Endo Pharmaceuticals Simplifies Validation
with a Risk-Based Approach

Even for biopharmas with strong processes and a quality mindset, validation can be fraught with risk and inefficiency. Scope creep can happen when teams don’t establish clear expectations at the beginning of a new project. Testing and documentation can become cumbersome, trapping teams in an endless cycle of validation that stifles new features and innovation.

The IT team at Endo Pharmaceuticals Inc. (Endo) knows this firsthand. After their first Veeva Vault implementation, Gregory Rosen, executive director of IT, and Joanna Ollendorff, associate director, computer systems validation, saw an opportunity to make the validation process simpler and more efficient.

“We tested everything. Like many other companies, we didn’t have an expert understanding of the system and we were duplicating efforts that Veeva had already done,” said Ollendorff. “We didn’t identify what was Endo-specific configuration and what was base functionality from Veeva.”

Rosen described the level of effort at that time as immense and unsustainable. “Every time we had a release, we’d have to go through an exhaustive exercise to ensure that the release maintained our defined validated state of the application. Which essentially meant we would never be able to take advantage of the new features Veeva was introducing.”

The team was determined to make a change.

Establishing a 3-step approach to validation

At its core, Ollendorff describes Endo’s strategy as a risk-based approach to validation modeled on GAMP 5. But, some simple changes in mindset have reduced the impact on IT resources and the business as a whole. Endo’s strategy centers on leveraging the validation work that Veeva already does to reduce the overall testing burden and speed the adoption of new capabilities.

1. Implementation validation: building trust with the vendor

A thorough quality assessment of the vendor is the first – and perhaps most critical – step in the validation process. Defining expectations up front and leveraging Veeva’s documentation helps Endo reduce time spent and get to value more quickly.

Endo accomplishes this by using Veeva’s classified levels of validation risk as a guidepost for running test scripts during implementation. For out-of-the-box or low-risk functionality, no testing may be required at all. When testing is necessary, the Endo team works closely with the Veeva team to execute the test scripts in a sandbox environment until they are approved. This methodology limits testing to only Endo-specific configurations with a certain risk profile, eliminating redundancy and creating more value for the company.

“We are not duplicating efforts, we’re not retesting what Veeva has already tested,” said Ollendorff. “We’ve mitigated the risk of doing that: we audited Veeva’s company and quality systems structure, we performed an IT security assessment, we looked at Veeva’s CSV practices, and through those actions, we were able to mitigate the risk down to an acceptable level for the business.”

“In the world of cloud-based GxP tools there has to be a comfort level that people get to, and it all starts with the vendor assessment,” added Rosen. “Having the mindset to look at Veeva as a GxP supplier has helped, that’s the real advancement in our thinking.”

2. Managing updates: classifying the level of impact

Once implementation is complete, Endo adopted a similar mindset for managing updates: create efficiency by leveraging what has already been tested. For Veeva’s major releases, which happen three times a year, Endo takes a three-step approach:

During this process, Endo reviews Veeva’s release impact assessment and compares it to its own environment. While something in a general release might be a high risk for general use, if it’s not a feature Endo has in its configuration the team rates it as not applicable, or low impact. Doing so saves unnecessary testing and validation efforts, and is a key differentiator in Endo’s overall approach.

“A lot of companies say they take a risk-based approach, but they end up testing everything, even if it’s low-risk or has no impact,” said Ollendorff. “It becomes very cumbersome if you’re not relying on what Veeva has already tested, and you could end up rerunning those scripts as part of regression testing every time there’s an update.”

3. Making changes: managing configuration enhancements

The last piece of Endo’s risk-based validation strategy is managing enhancement requests to existing functionality, for example, turning a required field on or off, or something more involved, like adding new pieces of functionality.

For these changes, Endo uses a governance process that catalogs and categorizes every enhancement request and assigns each one a score based on the expected level of effort and IT complexity. Low-effort items, like cosmetic changes, score one point, medium items such as changing a configuration setting (already tested by Veeva) score three, and high-effort items, for example, additions that necessitate a test script, score seven points. For each bundled release, the Endo team ensures that the total score of requested enhancements does not exceed 13 points. By using this methodology, Endo can cap the impact on the validation process and manage updates more effectively.

During this phase, the Endo team continues to rely on Veeva’s documentation to assess whether a new feature or functionality truly needs to be tested or can simply be verified with existing documentation. “We are a lean team,” said Rosen. “We don’t have a huge department, so we need to work smarter. This approach helps us compartmentalize the impact and still be compliant.”

Maintaining compliance while improving speed and value

With this three-step strategy in place, Endo has been able to achieve gains in both speed and efficiency “Having a risk-based approach to validation enabled us to launch three additional Vault products in six months. Benchmarking revealed that for many companies the same effort would take 36 months, with one of the biggest factors being the validation efforts,” said Rosen.

Ollendorff credits a lot of the improvement to how the team changed their mindset from a traditional, on-premise, test-everything mentality, to embracing a risk-based approach and leveraging the partnership with Veeva. “All of our requirements are being met, it’s just being done in a different way.” said Ollendorff.

For Endo, reducing the impact of the validation processes has yielded clear benefits to the business. “We’re still maintaining a high compliance profile and have achieved a significant level of bandwidth giving us the ability to explore, adopt, and introduce the new capabilities that Veeva is providing without being in a constant state of validation,” said Rosen.

Learn more about best practices for release management.