What does it mean to be always compliant?

Implementing and maintaining compliant ERP systems for Life Science

When implementing an ERP system, you already know how important it is to ensure that your system is validated before going live. But have you considered what happens after? It is one thing to ensure compliance during the project and another to stay compliant afterwards. So, when we say, “always compliant”, what we mean is maintaining the validated state in up-to-date digitalized business applications according to regulations and requirements throughout the system’s entire life cycle.

Change is happening – rapidly

We are quickly approaching a world where the Life Science industry’s comfortable ways of working are fading out. Before we know it, maintaining existing on-prem systems will no longer be an option. Why? First, because we see a trend that Line of Business is seeking out cloud solutions and new technologies to improve the business, second technology is improving and guidance built on old ways of working will not be applicable to new tech, and third because the on-prem systems we are used to are running out of service. This means that, ready or not, you will have to leap into the less predictable and make changes to your IT environment – including changes to the ways in which you ensure that your IT system is always in compliance.

But before we take that leap, let’s diagnose the problem. Change is a challenge for the pharma industry, but why? Is it the associated risk? Or rather, the comfort and rigidity in existing system structures? By nature, we want to stay out of danger. So, if existing systems work, should we not just mitigate risk and keep them? No. In fact, by staying in these comfortable structures and processes, we are only increasing our risk.

That is because out-of-date technology will eventually no longer be able to meet validation demands, modern security requirements, and end up non-compliant, leaving management dissatisfied and your company at risk.

What do you need to be always compliant?

Overall, industry regulations will remain similar. Unlike technology, guidance and legislation changes slowly. So, your goal will be the same: show you are in control of the system. What is changing is how these systems are operated and, consequently, the ways in which we demonstrate that we are in control.

Give up some control to ensure efficiency, predictability, and compliance

With on-prem systems, you are in control of every aspect and run the entire system more or less by yourself. With cloud services, this is no longer a possibility because the cloud provider will have control over some aspects of your IT system including forced releases and updates. Remember: You are not solely buying a new business application. You are also buying into rethinking the ways in which you operate it and handle responsibilities.

Determine the how first

Once you decide to buy a business application, change, or update your IT solution landscape, you must begin preparing IT and operations for system governance. As we mentioned earlier, the main goal remains the same: maintain compliance and show control. What changes is how changes and releases are handled and by whom throughout the life cycle of your application. And this must be decided before you start operating your system. Why? Because once you go live, these changes and updates start coming and keep coming. If you do not have an established way to handle them, you will quickly lose control of your system.

Contrary to popular belief, change is not the problem. Rather, it’s your underlying structures. Many of us have been using the same SOPs and URSs for years because they work, and we know they work – thereby giving us certainty and comfort. That is the problem. We fear losing predictability. Even if it may not feel like it, giving up some control can lead to better predictability. With an up-to-date system and external help building and maintaining strong structures with Validation as a Service, you’ll be able to easier mitigate challenges derived from change.

Involve Business, IT operations, and QA from the start

While you are configuring your system, you will be documenting and testing with support from your vendor. Your vendor will provide parts of the documentation and testing. These parts from your vendor will be maintained in their tools and according to their procedures both during the project and during future operation.

Therefore, we recommend that you involve all stakeholders (business, IT and QA) early to determine how the vendor’s documentation, procedures, and tools fit with yours. Ask yourself:

  • How will we adopt vendor documentation to avoid additional work?
  • Which part of the documentation is our responsibility?
  • Can we work with the same tools to have a single source of truth?
  • Which activities in the change/release procedure are controlled by the vendor?

To manage changes efficiently, you must establish good procedures, create a RACI (incl. vendor activities), and align which tools to use.

Epista Expert: “Managing changes efficiently is one sure way to save time and money. Setting this up might appear difficult and time consuming, but it will save you a lot of frustration later.”

It is important to establish good processes for this during the project phase to build a solid foundation for managing changes during operations. This is where you involve IT operations. Because IT operations will handle documentation and testing in operations, get them involved in the process creation to ensure things will run much more smoothly once your system is live.

And don’t forget to involve QA. You are a Life Science company, so QA processes are likely already hitting all the marks necessary for your business to function. Make sure that the procedures for Quality Assurance are not left out or you risk losing necessary QA functions and will gain value from efficient and aligned work. By including IT and QA from the start, you reduce the risk for inefficiency and misalignment in the future.

Accelerators & Best Practices

No system is perfect. That is why we recommend identifying accelerators and tools to enhance the strengths of your IT system. This includes specific functional enhancements as well as add-ons from Life Science-focused technology partners. With the right mix of system accelerators and knowledge of industry best practices, you’ll be able to maximize the use of your IT system.

Always compliant is possible

If you weren’t convinced before, we hope that now you can see that with a well-planned implementation and solid documentation, testing, procedures, it is possible to have and maintain an always compliant ERP system. We can’t promise that it will be an easy transition. You’ll have to consider security, change your ways of working, and make the move from old systems, but that is why it is important to have the right plan and team in place to execute efficiently. Epista can round out your team with our years of experience in ERP and proven methodologies for maintaining compliance of IT systems in the Life Science industry. Get in touch if you’re curious to learn more.

What else do you need to be prepared for before starting on your journey to be always compliant? The cloud. Check out the first (From System Selection to Operations) and second (Using the cloud in a validated environment) articles in our always compliant series.

Talk to an expert

Henrik Walther Madsen
Director ERP

Explore other articles

Get in touch

We enjoy sharing our knowledge. Get in touch to find out how Epista can add value to your Life Science company.