses, depending on the company environment. In this case, you can have the same process, meaning the scientist plus a witness, but all of that information is electronically captured and it is indelibly sealed with the signatures themselves to ensure the integrity of the data.
So it fits with the natural, or the current process, but actually allows you to get rid of the paper, so companies like CambridgeSoft and Scientific Software, which have e-lab notebook capabilities, truly can start to augment their products that really are effective with hybrid solutions meaning paper plus electronic to actually be fully electronic without the paper backup.
This sounds like it could be a real boon for e-lab notebook vendors if it gains acceptance.
They have started to participate with a lot of the SAFE members, and the members have actually asked them to work with SAFE to have legally enforceable signatures. So they seem to be moving hand-in-glove.
What will SAFE be unveiling next week at the DIA meeting?
I can give you a sense for what members will be able to see. We will have a number of announcements. At DIA, what we will be showing is kind of an end-to-end environment. It will not include an e-lab notebook solution this year. There are some that are out there and are being applied, so we can certainly discuss those, but at DIA we will be showing a set of vendors that are providing both the credential issuance side, or the SAFE credential provisioning side, through to a document-management system that fully embraces SAFE for the long-term records-management and archival side. So Adobe will be there, Open Text, Documentum, and a number of other providers that are kind of essential to the end-to-end cycle. They've done a lot of work over the last year to SAFE-enable their solutions, and I think what we'll be showing is that SAFE can be used today.
Are the SAFE standards in use already, or have most people been waiting for the vendors to come on board?
SAFE is being used today. There are a couple of the pharma companies that have put it into production, and have actually used it for FDA submissions. The National Cancer Institute and some other pharmas are piloting SAFE on the pathway to production. So we're seeing a lot of good momentum in the US as well as within Europe to move toward the implementation of digital signatures using the SAFE standard.
Last year at DIA was about the creation of the standard. This year it's about the implementation of the standard. So we will be talking about the case studies, we'll be talking about the vendor applications and solutions that you can basically get off the shelf that embrace the SAFE standard, like Adobe.
What were some of the biggest challenges in moving from the creation of the standard to its implementation in a year?
It all starts with the alignment of the industry [players] themselves. So we took a painstaking effort, and 2004 was focused around ensuring that the standard was purpose-served it wasn't over-reaching and it was attainable. So I think we constrained the scope in a fashion such that it was easily understood by the biopharma members, and easily understood by the technology vendors to where it's not competitive there's not five ways to do digital signatures. For all intents and purposes, it was really the members that drove the success to date of the SAFE initiative just a continual focus on keeping it narrowly scoped, and focused on the implementation side to ensure success.
How does the standard fit with the FDA's CFR 21 Part 11 regulation on electronic signatures? If something is SAFE compliant, does that mean that it's automatically compliant with CFR Part 11?
SAFE addresses some, but not all CFR 11 compliance issues, because there are a number of things that a pharma needs to do to ensure CFR 11 compliance. SAFE and the FDA, through a joint working effort, have mapped SAFE to the CFR 11 requirements, and both we and the FDA have gone through the line-by-line trace matrices that ensure that SAFE maps into the relevant components of CFR 11. The FDA has agreed that in fact SAFE does cover that, so if a pharma company is compliant with SAFE, then they should be compliant with CFR 11 for those elements.
We found that in working with the FDA, they see a lot of benefits. If a pharma company implements SAFE, it actually helps the FDA optimize their review processes. So if they have questions of a pharma in terms of how they are meeting CFR 11, should they decide to enquire, if they're a SAFE member, it's a much easier way for both the pharma as well as the FDA to determine very quickly compliance or not.
So it's been a very good close working relationship with the FDA on that front very much a win-win.
Mind you, our goal is not to create a situation where the FDA or the [European Agency for the Evaluation of Medicinal Products] mandates SAFE, because they would never do that they were not asked, nor would they move down that path. We simply want to make sure that they're comfortable with the SAFE standard, and thus far they agree that it meets their needs and have been very supportive of the ongoing effort.
You mentioned the establishment of the standard for last year's DIA meeting, and its implementation for this year. What are the goals for the coming year, and what would you like to be demonstrating at DIA 2006?
To me, it's really network expansion. We've taken a handful of influential leaders, biopharma leaders that have embraced the SAFE standard, and the technology providers that have embraced the standard, and I think now it really becomes a matter of deepening the penetration to more and more of the biopharma industry, and widening the application space.
We initially developed a business proposition in clinical, and I would say it moves down into the discovery side. But we're already seeing our members take the SAFE standard and apply it to other business practices as well, like manufacturing, or in the marketing side of the business. And truly that is what 2006 is about it's about expanding the membership and about deepening the use of the standard across more and more of the business practices inside biopharma companies.
We have implemented the standard in a number of instances in 2005. The remainder of 2005 is honing that experience. Like any effort, what we found to date with our pilots with the National Cancer Institute or with GSK, we found opportunities to optimize the system, to make it easier for clinical sites to sign up and use SAFE, to make it easier for investigators to utilize the SAFE credentials. So that's what we're continuing to work on this year, as we're expanding the membership.
Are you working with the NCI on the overhaul of the clinical trials system that they recently announced? Is there a role for SAFE in that initiative?
Absolutely. We're working with the caBIG [Cancer Biomedical Informatics Grid] community, and the NCI's effort there. So far there have been seven sites that have been part of a SAFE pilot with the NCI seven of the cancer centers and that will be expanded throughout the balance of this year with the intent that through time, all of the 30,000-odd principal investigators and 7,000-odd sites that work with the NCI are utilizing SAFE as well.
It's truly a convergence of efforts in the non-regulatory environments that many of the clinical sites are dealing in: They're dealing with electronic medical records or electronic health records that have similar, but not exactly the same requirements that the biopharma space does. So it's only natural that to the extent that we can leverage the same standard across both community sets, they, as well as the biopharma community, want to make sure that that happens. So if that means that the SAFE standard morphs to be inclusive of the activities for the academic research centers, or vice versa, the pharma industry is quite happy to ensure that the SAFE standard can be broadened and can be used in a widening set of application spaces.