Tag Archive for: Pharmaceuticals

Logiciel EDI : échange de données informatisé

A reminder of the origins and operation of EDI (electronic data interchange)

What is EDI (electronic data interchange)?

EDI emerged in the 1960s from the long-standing and widespread observation that processes based on paper documents are the source of many errors. Such processes are slow, difficult to trace, costly and offer low productivity.

EDI, for Electronic Data Interchange, accordingly replaces the interchange of hard copy documents and data with the electronic transfer of data through standardised, automated messages.  EDI consequently avoids multi-stage procedures entailing data entry and re-entry, and the impact of such steps in terms of time and risk of error (e.g. creating an order, dispatch, receipt, entering the order again into the supplier’s system, then repeated in reverse for the invoice).

A more precise definition is provided by France’s National Institute of Statistics and Economic Studies (INSEE) : “Electronic data interchange (EDI) is a technique that replaces physical exchanges of documents between companies (orders, invoices, delivery notes, etc.) with exchanges, following a standardised format, between computers connected through specialised connections or through a (private) value-added network (VAN). The data are structured according to reference international technical standards.”

EDI was first used to automate commercial procedures in the US car industry. It is now used in all countries, in all sectors of the economy, and for various types of data, although it is still mainly used for processing data between a buyer and a supplier, and in particular in the context of procurement transactions.

How does an EDI system work?

One of the foundations of EDI is data structuring through technical standards (such as EDIFACT, meaning Electronic Data Interchange for Administration, Commerce and Transport, EDI X12, Odette, XML, etc.).

Standardisation of data exchanged is based on a common language between all stakeholders, and therefore between the different information systems and applications involved. EDI standards define how data is structured within an EDI message, thereby enabling data to be transferred directly from one application to another. This standardisation is essential to ensure different businesses can communicate.

Several organisations are responsible for defining EDI standards such as GS1, Etebac, Odette, Tradacoms, Peppol, ASC X12, etc.

To implement electronic data interchange, companies can make use of specific EDI software to generate, translate and track messages following the defined format. Such software will consequently:

  • Retrieve and organise data;
  • Translate and map data following a given format;
  • Transfer messages to partners’ information systems, using the right protocol and, if necessary, by encapsulating transactions.

These are, of course, the most basic functions. The scope often extends beyond these basics, to storing messages, tracking interchanges, etc.

Focus on electronic data interchange in the pharmaceutical industry

The pharmaceutical industry has to deal with considerable data integrity constraints, and work with a variety of partners, such as CDMO firms, suppliers, hospitals, pharmacies, government bodies, etc.

Control over the data produced and information continuity through the entire lifecycle are essential to the pharmaceutical quality system and Good Manufacturing Practice. Digitalising interchanges with partners directly helps improve continuity in the information chain, boosting both performance and quality.

As in other industries, standardised messages are a pre-requisite for digitalised interchange. Historically in France, the role of codifying medicinal products (market authorisation code, dispensing unit code) and standardising messages and documents to fit EDI processes has fallen to the Club Inter Pharmaceutique (CIP). The medicinal product sector (manufacturers, government health insurance funding bodies, healthcare providers) collectively opted to use EDIFACT as its message standard.

With the requirements for pharmaceutical product serialisation, interchange standardisation and automation will only continue to develop. Pharmaceutical manufacturers must, for example, upload serialisation data to the EMVS (European Medicines Verification System) hub, which then makes the link with national systems (NMVS).

Limitations of EDI as the pace of interchange with the ecosystem increases

EDI offers certain long-standing benefits, in that it provides a first level of automation through the structured exchange of data:

  • Shorter interchange cycles allow for greater responsiveness, shorter delivery times to end customers, optimised inventories, and better cash flow for vendors;
  • Digitalising data, by avoiding re-input and erroneous data on paper invoices, reduces errors and makes the data exchanged more reliable;
  • Businesses have visibility over transactions. Interchanges have an audit trail, which can serve as evidence in disputes;
  • Costs generated by handling paper and administration are reduced.

However, while EDI has evolved, it did first appear in the 1960s, when the context surrounding B2B interchanges was different. Digitalisation has also continued on its path, and digital communications (to replace fax, mail, etc.) are no longer an innovation. 

EDI does not fully meet the challenges of agility and scalability

Companies are no longer transforming alone. The development of new business models, the creation of new services, the enrichment of your own services… all these now require the involvement of the ecosystem, with suppliers, customers, partners, and open data all relevant.

Digital transformation is becoming synonymous with flexibility and agility in integrating with other firms in the value chain. This ecosystem is constantly developing, becoming more complex and expanding. Organisations are seeking to gain control over data interchanges not just partner by partner, but with their whole, changing ecosystem. Transformation has to be scalable in its application.

As regards these crucial factors of agility, speed of response and scalability, EDI does have some limitations:

  • Connections are point-to-point;
  • It runs asynchronously;
  • Diversity in standards and technology;
  • Lead times needed to add a new partner or interchange type.

When EDI is already implemented in long-standing areas of application (ordering, billing, supply chain, etc.), it often meets requirements. However, EDI’s inertia and standardisation difficulties are obstacles to providing a response to the new boom in interchanges and the challenges of connectivity.

From EDI to APIM

Adding to EDI, APIs provide a connectivity and interchange solution that is more flexible, scalable, upgradeable, lends itself to standardisation, etc.

APIs can provide interchange in real time, which EDI cannot. They are customisable and can be used to create new services.

However, it should not be forgotten that one of EDI’s strengths is standardised interchanges and formats, reinforced by its longevity. Formats such as EDIFACT have had time to become established and to be used by organisations extensively.

We firmly believe that APIM (API Management) and API governance are crucial if APIs are to truly add value to a business.

We define API Management as the discipline of making the best use of APIs without compromising the information system and without adversely affecting the user experience. The purpose of API Management is therefore to manage and standardise API (Application Programming Interface) exposure, i.e. the publication, promotion and supervision of interchanges between a supplier service and a client service. 

Of the many promises held by API and APIM, three in particular leap out, in comparison with EDI:

  • Respond under pressure from functional business departments, react quickly and improve the flexibility and adaptability of data streams to and from the ecosystem;
  • Control the impact of growth in service consumption;
  • Offer new unbranded services, and enhance your own services…

At Blueway, we firmly believe that the response to data stream management issues is not just a technical or technological matter. The real question is that of your crucial transformation needs and how interchanges with your ecosystem are changing. How many services do you need to expose to suppliers and customers? Is scalability of data interchange a priority? Do you want to monetise your services, or at least monitor their consumption?

Let’s talk about it!

Temoignage_departemant_morbihan_esb

The département of Morbihan

De-siloing of the information system…

Témoignage_samat_soa_esb

Samat

Real-time management of orders and deliveries…

Récipharm Fontaine

Interfacing the IS with a business added-value network and/or directly with their clients’ ERP…

Laboratoire Dômes Pharma

Consolidation of data from production (Sage X3) and HR (Nautilus) into SAP…

Intégrité des données ou data integrity

Introduction: the basics of data integrity

Data integrity means the certainty that data is complete, correct, accurate and up-to-date throughout its lifecycle. A data integrity policy takes into consideration the data lifecycle and any unintentional or deliberate harm that might be caused to data.

Many official documents refer to the notion of data integrity. The following are a few of the definitions offered:

  • According to the ISO/IEC 27000:2016 standard,integrity is the property of accuracy and completeness.
  • France’s National guidelines on public archives (Référentiel général de gestion des archives) define integrity as “the quality of a document or data item that has not been compromised. Digitally, documents or data are trustworthy if their imprint (or digital fingerprint) at time t+1 is identical to their imprint at time t.
  • According to the French general inter-ministerial directive no. 1300, it is the “property providing assurance that data or processing has not been subject to unauthorised changes or deletion.

Ensuring data integrity therefore means that data stored or transmitted will always be reliable, consistent, accurate and verifiable no matter the length of time it is kept or the use to which it is put. It forms one aspect of Data governance.

In practical terms, a number of questions lie behind this notion of data integrity: Do you know who has been making changes to your data? Are you in a position to identify all the changes that have affected your data? How can you prove to third parties that your data has not been compromised? How do you guarantee that your data is reliable and valid at any given point in time?

This post will deal with the integrity of data stored on digital storage media. However, data integrity can also apply to paper copies, for example. Similarly, the focus will be on database integrity rather than physical integrity.

There are several types of database integrity, with entity integrity, referential (or relationship) integrity, domain integrity, and user-defined integrity (i.e. following specific rules that the other three types of integrity do not cover).

What types of digital data are involved?

Integrity is a matter for all types of digital data. Generally speaking, there are two main categories of data involved:

  • Files: desktop documents, videos, images, etc. but also files linked to IS operation, such as event logs and configuration files, and indeed computer programs.
  • Business and technical data held in databases

Focus on data integrity in the pharmaceutical quality system

Data integrity is a matter that affects all industries. The requirements are naturally all the more stringent when an industry generates critical data with a financial, human or strategic impact. The pharmaceuticals industry is therefore one of the areas most affected. Data integrity is of the utmost legal importance in pharmaceuticals.

Data integrity is considered, quite rightly, as a significant component in the pharmaceutical industry’s responsibility for ensuring the safety, effectiveness and quality of medicinal products, and the ability of health bodies to protect public health.

In France

In France, Appendix 11 of the Guide to Good Manufacturing Practice produced by the National Agency for the Safety of Medicines and Health Products (ANSM) on computer systems refers to data integrity in terms of integrated checks to ensure the accuracy and security of data entries and processing, checks on data accuracy, the integrity of backed-up and archived data, the existence of an audit trail of changes, etc. It is clearly stated that risk management must encompass data integrity.

In the United States

In the United States, the Food and Drug Administration (FDA) also attaches great importance to data integrity. It is a crucial requirement of the pharmaceutical quality system described in its Good Manufacturing Practices (GMP). The acronym ALCOA for Attributable, Legible, Contemporaneous, Original and Accurate is used to define the five qualities needed to maintain data quality. The initial ALCOA principles have been supplemented by ALCOA+ which adds Complete, Consistent, Enduring and Available. Data consequently needs to show all nine attributes to be trustworthy.

What is a data integrity failure? What causes one, and what are the consequences?

An integrity failure occurs when data is destroyed or compromised. The impact might or not might be immediate. While in some situations a failure might have no impact, such as a document retained for legal archiving purposes, in other situations the consequences can be very serious.

Common causes of data compromise

  • Attempted internal fraud, external perpetrators (e.g. cybercrime), computer viruses
  • Technical flaws in the information system (e.g. a bug in an application that deletes the wrong data, inadequate data validation, etc.)
  • Errors or replication during data transfer
  • Human errors in data entry, use or manipulation
  • Hardware hazards (fire, mechanical faults, etc.)

The consequences of data integrity failures

Such causes can have the effect of creating inaccurate or incomplete data records, backdating data, generating inconsistent entries, deleting data or making damaging changes to it, etc.

Ultimately posing a risk to the business:

  • Strategic decisions taken based on erroneous data
  • Lost productivity and time and money wasted on correcting errors, identifying causes, etc.
  • Legal penalties
  • Harm to brand image

How can data integrity be ensured? What are the best practices to follow?

Protecting data integrity means the ability to identify irregular or anomalous changes to data and, if necessary, to revert to a previous version of the data. Another aspect is the ability to prove that data has not been changed.

Data security is certainly one dimension to ensuring data integrity (data protection), but it is only one dimension. Security and integrity should not be conflated. Information systems management and fraud detection mechanisms are just as important.

Ensuring data integrity therefore requires:

  • Reliable data gathering. All data entries must be checked and validated, and be consistent with the data dictionary.
  • Checks on permissions and rights to access and edit data.
  • Centralised databases with guaranteed uniqueness. Data integrity also requires that the data being used is the right data.
  • Traceability of all changes made to data (additions, deletions and changes) and the availability of a complete, tamper-proof history.
  • Confidence that data is backed up and can be restored.
  • Periodic audit trail generation: data erasure, job failures, compliance tests, data deletion, backdating, changes, etc.
  • Staff training, preparation and involvement. People are often the weakest link. Procedures must be documented, and rules and obligations set out, to ensure the issues are understood. Suppliers and partners also have a role to play in the data integrity chain.  Responsibilities and checks to be carried out should be determined with the relevant people, together with communication procedures and how they apply to IT systems.

Data governance to ensure data integrity

Data integrity is a status as well as a process. At Blueway, we firmly believe that it is based on fitting the various aspects of data interchange together to provide data governance, including master data repositories, processes and the circulation of data between internal applications and those external to the IS. Adherence to information system procedures is not optional if data accuracy, traceability and changes are to be checked throughout the data lifecycle.

We also attach great importance to the people factor. Gaps between what users require and what IT systems provide can be a source of integrity failures (use of workaround solutions, security issues, etc.).

In addition, traceability and non-repudiation of changes are not always enough to ensure the integrity of data within the database. It is always possible for someone with the necessary permissions to go directly into the database to delete or edit the data it holds. Tamper-proofing is also essential, which is why Blueway has taken the innovative step of using blockchain in its Master Data Management.

Get in touch
with a Blueway Expert

Logiciel EDI : échange de données informatisé

From EDI to APIM: a brief history of how interchanges with the ecosystem have transformed

A reminder of the origins and operation of EDI (electronic data interchange) What is EDI…

Intégrité des données ou data integrity

What are the points to watch and best practices to follow to ensure data integrity?

Introduction: the basics of data integrity Data integrity means the certainty that data is…

Laboratoire Galderma

Middleware layer on the Infor M3 ERP and data traffic between applications…

Tag Archive for: Pharmaceuticals