For a customer in the pharmaceutical space, compliance was the priority for their new infrastructure when they launched in 2012. They knew that to sell their SaaS to big pharma they needed to withstand the intense scrutiny of big pharma auditors. It was critical that they were GxP compliant. Today, the company’s adverse reaction data collection tool is being used by household names in the industry.
The customer was developing a new tool for pharmaceutical companies to collect data from doctors and patients on adverse reactions to their drugs. Having worked in the industry, the founding team knew that showing compliance was far more than just ticking boxes. The industry’s GxP best practice guidelines were open to interpretation, and everything needed to be thoroughly documented, secured and controlled. It was complex.
At the same time, the startup wanted an infrastructure that could scale and give their developers the flexibility they needed to develop their product efficiently. Ideally, they also wanted the agility and cost savings that come with using a public cloud service like AWS.
They came to us in 2012 when their product was just a concept. They were looking for guidance on developing a suitable infrastructure, and support in hiring a competent agency to develop their application. We helped them select an agency, and, to make sure we were compliant from the ground up, we worked closely with the application developers from the beginning.
The infrastructure needed to be hosted by a service that was GxP certified too. At the time of launch, options for this were limited, and costs high. Public cloud hosting was not viable.
Perceptions of public cloud services as being suitable for regulated industries have changed since then. In 2016, the company asked us to investigate a move to AWS to bring down costs and give them more agility and control over their servers. We’re currently building out their infrastructure into AWS.
Traditionally, life science companies have covered off the GxP best practice guidelines with hefty paperwork. Our goal was to design and build an infrastructure system that would take away much of that paperwork and replace it with automated processes that ensure compliance and security.
To achieve this we included extra back-ups for tooling and delivery, and features such as intrusion detection and two-factor authentication. The system now leaves an uncompromisable audit trail of how code is developed, delivered, signed off and deployed.
As the company has evolved, we’ve provided continuity of knowledge and engineering as and when needed. Once the application was launched we advised on hiring a permanent team, and we continue to maintain their infrastructure.
When fully migrated to AWS, the customer will also be able to take advantage of the agility and savings that the public cloud offers, without compromising their compliance in any way.