In the second of his three reports from the Paperless Lab Academy in Amsterdam last week, Tom Wilkie wonders if the Cloud means a dark horizon for the traditional informatics vendors
Just as in consumer computing, where Microsoft’s Office365 represents a shift to subscribing to software rather than buying a package outright, so last week’s Paperless Lab Academy (PLA) in Amsterdam offered a glimpse of a future in which no one sold expensive stand-alone systems anymore but where laboratory informatics was delivered by software as a service (SaaS).
As reported here, delegates at the meeting also heard about the need to manage very carefully the transition from a paper-based to a paperless lab, but the possibility was also mooted that the traditional quality control laboratory and its associated informatics software might cease to exist in their present form.
One trend driving the move to SaaS is that, across all industries, according to Steve Yemm of Core Informatics, research and specialised capabilities are being outsourced and externalised. The pharmaceutical industry is not the only one moving from corporate, in-house, closed, research to outsourced and networked research. Such externalising trends are not confined to research either but are pushing through in to development work and even to manufacturing.
But there is a problem, he pointed out: how do you capture and reuse your data across that chain of external contributors? Core Informatics’s solution is to offer its ‘Platform for Science’ as a unified technology incorporating the features of a LIMS, ELN and Scientific Data Management System (SDMS) and to do so in the form of Software as a Service (SaaS). It is 100 per cent web-based, Yemm said, and can run on a company’s internal servers – a private cloud – on Core Informatics’s own servers, or even on Amazon Web Services. Companies could build applications on the platform and it was scalable to thousands of users if need be.
The pharmaceutical industry has concerns. Its lifeblood is patenting, which imposes constraints on data-gathering and retention, out of concern both for confidentiality and admissibility of evidence in patent litigation. But it is also a highly-regulated industry, which means that it has to be able to demonstrate that every piece of data has been checked and verified and that there is an audit trail to prevent falsification. As Paul Denny-Gouldson from IDBS pointed out, the banking industry has even greater concerns about the integrity of its data yet it has successfully rolled out internet and mobile banking to its customers. ‘If the bankers can make this happen,’ he asked, ‘Why can’t we?’
However, he too cautioned that switching to a paperless laboratory – especially a cloud-based one -- has to be a long-term project. It was a theme that had been emphasised at the PLA from the end-user as well as vendor perspective: Unilever’s Lawrence Barratt had stressed that his company was on a 10-year journey to introduce better informatics systems to make its research more efficient, as reported here.
From a vendor perspective, Denny-Gouldson contrasted statements by some company CIOs that ‘everything will be on the cloud in five years’ with the time – 15 years or more --that it had taken the banks to build up their electronic systems. In an echo of comments by the PLA’s chairman, Peter Boogaard, that change management was more important than technology per se, he warned that organisations cannot absorb too much change too quickly.
It may be different, he continued, in ten years time when all laboratory instruments are connected to the network but ‘today you have to be pragmatic’. For example, it may be better for the time being to have an app on a mobile phone or other device and enter data manually.
In his keynote speech opening the second day of the Paperless Lab Academy, David Stokes from the consultancy firm Venostic, outlined some of the concerns and issues that had to be addressed before cloud-based informatics services could become widespread. ‘What will take our industry to the cloud is specialist software vendors providing their software for the cloud,’ he said. Core Informatics is one such, offering a cloud-based service, but Stokes warned that the suppliers of ERP software, in particular, tend not to address regulatory concerns because they are not specialists in the pharmaceutical industry.
Despite its size and importance, the pharma industry is only one subsector for the ERP vendors. Some providers claiming to be offering software as a service, he said, may in effect only be running a LIMS from their own data centre rather than on the customer’s servers. In other cases, data security had failed and customers had been able to see each other’s data.
However, he said, there were vendors who understood the regulatory and security concerns and had put the proper controls into their service. The concerns to be addressed included: quality of the product; the service; the impact on regulatory compliance; patient safety, and integrity of the data. The issue affects not just the software – whether it be a LIMS or other system delivered as a service. It also affects the infrastructure itself – the outsourced data centre where the application is being run or the data is being stored also needs to be able to demonstrate compliance with the requirements of IP protection and regulations.
The industry should be careful not to outsource its IT infrastructure to countries where it would not outsource its laboratory services, he cautioned. The tendency in the IT industry to ‘buy on price’ is inappropriate for cloud-based services for a regulated industry such as pharmaceuticals, he said.
‘You are responsible for regulatory compliance,’ he reminded his audience. ‘If one of your suppliers screws up, you are still the one who is liable.’ Regulators would expect there to be a documented Service Level Agreement in place with any external data centre or supplier of IT services. At one extreme, the data centre operator might be required to testify to the integrity of its IT operations in front of a US Judge, if patent litigation were to involve claims about data that had been held in the data centre. The good news is, he said, that: ‘there are a handful of specialist data centre providers who do understand our industry.’