Michael Owings Email and Phone Number

• Responsible for providing global strategy, operational framework and adequate staffing to ensure compliance of software products/systems, and services to relevant government and industry regulations; 21 CFR 11, GMP, GAMP5, Annex 11, Guidance for Industry-General Principles for Software Validation, HIPAA/HITECH, and EU Data Privacy. Implementation and maintenance of quality management system (QMS), internal auditing function, prioritization of CAPAs, customer audits, regulatory agency inspections, incident and process deviations escalations and management. Manage regulatory compliance and quality function for global organization with a team of four direct reports. Immediately tasked with rebuilding, restructuring and improving quality and regulatory compliance function at TraceLink.• Built a new team of qualified professionals with domain expertise in the areas of pharmaceutical operations, quality management systems. Management of departmental budget. Restructuring of the Corrective and Preventative Actions (CAPA) management methodology and systems to a more customer-focused approach with prioritization on high impact initiatives resulting in a significant reduction of outstanding items and improved customer satisfaction. • Implementation of quality KPI metrics across departmental operations, including CAPA, customer escalations, and complaints handling. Enhanced customer audit program with over 100 successful audits. • Improvement of internal security auditing and overall security profile in collaboration with global IT and Security. Collaborated with IT/Security for ISO27001 certification (ISMS, Management Review, KPIs).• Lead cross-functional team to ensure compliance readiness to General Data Protection Regulation (GDPR) and EU/Swiss Privacy Shield Certification for the secure transfer of personal information from the EU to US.

• Responsible for providing global strategy, operational framework and adequate staffing to ensure compliance of software products/systems, and services to relevant government and industry regulations; 21 CFR 11, ICH GCP, Guidance for Industry-Computerized Systems Used in Clinical Trials, HIPAA/HITECH, and EU Data Privacy Directive. Implementation and maintenance of quality management system (QMS), internal auditing function, data center audits, prioritization of CAPAs, customer audits, regulatory agency inspections, incident and process deviations escalations and management. Ensure compliance of Patient Diaries for use in global clinical trials.• Managed regulatory compliance and quality function for global organization with a team of five direct reports. Immediately tasked with rebuilding, restructuring and improving quality and regulatory compliance function at PHT.• Accomplishments included: building of a new team of qualified professionals with domain expertise in the areas of pharmaceutical research, quality management systems, and information security. Management of departmental budget. Restructuring of the Corrective and Preventative Actions (CAPA) management methodology and systems to a more customer focused approach with prioritization on high impact initiatives resulting in a significant reduction of outstanding items and improved customer satisfaction. Enhanced customer audit program with over successful 20 audits, improvement of internal security auditing and overall security profile in collaboration with global IT. Successfully passed ISO 9001 re-certification audit for “Design, Development, Test and Deployment of Software and Services to Facilitate Data Collection in Clinical Trials”. Achieved EU/Swiss Safe Harbor Certification for the secure transfer of personal information from the EU to US.• Participated and supported numerous FDA inspections for GCP compliance of clinical trials. No 483 citations issued.

• Manage regulatory compliance, quality, and risk management function for global organization. Five direct reports (all directors) and a compliance team of 18 in four global geographical locations. Responsibilities include all noted from below (Phase Forward 2004-2010) with increased responsibilities for compliance of over 30 Life Sciences and Healthcare products, service offerings, and numerous hosted cloud offerings focused on clinical research and safety reporting. • Responsible for providing global strategy, operational framework and adequate staffing to ensure compliance of software products/systems, and services to relevant government and industry regulations; 21 CFR 11, ICH GCP, Guidance for Industry-Computerized Systems Used in Clinical Trials, HIPAA/HITECH, EU Data Privacy Directive and various safety reporting requirements. Implementation and maintenance of quality management system (QMS), internal auditing function, data center audits, customer audits, and regulatory agency inspections.• Responsible for overseeing Corrective and Preventative Actions (CAPA) processes, security and risk management, incident and process deviations escalations and management. • Interfaced with data center operations and third party auditors, and corporate legal/privacy office to certify data centers and product cloud offerings to HIPAA/HITECH security rule and operational controls.• Served as executive sponsor for implementation of ISO27001 Information Security framework in alignment with corporate security strategy and industry best practices. • Participation in numerous FDA, EMEA and PMDA inspections related to EDC, GCP, and computer system validation. • Served, as the privacy liaison (SME) to legal and privacy office to ensure products and services are compliant with corporate policy and global regulations. •

• Beginning in 2006 served as acting Chief Privacy Officer, created a global privacy program in collaboration with Lilly and outside counsel. Prepared white papers on various privacy regulations and readied the organization for compliance with MASS Privacy Act effective March 2010.• Successfully passed testing for Certified Information Privacy Professional (CIPP) certification from International Association of Privacy Professionals (IAPP) in September 2009. Appointed Phase Forward Chief Privacy Officer in late 2009, reporting to Senior Vice President, Legal and Regulatory Services.•

• Served as an Executive Officer reporting the CEO. Managed a global budget of approximately 1.5 million dollars with eight direct reports. Presented to the Board of Directors on global regulatory strategy and compliance.• Responsible for providing global strategy, operational framework and adequate staffing to ensure compliance of software products/systems, and services to relevant government and industry regulations; 21 CFR 11, ICH GCP, Guidance for Industry-Computerized Systems Used in Clinical Trials, and various safety reporting requirements. Additionally, responsible for managing efforts in support of compliance to SOX 404 IT controls and testing.• Interfaced with Senior Management team, and all levels of functional management throughout the corporation to create, implement, improve, and monitor quality practices and procedures in accordance with Corporate Quality Management System, ICH GCP, and 21 CFR11.• Served as liaison to FDA on behalf of Phase Forward customers related to GCP compliance, product requirements, computer system validation, electronic submissions, and clinical strategy. Represented Phase Forward to the FDA in communication of company position and policy. Interfaced with FDA on request for information and/or preparation for inspections. • Supported customers (sponsors) for on-site FDA inspections related to compliance of Phase Forward products and/or services.• Participated in numerous FDA inspections (GMP, GCP, PAI, and computer system validation).• Authored numerous white papers and journal articles related to Clinical Informatics, GCP, and 21CFR11. • Delivered numerous presentations at industry conferences (DIA, SCDM, international user conferences) related to Clinical Informatics, GCP, 21CFR11, Security, and Risk Management

• Responsibilities included ensuring compliance of North American organization to the Phase Forward Quality Management System, and relevant government and industry regulations (21 CFR 11, ICH GCP, and Guidance for Industry-Computerized Systems Used in Clinical Trials) for the delivery of Phase Forward software products and services. • Provided leadership to the organization to assist employees in connecting day-to-day work activities, with their responsibility to quality and regulatory compliance. • Interfaced with Senior Management, and all levels of functional management to create, implement, improve, and monitor quality practices and procedures in accordance with Corporate Quality Management System and regulatory requirements. • Informed Senior Staff of corporate non-compliance incidents or regulatory compliance issues, which may arise internally, or with outside customers, vendors, or contractors. • Coordinated training, mentoring, and guidance for integration of Quality Practices and Documentation throughout the organization. • Managed customer expectations related to Quality and Regulatory Compliance, and provided expertise to the Sales staff for promotion of Quality practices and regulatory compliance to the customer.• Managed customer audits and follow-up on corrective actions related to audits.