In my last blog about cloud computing (Legal and Regulatory Issues for Life Sciences: Staying Safe in the Cloud) I discussed how life sciences organizations can avoid risks to the enterprise with careful planning and implementation.

Of course, you also need a solid technical foundation based upon a cloud solution that can be configured, deployed and managed to ensure that your organization is able to meet all of your privacy and compliance requirements. And all clouds are not created equal. This article takes a deeper dive into cloud technology and explores the different types of offerings and their pros and cons so that you can develop a solid selection process to determine which offering best suits your needs.

Classifying Cloud Technology

Cloud computing can be classified in several ways, but the most typical way of looking at cloud technology is by the type of service offered and the method of deployment. Both aspects need to be considered when selecting a cloud solution.

Cloud computing can be classified in several ways, but the most typical way of looking at cloud technology is by the type of service offered and the method of deployment. Both aspects need to be considered when selecting a cloud solution.

First, let’s take a look at the type of service, which, as described below, is generally classified into three categories depending on the “service” that is consumed, and the level of control desired by the organization.

Software as a Service (Saas) is the most comprehensive offering. If you have ever used an email application such as Gmail or Hotmail, you have used SaaS. In this scenario, the Cloud Service Provider (“CSP”) provides all of the software, servers, storage capacity and infrastructure management. The cloud subscriber does not manage or control the underlying cloud infrastructure or individual applications, except for preference selections and limited administrative application settings. Benefit: Reduction in the total cost of hardware and software development, maintenance, and operations. The tradeoff for simplicity and cost savings is that security provisions are carried out mainly by the CSP.

Infrastructure as a Service (IaaS) is at the other end of the cloud spectrum. In this scenario, cloud subscribers are able to maintain control of their software environment, but do not maintain any equipment. The basic computing infrastructure of servers, software and network equipment is provided to the customer as an on-demand service upon which a platform to develop and execute applications can be established. This enables organizations to avoid purchasing, housing and managing the basic hardware and software infrastructure components – and instead obtain those resources as virtualized objects controllable via a service interface. Benefit: The cloud subscriber generally has broad freedom to choose the operating system and development environment to be hosted. Typically, security provisions beyond the basic infrastructure are carried out mainly by the cloud subscriber.

Platform as a Service (PaaS) is somewhere in between IaaS and SaaS. In this scenario, the vendor provides an operating system and database services in the cloud, on which the customer can deploy applications. This model is typically utilized when an organization wants to create and maintain control over their applications while reducing the cost and complexity of buying, housing and managing the underlying hardware and software components of the platform, including any needed program and database development tools. Benefit: The cloud subscriber has control over applications and application environment settings of the platform. Security provisions are split between the cloud provider and the cloud subscriber.

Method of Deployment

Once you have determined the type of service, the next step is to choose the mode of deployment of the cloud services. Deployment methodologies provide varying levels of control, and the method chosen depends upon many factors, including comfort level with your cloud vendor and security and compliance requirements. In addition to the Private, Public and Hybrid methodologies described below, a number of companies have coined terms such as “compliant” cloud or “regulated” cloud to describe platform offerings designed specifically for life sciences.

Deployment methodologies provide varying levels of control, and the method chosen depends upon many factors, including comfort level with your cloud vendor and security and compliance requirements.

Public Cloud: The platform is managed for the client in a CSP data center. In a public cloud deployment, the infrastructure and other computational resources are made available via the Internet. The server hardware is physically located outside of the organization’s premises, and management of the cloud is fully outsourced. Typically, multiple clouds from different organizations are shared on the same server hardware.

Private cloud: At the other end of the spectrum are private clouds. A private cloud is one in which the computing environment is operated exclusively for an organization. It may be managed either by the organization or a third party, and it may be hosted outside or within the organization’s data center. A private cloud gives the organization greater control over the infrastructure and computational resources.

Hybrid cloud: Somewhere in the middle are community clouds and hybrid clouds which offer more control than a public cloud but less than a fully private cloud. Typically a hybrid cloud infrastructure consists of a private cloud composed of either a public cloud or another organization’s private cloud. The clouds themselves remain unique entities, bound together by standardized or proprietary technology that enables unified service delivery, but also creates interdependency. For example, identification and authentication might be performed through an organization’s private cloud infrastructure, as a means for its users to gain access to services provisioned in a public cloud. Preventing holes or leaks between the composed infrastructures is a major concern with hybrid clouds, because of increases in complexity and diffusion of responsibilities.

Selecting a Vendor

Selecting a vendor without solid preparation can be like walking through a minefield, so it helps to have some guidance along the way to avoid costly mistakes. The type of service and deployment method are key aspects of vendor selection that have to be considered along with other cloud functionality and in the context of your specific requirements.

Selecting a vendor without solid preparation can be like walking through a minefield, so it helps to have some guidance along the way to avoid costly mistakes.

The first and most important step you can take is to fully analyze and understand your organization’s security and regulatory requirements. Once you have this information in hand, you will be ready to compare features and examine at the pros and cons of each offering to determine which best fits your needs. Even if you have the staff with the ability to do this internally, it sometimes pays to work with a third party to lead you through this process. They can help you put together a complete RFI or RFP for submission to vendors and provide an unbiased third party viewpoint as you review your options.

Below are some things to consider in the selection process:

Information Security

Generally, information security includes solutions such as encryption, access management, firewalls and intrusion detection.

In internal clouds, the IT department has the ability to install desired security solutions, whereas in an external cloud computing environment, the security depends on the CSP. Additionally, the amount of control over the security depends on the cloud service. Because IaaS implementations enable organizations to virtually manage the infrastructure, clients are usually able to implement more security measures than in SaaS, where everything is provided by the CSP.

Auditing Capabilities

Not all CSPs allow client-auditing of their security offerings. In these cases, client organizations have to suffice with a CSP-provided audit statement.

Data storage, transmission and processing

In private cloud computing, the organization keeps all its data within its own data center or a data center under its control. In external cloud computing, data is outsourced to a CSP and data transmission and storage are controlled by the CSP.

Processing of data, including encryption, entirely depends on the CSP and the service level offering. SaaS providers offer a specific processing service, whereas in IaaS the client organization determines to a large extent how the data is processed.

Compliance and regulatory issues

The impact of privacy regulations is most heavily impacted by the degree of control the CSP has over the data and computing infrastructure. Regardless of the service or method of deployment selected, accountability for all compliance requirements is with the organization, not the CSP.

Conclusion: Technology is just the first step

When it comes to regulatory compliance and privacy concerns, technology is just one aspect of cloud computing. Once you determine the best technical platform and deployment method for your organization you will still need to:

• Protect your interests with policies and procedures for your organization’s cloud computing initiative
• Prepare effective agreements with your CSP
• Look into the need for any additional technical protections such as firewalls

Stay tuned! More to come on these topics as we continue to explore the brave new world of cloud computing.

D2 is Documentum’s new web-based client, based upon the concept of configuration, as opposed to coding. It is is currently offered in two flavors: Premium and PlusPack. D2 consists of two web applications: the D2-Client and D2-Config.

These are installed as two separate WAR files on your application server. The D2-Config application is used to configure the D2-Client. A repository can have only one D2 installation, unlike Webtop or custom WDK applications. If multiple “applications” are to be developed for a single repository, all configurations are created and stored in the repository, and each “application” is defined in D2-Config and presented to users using the D2-Client based upon their roles and permissions in the repository.

This is a huge plus, because it supports global scalability, support and rollout – multiple app servers pull the UI and behaviors all from the same place. No longer is there a need to deploy the updated WAR file on each app server. This concept is somewhat akin to how TaskSpace works. The thing to note is that the URL for the D2-Client is always the same, regardless of which “application” a user may be using.

In general, the D2-Client UI is not a huge departure from Webtop as far as look and feel (see below). I found this to be a bit disappointing. I was hoping that this client would be really cutting-edge and more Web 2.0-ish. That being said, the UI does support some nice new features like a great virtual document manager, and a details pane that can quickly display a document’s location, renditions, versions, relationships with other documents, audit trail entries, and other handy stuff.

What is Generis CARA?

Generis also claims that there will be no data migration required to move to CARA; with standard Documentum lifecycles, integrated apps do not have to change.

CARA serves as an out of the box user interface and configuration platform for multiple systems including Documentum, SharePoint, Oracle WebCenter and Alfresco. Generis provides a number of RapidDeploy pre-built configurations to deal with standard business cases. Generis claims the Current version of CARA 3.3 that within the Documentum platform is a unified client interface to replace xCP, Records Manager, Webtop, DAMtop, CenterStage and TaskSpace.

CARA is a full-functioning UI including all core Webtop functionality and more (enhanced virtual docs, workflows etc). Generis also claims that there will be no data migration required to move to CARA; with standard Documentum lifecycles, integrated apps do not have to change. Generis CARA offers a modern but highly convoluted user experience with a desktop within a browser paradigm. It also scatters all the configuration options within the interface for the end user instead of cleanly segregating the configuration options to keep the user experience simple.

Configuration … Not Code

D2 and CARA are built with the idea of being able to update many common actions through a configuration screen.

D2 and CARA are built with the idea of being able to update many common actions through a configuration screen. In some cases, these are standard Documentum functions in other cases they are specific only to D2 or CARA. One does not need to restart the application server after making configuration changes – something that is not supported in most of the other Documentum tools. Both D2 and CARA take different approach in order to provide the above functionality, as described below:

D2’s approach: EMC Documentum D2 takes a centralized and spreadsheet-like approach to managing its configurations. This approach enables the power user to rapidly understand how the content solution is configured, preserving the simplicity of the user experience for the regular user while providing administrators and power users with advanced configuration options.

Documentum D2 also offers much easier externalization of configuration to allow for rapid encapsulation, migration and reproduction of environments. D2 has somewhat consistent look and feel. Little can be done without first configuring D2 – but that is a good thing. There won’t be any time spent removing tons of features of the base application that a paticular user group has no need for and only finds confusing (as it was with Webtop).

Finally we can start from a clean slate, configure an application to meet a particular businees need – and deliver it! Business-need driven, user approved – that is what D2 enables system integrators to accomplish. The feature of exporting and importing the entire configurations is a plus in D2

CARA’s approach: Generis CARA offers a user experience with a desktop within a browser paradigm. The “desktop in a browser” approach – while powerful – introduces significant complexity both to use and configure.

Generis CARA offers a user experience with a desktop within a browser paradigm. The “desktop in a browser” approach – while powerful – introduces significant complexity both to use and configure.

Users who are going to use CARA to perform generic content management actions or to configure the application both have to use the same client interface. The CARA Explorer (CMS client) and the Configurator are part of the same web application. CARA’s approach to configuration is more scattered and is spread across multiple menu and submenu items opening in multiple windows. This makes it more difficult to manage a large number of configurations and add a lot of complexity to the user experience for regular users.

In order to move or export the configuration there is no one action in CARA, one has to create a Composer project and pick and choose all the configurations that needs to be moved, one must also have knowledge of the locations of the configuration file in the repository.

Considerations when making this choice between D2 and Cara

• Strategic vendor for enterprise content management (ECM): Documentum D2 is an EMC product, and customers can expect EMC’s end-to-end accountability and commitment to this product.
• User experience: Generis CARA offers a modern but highly convoluted user experience with a desktop in a browser paradigm. It also scatters all the configuration options within the interface for the end user instead of cleanly segregating the configuration options to keep the user experience simple.
• Enterprise readiness: EMC will ensure performance, scalability, security and interoperability; testing of the Documentum D2 product far beyond what Generis CARA will ever be tested. EMC will offer enterprise-level support of the product with 24/7 coverage and standard enterprise-level support of service level agreements.
• Content and case-centric solutions: EMC will offer content and case-centric solutions based on the configuration layer, which is part of Documentum D2. Generis CARA will not be interoperable with these solutions since it uses its own configuration paradigm. In addition, any future releases of Documentum Mobile will also leverage the EMC Documentum D2 configuration layer.

The winners of the IIG Partner Innovation Awards for the Americas were announced this week at Momentum EMC World 2013, recognizing key partners for excellence and innovation in solution development, design integration, and best practices for implementation and deployment.

The EMC Certified Solution designation is awarded to partners following rigorous review by EMC® Proven Professional Certified Architects and validation by an independent, third-party organization. Each solution receives an in-depth design review focusing on functional completeness, performance and scalability, security, deployability, supportability and interoperability, which instill customer confidence in the solution architecture and foundation.

“Our relationship with EMC and earning this honor is proof-positive that our expertise at Sitrof is well recognized in the life sciences industry and that our ability to streamline information for clients is validated,” said Bryan Reynolds, Sitrof co-founder and managing director. “I am honored to be a part of this team and that EMC has recognized the expertise of Sitrof professionals.”

“In today’s business environment, innovation that delivers true value to customers is critical,” said Chris McLaughlin, vice president of Channels and Alliances for EMC’s Information Intelligence Group. “We’re pleased to recognize partners like Sitrof for adding considerable value to our customers’ businesses through their technical and industry expertise. We appreciate their partnership and dedication to excellence.”

About Sitrof
Founded in 2000, Sitrof Technologies is a privately held, profitable company headquartered in Princeton, N.J.

The company offers proven IT and content management solutions that allow Tier 1 and Tier 2 life sciences firms to streamline and automate regulatory affairs, safety, pharmacovigilance, compliance and quality. An EMC® Information Intelligence Group Consulting Preferred Partner (C3P), Sitrof is backed by decades of industry knowledge and world-class industry partnerships and has saved life sciences clients millions of dollars and countless months of time. In 2012, Sitrof was listed on the Inc. 5000 list of fastest-growing private companies in the U.S.

For more information visit http://www.sitrof.com or follow the company on Twitter at @sitrof.

EMC is a registered trademark of EMC Corporation in the United States and other countries.  All other trademarks used herein are the property of their respective owners.

As part of our unique Safety Capture solution, the Sitrof Technologies team has developed a new Email Import module that is based on the EMC Captiva platform and certified by EMC. This module was developed to address specific requirements to capture emails related to adverse events with rich content and inline attachments.

By transforming paper into digital content, organizations can reduce costs, accelerate business processes, improve customer service and reduce compliance risks. The EMC Captiva platform enables customers to capture, classify, extract and validate business information from a wide variety of paper and electronic sources, and delivers it to key back-end office applications, databases and content management repositories.

The Problem

The Safety Capture Email Import module was developed to capture the email body in RTF/HTML format as WYSIWYG (What-You-See-Is-What-You-Get) image output. As a majority of content captured was sourced through emails, it was important to capture this regulatory content without losing any information. It was noticed in many scenarios that the rich content (fonts, colors, etc.) and position of inline attachments in email bodies could have contextual information regarding the AE.

Generally, InputAccel-based capture solutions use an out-of-the-box (OOTB) InputAccel Email Import module in conjunction with an ImageConverter module to capture emails. This OOTB InputAccel Email Import module can only correctly process emails sent in plain text format. This is problematic as it does not properly process emails where the email message body is in Rich Text Format (RTF) or the email message body (RTF/HTML) contains inline attachments (e.g. screenshot pasted in body of email, email signature logo, etc.).

Key Solution Highlights

InputAccel is a Windows client/server document capture system that consists of one or more InputAccel Servers, an InputAccel Database, an Administration Console web server, and a set of InputAccel client modules.

Client modules are responsible for requesting tasks (or creating them, in the case of import modules), processing them in some way, and then returning completed tasks to the InputAccel server.

Safety Capture Email Import module could be implemented as a replacement for the Captiva InputAccel Email import module. This is a configurable InputAccel module which could be deployed with minimal development effort.

The Safety Capture Email Import module is developed using InputAccel SDK (Software Development Kit) on .NET platform. InputAccel SDK is a collection of .NET assemblies that enable the development of custom IA modules (unattended, attended, export, import & task processing). All modules created using InputAccel SDK automatically inherit common features and capabilities (e.g. Authentication, Logging, Task processing, etc.). This module can run in either production or service mode as any other InputAccel module.

Safety Capture Email Import module could be implemented as a replacement for the Captiva InputAccel Email import module. This is a configurable InputAccel module which could be deployed with minimal development effort. It could be configured to provide proper access control on InputAccel batches to avoid privacy issues concerning sharing of personally identifiable information or implement geography specific security requirements. This module also validates email attachments to confirm if they are in a format supported by the InputAccel application. The module could be started in debug mode to capture detail logs and error messages and reports runtime email processing errors to prescribed users via alerts.

Based on standard Captiva SDK, this module supports a high-availability and load balancing capabilities of Captiva’s ScaleServer feature. This solution also has the capability to create a separate case document for each email attachment or one single case document combining all email attachments. Generated case documents always have email body pages at the beginning of each document.

This module has been running in a real-time enterprise production environment for the past few months, and it processes thousands of emails per day. As part of this deployment, the module was also tested for high-availability and disaster recovery. Reusable project assets generated as part of this engagement would enable the Sitrof team to deploy this module faster for any new requirements.

Here is a screen-shot of the page view in IndexPlus module as an indexer would see it after processing the email though this module.

The above image shows how the Safety Capture Email Import module captured the following type of rich content without any issues:

• Fonts in various colors and sizes
• Excel data as inline OLE (Object Linking and Embedding ) attachment
• Screen-shot as inline image attachment

If the same email is processed through OOTB InputAccel Email Import module, then users won’t see inline attachments at original locations as it will be treated as an attachment and would be displayed as a separate document after email pages. The user would also notice loss a of some rich text effects (e.g. fonts, tables, signatures, email importance, etc.).

Safety Capture Email Import is a generic module like any other InputAccel module which could be used for email capture requirements in any industry or domain.

More Safety Capture solution advantages

Sitrof Safety Capture solution captures unstructured source documents (paper, fax, digital and email) related to adverse events. It converts captured unstructured content into standardized images and adds additional qualifying information (attributes /metadata). The images and their attributes are temporarily retained in the system and then released to the Oracle Argus system for intake and further pharmacovigilance related processing and reporting.

Solution benefits:

• Fully integrates unstructured adverse event documentation into Oracle Argus Safety
• Supports all adverse event source data regardless of the original format, including paper, digital, fax, e-fax, email with or without attachments, and voice records, and transforms the source data into searchable digital records
• Supports both high- and low-volume capture requirements
• Promotes centralized storage and more efficient access to documents
• Promotes a more globally distributed model for case processing
• Does not involve customization of OOTB InputAccel modules e.g. ScanPlus, IndexPlus
• EMC Certified Capture solution for validated environment in the life sciences industry

Here is link to the Safety Capture solution details on the EMC Solution Gallery: https://gallery.emc.com/docs/DOC-2677

Working in conjunction with Oracle Argus Safety, Sitrof Safety Capture improves a life sciences company’s end-to-end pharmacovigilance (Phv) program by providing a holistic view of product stewardship-from clinical trials through post-marketing surveillance. Safety Capture transforms unstructured adverse event (AE) source documentation into easily searchable digital records, and automatically creates entries in the Argus Intake Worklist.

Benefits of Sitrof Safety Capture include:

• Fully integrates unstructured adverse event documentation into Oracle Argus Safety
• Supports all AE source data regardless of the original format including paper, digital, fax, efax, voice records, and email with or without attachments. The solution then transforms the source data into searchable digital records
• Scalable solution that supports both high and low volume capture requirements

“This certification marks a significant milestone for both Sitrof and EMC,” said Bryan Reynolds, co-founder and managing partner of Sitrof. “In addition, the EMC Certification further illustrates our domain expertise delivering meaningful solutions to the life sciences market place. Sitrof Safety Capture, takes much of the labor and expense out of the intake of unstructured adverse event (AE) source documentation enabling life sciences companies to meet the rigorous timelines that are defined by regulatory agencies for adverse event reporting.”

About Sitrof
Sitrof Technologies offers proven IT and content management solutions that allow Tier 1 and Tier 2 life sciences firms to streamline and automate regulatory affairs, safety, pharmacovigilance, compliance and quality. Backed by decades of industry knowledge and world-class industry partnerships, Sitrof has saved life sciences clients millions of dollars and countless months of time. For more information visit http://www.sitrof.com or follow on Twitter @sitrof.

Sitrof Technologies, today announced that it has been selected to join the EMC® Information Intelligence Group Consulting Preferred Partner Program (C3P). C3P is a new EMC program that consists of a small group of elite, “go to” partners who will work in conjunction with the IIG Consulting team to drive customer success. C3P partners, like Sitrof, have been selected based on their certified, highly-skilled consultants and proven track record of meeting customer requirements with EMC® Documentum®-based technology.

Sitrof offers life sciences firms proven IT and content management solutions to streamline regulatory affairs, clinical trials, safety/pharmacovigilance, compliance and quality assurance processes. In joining C3P, Sitrof can work with EMC’s IIG Consulting and Partner teams on joint selling opportunities and customer engagements. Sitrof has undergone rigorous testing and certifications to demonstrate their abilities to meet the high-quality standards customer demand for business-critical solutions.

“EMC is pleased to welcome Sitrof to our Consulting Preferred Partner Program,” said John O’Melia, Vice President of Worldwide Services for the Information Intelligence Group division of EMC. “Companies around the world rely on EMC and our trusted ecosystem of partners for solutions to transform their business. As a C3P partner, customers will have confidence in the quality and consistency of delivery provided by selected partners such as Sitrof.”

“Our team of business analysts, solution architects and software developers has unparalleled domain expertise in the all Documentum-based technology, including Documentum D2, as well as a deep understanding of issues facing life sciences companies today,” Sitrof Co-founder and Managing Partner Bryan Reynolds said. “In joining C3P, we are pleased to be able to take our expertise to the next level to better enable life sciences companies to streamline their information management and ultimately their operations.”

About the EMC Information Intelligence Group Product Offerings
EMC Information Intelligence Group (IIG) provides enterprise software and cloud-based solutions that connect information to work. Its content management, intelligent capture, case management, and customer communications software and services solve the most complex information challenges organizations face today – from compliance and governance to streamlining mission-critical business processes – on premise or in the cloud. IIG also provides secure online file sync, sharing and collaboration capabilities while giving IT control and visibility into where content is shared. By connecting the right information with the right people and processes, EMC IIG solutions prime organizations to make insightful, informed decisions securely with heightened business and IT efficiency, and reduced operating expenses.

About Sitrof
Sitrof Technologies offers proven IT and content management solutions that allow Tier 1 and Tier 2 life sciences firms to streamline and automate their regulatory affairs, safety/pharmacovigilance, clinical trials, compliance and quality assurance processes. Backed by decades of industry knowledge and world-class industry partnerships, Sitrof has saved life sciences organizations millions of dollars and countless months of time.

Founded in 2000, Sitrof is a privately held, profitable company headquartered in Princeton, N.J. In 2012, Sitrof was listed on the Inc. 5000 list of the fastest-growing private companies in the U.S. For more information visit http://www.sitrof.com or follow the company on Twitter @sitrof.

EMC and Documentum are registered marks of EMC Corporation in the United States and other jurisdictions.

The FirstDoc Enterprise suite has a respectable footprint in the world of pharmaceutical electronic document management systems. This competitive edge substantially relies on FirstDoc’s configuration model.

Yes, Documentum has been, technically, configurable since 4i. However, 4i’s configuration model is convoluted and arcane to the average user. Most moderately complex requirements would still involve server-side coding in either DmBasic or Java. Creating a completely new Documentum application would involve a full-length customization project.

FirstDoc succeeded because it inserted a layer of abstraction between business users and the intricacies of the docbase object model. This facilitated requirement-gathering workshops and communication with the end-user. The FirstDoc Development Kit (FDK) constituted a more robust, easier-to-understand configuration and customization model than what Documentum had at the time. FirstDoc introduced prepackaged “Vertical Applications,” which took customers most of the way to a usable Documentum implementation. Customization, previously a requirement, was discouraged due to downstream costs during upgrades and maintenance. Configuration became the norm. Projects completed quicker and less expensively, opening the world of document management to smaller pharmaceutical companies.

The picture has remained the same for a decade. From the point of view of the configuration model, Documentum 5 and 6 brought little new to the table. It is only with the advent of Documentum D2 that a real challenger has come forth to chip away at FirstDoc’s market share.

Now, let us break out a few key features and examine them further.

Logical Document Classification

An EDMS configuration model, at its core, must implement a means of mapping the various business rules and requirements to the documents they affect. The traditional Documentum model links functionality directly to the physical object type. This proves cumbersome in practice, particularly when the customer decides to specialize behaviors in a granular way.

Here, FirstDoc implemented a logical document type. Various document types often share the same underlying object type. These document types are further qualified into subtypes, units and, optionally, subunits. Functionality mostly maps down to the document subtype level, though, on occasion, the document unit is involved. Although this simplified the sharing of configurations across similar documents, it still proved to be somewhat restrictive. Later versions of FirstDoc introduced a “config locator.” This construct allows querying for the applicable configurations that govern a given piece of functionality. It is a significant improvement, but it comes at the cost of added complexity.

D2 introduces the concept of configuration “Contexts”. These are pliable organizational units defined by an object type, but with an additional qualifying clause (e.g.: Standard Operating Procedures having a date past the periodic review deadline.)  We can now efficiently zero in on the exact set of documents we mean to configure. We even get a convenient moniker for the documents in the context, which strongly maps to the requirements documentation.

The contexts defined for an application appear across the top in the remarkably user-friendly “Configuration Matrix.” Down the side of the matrix, you will find the various configuration elements. If a configuration element applies to a context, it shows a checkmark at their intersection. The matrix evaluates from left to right. Configurations that are more general should appear towards the right, so that the more specific ones will take precedence.

The act of configuring a D2 application consists primarily of defining the elements, specifying the contexts, and linking them together in the matrix. Please note that I am not forced to resort to naming specific configuration object types. There is an easy-to-use configuration graphic user interface: D2 Configurator. It installs on the web application server alongside the D2 Client.

Vertical Applications

Although FirstDoc is, by design, a generic configuration and customization layer, its makers almost exclusively utilize it in the Life Sciences space. This takes the form of what are termed vertical applications. If you envision the Documentum platform in an architectural chart, it appears as a broad block underlying the entire application. Above it is the FirstDoc Enterprise layer. On top of that, you would find vertical blocks representing preconfigured applications with specialized concentrations.

In theory, you would be able to install multiple FirstDoc applications on the same repository. In practice, FirstDoc applications do not coexist well. You may be able to customize FirstDoc to do so, but this undermines the concept of configurable applications.

D2 applications are conceptually isolated from each other, in a way that should allow coexistence. More to the point, EMC Documentum is producing several vertical applications for the Life Sciences industry. LS Quality & Manufacturing has already been released, and soon (2013) we will see eTMF and Regulatory solutions. There are a few more verticals in the pipeline beyond Q2 2013.

EMC is investing in improving these vertical applications, with the assistance of its partners.

Installation and Configuration Management

Some of the strongest capabilities added to D2 support installation and configuration management. When you want to create the installation package, D2 produces two items: A Documentum Application Archive (DAR) and a configuration ZIP file. Installation consists of loading the DAR and importing the ZIP file using the D2-Config interface.

Did I mention that D2 can automatically produce a configuration specification document in PDF form? Not only that, but if you create an update of your application, it can also produce a document describing just the delta. This valuable tool is sure to save a lot of time when producing system documentation.

Installation in FirstDoc has seen a long evolution. It went from having to execute a long list of manual steps, to executing a wizard on the server. The later versions of the installer constitute a vast improvement, but installation still takes quite a while to run.

The preparation of the InstallShield-based wizard is, however, a difficult process. This task is better left to the more experienced developers on the team. Let us assume you took the parent vertical application and added your own configuration. You will then need to use the FirstDoc Configuration Management Utility; a capable but arcane command-line driven tool. The FDCMU export step requires significant configuration. The exported files are then included with the one for the vertical, producing a custom installer for your application.

Upgrade installers are possible, but you will likely execute the FDCMU step outside of an InstallShield wizard.

The FDCMU exports configurations to XML files. You could generate a PDF document based on these files via another command-line tool, packaged with the FDCMU. The PDF output is adequate but you will need to engage in style-sheet development to make it less unsightly. Deltas are not supported out-of-the-box, as far as I recall. It is worth noting that the FDCMU license is not included with FirstDoc. These capabilities are typically known, and used only by CSC Resources, plus adventurous licensees of the FDCMU.

Customization

One point where FirstDoc retains an advantage is in the area of customization. Both the server-side constructs and the client are customizable. This advantage will lessen once D2 4.0 introduces custom widgets and a web-services-based API. D2 developers will then be able to either extend the D2 Client or create their own.

Conclusion

D2 constitutes a solid reboot of Documentum’s capabilities for creating configurable applications. It is also evidence of EMC’s increasing focus in providing solutions rather than just platforms.

The Life Science verticals will expedite project implementations and reduce total cost of ownership for our customers.

The simplified packaging and installation model will translate to reduced costs of implementation.

Finally, please note that D2 Client interface does not utilize Documentum Webtop. Although Webtop did in fact free us from having to deal with the dreadful RightSite web interface, it is dated technology. FirstDoc, as a product, unfairly receives much blame for what truly are Webtop’s limitations. However, FirstDoc will continue to carry this ball-and-chain for at least six to twelve months.

Case Study: Captiva’s InputAccel Product as a Document Capture Solution For a Major Pharma Company

Overview

An organization’s information represents valuable intellectual capital that can be an asset or a liability depending upon how it is managed. Unfortunately, today’s business organizations are faced with a “triple whammy” of:

• explosive growth in the volume and complexity of information
• increasingly rigorous standards in the legal and regulatory environment, and
• ongoing exposure to risk and rising costs.

The situation becomes even more complex for life sciences organizations where mergers and acquisitions (M&As) are becoming the norm such that post-merger/acquisition, companies find themselves with huge volumes of content and multiple repositories of compliance, regulatory, clinical and other mission-critical documentation that are now are scattered across the enterprise.

Strategic planning is concerned with two key questions: “Where are you now?” and “Where do you want to go?” Tactical planning is all about how you are going to reach your strategic and operational objectives.

Not surprisingly, many life sciences organizations find themselves in “reaction” mode trying to keep up by expanding and/or upgrading existing information silos and employing ad hoc content management approaches that can be implemented fairly quickly with familiar technology. All of this leads to disparate and unreliable solutions for e-discovery, regulatory compliance, records management, and storage management.

Possibly beneficial in the short term, this reactive approach can also render an organization vulnerable when it comes to managing compliance and legal risks.

Consequences of “Information Silos”

Three common failures of information silos include: duplicate data copies across silos; inconsistent searching, and disjointed retention policies. Combined, these weaknesses result in loss of data control which negatively affects not only legal hold and e-discovery initiatives, but every other compliance and regulatory initiative that life sciences organizations must handle on a regular basis.

The consequences of regulatory non-conformance and e-discovery mistakes run the gamut from attracting unwelcome publicity, to additional costs for correcting non-conformance, civil sanctions, legal judgments fines, and criminal adjudications not to mention other costs associated with inefficient data management. In this light, gaining control of enterprise data, legal risk and regulatory compliance is becoming an increasingly significant business imperative.

Many organizations are tackling the data explosion head on by viewing technology not just as part of their overhead, but as a key strategic asset. In particular, they are seeking proactive and holistic approaches that will lay the foundation for creating new efficiencies in every aspect of information management while providing a foundation for growth, risk management and organizational excellence.

With a number of technology options available, the question becomes “What is the best approach for moving forward?”

Gaining Control with Enterprise Content Management

One option is to implement an Enterprise Content Management strategy, known as “ECM.”

Although there are a number of definitions for ECM, at its core, it is comprised of integrated strategies, methods, and technologies that consistently manage all critical business content and the processes around it in a manner that enables an organization to maintain the delicate balance between:

• achieving business objectives
• accommodating collaboration needs,
• fostering technology innovation, and
• complying with eDiscovery and regulatory requirements.

ECM is primarily aimed at managing the life-cycle of information from initial publication or creation all the way through archival and eventually disposal. Central to this strategy are the tools and technologies of ECM, which create, store, distribute, discover, archive and manage unstructured content and ultimately analyze usage to enable organizations to deliver relevant content to users where and when they need it. Some key features of ECM include:

• Enterprise search capabilities to support data cleanup and systematic archiving
• File Intelligence capabilities to identify content with low business value enabling organizations to defensibly delete content.
• Automatic enforcement of consistent organization-wide records management policies
• Audit trails to track the entire lifecycle of records
• Ability to classify and file records according to determined schemes
• Automated control over the lifecycle of records
• Identification of records due for final disposition

Meeting the ECM Challenge

ECM can help organizations cut costs, maintain agility, and preserve oversight of enterprise information. But, while ECM systems provide many benefits, some organizations have found out the hard way that the technology is only one piece of a successful implementation.

Implementing ECM is a process that must address the concerns of diverse stakeholders from throughout the organization. This includes business owners, as well as IT, Records and Compliance Managers. These groups do not often work from a common understanding of the problem. Each has their respective areas of expertise and terms, so it can be difficult to come together as a cohesive unit to create an enterprise program that will solve the problem.

If you understand this dynamic and develop an ECM solution that incorporates open communications, shared vision, careful planning and strong leadership as the foundation of its implementation, you will be well on your way to protecting your organization from risk and meeting regulatory and legal requirements in an environment where your information is a well-managed strategic asset.

Tips for Successful Planning and Implementation

As discussed above ECM is a technology platform that can encompasses a number of different technologies, including some or all of the following: document management, web content management, search, collaboration, records management, digital asset management (DAM), work-flow management, capture and scanning.

As you can imagine, the implementation of ECM is complex, but the key is to “reign in” and manage the complexity with a combination of strategic and tactical planning along with the implementation of an information architecture that provides consistency, enables enterprise adoption, and addresses all of your security and compliance needs.

Strategic and Tactical Planning for ECM:

Strategic planning is concerned with two key questions: “Where are you now?” and “Where do you want to go?” Tactical planning is all about how you are going to reach your strategic and operational objectives. Both types of planning are critical for an ECM technology project.

Below is a list of some of the key items to consider:

• Know where your current data is and what data needs to be managed.
• Review all of your current your record creation, maintenance and storage systems and analyze the gaps between current capabilities and desired functionality based upon requirements.
• Define your requirements from a management, process, compliance and end user perspective.
• Involve all key stakeholders in the planning and requirements gathering process
• Use the opportunity to meet with key representatives from each business unit/organization both to gather high level requirements and to identify possible improvements of managing the content. Also meet with regulatory representatives and understand their perspective on content across the enterprise
• Obtain buy-in from senior leadership to ensure organizational compliance and cooperation.
• Develop a comprehensive ECM strategy and roadmap, that includes change management as a core component
• Create an enterprise metadata strategy and taxonomy.
• Develop compliance strategies, policies, and procedures.
• Apply industry standards and develop best practices to secure business-critical information throughout its entire lifecycle..

The Link Between Technology Implementation and Compliance:

There is a direct correlation between effective technology and compliance, and end user adoption and consistency are critical factors affecting an organization’s ability to achieve the full benefits of ECM.

When selecting, designing and implementing ECM consider the following:

Consistency and Accountability: Select a system designed to provide a consistent user experience with vendor accountability throughout the process: For example, one company, EMC historically relied on partners to build and provide content process applications. But, today with the introduction of DB2 as part of their enterprise content management offering, the application layer and repository are built and supported by the same vendor. What this means to the organization is accountability throughout the process, dependable development standards, l and simplified training – all of which supports increased efficiency and effectiveness of workers sharing data.

Ease of Use: If a new system is too hard to operate, users won’t adopt. Think about a typical transaction on Amazon.com. Most people can research products, find what they want, ship it, pay for it, track it and even return it without a single training session. If it’s too difficult individuals will get off-line regardless of cost and effort. The same is true of technology. Of course, training will be needed, but for compliance objectives to be reached the system has to be used, and used correctly. So, look for a system that provided an intuitive interface with the ability to be configured to meet user requirements.

Configuration vs. Code: Look for a system that can provide a truly configurable user experience that can meet nearly 100 percent of all user requirements. For example, with the introduction of Documentum D2, the company, EMC, has removed the need for custom coding in order to meets its client’s needs. The configuration approach simplifies the user experience and enhances the productivity of knowledge workers by easily tailoring their user experience for their specific requirements. It expedites project implementations and reduces total cost of ownership while enabling life sciences organizations to build and deliver content centric solutions to meet the needs of the business.

What this all means for regulatory compliance and managing eDiscovery is that administrators will have the ability to maintain consistency of ECM rules and policies using a configuration based information management approach.

Conclusion

Juggling the often competing objectives and complex requirements for information management, risk mitigation, and compliance—can pose a daunting task for any organization But, with careful planning and a solid implementation roadmap, life science organizations will be able to implement their strategic vision and foster innovation through proactive imple¬mentation of ECM that leverages a combination of policies, processes, and technologies to manage enterprise information at all levels.

Sitrof Technologies, a leading provider of IT and document management solutions for the life sciences industry, is proud to support The 2013 Avoca Quality Consortium Summit, “Striking the Right Balance Between Time, Cost and Quality.” The event will be held May 8-9 at the Westin Princeton at Forrestal Village in Princeton, N.J. As a Host Sponsor, Sitrof is pleased to host breakfast on the second day of the event.

This year’s two-day Summit builds upon the Consortium’s successful launch year and the momentum established during last year’s inaugural meeting. Click here to register for this important gathering of quality, outsourcing and operational professionals and be part of the discussion.

Consortium Agenda

Day 1: Tuesday, May 8, is a Consortium members-only strategy session. (Open only to members of The Avoca Quality Consortium.)

Day 2: Wednesday, May 9, is an industry-wide symposium open to all professionals and will include a full day of executive round tables with interactive audience and small group discussions on key topics including risk assessment and risk management, creating a culture of quality in a changing regulatory environment, and change management strategies for ensuring success.

“We are proud to support this important industry consortium,” said Bryan Reynolds, managing partner, Sitrof Technologies. “By working with The Avoca Group and Sitrof Technologies, life sciences companies can be assured they are implementing best practices in relationship management and quality management based on the most up-to-date, validated technologies and Business Process Management platforms. Our award-winning solutions have been deployed in dozens of life sciences companies including CROs, IRBs and other life sciences service partners in clinical trials, quality management and regulatory affairs.”

About Sitrof Technologies

Sitrof Technologies is a profitable, privately held company with its headquarters in Princeton, N.J. They provide premier consulting and technology solutions that enable life sciences companies to improve efficiency and mitigate legal and compliance risks. Sitrof’s mission is to provide affordable, state-of-the-art software and processes to maximize information assets. They deliver customer-focused, vendor solutions that exceed expectations while delivering maximum value. For more information, visit http://sitrof.com/

About The Avoca Group

The Avoca Group is an industry-leading organization providing survey research, consulting services and training in the areas of clinical outsourcing, business development, strategic alliances and client service. Founded by industry veteran Patricia Leuchten in 1999, the company works exclusively in the healthcare industry and has a focus on relationship management. Avoca’s clients include top five pharmaceutical companies and global contract research organizations as well as small companies seeking aggressive growth within the healthcare industry. Led by The Avoca Group and sponsored by Eli Lilly and Company and Pfizer, Inc., The Avoca Quality Consortium brings together quality, outsourcing and operational professionals from member pharma, biotech and CRO organizations to accelerate the development of best practices and industry standards for proactive quality management. For more information visit http://www.theavocagroup.com