6 Best Practices for Sharing Regulatory Submission Documents With Third Parties

25 October, 2016

Whether it's an IND (Investigational New Drug Application), NDA (New Drug Application), ANDA (Abbreviated New Drug Application), BLA (Biologics License Application), or any other type of electronic regulatory documents submitted to the FDA, EMA or other government regulatory agency, the information in the submission documents is extremely sensitive.

Regulatory submissions are rich in sensitive information that must be strictly controlled. Here are six recommended best practices:


electronic-submission.jpgBe sure to share your regulatory documents using a virtual data room that can provide granular access controls. In other words, make sure that you have the ability to set permissions at the folder level and also the document level.

It's also important to select the right time to share your documents. Staged access is a best practice that can be used to increase the amount of information disclosed in stages, as the degree of trust with the third party increases. Make sure your virtual data room provides granular access controls and also has powerful tools to rapidly permission large and complex document hierarchies with minimal clicking.

If you are deadline driven, your document sharing solution should allow you to set an automatic expiration date that removes access at a specific date and time to help you control your process according to the deadlines that you’ve established.


There are a number of document sharing solutions that allow view-only access to your documents. However, if you force your users to view large documents without allowing them to save, you’ll be slowing down the document review process. It will drive your users nuts if you give them read-only access because most secure document viewers that prevent document download are slow and take a long time to load large documents. When choosing a data room provider, make sure to ask if the solution allows users to download documents for rapid viewing in a fast and secure viewer. 


We’ve just recommended that you allow your end users to download documents in order to speed the document review process. You may be wondering how you will now maintain control of the shared regulatory documents?

Make sure your virtual data room allows you to retroactively revoke a user’s right to view a file, even if it’s already been downloaded. This capability, combined with the automatic expiration feature, allows you to automatically “shred” the documents at a specific date/time.

In addition, make sure you choose a virtual data room that provides several other document security features ideally suited for sharing regulatory documents:

  • Prevent copy/paste
  • Prevent print, or allow print only to physical printers (not PDF)
  • Automatic watermarking that identifies the user
  • Screenshot prevention

You'll need the ability to pick-and-choose the document security features in a document security policy that can be applied as desired to the appropriate documents based on your specific business case.


Because of the very confidential nature of eCTD document sets, they are often uploaded to a secure virtual data room for two secure external processes – 1) communicating with outside regulatory advisors in preparation for a regulatory filing, or 2) the sharing of previous filings with prospective partners, investors, potential acquirers, or other third parties.

When eCTD documents are prepared within an eCTD publishing tool, they may refer to other documents in the set using hyperlinks. Since these documents are stored in separate folders, the links between them have a relationship that allows them to be moved without breaking. Unfortunately, these relationships do not persist when uploaded to all cloud-based document repositories. Make sure you choose one that has links that are automatically fixed, so that the appropriate document opens when a hyperlink is clicked - assuming that the user has permission to view the target document.


You will want page-level tracking and time-based monitoring of who's seen what and when, down to the page level, providing detailed audit trails for compliance as well as insightful business intelligence into your users' document review progress.

Because there are often hundreds of questions when completing an NDA and dozens for INDs, it's important to have a good Q&A tool built into your virtual data room, so regulatory committees can ask questions in context with your document within your virtual data room/eCTD viewer solution. 


Regulatory submissions are massive, and it can be a daunting task to review the full submission. One of the best ways to facilitate quick review of regulatory documents is to be sure that they can be rapidly searched for keywords. This requires a virtual data room with a powerful and fast full-text search engine, which provides relevance ranking, synopsis display with hit-highlighting, stemming and support for international character sets, provides the tools needed by your end users to quickly identify contents for focused review based on keywords.