Another compliance project or a new way of conducting business?

In this article, Rune Bergendorff of NNIT discusses Identification of Medicinal Products (IDMP) as a new way of conducting business, the benefits gained by adopting the IDMP model and how IDMP can be implemented to help businesses run more efficiently.

To support the continuous improvement of pharmacovigilance oversight within the EU, the European Commission mandated pharmaceutical companies to submit product information according to ISO IDMP standards. The standards are global and other health authorities are to follow suit.

ISO IDMP has many of the characteristics of a regulatory affairs compliance project. There are legislative aspects and external requirements and a need for submitting information according to a certain standard based on existing structured and unstructured data. However, ISO IDMP is much more than a compliance project. It is an opportunity for developing a new way of conducting business, as well as a new way for designing the processes in, and defining the culture of, a pharmaceutical company. It may also be a catalyst for tearing down traditional silos within the company and integrating various business units.

Historically, pharmaceutical companies have struggled to integrate their processes throughout the product lifecycle and across divisions, making it difficult to track the history of a given product at any given point. Master Data Management (MDM) has emerged as one way to tackle this challenge, but has traditionally sparked internal battles between the various silos within the company and led to numerous fights with other companies, while trying to define what master data really is and exactly which values—product names, country codes, dosage forms, etc.—are the right ones. To date, no genuine winner has been declared with the manufacturing domain as a runner-up. As a result, MDM has acquired a ‘rusty’ reputation and has only been taken to the level of ‘domain data management’.

Data domains

Achieving limited success in integrating processes and application landscapes supported by a strong data management concept is partly due to the traditional silos within a company, coupled with a lack of a sense of urgency and a business case that is difficult to explain.

IDMP: the first step towards an integrated company

In many ways, IDMP is one piece of a much bigger legislation puzzle requiring companies to connect data and processes. Several colliding initiatives, including the EU clinical trial regulation, ISO ICSR, 520/2012, Article 57, are meant to reveal a pharmaceutical company’s data to the authorities, which requires connecting that data.

To consider IDMP as just another compliance project is a very short-sighted strategy that could result in a process and IT setup that will soon need changing in order to adapt to future requirements.

What benefit does IDMP offer? It offers a set of information models consisting of fields, conformances and relationships that have been defined. This effort could be seen as a blueprint for storing and managing data. Although IDMP does not support all data points throughout the company, it is still a good starting point and a model for building other data domains.

Agreeing on scope and content is the largest challenge with MDM.  However, with IDMP this challenge has been met and is now controlled externally by standardisation organisations (SDOs). Pharmaceutical companies no longer need to debate proper values. The SDOs will maintain the agreed upon vocabularies to which the company must adhere.

The IDMP information model contains data from different company domains, such as safety, regulatory affairs; manufacturing clinical; chemistry, manufacturing and controls (CMC); and regulatory affairs CMC, among others. This requires companies to work across various silos and provide an opportunity to integrate processes defining the sequence, roles and responsibilities, overlaps and missing links. It is, of course, possible to become IDMP-compliant without integrating the processes, but companies may not want to do this after considering the many benefits of integration.

The starting point and solution 

Companies typically face several scenarios when encountering IDMP challenges. One scenario is represented by a company that is primarily paper based (including PDFs). Another scenario arises when a company has good IT support, a well-used Regulatory Information Management (RIM) application, one or perhaps multiple ERP instances and a CTA application.

Meeting the IDMP challenge depends on which scenario fits a given company’s profile. The common denominator between the scenarios will be that your IDMP solution must be flexible. Supporting the journey towards an integrated company, one should not develop the path as yet another siloed application.

If the company is primarily paper-based, that is not necessarily a deficit with respect to IDMP implementation. This type of company will have some advantages as there are no legacy systems to factor in when designing the technical setup. Splitting the set-up into at least two parts should be considered: one should be for entering and maintaining your information; a system which ultimately could act as your RIM system as well. This solution must support an interface divided by roles to let the various parts of the organisation enter their specific data without having to look through multiple pages of content before finding five fields to maintain. Furthermore, the users should not be able to see all the data as some data will be confidential and restricted to only the areas maintaining the data.

A second part of the setup based on IDMP should be a data hub for storing your blueprint data model. The hub must be made available and separate from the application in order to ensure that data is accessible from other internal applications and processes. Furthermore, the data hub will be a starting point for integration. The information model must not depend on an application, but should support the organisation’s need to integrate new data domains. The blueprint data model should initially focus on IDMP, but must be able to evolve as requirements change.

Data hub concept

For companies already supported by applications, the challenge is slightly different. They will still need an IDMP application, as described above, and a data hub. However, the requirements for the data hub will be more extensive. These companies will have to decide if and when to comply with the data standards in the source systems. Furthermore, they will have to decide where to include the additional data elements required by IDMP. It would useful to include it in the source application if the strategy is to remain with the application. This means adding information to the labelling system and expanding the use of the RIM system. In the short term, this is the more difficult way of doing things, but in the long run having data in the applications designed to contain information regarding a specific area through an existing process is preferable. The alternative is having employees maintaining the same information in two different systems, supported by different processes. This is not only time consuming and increases the risk of error, it will also impact employee satisfaction and prevent the company from gaining the benefits of having data readily available.

Regardless of whether the company fits scenario one or two, the following are key points to address to have IDMP enable a new way of conducting business and help the company meet future requirements in an easier and less costly manner:

  • Understanding IDMP is the first stepping stone towards MDM, driven by the authorities.
  • Use controlled vocabularies (do not adopt them blindly) making sure they are integrated as widely as possible.
  • Put a solution in place enabling evolution with the external requirements, building on one pool of data to be used for different reporting purposes. The EU clinical trial regulation, ISO ICSR and ISO IDMP, should be used as the starting point when building the regulatory data hub.
  • Identify processes supporting IDMP as a starting point and make sure every contributor is aware of at least the step prior to and after his part of the process. The person filling in the electronic application form in Europe should be aware of the consequences of his/her choice of values regarding the full IDMP submission.
  • Understand the data. Make sure the pool of data generated from IDMP and other requirements are understood and used internally for safety purposes, trending purposes and for controlling the pipeline.

If IDMP is not perceived as a new way of conducting business, there is a risk the authorities will know more about the company than you do. They will connect the dots at their end as well as conduct trending and analysis. They will be able to pinpoint gaps in company processes by pointing out data inconsistencies in the company’s data submissions through the lifecycle of products. The company would have built yet another silo, with its own governance and processes, putting more tasks on staff, requiring them to run faster. Further, IDMP would have been a pure cost for your company without harvesting any benefits. Worse, the next time a regulatory requirement emerges, tying into IDMP and ICSR will require performing the same tasks again.


NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations. For over a decade, we have applied the latest advances in technology to make software development, business processes and communication significantly more effective. ​NNIT’s service offerings include advising, building, implementing, managing and supporting IT solutions and operating IT systems for customers. ​In 2015 our revenue was DKK 2.6 billion. Today, NNIT has more than 2,500 employees, with around 900 employees working outside of ​Denmark in China​​, the Czech Republic​, the ​Philippines​, Switzerland​ and in the US.