Streamline Your Document Processes with Crm Deal Management for Life Sciences

How to create outlook signature

welcome thank you for joining our customer relationship management best Practice series webinar I'm Becky Melody your Hostess for today's presentation Larry isacson usdm practice leader will be presenting the discussion today will cover introductions webinar Logistics our discussion topic the CRM compliance challenge for Life Sciences if you do not see the presentation slides on your screen please click on the CRM tab at the top and center of your screen and they will present the usdm team is proud to have Larry in our leadership role he offers 20 years in the application of GXP compliant it technology in life science organizations Larry has experience in manufacturing software development and clinical and laboratory Contract Services management environments he recently led the implementation of and validation of FDA regulated Global Erp laboratory in Quality Management Systems major project there uh he has experience in establishing it and quality strategy project and change management programs Larry has held the position of director of it in Pharma biotech and medical device companies and hold an MS in pharmaceutical research Sciences usdm is focused exclusively in the life science domain where the market leader in providing it quality and Regulatory it compliance and Professional Service Solutions our various dedicated practices include PLM Erp CRM GRC ECM clinical and drug safety we're the compliance partner for many best of breed vendors including agilant Sparta systems openex ECM Oracle and sap we are headquartered in Ventura California and we've delivered more than a thousand successful projects with over 130 life science clients we offer hands-on experience assisting clients under regulatory distress we're great with remediation there and we are the market leader for validation accelerator packs the content today will be covered in approximately 30 minutes and then we'll invite you to post questions for our team via the iink message board on the left of your screen or you can join the discussion on LinkedIn and post questions there if your question happens to be of confidential nature please contact me directly it's R Melody at us dat management .c and we'll have that on the uh summary presentation slides thank you again for joining us today and now we'll turn the presentation over to Larry thank you Rebecca and thanks everyone for joining us uh today we wanted to cover the uh emerging impact of CRM on the compliance uh domain in life sciences uh this is something that has been uh creeping up gradually over time and uh um many companies are now turning their attention to it as they've realized this is becoming a major conduit uh for information Beyond supporting the Salesforce and forecasting so what we're going to talk about is the factors driving the transition of CRM in the Enterprise what's been changing where did it start how do we get here and where are we going uh and what the uh new compliance requirements that come along with these new roles of CRM uh means um from a management and risk for perspective uh we also want to address another emerging Trend with CRM is the Outsourcing of it to a SAS environment along with many other applications this is where we've seen uh the the first uh adopters pushing out major corporate application is typically CRM and how to deal with that in terms of protecting yourself if you are running compliant transactions across CRM what the SAS migration could mean for you uh and and then uh we'll do a summary as well the four questions so as you're probably aware uh you know what we call CRM customer relationship management uh has evolved from what started as Salesforce automation tools back in the mid to late 80s especially in big farmer where um major increases in the size of the Salesforce had occurred and uh it was very difficult to manage uh the impact of these larger sales forces and able to handle all the data and laptops had become affordable at that time so people started rolling out relatively crude Salesforce uh packages uh which were typically uh you know Standalone types of systems that weren't integrated with the Erp uh which caused a lot of consternation in terms of uh people trying to integrate these as they went along often these focused on you know establishing a customer database which often had been done in an ad hoc manner before even in large companies um and so this s sort of focused people on uh the content of their customer database uh obviously we were tracking uh traditional field sales activities who are they visiting what's going on who are the contacts uh what were the results and what are the next steps were're typical of a sales call and uh most importantly was tracking much better than in the past the financials um against budgets and targets for the Salesforce and calculating commissions uh territory issues uh so that was the focus Fus originally of of of Salesforce automation as it was called SFA and later uh as uh the the role of the salesperson evolved as more of a customer service rep uh besides just doing detailing they were able to use the CRM or the Salesforce tool to do order inquiry so there was the first uh integration with in a readon manner with uh with Erp or uh you know warehouse management systems at that time and many many of these systems then were best of breed so they weren't integrated Erp systems early on uh so custom interfaces were utilized to enable um inquiries for the customer in real time at the same time product presentation tools uh became integrated with these Salesforce tools so that down new campaigns could be managed electronically by downloading them to the Salesforce and even remote training in a crude way started early on uh in in these tools they were still considered Salesforce automation tools but as things evolved the integration to the back and the back end to call center and CTI consumer uh telephone integration computer telephone integration started and so the a more holistic approach to managing the customer interface was taking hold using it as an intermediary so you had more sophisticated activities going on on the Salesforce side with and then um a backend process that was creating a unified database of all the customer contact and that's where you first saw the concept of customer relationship management coming on in the 90s um and uh then also uh product utilization databases from outside sources were used to identify um High you high high prescribers to help Target the Salesforce to uh do their sales calls in the most beneficial Manner and to segment the um the audience uh so to speak the customer base um by utilization profiles and patterns uh so the in this way the sophistication of C Salesforce automation tools and evolving to customer relationship management packages um expanded based on the interface to Erp modules that became more and more of a classic standard expectation and other systems along the way um such as the um in order to feed customer databases and try to reconcile different customer databases across the Enterprise and then more recently you've really seen a big surge in CRM Evolution as uh Web 2.0 uh has has evolved to the point of being a realtime process the latest crms are uh in include interactive Communications and social networking interfaces not just among the Salesforce but also with their uh customers and this is becoming a very uh interesting and dynamic area that has yielded great benefits uh to sales organizations um it's evolved from you know order inquiry to order entry and Order Management on the part of the Salesforce um along with the sample Inventory management this has always been an area of concern for uh Pharma companies uh managing how samples are are handled and with the new uh uh regulations Associated uh with uh management of samples and the and the spending going on on the marketing side uh with new regulations this becomes even more crucial and the CRM is becoming a conduit for management of that since that's the interface to the sales team and other field Representatives uh customer complaints are now starting to come through crms as the Salesforce is the is the customer facing the the most direct customer facing arm along with call centers uh the the Salesforce and the call center are now feeling customer complaints uh which also involve a new level of regulatory types of activity coming through that conduit and uh even uh now in terms of the um pedigree laws going on with products and medical devices an example uh in some cases very uh highly Specialized Sales forces are involved with the product delivery and the uptake in case of surgical procedures even to be able to track um product uh through to the utilization of the product for highly specialized products uh so there are special extensions to the CRM effectively going on to be able to track right down to the the utilization point when the salesperson could be involved so uh when you start looking at all this there's definitely a substantial impact on the compliance requirements that come along with um the uh this type of transaction so uh that includes GMP pdma and even socks uh potential issues um as you start uh looking at individual transactions uh and their impact on traceability the problem is that uh few Legacy CRM systems are built or manage to compliance standards this has just not been on the radar of product managers and project managers uh traditionally the Salesforce has been a separate area um that compliance apart from the financials were often not really an issue and that's changing so that creates a gap for it to be managed one of the ways we like to look at usdm at impacts of changes regulations and changes in business process on the Enterprise is using a holistic model um like this one and uh what we uh like to do is look at the Enterprise as a series of parallel uh processes uh some of which are finished to start relationships and some which work in parallel and support one another so if you look at this example um along with the dependencies in terms of systems if you look at R&D uh you've got your therapeutic Target being transformed through a number of processes and supporting systems uh to a submission um once the submission is made to the FDA and becomes a product whether you're talking about it pharmaceutical agent or medical device um you're in the sales cycle and there there's a sales cycle that's potentially unique to each industry and each product where a prospect is going through a series of well-defined Cycles to become a customer and this is supported with a CRM or Salesforce automation tool variety of different tools um to track that process and manage it um in order to get that first order so at that point you've now evolved that customer to be submitting orders and the wide variety of systems exist to process that order and turn it into cash and that's where a lot of the activity uh in terms of it um consideration is focused and Regulatory consideration that management of that whole process um is is often the Mainstay of it programs uh in order to make that work in a compliant manner in the Life Sciences realm of course we've got our parallel quality and compliance at processes and systems which are tightly coupled to the order processing and the logistics associated with delivering orders and to uh to track to ensure traceability is maintained and and uh everything is in concert with its certified standards and uh in this area we have our Quality Management Systems of a variety of of types where Capas and changes to the process or to systems are resolved in a compliant manner in a documentable manner for purposes of audit um compliance and underneath all of that you've got your Finance it and HR your shared services um with your underlying Erp and finan Financial systems your hris and your software development and system development life cycle which which enables you to evolve these systems and processes in a compliant man in ance with what's happening up here so in general you end up looking at these as individual uh processes from an IT perspective with Integrations across them now what's been happening this model has evolved now to be more complex obviously I can't uh in this typee of slide demonstrate all the complexities in the gray areas uh and some of these lines are not exactly solid lines any longer but they're really dotted lines um but what's happening primarily is that the CRM now exists in two locations it exists in the sales cycle and it exists in the Erp order to cach cycle where uh issues of all kinds are getting res resolved um by the Salesforce or other field reps um and turned into resolutions uh as part of the customer support model and they're tightly coupled because we're much more of a real-time uh processing organization and customer issues and complaints are are processed through our systems in real time in a more unified manner that's our goal overall with it strategy is to bake these capabilities in in a compliant manner um so that we can be a real-time responsive organization glob um from a business model perspective so this creates uh more complexity for the CR and more complexity for the quality management side of the business because now it's managing a dual-purpose CRM system um and uh that creates some challenges for the organization so what's the impact of compliance requirements uh on CRM uh as these new capabilities are being baked into CRM um and they're effectively becoming an extension of pre-existing regulated systems such as Erp um you are now having concerns related to the platform that CRM is on is it a qualified platform can portions of the application as you start adding these capabilities to CRM be validated uh selectively um based on the function because there are certain certainly large areas of CRM ter of traditional Salesforce management or you may not need to apply GMP standards for testing and validation um clearly Change Control becomes an issue when you start moving into this area in terms of being able to demonstrate that the system is working consistently um and that the associated Quality Systems what and it's all about auditability if you're starting to Route customer complaints through your CRM which may end up going into other systems for process think um your quality system or your adverse Evan processing system if that came to that um or um you know other types of inventory management systems and Reporting systems if your crn is in the path it becomes uh subject to the same levels of rigor of consistency and quality that your Erp system would typically be be assigned now the architecture of the CRM could determine how significant that impact is if you suddenly are laying these new types of transactions through the CRM uh what's it going to mean uh uh to your architecture if you've already got a C if you've bolted your CRM into your Erp system and it's coming as part of a suite and it's running on the same platform internally you may have a lot less impact to worry about because you've already got a qualified platform um however if you're uh running it on a separate internal platform that's never been considered a compliant platform you may find yourself needing to establish a qualified status for that CRM and even though only a portion of the CRM may be utilized for these types of transactions from a platform perspective it's either all or none uh it's it's either under control and it's well characterized as a platform to run these transactions through or it's not um and then if it's a sasp operation if you've outsourced this then you have a much greater potential impact to your platform and you know why is that is because now you've extended out your model to a third party and that third party if they are supporting a regulated compliant application for you has to meet the same standards and be able to demonstrate that it's Meeting those standards in the same way that you're having to do T typically for your internally hosted applications it certainly isn't allowable from the stand or or advisable to be telling an auditor well I've sent this out to soand so Corporation who I trust implicitly they're sas70 and so that should be good enough if you haven't done the proper supplier Audits and you've not got a qualification package to go along with it otherwise people could uh circumvent the regulatory requirements by Outsourcing their applications which is certainly not the intent so this is a key principle that I'd like you to keep in mind as you look at at SAS in general for any compliant application is that you can't accept a lower standard of documentation and compliance activities for it um than you would have to do if you hosted it yourself so what does that mean in terms of your your compliance model for CRM if you start moving into a SAS environment which is becoming extremely Pro popular and of course financially is very you know justifiable first look at uh what the model is when you're um hosting internally uh on your own in your own data center uh which presumably has been set up to handle qualified uh applications or compliant applications you've got uh your GMP let's say business process or this could be glp or gcp um in this case it's CRM which may be processing GMP transactions um and you've got an internal it organization which is supporting that that process with its own internal applications and infrastructure platform which has been qualified within your own qms quality management system by your quality organization and you've got a shared set of slas uh around this process that field represents a shared qms and a shared itla where uh up to a point people are all on the same page as what the standards are and from an auditability standpoint you can document the standards that have been um utilized to establish that compliance so that's a very nice place to be from an appliance perspective once you move to a SAS based CRM or any depliant application uh you now have two Quality Management Systems your own which you've now become a client of a vendor in this case for this important process so you're now a client with your own internal quality management system that you're accountable for and the vendor's quality management system which you're also accountable for um you also have H your own internal it organization which is managing this process in terms of how data is being moved back and forth and you've now got a vendor it organization to deal with and how are they being managed and how compliant are they um between your SAS application and infrastructure platform and your GMP or glp business processes or gcp business processes so you've got this SLA Gap for your it organization and you've got a GMP or GXP compliance Gap that has to be addressed and the question is how do you address this Gap so if an order comes in and says oh I see you've outsourced this compliant application along with it changing the platform and changing the provider possibly even changing the database and possibly upgrading it if it's the same package how did you manage that you have to be able to have some good answers to that how do you know it's still compliant so one of the ways to help you address that is to start looking at um what has changed you know we talked about this already uh you before you were internally hosting it perhaps or perhaps you didn't have it at all perhaps you went directly to assass organization but the pro the usual base is that you had this internal in some Legacy system um now you've got hosting management by a service provider and there's a potential loss of control here um you don't have real-time oversight of your own staff any longer um the training activities and documentation that usually comes along with that is now happening somewhere else on your database uh you might have had a single tenant model with dedicated Hardware or even a virtual system with a physical database server uh your outsourced solution might involve a multi-tenant database or it may have a single tenant database but a multi-tenant application base so you've got to be able to address the security and availability risk associated with whatever that vendor's model is um obviously you've got an internal quality system governance before now there's an external and an internal quality system governance that uh and that accountability has to be there from A supplier standpoint in terms of auditability when it's all internally hosted you've got accessibility for audit at any time that you want to do it or that the FDA shows up or an internal auditor shows up you know where everything is you know where the documentation is um you can respond much more quickly typically to an audit uh if you now push it out to a third party there's a negotiated audit process you may not have uh unlimited access you may have a certain amount of lead time that you need if someone wants to put their eyes on something and how it's being managed and what the logs look like so there's some uncertainty now that you have to manage uh uh when you make this type of of move obviously you had internally determined schedules and policies for Change Control if you're controlling the it organization and the application internally um then you are really in charge of change control and you can manage it in association with how the business needs it or doesn't need it just because the vendor sets up a sends out a new package or um even a security update to an operating system that doesn't mean you have to apply it you can assess it and determine yourself when it's going to happen um now that becomes externally controlled and what we've seen in real time is a significant Clash of of what of what the client or the sponsor of the regulated application would like to do and the vendor needs especially for certain types of SAS organizations where they are using an Agile development process versus what might be more typically a waterfall process process inside a life sciences company for you know I have a critical application um with when it changes it has big business issu roll out issues um it might look more like a waterfall than an Agile development process so uh these are some of the transitions you'll need to be able to manage so a lot of what we do is of course um helping people deal with this ahead of the fact or after the fact we prefer to do it ahead of the fact uh we recommend that you perform an on-site audit uh covering all the key uh compliance areas from an IT perspective ahead of pushing out to ass sass solution whether that be CRM or any other application domain uh this gives you a heads up of you know what's the vendor's true compliance status what's their mentality about that how good are they at documentation um what's their partnership with their data center if it's not their own Data Center and we have seen people be surprised later on after having done the this move that it's actually another thirdparty data center not the not the software vendor who actually is providing the software application itself there are a lot of vendors out there who are getting into this business but you'll be finding that logically they are using a third party data center which they may not have full control of um we for that reason obviously it's a good idea to have service level agreements as you would with any vendor um uh specifically covering the SAS supplier so this is in additions to your licensing um this has to do with how the SS operation is being managed and uh the associated operational considerations there um by the same we also recommend for SAS uh applications that are compliant that you have a quality agreement a formal quality agreement with the supplier just as in manufacturing when they're dealing with any types of external contract manufact in or if they're dealing with raw material providers or service providers they have a quality agreement in place when you start pushing these types of real-time applications out to third parties we recommend this is a very big tool um for you to get a true understanding of of what the compliant models is going to be I think your your QA organization will very much appreciate the fact that this is in writing um and the process of negotiating this is really where where people really get a lot of understanding what what they've got in front of them uh obviously you want to look at the databases and how they're being deployed how they're managed the interfaces between your uh your vendor and you in terms of your corporate core systems are are going to be qualified and validated so if you've had this internally and now you're pushing these interfaces out over the web uh with secure transactions that has to be addressed in terms of your compliance State and how that's being managed obviously you want clear rights to your information it's your information you have to know what's going to happen if that vendor goes out of business or gets sold um and how you're going to be able to get access to it for water purposes um think about Disaster Recovery um and uh you know backup RIS restoration if there's a need for that and most importantly um we recommend that you have a qualification package for your specific deployment not a generic one that says this is how we generally do things and trust us your system was deployed and tested the same way you want to see the specific results for your deployment whether that be a virtual machine or a physical machine that shows that these specific activities were done just as you would if you did this within your own data center with your own servers by the same if you're having a disaster recovery service uh contracted for you have to be aware of the fact that if that ever happens if they do Transition to a to a alternate site for disaster purposes at their own facility um that disaster site has to have a qualification associated with your application if you're going to run in production if you're just running for purposes of emergency situations um and not trying to run your production operation from that disaster site that might be different assuming you've covered it in your Sops but this is something that needs to be looked at if you want to have a failover in real time to a disaster recovery and keep working in production um that site needs to be qualified just as the primary does at some level don't accept sas70 or ISO certifications as aisal into a part 11 platform certification or standard of compliance because that doesn't work for your posting in your own organization as as being sufficient it's not sufficient if you Outsource it to a thirdparty data center or um SAS provider uh these are great foundations for that certification or that validation um and the qualification process because they assure you that they are fing good it practices and many of the principles are the same however the levels of part 11 related documentation of that along with how the facility is managed the people are trained Etc uh how the documents are handled um is much higher than what you'll find in SAS 7o we see so we highly recommend you talk to us about this uh type of uh migration if you're contemplating it for a regulated application or if your CRM has not been qualified in the past and now you're thinking of moving more significant inventory activities as well as customer complaints and things of that nature that may have regulatory consequences associated with them so in general uh CRM is evolving and it's evolving rapidly um it is the conduit to the Salesforce and the Salesforce is evolving itself self in terms of consolidation of roles and the world is becoming more and more complex in the field as far as Regulatory Compliance not just GXP but other activities as well um the compliance comes along for the ride as these new transactions are being layered on to these systems and it's much easier to layer the activity and turn on a feature than it is to realize that that suddenly has a new compliance requirement that we didn't think about before especially when people start interfacing it to your r p and other you know uh types of systems uh remember that if you move into this area and your CRM suddenly is a conduit for a regulated transaction you've got to look at the platform it's running on and be able to say that it's qualified it's if you're going to validate a portion of the application it doesn't really hold water unless your platform is also qualified and under control typically you'll find your SAS vendors have not been equipped to qualify to the level you would expect U as being equivalent to your internally hosted applications and platforms because they have been looking at a shared commodity architecture as part of their business model this is how they can save you a lot of money because everything's shared everything's commoditized highly standardized and you'll have to pay a fee often for uh some customization to meet the compliance that that is required and it's worth it because when the auditor comes calling it's very important this is considered a high-risk transition and so when you're suddenly moving something offsite that is cons used to be considered under control in previous audits it's a big red flag to be investigated typically um and we recommend that you have formal quality agreement with any SAS compli uh provider for an application uh that could be considered GXP regulated so with that I'll turn it back over to Becky for questions thank you thank you so much Larry great information there um as Larry mentioned now we'll open the floor for questions and I'll give you a moment there uh to type them in and while you're doing to let you know that the webinar has been recorded and uh it'll be available on our website which of course is USD datam management.com typically takes uh just a few hours for us to get it um uh received and edited and out there and uh you can share with team members or listen again if you care to uh refresh some notes um let's see our first question coming in is from John uh he's asking how can I know if my CRM is subject to regulation well the the primary indicator of that is going to be um a function of what transactions are going over the CRM uh depending on what department you're with whether you're with it or QA um you may not not have direct VIs visibility or you may have direct visibility to what has been going on on the CRM side and one of the keys is to have a communication process uh with uh the the sales organization the marketing organization and an awareness um process where business people would be able to understand when they're moving into this domain uh and so I would recommend depending on your level of responsibility that you at least ascertain what is going on with the CRM what transactions are coming along and I'll think you'll find it just the fact that um typically depending on you know whether you're medical device or whether you're your Pharma or biotech um there is tracking requirements in the field for product and for uh orders and for um uh samples potentially and so uh given that's out there the question is how are they actually addressing it is it being addressed manually with spreadsheets in some other way uh typically the CRM is the logical place to go because it's the place that the Salesforce is comfortable with they've adapted it is their vehicle for all their critical information um and it's now going Beyond laptops obviously to handheld devices of all kinds uh so uh you know they they want to be able to respond real time to a customer complaint or a customer inquiry or a need to put an order in uh so um I would suggest you ascertain are these any of these transactions coming through the CRM and that would ask that would and if it's something that used to be done through Erp often the Legacy transaction model was the customer or the sales organization representative would call the call center and say I need to put in a rush order uh or they they themselves might have had an interface to the Erp system which is already validated and put the order in that way or the call center would put the order in the Erp now if it's self-service um through through the CRM or some other vehicle then that that certainly has a traceability issue thank you Larry our next question is from Vita and she's asking what would be the content of a quality agreement with an sas CRM vendor well uh that can get pretty complicated obviously but typically you're going to address the fundamental of the same processes and issues that you deal with internally um if you were being audited so in effect uh what you're effectively doing is saying look if I'm going to come out and audit you as a supplier I'm going to expect uh these capabilities to be in place that you have document management for your Sops that people are using to manage my platform and my application and my database uh that these uh this training records associated with that um that I've got a qualification document that shows what the configuration is of the platform that my application is running on and that there's evidence of a formal Change Control process um uh that hopefully you you would actually be involved with uh especially if it comes down to the application uh what we've seen is that there are various levels of services that are going on out there as people move to a to a SAS platform some of that's just pling collocation where you're putting your own servers and your own license applications out there and there's some value added services like backup along obviously with network Etc housing of your um servers um at a high standard um so that's primarily requiring some kind of qualification of how that's being managed and how is your um your backup and restore being handled and uh then the question becomes who's administering your application who's administering the operating system who's admin ministering the database and there have to be procedures in place either at your site or at theirs or both to document how that's being done um so you you would effectively in a quality agreement say here's how my quality system in terms of me as a client I have responsibilities and I have interfaces and I have um activities going on at my site that are linked to the third-party vendor and I need to understand exactly how those two things are linked so you their quality system effectively becomes an extension of your quality system unless you and I've actually seen this where people have extended their own Quality Systems out to the vendor where they would train the vendor's people specifically in their quality system um and have all the records in their own system which which has some big benefits for auditing because I can come in and say not only can I see the internal staff uh training records and and change control but I can see what's going on in the data center that's remote um and you would do the same thing for a remote data center if it was part of your organization if you go out to a SAS provider you would expect that expect that same kind of accountability thank you Larry our next question is from Fred he says um how do I I'm sorry his uh first part of the question is we're moving to Outsource our CRM hosting who is responsible for compliance um and depending on you know if we knew what department he's in obviously he probably he may be with it and if if he's with it um the answer is a lot of people I mean every party involved with CRM or Erp for that matter or clinical trial management has a certain accountability for compliance it maybe the QA department just going to answer to an audit um if it turns out that and usually the problem is when something goes wrong that's when people start asking a lot of questions so as long as nothing ever goes wrong and there's never any infinance or deviations or events in an audit you could get away with a lot that's what what people have experienced but once something goes wrong data is lost uh someone has a transaction or an adverse event or something uh some bad product got out or a sample got utilized in the wrong way and people start asking questions and looking for traceability then suddenly the question comes up well is this system validated and uh so uh then the question starts trickling back to it and it starts trickling back to the business and it starts trickling of course to whoever is managing the supplier uh so uh clearly the business has a substantial responsibility for uh certifying that the application that they're utilizing for their transactions meet compliance requirements that's typically where the first level is but they're often turning to and and they're responsive to QA uh for for that and QA is there to help them ascertain that assuming the question was asked and uh the op part of it is to identify the fact that oh you know what now that we're going to start managing customer complaints through this process we have to worry about the compliance associated with how we managing customer complaints and how that links into our Pro processing and Reporting uh about that so um it's a shared responsibility um but but you know awareness is required to be able to answer that question someone has to raise their hand and say what about this so it's it's definitely something that you know we're trying to educate people here cross functionally um to make people aware of the fact that someone needs to ask the question as the next extension of CRM comes along or the prospect of using SAS is a very common architectural tool let's say with an it uh someone has to be able to ask the question what's this going to do to our compliance model I see okay and and Fred is confirming that yes uh area of practice is it validation thank you and has part two of the question how do I validate the interfaces from my Erp to Outsource the ERM Services well there's there's a variety of approaches um one of the most important things that you need to think about when you're dealing with interfaces of any kind is where's the boundary of control if you're dealing with a third party that may or may not be validated or qualified which is very similar to what people deal with with EDI as an example you have to be able to know what you can control and can't control what you can be accountable for so at some point information is showing up for processing in your validated application and uh information is going out from your validated application to a third party and um your your platform that you are controlling is the qualified platform so you may have a staging area where files are coming in and going out from or it may be a thirdparty broker where information is coming through um ultimately you have to Define what that boundary is and what your your criteria are going to be for testing its integrity and that's what you took typically do in a validation process U the vendor on the other hand needs to be a party to that and and agree in a functional spec what the expected uh conditions are of that interface how many variables are there what are the known states that it can take and how are you going to process it and the goal of course is to avoid any unvalidated data effectively getting into your validated system uh so um it starts with a specification a functional spect takes in both sides of the equation and defines the error checking that's going to go on and what where is the qualified platform start um if if you're using web services and an ed transaction is being executed you want to know that that execution is being done from a qualified and validated uh framework and that way you can characterize it it and also you then can Define change control so that you know it's going to stay in a state that you understand before something else changes terrific thank you again Larry appreciate that information and uh a good uh Q&A session there looks like we should uh wrap up here we're running out of time certainly uh appreciate you all joining us and staying with us throughout the questions and answers there um we do trust the information shared has been helpful and we would welcome any comments and feedback um additional questions after the fact uh the feedback can assist us with continual Improvement and we're certainly open to suggestions for future presentation topics if you are having a u a problem that you need some direction or help in solving certainly we'd be willing to uh have sideline conversations with you there uh we do encourage you to join the discussion on LinkedIn and to visit our website to take a look at the upcoming topics that are being presented in the near future and to listen to the previously recorded sessions we do have them posted as well across the various practice areas that the usdm supports on behalf of the usdm team we appreciate the opportunity to speak with you and to team with you towards excellence and compliance day