Optimizing resources and minimizing risk

Published on: 

Pharmaceutical Technology Europe

Pharmaceutical Technology Europe, Pharmaceutical Technology Europe-10-01-2007, Volume 19, Issue 10

An electronic object-based approach towards validation is forecasted to be the upcoming validation paradigm supported by reliable web-based technology, organizational focus on risk management and overall enterprise effectiveness.

Life science organizations face corporate governance, enterprise risk management, legal, and internal policy mandates that are increasing in frequency and cost. How life science organizations face product and process compliance issues affects not only the risk of noncompliance, but also their operational viability and, ultimately, their competitive advantage.

Commonly acknowledged problems with paper-based compliance procedures commonly used by the life science industry, including Big Pharma, are:

  • Lack of compliance, consistency and accountability in processes.

  • High resource requirements for quality assurance (QA) in critical and noncritical processes.

  • Suspicious audit trails and low reuse of knowledge across the enterprises and industry.

  • No electronic signatures or electronic submissions.

  • Uncertainties over the correct enterprise, product and process compliancy level. When is it lean?


All pharma manufacturing processes and related IT systems must be validated and documented according to compliance with the FDA cGMP, ISPE GAMP 4 Guidance, ISO 17025, Eudralex Legislation and GxP Guidelines. As most validation processes are paper-based, life science companies spend a lot of skills and resources on preparing, controlling, approving and archiving validation documents and records throughout the entire product life cycle (Figure 1).

Figure 1

Business operational risk and regulatory compliance place an increasing burden on life science companies for the following reasons:1

  • Regulations apply across the entire product life cycle in the life sciences. After securing compliance with the previously mentioned regulatory policies and guidelines, new legal compliance issues are constantly being added.

  • International operations and markets increase complexity. Life science companies that produce drugs are some of the world's largest and most globally distributed firms. They must control far-ranging operations and navigate a complex set of local restrictions on promotional and sales activities, which vary across markets. Global standards are also becoming an imperative.

  • Multifaceted partner relationships dominate. Worldwide drug supply chains include a complex network of manufacturers, wholesalers, secondary distributors and retailers, all with independent risk mitigation issues.

  • Mergers and acquisitions complicate business operations. During the past 7 years, the life science industry has seen record merger and acquisition (M&A) activity in both number (650 M&As in 2005) and size. Rapid M&A activity creates broken and inefficient processes as companies struggle to integrate new operations while maintaining regulatory validation. The operational landscape is further complicated by the industry's growing use of outsourced or offshore vendors to supplement internal resources for clinical trial data management, application development and IT system management.

These key business drivers force life sciences to move from paper-based compliance environments towards applying new information and communication technologies; that is, electronic compliance, which ultimately should demonstrate patient safety and product efficacy as demanded by legal authorities. From an enterprise perspective this transformation should also result in:

  • Faster clinical trial completion.

  • Faster regulatory approval.

  • Faster marketplace introduction and, therefore, longer patent utilization. This results in significant financial and competitive advantages, and shorter pathways to patients.2

The overall conclusion is that life science companies need governance, risk and compliance software platforms (GRC) to drive sustainability, efficiency and consistency in managing enterprise risk and compliance. The GRC software platform market has grown from $85 million (€62 million) in 2002 to $590 million (€434 million) in 2006. Forrester projects that the GRC market will expand to $1.3 billion (approximately €0.95 billion) by 2011; that is, an annual average growth on $142 million (approximately €104 million) in this 5-year period (i.e., 24% annual growth rate).1, 3, 4 In particular, GRC platforms based on an object-based validation methodology, compared with traditional document-based GRC software platforms, are expected to experience a high growth rate because several immediate advantages and cost-savings are achieved.

In object-based validation, an object should be considered a well-defined entity or collection of records. This could be fields, sections, documents, tests, results, test plans or requirements. Object-based validation defines and uses entities for validation purposes. This provides better traceability (and thus transparancy), learning and reuses previous object validation, making it more efficient and economic. Validating an object using this method eases the validation of that object used elsewhere. What object-oriented programming did for software development, object-based validation will do the same for validation.

GRC platforms enable life science companies to establish a platform that maintains a single and consistent system of objects for enterprise risk and compliance while managing the intricacies and relationships of risk and compliance. They feature four types of capabilities:

  • Policy, procedure and control documentation.

  • Risk and control assessment.

  • Risk analytics.

  • Loss, event and investigations management.

Traditional GRC software platforms and test management systems with these capabilities exist so that life science companies can cope electronically with some of the business and environmental drivers mentioned previously. However, no tradition GRC software has:

  • An object-based validation-approach meaning that specific content 'within' and 'across' validation documents can be linked and re-used in subsequent change requests (CR's) and deviations (e.g., the user requirement specification document [URS]) and all related specifications, designs and reports.

  • No traditional GRC software supports the entire life cycle validation process via a single platform.

Object-based systems process information in a database rather than in free-format documents. The user is allowed to produce the same types of documents as in the document-based approach, but the documents are collections of specific data (database reports) rather than traditional documents. Moving from the document-based approach to the respective object-based approach, it is possible to link different records so that a particular URS can be directly linked to functional specifications, risk assessment, design records, commissioning and validation. This allows the documentation to be reused. Also, requirements that in an earlier CR resulted in deviations can be alerted as probable future deviations and handled and modified accordingly. The object-based approach is depicted in Figure 2, illustrating the key difference between traditional document-based GRC systems and a respective object-based system.

Figure 2

Figure 2 illustrates how multiple records can simultaneously constitute both documents and records. The "!" symbolizes a deviation, which is related to the respective record and allows for active feedback.

Overall, object-based validation will enable life sciences to:

  • Reuse records and benefit from earlier project knowledge.

  • Reuse templates and forms, and conveniently reproduce records in printed documents.

  • Link and trace records with different, subsequent validation records.

  • Have multiple authors and privileged users.

  • Improve reliability (transparency and access to earlier project knowledge and deviations).

  • Provide a 360-degree view from risk assessment implementation in CRM when receiving and reporting on a customer complaint to back-end life cycle stages.

  • Proactively monitor and control projects.


Intelligent use of information communication technology manifesting itself in a web-based thin client/thick server solution, including an object-based validation methodology in GRC applications, will ensure true electronic record compliance with regulations, and full traceability across and within structured documents instead of managing documents in a traditional document management system.

While the advantages of using an electronic object-based validation methodology are obvious, it requires that any company introducing such a system has full control of its own processes. It is impossible to introduce such a system without a specific idea of what processes and procedures it has to follow, the roles of each user, and which templates to follow. Without this, no electronic system will be successful.

An object-based system may, however, be the exact push that the organization needs to succeed with its validation processes, and the only way to ensure true compliance because no paper-documented process can ever be performed without errors in relations, violation of written procedures or basic errors in GMP.


Transformation towards electronic validation using web-based technologies securing global standards, coupled with the benefits of an object-based validation methodology demonstrate performance increases available to life science companies as they continue to use and maintain this new paradigm throughout product life cycles. This is because of extensive reuse of earlier documentation and project knowledge (including deviations), monitoring, project transparency and reporting facilities. A document-based, validation process however, whether paper-based or electronic, is predicted to limit life science companies in their efforts effectively minimizing documentation costs and resources.


1. M. Rasmussen, "The Forrester Wave: Governance, Risk, And Compliance Platforms, Q1 2006," Forrester, March 2006.

2. US Department of Health and Human Services, Food and Drug Administration, "Guidance for Industry, Fast Track Drug Development Programs — Designation, Development and Application Review," (January 2006).

3. M. Rasmussen, "Will The Real Risk And Compliance Vendor Please Step Forward? Defining The Risk And Compliance Market Landscape," Forrester, November 2005.

4. IBM Business Consulting Services, "The Metamorphorsis of Manufacturing," IBM (2005).

Henrik Johanning is director and executive advisor at QAtor A/S (Denmark), and a member of Pharmaceutical Technology Europe's editorial advisory board.