The year of 2015 was one of metamorphosis for pharma organizations. We saw aggressive consolidations, mergers, and acquisitions across geographies. The driving force propelling many of these was centered on each companys business strategy to build scale, specialize, diversify, enter new markets, and so on. Irrespective of the reason, the sequel to such Merger & Acquisition (M&A) activities is often the need to integrate and harmonize among others – IT systems and processes.
In my previous post, I discussed how IT harmonization takes precedence in a post-M&A scenario in the pharma industry, and why Quality Assurance (QA) must play a pivotal role in ensuring IT harmonization and change management. Here is my list of the four most important to-dos for the QA function in ensuring IT harmonization:
- Quality requirements must keep pace with technology evolution: IT teams constantly face a dilemma Standard Operating Procedure (SOP) recommendation versus technology evolution. In most cases, technology evolves, while SOPs play catching up. New technologies of the digital world require a different approach to development, customization, and implementation, which the existing SOPs do not address in entirety.
Agile and continuous delivery methods are making inroads into IT environments, but testing and validation SOPs, in many organizations, continue to be based on the conventional V-model, exposing IT projects to the risk of non-compliance. Pharma IT will need to meet business demand for delivery velocity, and must be sensitized to the fact that agile implementation is not just about people, processes and technology. It is as also about ensuring compliance to requirements. The culture of agility calls for holistic QA solutions around agile, continuous integration, continuous delivery, and DevOps. Thus, a holistic QA perspective ensures that technology evolution is not missed just because there was no QA standard documented around it.
As digital IT implementations take precedence, security and data privacy gain prominence, and have become top priority focus areas for QA and compliance organizations. The dimensions of testing and validation too have evolved with technology. Besides regular testing, QA must also own and drive security and vulnerability risk assessments, application and database security testing, threat profiling, data protection for mobile devices, and network penetration testing. The realm of testing has expanded to non-functional tests for GUIs and devices. Performance, security, browser compatibility, device and platform compatibility tests are as important as the traditional functional tests. In all this, the role of automation cannot be ignored. Test data management, test environment provisioning, service virtualization, release deployment, and infrastructure management are all candidates for automation. With digital appearing and even redefining IT agendas, test automation is no longer a distant reality, but an accepted norm.
- QMS processes and IT systems must be harmonized in sync: An organization that has grown through M&A will have multiple QMS processes, inherited from the merged entities. It is important for QA to evaluate inherited processes for relevance and consistency. At times, the harmonization exercise may require some SOPs to be rewritten, or entirely decommissioned. At the end of harmonization, the organization is left with a simple, clear and transparent inventory of SOPs for guiding project teams.
For instance, our experience shows that an extended, partner-supported, Validation Centre of Excellence (CoE) helps pharma organizations balance the goals of IT compliance and transformation. An experienced implementation partner brings in expertise, assets, standards, and experience. With this augmented support, the pharma businesss QA functions can adopt a risk-intelligent method for implementing legal, regulatory and corporate policy requirements.
- Service provisioning must follow an industrialized, factory-based approach: The road to a harmonized and transformed IT estate goes through the journey of gradual rollout of new platforms to replace legacy systems. Besides tight control on budget, the transformation journey, to be first-time-right, requires flexible staffing models, quicker test cycles, and above all, a risk-mitigated approach to delivering the releases. The conventional approach, focusing merely on test management, or stretching existing capacity, will not help IT organizations ensure compliance and achieve transformation objectives. Rather, an industrialized, factory based approach to service management provides the flexibility to focus on high priority tasks, while relying on the factory model to deliver services around technology automation, tooling and integration tests. An apt QA governance mechanism induces aspects of service levels, training, knowledge, and project management into the test factory.
- Transformation must be backed by Organization Change Management (OCM): Finally, OCM – the often known, yet understated need – completes the picture. Timely intervention and change facilitation ensures the desired organization impact from the transformation initiative. An upfront OCM strategy enables CIOs to ensure stakeholder alignment, plan and drive focused communication and learning, build awareness, track and measure performance indicators and benefits, gauge organization readiness, and proactively manage risk and resistance.
As pharma IT braces itself for harmonization, change-readiness in the QA and testing functions, in a true sense, will be a harbinger of encouragement for IT teams. Pharma QA units must wake up to these realities, to make the move from risk averse to risk intelligent entities.