What do you do in your current role?
I provide IT risk consulting and partnership for AstraZeneca IT areas that support the business units in order to ensure existing and emerging technology-related risks are identified and appropriately mitigated or escalated. I also have the role of GxP “subject matter expert” for AstraZeneca IT, ensuring that we have appropriate IT standards to meet pharmaceutical regulatory requirements. The aspect of being able to work with departments across the entire enterprise—research and development, manufacturing, etc.—is something I really enjoy.
I started my career in engineering within manufacturing (both projects and maintenance) but then moved into quality assurance when regulators started to look more in detail at computer compliance, and subsequently into more of a standards, risk, and assurance role in IT. I think having had that experience and background of having to deliver GxP-validated systems (in my case, an engineering role) really helps you understand the challenges when you move into a quality or assurance role.
I’ve been working with validation almost all of my career. Validation can seem complex, but I try to make things simpler for people, and often after talking them through the processes, we can usually simplify the approach. I think there is often the view that it is “one size fits all” with validation and its associated complexity and bureaucracy, with mountains of documentation. But when you discover the particular challenge and boil it down to the real risk areas—and fundamentally understand potential areas of patient safety, product quality, and data impact—you can almost always make it much simpler.
What do you see next for your area?
Clearly there is a lot of focus around artificial intelligence and machine learning, and the challenges of dealing with massive amounts of data, and within an emerging regulatory environment for artificial intelligence. From a validation perspective, I think we still need to focus more on critical thinking and computer software assurance (CSA) principles and techniques. What we tried to do with GAMP® 5 (Second Edition) was to provide more examples of how to apply true risk-based thinking in practice, and in the context of technological advances, such as cloud computing, blockchain, and AI, and how to leverage information rather than have a documentation-based approach, from software tools, for example.
The other big challenge the industry has is cybersecurity. That is probably the top risk for many companies. The cyber criminals are leveraging the same technology we’re using. In a regulated environment, you have to balance the need for control and/or compliance and the ability to protect assets with the need for agility and customer experience.
What advice would you give emerging leaders in the pharmaceutical industry?
If the leader is in IT, they must absolutely try to understand the business and the business processes. At AstraZeneca, we have a program where people are given the opportunity to spend three months working in a different area. Getting that experience early in your career, and expanding your knowledge of the business, is invaluable.
For you, what are the benefits to being an ISPE member?
The biggest benefit is having the opportunity to network with a broad range of people—from other pharmaceutical companies, suppliers, consultants, and even regulators—and hearing different views, perspectives, and approaches. I think hearing those different perspectives is really important; you can always learn from that. It is very valuable that we get to hear the regulatory perspective and have the ability to provide commentary and feedback via ISPE on draft regulations. It has also been good over the years to see how GAMP has expanded its content and relevance beyond its original manufacturing focus to cover all GxP-regulated areas, such as clinical, and continues to develop as new IT technologies emerge.
Learn more about Communities of Practice
