Simpson was inspecting cabbage. Or rather, he was following along, shadowing an inspector at a cabbage facility as part of his orientation to the chief information officer position at the US Food and Drug Administration (FDA). “I followed these inspectors around to really understand what problems they were dealing with,” Simpson recalls.
It was a juggling act: inspectors were carrying pens and paper, cameras and GPS devices, stopping when water dripped from overhead onto their notebooks or when the chilly temperatures dried up their ballpoints. At the end, inspectors drove back to their offices to type the report, and on follow-up visits, those who were expecting a report asked why they hadn’t received a copy. Watching all of this, Simpson drew the conclusion of many disruptors, innovators, and pioneers: there has to be a better way.
As a result, Simpson and his team launched a mobility program in 2015. This “choose-your-own-device” system provides an inventory of rugged, reliable tools to streamline the agency’s processes, enable mobility, and effect a virtual presence everywhere in the organization’s purview. Inspectors and other customers pick phones and tablets from a digital catalog. Afterward, the program provides support and billing services.
“Inspectors carry Dell laptops running Windows and one of a number of devices from our service catalogue,” he explains. “They select a device, but the real power is the coupling of our applications with the mobility.”
Simpson says those applications were redesigned to take advantage of device capabilities and empower the individual inspector. He explains that eFieldX and eNSpect are automated systems that interface with a mobile device. Since the first inspection at the cabbage facility in 2015 and the launch of the mobility program, the agency has completed 30,274 digital electronic inspections, all of which are secure and instantly retrievable. Through 2015, the FDA had limited cloud services. Now, there are six providers enabling an array of cloud services. But the federal government’s relationship with cloud systems has been cautious. Of the three ratings of data sensitivity (low, medium, and high), until 2016 only low-risk data was permissible in cloud storage. Now, the FDA can store a wide variety of data, a notable value-add.
From day one, challenges for Simpson were deeper and more numerous than just the inspection experience. Auditors from Congress’ Government Accountability Office (GAO) criticized the FDA’s digital security infrastructure in a 2015 report, and decisive, transformative action was necessary. “I had a thousand plans of action and milestones open,” Simpson says. “I had to start attacking these things the first week I was there.” By the end of that week, Simpson had reduced plans of action and milestones laid out by GAO by 70 percent and privileged user accounts by 40 percent. By the end of 2016, they had implemented 80 percent of GAO’s program recommendations and 76 percent of its technical
recommendations.
In follow-up coordination efforts with the House Energy and Commerce (E&C) Committee personnel and GAO auditors, the agency was applauded for the organization’s speed and diligence. They declared that the FDA had accomplished in forty-five days a transformation that took other agencies eighteen months. The E&C went on record via a press release, stating that the FDA’s cybersecurity posture was much improved and that the collaborative efforts undertaken by all parties involved helped resolve the problem faster, more efficiently, and more effectively than traditional means.
Other accolades have since followed. The FDA administers about fifteen high-value assets that are critical to the safety of the American people, and the organization’s revamped process to govern them was recognized as best practice by the Office of Management and Budget as well as the White House. Add to that a 2017 CSO50 award for the consolidated operations and security center, and the GAO remediation turnaround has been considered wildly successful.
One of the main keys to the agency’s success has been Simpson’s project management office. “When I arrived, there was no comprehensive portfolio of projects. We now have one, we have a standing project management review meeting every week, and we monitor every project in that portfolio,” he says.
Through more diligent and engaged processes, the FDA continues to transform into a technological leader in the federal government. And while the progress has been impressive, the vision is far from realized.
“In terms of the maturity of the organization, we’re at a two out of five, and it took two and half years to get there. I’d really like to leave the FDA with a truly interoperable network with shared resources. I want to see tight collaboration. I want to see our data exploited,” he says. “My goal is to bring the FDA into the twenty-first century, exploit those technologies available to us, and to move the FDA forward.”
Two and a half years in, and Simpson looks to see this mission through. With those broad strategic endeavors underway, users can already tell that the organization is advancing: for the first time in memory, the FDA runs the latest versions of Microsoft Windows and Office, which is just the first sign of many improvements still to come.
Photo: DeJohn Davis
