Assessing IDMP Maturity

The recent publication of the European Medicines Agency’s (EMA) latest version of its EU IDMP (Identification of Medicinal Products) Implementation Guide is something of a landmark for the industry. Not only will it spur software vendors and pharma companies to progress systems that support compliance with simultaneous data-based and packaged-dossier regulatory submissions, but it will also lay the ground for transformational change as to how pharma firms utilize data.

IDMP preparations should encompass changes to core regulatory business processes, giving pharma firms the confidence that they are working with the best data, supported by the appropriate governance. Only such organizational changes will unlock the fuller gains of a data-based product management future.

But how ready are companies to move forward? Without understanding the gaps in their current capabilities and processes, they will struggle to make efficient progress towards either their short- or longer-term goals. It’s vital, then, to begin with an IDMP readiness assessment.

Conducting an IDMP maturity assessment

IDMP maturity assessments can be divided into four broad areas of work, which can all be undertaken simultaneously if required.

Assessing processes. Before an organization gets serious about compliance, it must address its processes first. Reviewing all processes currently affecting how data is generated, captured, checked, combined, and maintained, and how these feed into existing document/dossier creation, is essential.

Drawing on industry-standard IDMP process reference models, accessed via an external advisor, companies should assess their current business and data management processes and identify the impact IDMP will have on current modes of operation.

Mapping out the company’s current approach is vital — identifying any gaps compared to the new target data governance framework, pinpointing areas of risk and opportunity, and devising optimum data governance. Understanding the current state of play will also help with the set-up of process design/redesign activities. Depending on the size and scope of the organization, the data collection, quality control, and cleansing requirements, and any new or revised processes needed to ensure ongoing IDMP compliance, could be significant, so companies shouldn’t underestimate what will be involved.

Assessing organizational structures. As companies realize the power of working with data and a single, central master version of their product truth — managing product-related information will transcend the remit of regulatory affairs. Suppose companies want to fully capitalize on the potential of a new data-focused way of thinking, planning, and ensuring quality and safety. In that case, it follows that maintaining a consistent, high-quality master data set will be a task bigger than any one department.

An organizational assessment will help ensure that the right stakeholder groups are given the attention they need throughout the digital transformation that is IDMP implementation. Crucially, this process will determine everyone's awareness of IDMP and its implications both for interactions with the authorities and for internal ways of working. It will also provide vital input into the necessary organizational change management (OCM) strategy and guide a communication plan mapped to the particular needs of each stakeholder group.

Technology assessment. This element is a highly significant part of any IDMP readiness assessment. A technology assessment is important in its own right. Still, it needs to be considered in tandem with process/organizational findings to ensure that any system updates or replacements can support the new target operating model (in which data and documents are submitted in sync). Individual system and overall architecture provisions must be looked at with an eye on any future compliance requirements and other data-driven process ambitions.

Taking in an analysis of the current system architecture, as well as the core systems of interest, the goal should be to define a fit-for-purpose technology strategy. This should include the use of or upgrade to a regulatory information management (RIM) system; use of a product backbone or master data management (MDM) solution; building an in-house solution, or even using EMA’s product management services (PMS) web interface — based on your specific situation and future IT plans.

Data assessment. The data assessment should aim towards a comprehensive understanding of the location, ownership, quality, and quantity of the company’s IDMP data set. This will enable the planning of tailored data remediation activities.

Most organizations will need assistance on this part of the work to fully understand the IDMP data model, the ins and outs of the latest EU Implementation Guide, and the typical business processes generating and/or handling IDMP data. Performing data pilots with a carefully considered cross-section of current products is advised.

The aim should be to compare internal data sets with both the IDMP ISO standard requirements and the specific definitions set by the EU Implementation Guide. Finally, in-house data will need to be compared to the data within EU IDMP Referential Management System (RMS) and Organization Management System (OMS).

Once data mapping is complete, companies should have a clear overview of where their IDMP-relevant data resides today, both in a structured format (i.e., system/database) and in an unstructured format (i.e., within documents); the current quality of that data; which functions own the data/ which systems are currently considered the ‘sources of truth’ when putting together dossiers or answering agency queries; which data is currently missing and what this will mean in terms of data remediation; and more.

In addition, drawing on the outcomes of the data mapping undertaking and those from the technology assessment will help draw up a data remediation plan with appropriate activities and timings.

Formulating an overall IDMP vision

Any organization undertaking these assessments will have made a profound step in IDMP readiness and better management of data in the future. Assessment results will help inform a pragmatic, future-proof IDMP vision and strategy and an optimally aligned IDMP roadmap and implementation plan.

Once the assessments have all been completed, organizations must begin developing the main driving principles of their IDMP Initiative. This should start with compliance with EMA’s IDMP implementation and ensure that the IDMP ISO core remains suitable for other regulators’ requirements in the future, such as the FDA’s, for example. Pharma is a global industry, and re-use of the initial European compliance effort elsewhere in the world is vital, while providing a pathway to driving other business value (from high-quality data-driven product management) in the longer term is also imperative.

These driving principles will set the course for any IDMP implementation and support decision-making, preventing the company from making choices that take it into new silos or technology dead-ends.

It’s vital to ensure, too, that the IDMP strategy dovetails with/does not conflict with any other pivotal company initiatives, such as the organization’s broader enterprise data strategy or use of an agile delivery model. Once this foundation has been established, the next step on the IDMP journey should be to agree on the value-driven additional use cases for IDMP, which will involve cross-functional collaboration and decisions about initiative sponsors. From here, the organization should set the target timeframes for the initial IDMP go-live/’release 1;’ and then define the target approach for the xEVMPD-IDMP Product Management Services (PMS) database transition period.

What does the IDMP roadmap look like?

The concluding element of the organization's IDMP efforts to this point should be to set out a clear IDMP roadmap and implementation plan — which doesn’t try to accomplish everything in a first project release. Attempting too much too soon can seriously impact progress, budget, morale, and long-term success. Even if company-wide master data management (MDM) — extending across RIM, Pharmacovigilance/Safety, and ERP — is the final goal, it’s much more advisable to start with a leaner program that can be added to as time goes on and as the need arises.

Enabling a step-wise increase of IDMP capability maturity overtime is undoubtedly the best approach. Each incremental release should be defined using the outcomes of the IDMP maturity assessment conducted previously, factoring in three key components at each stage:

  • Compliance-driven components — e.g., IDMP EU Iteration 1 compliance, ‘step 1: Central Authorization Procedure (CAP) products,’ followed by ‘step 2: non-CAP products;’
  • Value-driven components — e.g., batch release optimization; automatic population of electronic regulator forms; and
  • Supporting infrastructure to enable process and technology implementation data remediation activities, etc.

Only then can any detailed implementation plan for the initial release(s) can be created.

IDMP is a transformative piece of regulation and one that pharma companies must get to grips with, both for ensuring compliance and maximizing any benefits from digital product information management. The importance of the assessment processes outlined above cannot be underestimated in achieving IDMP success. Without it, organizations will struggle to maximum IDMP value, but with it, they can unlock the full benefits and set themselves firmly for the future.

Adnan Jamil is a Senior Consultant at Iperion, now part of Deloitte.