Avoiding and Mitigating Common Data Risks in Biotechs

Chris Jennings: "There are risks with data. Can you share some of the risks and what you have done to avoid or mitigate them?"

Jen Heckman shared an eye-opening take on risk stating, “The risk is simply not sharing the data and keeping information in operational silos.” She continued with, “Nothing needs to be secret. If it's operational data, everyone should actually have this information.” Creating a mechanism to ensure (operational) data is available to everyone who needs it drives better decision making in multiple areas of the organization. (Read more about Jen’s experience in her blog “Taking pause to speed up: The power of operational data within biotechs”.) Jen followed up with the importance of creating a data dictionary. She noted, especially in a fast-growing biotech, people are coming from different organizations and have different ways of thinking about data. For example, some people may think FSI means ‘first site initiated’ while others think it means ‘first subject in.’ In addition to sharing operational data freely, it’s important to create a common language and give instruction on how to use the data as well.  

“A lot of risk I've seen is around inventory management or the lack thereof,” said Tony Murabito. He shared his first experience as a new employee being asked how the company ended up losing 125,000 in HPLC resin. After a quick investigation, Tony revealed the company had no processes for inventory management. Expensive substances would come in and get recorded, and then go under somebody's desk or on someone's shelf. And nobody was recording decrements as they were using it. To address the problem, Tony shared how they set up a simple inventory management system between a couple of departments just to start tracking resin. Tony then shared similar deficiencies in internal processes at another company: Material went into R&D and there was no tracking. As a result, the company bought $5 million in material over the course of a year with no way of knowing what's left in inventory. After writing off over $1 million, the company replaced the AR inventory system. Not having an inventory management system (even just in R&D) can get very costly and usually gets the attention of someone in the C-level.  

Jackie Fernandes built on Tony’s perspective regarding inventory management from a legal and compliance standpoint. She underscored the importance of “going a couple of layers down” to have processes and controls in place early on. Jackie shared that often companies like to hold on to everything. But retaining unnecessary data and information can present problems when a company needs to respond to an entity or audit committee. To avoid these situations, Jackie underscored the importance of doing inventory of day-to-day information early on in addition to normal reviews of data access and security controls. She concluded with, “Sometimes too much data is not a good thing to have around.”

To follow up on Jackie’s perspective, Tony Murabito shared an example of a company that didn't have any retention policies in place and saved everything for 12 years. He added, until a company gets into a legal situation, the risk of having extensive data is absent. Then, you end up questioning whether you can properly defend a product. Tony revealed that within six months after the litigation, the unnamed company mentioned above implemented a two-year retention policy for all but necessary documents. “Just managing your email and chat a bit more judiciously can keep you out of trouble,” Tony advised

The following articles provide snapshots of more topics the panelists discussed:

• Data Changes from R&D, Preclinical, Clinical and Beyond
• Data Success Stories in the Biotech Industry
• Tackling Portfolio Expansion Hurdles in Life Sciences
• Balancing Data Transparency with Privacy and Security

Watch the panel discussion on demand in its entirety here (1:03:04).

‍