The Essentials of Regulatory Compliance – a roadmap you can’t ignore!

It's looming and you can't ignore it. What am I blogging about? Regulatory Compliance. So take the time to go these links and to the sub-links. It's well worth your time.

Regulatory Compliance Demystified
Summary: For a developer, understanding the issues around regulatory compliance can be a difficult and frustrating endeavor. This article makes sense of regulatory compliance from a developer's point of view. It examines Sarbanes-Oxley, HIPAA, and other regulations, and covers the most important best practices that are common across multiple pieces of legislation.

Past links:
How do you architect for regulatory compliance?
Regulatory Compliance and the IT Manager

Share your experiences, suggestions and comments here or send me an e-mail at

Thank you,
Stephen Ibaraki, I.S.P.

Comments (4)

  1. jointer says:

    In recognition of the importance of Regulatory Compliance to the industry, VANTUG is holding an event on June 21 to help people understand the issues. Denis Drouin of Ernst & Young will be presenting.


    Graham Jones

    President, VANTUG

  2. Stephen Ibaraki, I.S.P. says:


    This is good to hear.

    I’m also recommending the INFORMATICS conference to IT managers where an effective roadmap on planning and implementing compliance is provided at one of the sessions:

    There are more than 20 excellent workshops and five keynotes. It’s the greatest value for IT professionals in Canada and internationally.

    Barnaby, Bruce, and I will be there and I’m hoping to see other bloggers there as well.



  3. Adam Cole says:

    Ha, Stephen, I got a laugh out of the Microsoft title you refer to, “Demystifying Regulatory Compliance”. I just finished writing an article for our business newsletter – “Demystifying Validated Studies”. (“Validation” is a common name given to regulatory compliance in the Biopharmaceutical/Life Sciences industry.) Here is the draft of my article for those that may be interested. (Although written for biopharm, the parallels to other classes of regulatory compliance is relatively transparent.)

    Demystifying “Validated” Studies

    A. Cole and G. Radulescu

    Recently, we had our piano tuned after many years of neglect and I found myself shopping on the Internet for some sheet music. My shopping cart was full of Elton John, Billy Joel, and dare I say, Andrew Lloyd Weber.  Just as I was about to “checkout” I noticed that the “best sheet music prices on the Internet” site did not use a payment system I recognized.  It was a non-credentialed, third party payment partner. When making a purchase online there are a number of things I look for.  Is the site secure? Does the payment page have the mark of an authority I trust such as VeriSign or BBB Online? To me, these indicate that the payment system is trustworthy, or “validated.”  I may be a little embarrassed about my inclination towards show tunes, but I’m not embarrassed about insisting on a validated system for processing my credit card payment.  When it comes to my bank account  “no-validation” means “no sale.”  Half an hour later, and at a slight premium, I had the promise of recapturing more youthful days in the mail via a more reputable web site.  

    Differences in payment systems paint a perfect analogy of what you can expect when comparing a non validated clinical database system to a validated one.  With the premium web site I received the same product that I could have paid less for – but I elected to pay a premium at a site that guaranteed credentialed processes around the handling of my sensitive financial information.  A validated study offers the same data and results as a non-validated study, but the difference is the security and certainty in the way your data is processed.  Having validated data means your data is reproducible, traceable back to the source patient data and free from any analytic errors.  Without validation , it will not be accepted by any global regulatory agency including the FDA, and may not be accepted for peer reviewed publications.  

    A central theme of validation is documentation. Today, any product, whose development is not properly documented is considered to be at risk of contamination or adulteration.  In the case of clinical data, this means there is a risk that the data is unreliable.  To be in compliance a study must be able to document traceability of the data and any processes it was subjected to.  This documentation offers sponsors, auditors, and other interested parties the required guarantees that the study data is reproducible, accurate, and can be acted upon.  There is no single element which guarantees that an online purchase will go smoothly. Similarly, validation of clinical databases is not a black and white issue. Software, personnel training, processes, rigor and adherence to SOPs, system development lifecycle (SDLC), installation/operational/performance qualifications (IQ/OQ/PQ) are all factors that will influence the validation of a study.  Consequently, there are different levels of rigor that can be applied in validating systems and decision should be made about the level of validation required and designing data management for your study requires careful consideration.  

    So why not just validate all study databases?  In short, the extra effort in producing the validation checks and documentation is not justified for all studies.  While too little validation may mean your data may not be usable for your study objectives, too much validation will encumber your budget, schedule, and participants’ patience.  

    The attached table provides guidelines for validation expectations for the type of study you wish to conduct.  However, it’s safe to say that the more critical the conclusions and actions that will be taken based on the results of a study (e.g. regulatory approval, rejection of an indication for a drug) the more necessary it is to have validated systems in conducting studies.  

    Finally, a validated study is dependent on a validated environment. It’s not just about the database.  Product (software), processes (SOPs) and people (training) must all be compliant. A holistic approach is necessary to achieving validation. Utilizing the appropriate level of validation will ensure that your study objectives can be achieved while optimizing your budget.

  4. Stephen Ibaraki, I.S.P., says:


    Your writeup is a nice addition and provides some great insights. I enjoyed it! 🙂


    Stephen Ibaraki

Skip to main content