IP and data management for bio startups

Hunter Jamison 13th May 2019

The regulatory space emerging biotech and life science companies must navigate is extensive and painstaking. Ultimately, any successful biotech should consult an expert on legal procedures specific to their products or treatments, yet knowledge of guidelines and available resources will help in getting oriented.


There are many components that comprise this legal journey - most of which demand a high degree of accountability and integrity, which are to be proven through good data practices. There are some processes where quality data is immediately required and others where it is a proactive asset. We will consider a simplified procedure for traversing relevant biotech regulations while resisting reduction of important details, with a focus on how electronic records can help you manage your compliance and reduce administrative burden.

Unsurprisingly, most R&D regulations pervade throughout all stages of the product/treatment lifecycle, yet the impact each has is often felt during different stages. This guide will follow a rough chronology of the regulation surrounding product ideation, commercialization, and development. To start in the ideation stage, the patent process will be overviewed. In shifting focus towards product commercialization and development, discussion will concern the regulation of research operations supported by a data management infrastructure.

Patent Procedure

Most biotechs regard the patent procedure as a first step towards product commercialization. Yet, a lot must happen before a patent is filed. In fact, it is to the patent applicant’s benefit to have nearly everything sorted out prior to beginning the patent process. If you are developing a product with the intent to patent, consider adopting systems with suitable features and support (legal consultation) to position yourself for success.

It is no secret that data management practices are crucial for good research. This fact also applies to formulating a solid patent. Responsibly managed data has two benefits in regards to the patent: 1) it enables strong presentation and 2) it supports your claims. These reasons alone urge for the use of systems (ELN/LIMS) and procedures to produce and manage data. In order to achieve benefit #1, you must have clear and articulate data. Electronic experiment retention allows for easy data analysis and visualization, aiding you in presenting evidence in a manipulable, human-readable format. Arguably more important, benefit #2 frames your data as a proactive asset. Here, a digital system can be imperative in proving transparency and data integrity. Countless biotech companies have failed due to patent scrutiny and revocation proceedings, thus it’s indispensable that your data collection and storage systems are infallible. Generally, a fair deal of data trust is granted by the Patent Office during initial application, but things can sour quickly under scrutiny if your data is not defensible.

The benefits of robust data governance also affect ongoing research operations, not just special applications. Next, let’s look into FDA and ISO regulations surrounding data collection.

FDA 21 CFR Part 11

If your lab is seeking the fabrication of any product regulated by the Food and Drug Administration (FDA) such as bio-pharmaceuticals, vaccines, or pharmaceutical drugs, you must ensure your electronic records are transparent and reliable. This is achieved through compliance with Title 21 CFR Part 11 of the Code of Federal Regulations; Electronic Records; Electronic Signatures. According to the FDA’s guidance documents, these are the suggested capabilities of any digital records when the format of a lab’s recordkeeping is predominantly digital:

1) Validation - Computerized System Validation (CSV). For guidance on validation of computerized systems, the FDA suggests reviewing their General Principles of Software Validation and industry guidance such as the GAMP 4 Guide (see further reading).

2) Audit Trail - The documentation of “date, time, or sequence of events” is required in some instances to fulfill predicate rule requirements, and is recommended in most other instances to ensure record trustworthiness and reliability. To cover your bases on this requirement, FDA suggests “audit trails are particularly appropriate when users are expected to create, modify, or delete regulated records during normal operation.” Using an ELN, computer-generated, time-stamped audit trails will automatically be applied to your work.

3) Legacy Systems - Specifications for the capabilities of programs in operation preceding August 20, 1997 (the effective date of part 11) are outlined here. Disregard this section if you are not using a system that was implemented prior to that date.

4) Copies of Records - The FDA recommends producing records of data in common portable formats. Export and conversion features should be used to make copies in a common format (i.e. PDF, XML, or SGML). Copies should preserve the “content and meaning” of the record, meaning “the ability to search, sort, or trend part 11 records” should be available in copies to the same degree as original records.

5) Record Retention - This requirement mimics the Copies of Records requirement, though with a lot more leniency regarding format. It is repeatedly emphasized that you are accountable for “fully satisfying the predicate rule requirements and preserving/archiving the content and meaning of the records.” So long as this is the case, it is mentioned that you are free to “archive required records in electronic format to nonelectronic media such as microfilm, microfiche, and paper” and “delete the electronic version of the records.” It is even offered that you can “paper and electronic record and signature components can co-exist (i.e., a hybrid situation).”

ISO (International Standards Organization) Regulations

Obtaining ISO certification is a reliable way to build credibility, and various government sectors and organizations will require it. There are actually a few distinct ISO standards that may apply to you, depending on your focus: ISO 9001 (general quality management), ISO 15189 (medical & diagnostic laboratories), and ISO 17025 (testing & calibration laboratories).

ISO requirements will almost seem redundant after going over 21 CFR Part 11, which is convenient since it means complying with both is quite simple. It’s worth noting which parts are redundant with Part 11. Here, we cover an overview of the additional standards. Keep in mind that these standards are extensive, though compliance is not legally required. We advise leveraging many of the ISO’s own resources to gain certification. Nevertheless, here are the basics:


  • Automatically generate a timestamp for instances of creation and modification.
  • Have a full audit trail documenting the date, time, and sequence of events for changes
  • Identify the authors of each record

New Requirements

  • Allow users to title documents
  • Generate a unique ID for each document
  • Ensure that document editing is reserved for one authorized user
  • Ensure it’s possible to invalidate records
  • Compile all documents in a master list


Gaining ISO certification and FDA 21 CFR Part 11 compliance can be extremely beneficial for your organization’s industry standing, and maintaining conformity with standards will improve your lab’s quality management. When orienting yourself on industry regulations, the first step is to find a robust digital data management tool for your business. When done right, this will generate a watertight audit trail of your processes and will be immensely helpful in securing your IP.

Based on personal frustrations with data recording, Labstep takes a very different approach to all other ELNs, capturing real-time scientific process data to automatically create an audit trail of your research activities. Designed to meet the requirements of both early-stage and mature biotech companies, Labstep’s delivers continuous support as companies progress, from ensuring IP to offering features for scalable growth. Click here for more information, or get in touch at enterprise@labstep.com.

Further reading

Hey there!

Labstep is a research data and inventory management tool made to support the scientific community. Learn more about our mission, our research tools and our global community.

Check out Labstep Our story