The Science of Outsourcing - IP, IT and Life Sciences

Life science companies are willing to outsource mainstream, even critical, functions. Richard Barratt and Natalie Kingston examine the growing use of outsourcing in this industry and offer their advice on the key steps to consider.

Companies in the life science industry are not strangers to outsourcing — clinical trials and product manufacture are frequently outsourced. Contract research organisations (CROs) are often called upon to provide traditional clinical research and data management functions. More recently, the industry has witnessed a trend for more outsourcing
of mainstream functions such as finance, accounting, IT and human resources to offshore outsourcing service providers.

One of the most interesting questions that is now being asked in the industry is whether the services provided by CROs and the mainstream outsourcing service provider can be brought together. Although mainstream outsourcing service providers do not have the same level of experience or specialist knowledge
as a CRO in performing traditional life science functions such as clinical data management and pharmacovigilance (the monitoring of drug safety),
these are areas in which they have started to expand. India is a popular offshore location for outsourcing these sensitive functions, due largely to cost benefits and the availability of an appropriate technically skilled workforce.

The outsourcing benefits in outsourcing pharmacovigilance and clinical data management are obvious. Both activities are heavily process driven. The regulatory framework and requirement for prompt
reporting of issues, such as a serious adverse reaction to drugs, increasingly call for sophisticated electronic reporting. The associated software and other system costs in turn require the scalability and cost structures that outsourcing service providers can accommodate. However, companies should approach such arrangements carefully, particularly when considering outsourcing functions offshore, where legal and cultural requirements are likely to differ.

In evaluating and implementing critical functions, there are some key steps that life sciences companies should take to ensure they retain control of these outsourcing arrangements.

Appropriate form of agreement
There is a huge contrast between the approach to documenting activities outsourced to CROs and the contracts adopted by a mainstream business outsourcing service provider. Whereas the agreements with a CRO are likely to be set out in a relatively brief legal document that reflects the project-style
approach most CROs take, mainstream business outsourcing agreements are likely to be much more detailed, with a focus on comprehensively identifying
and managing potential risks and providing the required level of flexibility for what are normally long-term agreements. It is worth considering very early on how the outsourcing arrangements are likely to operate — if a long-term arrangement for the outsourcing of an entire business function is being considered, then an appropriately detailed agreement that sets out the responsibilities of the parties and provides for flexibility over a number of years is likely to be the best option. On the other hand, if the required service involves occasional data management or ad hoc research projects then a shorter agreement, which enables parties to agree the detail for each project in a work order or schedule is likely to be a more appropriate form.

Compliance with applicable laws and regulatory requirements
Whatever the function being outsourced is, it is important to remember that the life science industry is one of the most highly regulated. The laws and regulations governing the industry do not just relate to research and development activities, but also to more mainstream functions such as data management, reporting requirements and sales and
marketing. Consequently, these laws and regulations impact on the wider corporate structure, strategies and business operations of life science companies.

While a CRO that has been operating in the industry for many years is likely to have a good understanding
of the ways the industry is regulated and the importance of complying with applicable laws, it is by no means a given that a mainstream business outsourcing service provider will. As such, it is important that compliance with all applicable laws is adequately and clearly addressed, both during the request-forproposals stage with a potential service
provider and in the eventual agreement. The outsourcing agreement must clearly allocate responsibilities between the customer and service provider, particularly since it is likely that customer compliance personnel will be working on site or closely with the service provider’s staff.

Data protection
Although tied in to compliance with the law, data protection and privacy is an important enough issue to merit being addressed separately. Access to personal data can come by a number of means, for
example from clinical trials, drug safety reports and sales and marketing. The importance of all companies — and by extension their outsourcing service providers — adhering to the applicable privacy and data protection laws that govern
the use of personal information cannot be emphasised enough, not least because failure to do so can lead to hefty fines and criminal penalties in some jurisdictions.

In order to ensure compliance by its service providers and retain control over the use of personal information, the agreement should set out the specific obligations of the service provider in relation to the processing and transfer of personal
data in the agreement, including, where applicable, the obligations that must be met in order to transfer personal data outside the European Union (EU). The EU model agreement for data protection is
the normal technique for ensuring transfers outside the EU are legally compliant.

It is also important to ensure the flexibility and adaptability of the selected outsourcing service provider, both in terms of meeting the customer’s changing strategic needs and to ensure they will be able to implement service changes to account for changes in applicable laws and regulatory requirements. This is best achieved by way of a well-thoughtout governance structure. While perhaps not always relevant to short-term outsourcing agreements with CROs, governance is one of the most critical elements in long-term outsourcing arrangements. In order to ensure the appropriate governance structure is put in place in the agreement and operationally, governance should be made a priority before the request for proposal process with potential service providers gets underway. It should begin with the development of an internal road map of the proposed functions to be outsourced which is produced following an examination of the current operating structure of these functions, and careful consideration of what will be required for a service provider to maintain at least the same consistency of work and levels of productivity and quality.
Once negotiations have started, the key governance roles should be identified quickly so that the governance team begins working together cohesively as
soon as possible, and can provide input during the negotiations as to what will and will not work operationally. Customer companies should always consider involving their regulatory professionals in this process to ensure that any potential issues in the service provider’s solution that may impact on regulatory compliance are identified quickly and
resolved. One or more regulatory personnel should also be given a key role in the governance team to address issues that arise post-signing and to monitor
the outsourcing arrangement generally for regulatory compliance.

In the agreement itself, the governance structure established should provide for regular reviews of the outsourced services and the underlying agreement. This should be by way of a formal review
process which allows the governance team to assess and evaluate the outsourcing relationship, and specific factors including whether the agreement
objectives and transition or service deliverables are being met, overall customer satisfaction, and compliance with laws, policies and procedures. It should also provide a mechanism to address customer
service provider relationship issues.

Change management
The change management procedures in the agreement should set out a welldefined set of roles and responsibilities for the governance team to follow in order to adjust the services or the agreement.
In typical outsourcing agreements, this will comprise one procedure for minor changes and another for major changes. However, it is also worth considering whether a separate procedure should be
included in the outsourcing agreement to quickly address changes required as a result of new or revised legal or regulatory requirements. It is not uncommon for companies in the industry to be given
specific, time-restricted directions from a regulatory body or for changes requiring immediate action to be made to existing legal requirements.

Regular audits
Audit provisions are of crucial importance in any outsourcing agreement, and can be even more so in agreements within the life sciences industry. Outsourcing agreements will typically provide for the
customer to audit a number of elements of the outsourcing arrangement, such as the fees charged by the service provider, the service provider’s facilities, and the service provider’s compliance with the terms of the agreement and with any services
levels and key performance indicators. In addition, the agreement should allow for audits of the service provider’s compliance with applicable laws, including the treatment of personal data. Specifically consider whether more detailed audits, or whether a more aggressive or strict timeline for audits, are required to meet specific regulatory requirements.

The trend for outsourcing in the industry is unlikely to slow down any time soon. Earlier this year, BMS outsourced certain pharmacovigilance
activities to Accenture, indicating an increasing willingness in the sector to outsource business-critical functions. For advisers, it is worth being prepared in advance and understanding what can be done to mitigate the potential risks in life sciences outsourcing arrangements. Bearing the above factors in mind will help ensure that adequate contractual safeguards are put in place.

Richard Barratt is a partner and head of the European outsourcing practice and Natalie Kingston is an associate in the business and finance practice at Morgan Lewis in London.

Morgan, Lewis & Bockius LLP