When Steven Begley was recruited to join YPrime in 2013 as the director of quality assurance, he was informed that four external audits of the quality assurance (QA) program had been previously unsuccessful. Begley, three promotions later and currently serving as chief privacy officer and senior vice president of quality and compliance, has since conducted twenty-five-plus audits a year of YPrime’s division—and not a single one has missed the mark.
It’s a valuable snapshot into what Begley has been able to bring to YPrime over the past eight years: extensive quality and compliance experience in the clinical trial and data field for organizations ranging from start-ups to huge companies working on the cutting edge of medical innovation.
Since coming to YPrime, Begley has built the company’s QA group from the ground up, and as the role of cybersecurity and data privacy grew exponentially through the 2010s, he’s helped spearhead security efforts that are second to none.
Starting from Scratch
“I think I imagined there being more here when I first arrived,” Begley says, laughing, of his first days at YPrime. “But I sort of had to redo the things that had already been done and really work to develop a baseline quality system. Flow charts were the standard operating procedure here, and that needed to change quickly.”
Begley spent the first four to six months of his new role designing and building out YPrime’s quality system—one he now continues to incorporate new pieces into, including a document management system. Currently, the SVP’s team is in the process of developing and implementing an automation test suite for YPrime’s testing group.
Over the years, Begley has helped move the organization away from an almost exclusively paper-driven company to a fully electronic one. Outside partnerships have also helped YPrime continue to do what they do best while letting those with specialized niches handle the rest.
“We were controlling everything because we had servers in our data centers,” Begley notes. “When those would go down, we had to have physical IT staff on-premise. We have been able to eliminate some of those necessities and let our partners, Microsoft in particular, manage it because they have the expertise. We’ve just seen our whole quality system greatly improve.”
The SVP says that moving away from basic data centers and into the cloud environment has helped make him more of an evangelist for the clinical trial world.
“As we transitioned to the cloud, I was able to go to industry conferences and talk about utilizing all the benefits that cloud infrastructure offers,” Begley explains. “On-premise was such a big issue for the pharma world, but we’ve been able to convince our customers that having a third party manage that hardware for you is the optimal solution.” YPrime developed an enterprise agreement with Microsoft that has continued to pay dividends and drive business forward.
“The more relationships you’ve built, the more you can go through direct channels to have conversations. The more connections you make, the more people understand that we’re all in this together.”
Second to None
When Begley joined YPrime in 2013, cybersecurity was not the hot topic it would soon become. “But toward 2017, I really began to do a lot more homework on the cybersecurity front,” the SVP says. Since that moment, the drive to build a world-class cybersecurity system hasn’t stopped.
Because one of YPrime’s primary products is eCOA, they are required to have security infrastructure not only in terms of website management but also for handheld devices. “We have custom-made tablets that allow us to control security not just when they’re in our possession but when they’re in transit anywhere around the world,” Begley explains.
YPrime is active in supporting clinical trials across the globe, and along with the GDPR (General Data Protection Regulation) protocols, they also have had to comply with China’s Human Genetic Resources Administration (HGRAC) requirements since they came into effect on July 1, 2019.
“We needed to be able to encrypt data in transit as well as at rest,” Begley explains. “We’ve implemented some automated features that allow us to automatically remove access so the devices weren’t exposed beyond their need for an access point.”
Yet again, Begley says third-party audits have been crucial to building out YPrime’s security protocols. “I think third-party audits are something every company should do,” the SVP says. “You are always going to have blind spots and because you’re so close to it, you’re going to miss them.” YPrime even employs “white hat” hackers to probe the company’s security for breach potential.
YPrime also secured cybersecurity insurance in 2020 to account for the continually escalating number of cyber and ransomware attacks. “It’s really not a matter of if, but when you’re going to be hacked,” Begley says. YPrime also has backup offsite storage that is not connected to its network, which gives it the ability to quickly restore its system in the event of an outside attack.
While a pandemic may have slowed down large portions of the world, it’s only escalated activity on the cybersecurity front. “We’ve seen the number of malactors and ransomware attacks continuing to creep up,” Begley says. “We continue to secure our infrastructure, and we’ve created more segregation in our digital environments to prevent malactors from moving laterally through our networks.”
In building out a best-in-class security environment, Begley says he’s learned it’s imperative to develop partners across the company, and those partners shouldn’t always be department leaders—though that certainly doesn’t hurt. “The more relationships you’ve built, the more you can go through direct channels to have conversations,” Begley says. “The more connections you make, the more people understand that we’re all in this together.”