Xybion Corporation

The Sarbanes-Oxley Act (SOX) mandates a a more strict approach for companies in how they provide for a governance model and tighter internal controls. SOX also presents many challenges in documenting all operational controls, assessing the effectiveness of these controls, and subjecting the assessment report to the scrutiny of independent auditors. In Managing the new myriad of regulations and processes that go along with effectively complying with SOX, corporations spent considerably more than what their budget allowed in the initial years. Going forward, the focus for most CFOs is on sustaining SOX compliance at significantly reduced costs. 

Companies are now beginning to shift responsibilities for documentation and testing to process owners, while keeping the overall ownership of SOX compliance with the internal audit group. As a result, SOX compliance is becoming a part of the process owner's daily job, and not a separate project with its own team of internal employees and external consultants.

However, it is difficult for internal audit managers to transfer responsibility to process owners without having clear visibility into the project status, issues, and activities. Before the transfer of responsibility, the entire process of scheduling tests, conducting them, and remedying issues needs to be automated. This will enable the internal audit manager to ensure repeatability over time and across business units. Strict change controls also need to be implemented for processes, controls, and the associated documentation to stay in sync, so that the investments in documentation right from year one of SOX compliance can continue to be leveraged.

Xybion's Compliance Framework Supports SOX Compliance

Xybion brings SOX and other regulatory issues into our integrated compliance framework, which, in turn, reduces the costs of maintaining separate systems for unique regulations.  We migitigate SOX compliance challenges, and significantly reduce the costs of compliance. Uwith Xybion, companies can design, assess, and improve internal controls under the COSO framework, monitor their compliance processes at any level of detail, and easily provide evidence to external auditors that an internal control was tested to the satisfaction of the internal audit group. The solution’s document control capabilities provide a central repository with comprehensive change control capabilities. The solution also provides greater control over and clear visibility into compliance issues, statuses, and plans.

With Xybion, organizations can streamline procedures for surveys and certifications which affirm the strength of internal controls and adherence to policies. This information rolls up to the Executive Management who can review and certify the enterprise risk and control assessments as per SOX 302 requirements.

The Benefits of managing SOX in the Xybion Compliance Platform are:

• Single platform for Quality, Compliance and Audit
• Improves Control of Processes
• Reduces Compliance Costs
• Lowers Risk Exposure
• Streamlines Change Control

Xybion has been an industry leader in providing technology and services that support a number of sub-categories for GxP including cGLP, cGMP and cGCP for over 30 years.  Our technology, software and validation services are used by 70% of the top 20 Life Science companies.   Being subject to an every changing environment of government regulations which require certain Best Practices to be followed, LifeScience companies face unique challenges that detract them from their core business.  Xybion is your partner in that we alleviate many burdeons of GxP and help reduce technology costs designed to support GxP with our integrated approach.

We support 100% of the top 25 global pharmaceutical & lifescience companies in the world today.  Pharmaceutical industry leaders rely on Xybion's technology, services and consulting to improver overall compliance and quality adherence.  

For a drug to be produced in a GxP compliant manner, some specific information technology practices must be followed. Computer systems involved in the development, manufacture and sale of regulated product must meet certain requirements.

• Secure logging: each system activity must be registered, in particular what users of the system do, that relate to research, development and manufacturing. The logged information has to be secured appropriately so that it cannot be changed once logged, not even by an administrative user of the system.
• Auditing: an IT system must be able to provide conclusive evidence in litigation cases, to reconstruct the decisions and potential mistakes that were made in developing or manufacturing a medical device, drug or other regulated product.
• Keeping archives: relevant audit information must be kept for a set period. In certain countries, archives must be kept for several decades. Archived information is still subject to the same requirements, but its only purpose is to provided trusted evidence in litigation cases.

• Accountability: Every piece of audited information must have a known author who has signed into the system using an electronic signature. No actions are performed by anonymous individuals.
• Non-repudiation: audit information must be logged in a way that no user could say that the information is invalid, e.g. saying that someone could have tampered with the information. One way of assuring this is the use of digital signatures.
• Stringent record-keeping requirements and traceability: It is necessary to create and to document a chain of decisions that lead from user needs and business goals down to the system design decisions, and the verification of proper system installation and operation.
• Litigation and Regulation Support: Persons bringing lawsuits, and regulators, can subpoena or otherwise demand to obtain certain information which must be available and which must have been maintained according to law. This information must be promptly furnished to them in the format they require. The industry must be able to satisfy such requests promptly at any reasonable time.

Regulatory Management Solutions

Xybion provides a platform that supports a number of key regulations and regulatory guidance at the federal and state levels. Our compliance and quality management platform is purpose-built ot enable and facilitate the management of key business processes and allows for configuration of workflows, case management and regulatory affairs competency management to support specific regulations.

IACUC

Pristima Suite, the Total Preclinical Solution, provides a complete Vivarium Management platform that includes IACUC management which facilitates regulatory adherence. Research facilities face enormous regulatory challenges, many of which are dependent on good management of information.  Too often that information is locked up in notebooks and filing cabinets that are not available to the sources that need it.  Pristima™ VM was designed to address many of the regulatory challenges that facilities face by providing “one version of the truth and one place to find it”.Facility specific tasks can be set up with reminders and assigned to specific staff for events such as maintenance schedules on equipment.  These can be added to a user’s home page for immediate viewing. Read More about IACUC managementfrom Xybion.

HIPAA/HITECH

Xybion provides a comprehensive framework to help your company more effectively manage and automateHIPAA/HITECH compliance. We streamline compliance aspects such as policies and procedures, assessing and analyzing risks, managing audits and correcting issues. In accordance with the new HIPAA rule, Xybion providesvisibility into BAs' work procedures and manage contracts and documents with respect to BAs. The solution also enables covered entities to integrate all compliance regulations on a single platform instead of managing them in separate initiatives. A centralized structure of the overall compliance hierarchy can be maintained, including processes and assets in scope, risks, controls, policies and procedures, and reporting requirements.