Operations Utopia: Striving for Practical Excellence in Life Sciences Operations

Matt Neal

In what may be one of the most niche topics for a podcast, Operations Utopia is a podcast about the desperate need to streamline Life Sciences Operations to get treatments to patients faster and explores how life sciences organizations should operate—by examining why they usually don’t. Disclaimer: The podcast content represents the opinion of the speakers, guests & host and does not reflect those of their organizations, system vendors, or service providers.

Episodes

  1. Jul 3

    06 | Vibe Coding the Perfect Workflow: Building Systems That Fit Like a Glove — with Paul Slater

    About the Guest Paul Slater helps professionals, leaders, and organizations navigate the human side of AI transformation. He is the author of The AI-Ready Human: Your 90-Day Program to Stay Relevant as Technology Transforms Work, host of the Humanity Working podcast, and founder of Paul Slater Advisory. Paul spent nearly two decades at Microsoft, leading global digital transformation initiatives — including defining strategy for the company's Life Sciences business — and authored more than 20 books and courses for senior technologists. He has contributed to AI think tanks at Harvard, Duke, and Arizona State University, and briefed Fortune 500 executives and national governments worldwide. He is currently an analyst-relations thought leader at Adobe, where the frame problem behind this episode — "how do I stay on top of what 70+ industry analysts are saying?" — is the one he ended up vibe coding a solution for. Key Topics The 12-hour build. Paul's opening story: needing a hybrid of a CRM, a CMS, and a news feed for his Adobe work — a "CIA-profile-every-analyst" system Salesforce doesn't cover — and building it end-to-end in Claude Code in about twelve hours. His advice: if you're not technical, get a bit technical. If you're technical, get more technical. Then build the thing that fits your work like a glove. The barrier to coding has collapsed — knowing what to build has not. Paul's clearest reframe: the how-to-code is gone. What remains is the ability to think holistically enough to imagine the system that would solve the problems you have. If you can do that, everything else isn't that hard. This is the muscle worth building. The standardization paradox in regulated industries. Matt's frame: life sciences needs standardized foundational systems it doesn't quite have — and yet if those foundations were solid, everyone could accelerate the individualized layer on top. So can AI let us leapfrog around the missing standardization? Sometimes yes; sometimes the messy reality is the whole reason your custom tool is valuable. Products are an artifact of cost, not need. Paul's epiphany: the explosion of products since 1990 isn't a reflection of need — it's a reflection of how cheap it became to bring a solution to market and wrap it in sales and marketing. Every product then accumulates functionality to justify its existence, until — Matt's line — the product becomes the problem. What actually needs to be centralized. A relatively small amount of data must live in highly regulated, locked-down systems. Everything else — the messy, unstructured, contextual layer that supports the art of the work rather than the science of it — has been artificially wedged into expensive applications where it never belonged. Paul's clinical-trial example: a huge amount of real-world Phase IV signal is already out in the world; you don't need to lock it down at the point of first inspection, only when you build a hypothesis on it. Why software companies have to reinvent themselves. With AI writing an increasing share of software (Paul references Anthropic's public numbers on internal AI-written code), the moat under any SaaS resting purely on software gets very thin, very fast. Paul's bet: winners like Veeva don't get displaced — they reinvent themselves from "product for these roles" into a role-enablement layer that uses their unmatched understanding of how the work is done to build self-forming, naturalistic support for each user. The Star Trek IV point. In the film, Scotty tries to talk to a 1980s Mac and Bones hands him the mouse like it's a microphone. The joke: the future is one where you talk to the computer and it responds. That future has arrived — and it means the same tool should present four different faces to four different people doing the same job, adjusting to how each of them actually thinks and works. The ugly middle ground on pricing. We're paying legacy subscriptions plus token consumption plus occasional old licenses — the worst of every pricing model at once. Paul's read: pick a lane. His preference is everything is a token — like electricity. Leave the lights on all night, pay more. Cleaner accountability, cleaner incentives. Local models vs. the data center. The recent Dell / Microsoft / NVIDIA announcements around local AI processing hint at a different future — where most inference runs on the user's expensive workstation and only escapes to the cloud for the heavy lift. That may be the shape of the cost curve that finally makes token economics work. Nothing about work is fit for purpose. Paul's summary line: technology infrastructure, organizational infrastructure, information infrastructure — none of it is where the puck is. On alternate mornings that terrifies him ("we're all going to be out of a job") and thrills him ("that is a lot of work for a lot of people"). Either way, it's the biggest reset since the PC. The AI-Ready Human and the third framing. Paul's book is designed to meet people wherever they're at — from wall push-ups to elite AI users — and centered on the evergreen part: the human. In work with creatives at Adobe he's landed on a third way to think about AI, beyond productivity-enhancer and quality-improver: AI as medium. Things that couldn't have been created any other way — the Beatles' Now and Then, the short-form work of surrealist artists — are the flipside of AI slop. Same technology, different intent. Notable Quotes "I built something way more useful than any commercial software at all for my job in twelve hours." "You can literally vibe code the perfect workflow support system for whatever job you have." "The product becomes the problem." "You wind up being held back by the very solutions that you're paying for." "Almost every aspect of how work is structured and how work is done is not fit for purpose." "AI can do a poor job of mimicking things humans would do, but it might do a really good job of creating things humans cannot." Who This Episode Is For Life sciences, Reg Ops, and Quality leaders trying to see around the corner of the SaaS-and-AI shift; enterprise architects and IT strategists rethinking buy-versus-build; software vendors serving regulated industries; and anyone wondering what "AI-ready" means for their own job in the next twelve months, not the next five years. References, People & Resources Guest & Work Paul Slater — author, advisor, and podcast host The AI-Ready Human — Paul's book  Humanity Working — Paul's podcast Previous stops: Microsoft (nearly two decades), currently Adobe Tools & Platforms Discussed Anthropic and Claude Code Veeva and Salesforce Local-AI hardware directions from NVIDIA, Microsoft, and Dell Concepts & Cultural References Vibe coding AI as productivity enhancer / quality improver / medium The Beatles' Now and Then — AI-enabled restoration of John Lennon's vocal Star Trek IV's "hello, computer" moment Buy-vs-build, product-as-artifact, and role-enablement as a software-company model Transcript provided by Otter.ai. Operations Utopia - Where Regops, Innovation, Technology, and Execution Meet. Disclaimer: This podcast reflects only the opinion of the podcaster and guests and does not reflect those of their organizations, system vendors, or service provider Original show theme "Little Sammy" by Matt Neal

    54 min
  2. Jun 19

    05 | Trust Architecture: Rethinking Validation for a Probabilistic World — with Nuno Valério

    Executive Summary For most of life sciences history, validation has been a snapshot — freeze the configuration, prove it behaves as designed, trust the system until you change it. Nuno Valério has spent his career inside that paradigm, and he's now one of the clearest public voices on what has to change for it to survive the AI era. As Head of Innovation, R&D Quality at Merck, Nuno is building AI governance frameworks for pharma R&D in real time — and he joins Matt Neal for a wide-ranging conversation about validating probabilistic systems, the trap of blanket "human-in-the-loop" thinking, and what genuine trust looks like when the model itself keeps changing. Key Topics AI as a liberator — when you stay the driver. Nuno's framing: AI is an enabler and a modulator, but the moment you let it produce your voice instead of you being behind the voice, it becomes hollow. The F1 analogy: what was great about watching Senna and Prost wasn't the cars, it was the art of the driver — the late brake that was almost too late, but not quite. AI is a powerful car. The driver still matters. Set the model to challenge you. A practical antidote to the validation-loop trained into LLMs: prompt the model to push back, ask clarifying questions, and always offer a different angle. Sometimes the angle is irrelevant; sometimes it reshapes the whole question. It's how you keep the tool from collapsing into agreeable blandness. The expertise paradox. AI is hugely powerful when you know your subject deeply — you can dig with a backhoe instead of a shovel. When you don't, it sounds great and can be completely wrong, and you won't know to push back. Matt's framing: when you really know something, you notice how not great it is on first blush. AI as the first alien intelligence. Not alien in the extraterrestrial sense — alien in the sense of an intelligence that originated outside the patterns of natural selection that produced us. We've never met one before. The implication: we shouldn't assume it will behave like the only kind of intelligence we already know. Trust architecture — validating the workflow, not the model. The old validation paradigm — take a snapshot of a deterministic system, freeze the configuration, trust it holds — doesn't survive probabilistic models whose outputs change with each input. Nuno's framework validates the whole ecosystem around the model: the tool, the human reviewing the output, the infrastructure, the guardrails, and the drift monitoring that flags when the model wanders. The goal isn't perfection — it's predictability you can sign under. The human-in-the-loop trap. Putting a human everywhere isn't governance — it's burnout. Picture the reviewer at 5pm with 300 outputs to validate and a partner waiting at home. The first 257 were perfect, so he clicks through 258, 259, 260. "Human-in-the-loop" needs to mean human-on-the-loop where it matters — triggered by drift, risk thresholds, or signals the model is operating outside its trusted envelope. Risk-based proportionality. A model that summarizes a meeting doesn't carry the same risk as one producing a safety report for a submission. The validation effort should reflect the consequence of failure. Quality has been doing risk-based work for decades — sampling, focusing where it counts, accepting you can't be everywhere. AI doesn't change that principle; it raises the stakes for applying it well. The customization trap. Nuno's pushback on Matt's optimism about Veeva and Salesforce implementations: pharma companies routinely insist they're special, customize the standard configuration to match how they already work, and then can't absorb new features. AI capabilities increasingly only work — or only work well — on standard configurations. The cost of "specialness" is now showing up in the roadmap. And requirements gathered from people doing it the old way produce new systems that look exactly like the old systems. Data quality, compounded over decades. Pharma's data is messy because there was never an incentive to fix it. Decades of operations stack up. Synergies across silos and regions matter only if the underlying data can be connected — which is exactly why frontier AI labs see life sciences as so much opportunity. Nuno's advice: don't try to fix 50 years; cut a reasonable line and move forward from useful data. The GIP provocation. Matt's controversial proposal: the industry is missing a standard. GMP and GCP cover their domains. The little "x" in GxP gets stretched until everything is high-risk — and the result is fear-based bottlenecks. He proposes Good Information Practice — a discipline grounded in modern systems that trace every click, every change, every reason. If a spreadsheet column took three months to add, the real risk isn't governance; it's the columns you stopped adding. Nuno's response: he's wary of more letters, but agrees the binary GxP / non-GxP switch is broken, and proportionality has to be applied inside GxP too. Sandboxes and pre-competitive collaboration. Nuno's call for shared, experimental spaces where industry, regulators, and vendors define what "good" looks like together — modeled on aviation safety. Pre-competitive information isn't IP. We can all get better at what everyone has to do, without giving up what makes anyone different. He sees the beginnings of that maturity in the sector, and signs from regulators that make him hopeful. The dawn of AI maturity. Quality is a culture used to knowing what it's talking about — built from decades of guidelines, mistakes, and corpus. AI shifts every professional out of that seat. The only honest path forward, in Nuno's framing, is to think out loud, share the work, and accept that nobody has it all figured out yet. Notable Quotes "If you use AI just to produce your voice instead of you being behind that voice, it becomes hollow." "What I was seeing was not the cars. What I was seeing was the art of the person at the wheel." "AI might be the first alien intelligence — not in the sense of being from outside Earth, but in the sense of being originated outside of our patterns." "Trust, to me, is predictability that you can sign under." "He actually was very thorough. He checked everything. This one is certainly fine as well. Click, click, click." "Every pharma company thinks they are very special. And then they pay the price of that specialty." "The age of AI shifts everyone — every professional — from their seat." References, People & Resources Guest & Company Nuno Valério on LinkedIn — Head of Innovation, R&D Quality, Merck Merck (KGaA) — Darmstadt, Germany Events & Public Work Clinical Trial Innovation Summit 2026 — Basel, 24 June 2026 (Nuno speaks on designing AI governance from both sides of the wall) Platforms & Tools Discussed Veeva and Salesforce — referenced on standard vs. customized configurations Anthropic Claude, OpenAI ChatGPT, and the broader LLM landscape Concepts Referenced Trust architecture (provenance, drift monitoring, human-on-the-loop, predictability) Deterministic vs. probabilistic validation Risk-based proportionality in GxP Good Information Practice (GIP) — Matt's proposed framing Pre-competitive collaboration and regulatory sandboxes Everyone relaxes when you say "human in the loop." Nobody pictures the reviewer at 5pm, 257 clean outputs deep, clicking approve on the 258th because the first 257 were fine. The loop isn't a safeguard; it's an architecture problem. Validation used to prove a system does what you specified; with probabilistic systems the spec can't save you, so the real question stops being *does it work* and becomes *under what conditions can I sign under it.* That's the shift I care about. That's what I mean by trust architecture; not a new framework I'm selling, more a way of framing what our industry already half-know. Check out additional materials from Nuno:TA # 3 The "On Innovation" interview with Roberto Zicari at ODBMS Operations Utopia - Where Regops, Innovation, Technology, and Execution Meet. Disclaimer: This podcast reflects only the opinion of the podcaster and guests and does not reflect those of their organizations, system vendors, or service provider Original show theme "Little Sammy" by Matt Neal

    58 min
  3. Jun 12

    04 | From Alexa to Agents: Two Decades of Change in RegOps — with Scott Cleve

    Host: Matt Neal Guest: Scott Cleve, Vice President, Regulatory Operations, Information and Compliance, Daiichi Sankyo Executive Summary Few people have lived through more change cycles in regulatory operations than Scott Cleve. Across 20+ years at Accenture, AbbVie, Astellas, Boehringer Ingelheim, bluebird bio, and now Daiichi Sankyo, Scott has built and led global Reg Ops organizations through wave after wave of new technology — and figured out a few things about how change actually sticks. Matt and Scott trace the arc from a 2017 Alexa pilot at Boehringer Ingelheim (RIP — voice capture for affiliate correspondence) to today's reality of AI agents working alongside humans as teammates. Along the way: the three obstacles that quietly slow every change initiative, why "training" a workforce two weeks before go-live with a PowerPoint is the corporate equivalent of asking a kid to play in the World Cup, and the backhanded compliment that defines a great Reg Ops team — you guys do your job so well, I don't even think about it. About the Guest Scott Cleve is Vice President of Regulatory Operations, Information and Compliance at Daiichi Sankyo. His 20+ year career spans consulting at Accenture and Reg Ops leadership at AbbVie, Astellas, Boehringer Ingelheim (where he led the company's global Reg Ops org from Germany), and bluebird bio — giving him a rare view across big pharma, family-owned multinationals, and cell & gene therapy. Scott is a regular voice in the Reg Ops community — keynoting the Veeva R&D and Quality Summit, appearing on industry podcasts, and serving on conference panels (he and Matt have shared the stage at DIA RSIDM on "Regulatory 3.0 — A Data-Driven Approach"). His focus throughout: pulling organizations forward through change without breaking the people inside them. Key Topics Building a global Reg Ops org. Scott's first big leadership challenge was inheriting Boehringer Ingelheim's global Reg Ops function — a US leader living in Germany, navigating a family-owned multinational with a different time horizon and culture, and footprints across Japan, China, Europe, and the US. The playbook he refined: gather requirements, honestly assess where you're strong and where you need to grow, align investments with the company's priorities, and use outsourced centers of excellence for what fits. The 2017 Alexa pilot. Long before Copilot and ChatGPT, Scott's team ran a pilot using Amazon Alexa to capture correspondence from global affiliates — voice in, PDF out, archived directly into document management. The catch: "Alexa has a really short attention span." It didn't roll out, but it opened doors to voice capture, voice-to-text archiving, and the broader question of how to embed new tech in real workflows. Finding the tinkerers. Every Reg Ops team has early adopters who want to do their job easier — the people who actually read Word and Excel release notes. Scott's pattern: identify the advocate, give them a single use case on a single deliverable, demonstrate visible progress, and let the knock-on effect pull the rest of the group along. The three obstacles to fast change. Data first — is it structured, clean, complete enough to feed into modern tools? Organizational readiness second — disrupting processes people have run for years creates real anxiety, not just resistance. Compliance and validation overhead third — the documentation and testing burden that makes iteration slow, even when the technology itself isn't the bottleneck. The training paradox. Scott's analogy: a pro athlete gets coached and feedback from age seven onward. The corporate version is to roll out a new document management system, hand people a PowerPoint two weeks before go-live, and call it "hyper care" when it goes sideways. "We're asking people to fundamentally change the way they've worked for years with a minimal amount of support" — and Matt's revelation from a recent summit: why are you making me train people on your software? Change as a constant. Five or ten years ago the industry talked about change fatigue. Today, between iPhone updates, Outlook updates, and the Veeva release cadence, change is just the default — and the leadership job is reframing it as continuous improvement and sharing the vision: "I've been to the beach, I know it's there. You're still on the other side of the mountain." The Reg Ops symphony. As teams have grown, the publisher-does-everything model has bifurcated — into publishing, submission management, and an emerging data-steward track for IDMP, PQ/CMC, and future data submissions. The question Scott hasn't fully solved: how do you keep these specialists working in symphony without losing the cross-functional reach that made the old generalist Reg Ops role so valuable? Bots as team members. RPA was the warm-up. The new mental model: think of an agent the same way you'd think of a new hire. "Bot one, you're going to do all the document formatting checks — here's how much work I expect from bot one in a typical day. Bob is overseeing bot one." Humans become managers of humans and bots, with the human-in-the-loop critical for change control, error handling, and upskilling the agents over time. The self-driving tipping point. Matt's analogy: when self-driving is genuinely better than humans in every condition, it becomes irresponsible to drive. The same logic is coming for Reg Ops work — and the open question is the time scale. Scott's read: a lot will change in the next five years, technology is pushing the field along, and AI is going to start "eating from the bottom" of the task list. The career arc for publishers. As automation absorbs the click-work, the people who built that expertise become the most valuable teachers in the building — data stewards, submission managers, and trainers of the next wave of both humans and bots. Retaining that knowledge in the organization is the leadership challenge of the decade. The hidden magic of Reg Ops. When the team does its job perfectly 99.9% of the time, nobody notices — they only see the 0.1%. Submissions go out two days earlier after a Veeva upgrade, and no one outside the team knows why. Scott calls the resulting feedback "the most backhanded compliment": you guys do your job so well, I don't even think about it. The trusted-partner relationship with regulatory strategists is real and valuable — and chronically under-recognized. Notable Quotes "Everyone's favorite system is the one you just stopped using." "You guys do your job so well, I don't even think about it. It's the most backhanded compliment." Who This Episode Is For Regulatory operations and regulatory affairs leaders managing change at scale; Reg Ops professionals navigating new tools, validation overhead, and shifting role definitions; R&D IT, RIM, and digital transformation leaders in life sciences; and anyone interested in what AI and automation actually look like inside a high-performing operations team. References, People & Resources Guest & Career Scott Cleve on LinkedIn — VP, Regulatory Operations, Information and Compliance, Daiichi Sankyo Daiichi Sankyo — current company Past roles at Boehringer Ingelheim, bluebird bio, AbbVie, Astellas, and Accenture Tools & Platforms Mentioned Amazon Alexa Microsoft Copilot and ChatGPT Veeva — including the Veeva R&D and Quality Summit Industry Events & Concepts DIA RSIDM (Regulatory Submissions, Information and Document Management) IDMP (Identification of Medicinal Products) and PQ/CMC data submissions Robotic Process Automation (RPA), AI agents, and the human-in-the-loop Transcript provided by Otter.ai. Operations Utopia - Where Regops, Innovation, Technology, and Execution Meet. Disclaimer: This podcast reflects only the opinion of the podcaster and guests and does not reflect those of their organizations, system vendors, or service provider Original show theme "Little Sammy" by Matt Neal

    49 min
  4. May 29

    03 | Rethinking the Fence: Data, Standards, and the New Energy in Regulatory — with Crystal Allard

    About the Guest Crystal Allard is Senior Director of Government Strategy at Veeva Systems, where she works with regulators and industry to shape the future of the submissions ecosystem and increase speed to market. Crystal spent roughly 15 years at the FDA across innovation and technology roles — including time working for the agency's Chief Data Officer and at the Center for Tobacco Products, plus stints as an FDA consultant. She also worked in regulatory operations before joining the agency, giving her a rare full-circle view of how submissions are built, reviewed, and inspected. She recently co-authored published commentary on the joint FDA–EMA Guiding Principles of Good AI Practice in Drug Development (January 2026) and is a speaker at the Veeva R&D and Quality Summit. Key Topics A new wave of energy. After years of stasis, health authorities are increasingly open to modern, data-driven technology. Crystal's read: it feels inevitable now in a way it simply didn't two years ago. Standards bodies in flux. Standards like CDISC have been in place for essentially Crystal's whole career — but new leadership at CDISC, HL7, and its Vulcan FHIR Accelerator is creating real willingness to revisit old assumptions. HL7 groups already use AI to draft standards, data models, APIs, and implementation guides, compressing timelines with far fewer resources. The new bottleneck: the testing, voting, and adoption infrastructure, still geared to a three-years-ago cadence. The lasting lesson of COVID. Rolling reviews proved faster review is possible — but regulators did it the hard way, because data wasn't in the format they needed. The insight: standardization doesn't always equal usability, or even validity. Data needs to be accessible and analyzable. The goal now is to keep the speed but build the "easy button." Global convergence — and its limits. At DIA Europe, multiple health authorities discussed reliance and the "inevitability" of a shared submission process, while staying cagey on technology. Standards organizations are quietly driving convergence — ICH guidelines like M4Q(R2) now publish in a common format across many countries. Missed opportunities remain, notably the lack of shared data-security requirements and a separate ICH Module 1 per country. Rethinking the submission "fence." Today's model is over-the-fence: build a package, toss it across. Crystal floats a reframe — what if the space between sponsor and regulator isn't just a transfer point but a shared storage and viewing space? APIs and direct connections could enable continuous, "live" review. It's a different paradigm than eCTD and even eCTD v4.0, which Crystal frames as both a globalization attempt and a missed opportunity at better exchange technology. Security, IP, and who owns the data. Centralization cuts both ways — a single shared space is either a bigger target or a better-defended fortress. In the US, submission data is owned by the sponsor; FDA only stewards it — so sponsors can do more with their own data, and their own FDA letters, than they realize. Meanwhile FDA wants earlier access to sponsor data but can't share its review memos across authorities — a catch-22 that may take legislation to resolve. The RIM blind spot — and the special-format mistake. Many at health authorities have never built a submission, so they underestimate the data management, QC, and validation work behind one — and were often unaware of regulatory information management (RIM) systems at all. Crystal shares a candid "learning experience" from her Center for Tobacco Products days: special submission formats (a PDF-backbone structure, and later eSTAR and other e-submitter formats) were designed to be easier — but modern AI tooling is now so good at standard formats like eCTD that the special ones cost more time and money. The reviewer disconnect. Many format rules exist not because a reviewer wants to read a document, but because review software needs specific data sets for automated analyses. Yet reviewers are rarely in the room when those tools or the guidance are built — "a massive disconnect." See the endless bookmark-and-hyperlink debate, and an industry that fears a technical rejection that, inside FDA, is barely a blip. The future of Reg Ops and review. Both roles are converging on a hybrid: regulatory or scientific expertise, plus the ability to move data, separate signal from noise, and prompt effectively. Less document-and-business-process, more data-and-structure. A shared vision, freely given. As a public benefit corporation, Veeva balances commercial interest with contributing to the wider ecosystem — and Crystal argues data standards, and possibly exchange platforms, must be freely available for true interoperability. The bigger gap: ICH-style groups have reviewers, health authorities, and industry, but are missing the "third leg of the stool" — technologists. Notable Quotes "EMA is writing it down. FDA is saying it out loud." — on regulators and APIs "Standardization doesn't always equate to use and usability, or even validity." "[They] want to keep doing it, but maybe make it the easy button." — on COVID-era rolling reviews "It takes more effort and time and money to create these special sources that we thought were easier." "What if we just rethink the fence?" "You can leave the FDA, but you never leave the public health mission behind." Who This Episode Is For Regulatory operations and regulatory affairs leaders; data standards and submissions professionals (CDISC, HL7, ICH); clinical operations and R&D IT teams; health authority and policy professionals tracking modernization; and anyone interested in how AI and data standards are reshaping regulatory review. References, People & Resources Guest & Company Crystal Allard — Senior Director, Government Strategy, Veeva Systems Veeva Systems and the Veeva R&D and Quality Summit Regulators & Standards Organizations U.S. FDA and the Center for Tobacco Products European Medicines Agency (EMA) CDISC, HL7, the HL7 Vulcan FHIR Accelerator, and ICH Submission Standards, Formats & AI Guidance eCTD — including eCTD v4.0 and the Technical Rejection Criteria eSTAR — Electronic Submission Template for Medical Device Premarket Submissions FDA–EMA Guiding Principles of Good AI Practice in Drug Development (January 2026) Microsoft Copilot and Google Gemini Events & Concepts Referenced DIA (Drug Information Association) and DIA Europe Regulatory reliance; "live review"; RIM systems; Meaningful Use (cited as a legislation-driven data-sharing precedent) Operations Utopia - Where Regops, Innovation, Technology, and Execution Meet. Disclaimer: This podcast reflects only the opinion of the podcaster and guests and does not reflect those of their organizations, system vendors, or service provider Original show theme "Little Sammy" by Matt Neal

    54 min
  5. May 15

    02 | Validation Reimagined: From Paper Binders to Agentic AI, with Bryan Ennis

    Executive Summary Computer system validation in life sciences is at the most significant inflection point of the last 25 years. In this conversation, Matt Neal sits down with Bryan Ennis — co-founder of Sware and a 27-year veteran of regulated systems work at Genzyme and Veeva — to trace how validation evolved from rooms full of IBM testers writing scripts against floppy-disk installs, through the cloud era's shift of responsibility to vendors, and into today's reality of agentic AI and vibe coding. Key Topics Why validation exists in the first place Validation's purpose is common sense — proving that a manufacturing line stamping 100,000 pills an hour, a heart-rate-monitoring device, or a clinical trial data pipeline actually works the way it was designed. Patient safety, product quality, data integrity, and signature legitimacy are the real targets; everything else is overhead. The on-prem era (late 1990s–2000s) Bryan recalls 35 IBM testers in a room writing scripts for a Siemens e-clinical system. Companies built their own machines (this predates ordering a Dell or Gateway through the mail), installed software from 25-disk floppy sets, and rewrote their own GxP applications. Validation made sense because everything was bespoke and error-prone — but it meant nobody changed software for three to five years. Risk-based validation, pre-CSA Bryan was doing risk-based validation at Genzyme starting in 2005, guided by ISPE's GAMP framework. The principles were already there; the industry just wasn't following them. The cloud transition and the Veeva era Cloud vendors began delivering validation evidence with the platform — but also pushed three to four releases per year. Installation got easier; maintenance got harder. Companies went from validating once every three to five years to validating thousands of releases annually. FDA's CSA guidance — rebrand or revolution? The Computer Software Assurance guidance flips CSV's document-heavy default into a critical-thinking, risk-based exercise. For practitioners who'd been advocating this for a decade, it felt like rebranding — but it's a clear signal from the agency to redesign the process around patient safety, product quality, and data integrity rather than testing every field. Why the change has been slow Many sponsors externalized validation to billable-hour consultancies whose business model rewards more testing, not less. Internal common-sense streamlining is the only way to break the pattern, but companies often default to "if it ain't broke, don't fix it" until they swap a vendor entirely. Vendor responsibility is now table stakes You cannot sell GxP software in life sciences today without ISO and SOC certifications, a validation package, and ongoing maintenance services. Veeva helped normalize this; the entire vendor ecosystem has caught up. The AI inflection — vibe coding hits regulated software "You can't fund a software company right now unless AI is core to your narrative." Vendors are using Claude Code and similar tools internally. Sware itself runs Claude Code agents end-to-end. Requirements are no longer drafted up front — they emerge from the system, which interestingly mirrors the old waterfall model from the on-prem era. The "SaaS-pocalypse" and analysis paralysis Foundations are shifting under buyers in real time. This may be the slowest growth year ever for SaaS in the space as customers reevaluate roadmaps and vendors reinvent themselves on AI-native architectures. Agentic validation and the MCP connect layer Nearly every software company Bryan has spoken to in recent months has a Model Context Protocol connect layer on its roadmap. AI agents inside one platform can talk to agents like Salesforce Agentforce, crawl audit trails and configuration logs, and signal a validation platform to auto-generate requirements, draft test scripts, and execute them. This is what cracks the "final mile" problem that brittle automated testing scripts could never solve. Real-time, continuous validation The future state: every release re-validates the entire system. Paper records become end-state artifacts that emerge from the data, not the foundation of the effort. Quarterly release cadences and 18-to-24-month migrations give way to something closer to real time. The trust question Customers have already trusted vendors with disaster recovery, the cloud, and their data. The next layer of trust is validation itself — and the rumblings around Salesforce reportedly monetizing customer data are a cautionary signal that this trust isn't unconditional. What doesn't change "AI self-validation is only going to go so far." There's still a human component — domain expertise, judgment, and the responsibility for patient safety — that doesn't go away just because agents are doing the grunt work. Notable Quotes "Paper validation is just dead in that model. There's no way it scales to an AI company that's going to do 3,000, 5,000, 10,000, 20,000 releases a year." "I used to have stacks of paper in my office. They were so tall I created a maze so that nobody could see me at my desk." "We're in a very similar position with AI as we were at the cloud right now." "There's no CIO at any pharma of any size who's going to say, 'Yeah, we're not going to do AI because the validation team told me they don't want to.'" "By this time next year, I think we're in a completely different spot." People, Companies & Resources Mentioned Guest & Company Bryan Ennis — Co-Founder & Chief Quality Officer Sware — Digital validation platform; validates Salesforce, Box, Blue Mountain, TrackWise, and 40+ other GxP systems Bryan's Career Background Genzyme (acquired by Sanofi) — early risk-based validation work starting 2005 Veeva Systems — early cloud-era validation Regulatory & Standards FDA Computer Software Assurance (CSA) Guidance FDA Center for Devices and Radiological Health (CDRH) ISPE GAMP 5 Framework ISO certifications and SOC reports Software & Vendors Discussed Salesforce and Agentforce Box Veeva MasterControl — cited as an early vendor with embedded GxP validation capability TrackWise (now part of Honeywell Sparta Systems) Blue Mountain (RAM) IBM — referenced for the early Siemens e-clinical engagement AI & Developer Tooling Anthropic and Claude Code OpenAI Model Context Protocol (MCP) Atlassian Jira Playwright Transcript provided by Otter.ai. Operations Utopia - Where Regops, Innovation, Technology, and Execution Meet. Disclaimer: This podcast reflects only the opinion of the podcaster and guests and does not reflect those of their organizations, system vendors, or service provider Original show theme "Little Sammy" by Matt Neal

    47 min
  6. Apr 24

    01 | Why Biopharma Operating Models Collapse Under Scale

    Why Biopharma Operating Models Collapse Under Scale What regulatory operations and R&D platforms reveal about how organizations actually function Most life sciences organizations don’t struggle because of regulation—they struggle because of how they interpret it. From the vantage point of Global Regulatory and R&D information systems, this episode examines why modern platforms like Veeva promise leverage but often deliver friction. The issue isn’t technology—it’s how operating models distribute ownership across IT, Quality, and the business, and how risk is interpreted at scale. This conversation explores how over-validation, misaligned incentives, and legacy thinking slow execution, fragment systems of record, and ultimately increase risk. This is not a technology discussion. It is a systems-level diagnosis. This episode is based on a fireside chat with Fritz Stolp at an industry session hosted by Implement Consulting Group, exploring real-world experiences with Veeva Systems platforms in regulatory and R&D environments. Key Themes 1. The Expectation Gap Organizations expect a connected operating system but configure fragmented tools. Platforms designed to unify data and workflows become siloed and underutilized. 2. Misaligned Ownership Across Functions IT optimizes for requirements and infrastructure Quality applies legacy validation models The business often lacks visibility into what’s possible Result: No single group owns the outcome. 3. Over-Validation as Risk Creation Validation is necessary—but often misapplied. When simple changes take weeks or months: Work moves into spreadsheets and email Systems of record are bypassed Traceability decreases Risk doesn’t go away. It moves. 4. Decision Latency at Scale Governance structures intended to reduce risk often increase it by slowing execution and diffusing accountability. Simple configuration changes become prolonged processes, creating friction across the organization. 5. SaaS Reality vs Legacy Thinking Modern platforms evolve continuously. Organizations that resist change fall behind the very capabilities designed to improve them. In no other industry do customers ask technology providers to stop innovating. 6. The User Adaptability Myth A major interface change introduced no disruption in practice. Users adapt quickly. Organizations assume they won’t. This gap reinforces unnecessary controls and slows adoption. 7. Trust as an Operating Requirement Execution speed depends on trust: Between internal teams Between organizations and vendors Reducing redundant validation and enabling faster deployment requires explicit risk ownership. 8. Patient Time as the Ultimate Constraint Operational delay is not abstract. In some cases, time spent in internal processes directly impacts patient outcomes. Efficiency is not just a business concern—it is an ethical obligation. Key Quotes “Most organizations don’t fail because of technology—they fail because no one owns how it’s supposed to work.” “Over-validation doesn’t reduce risk—it pushes work out of the system of record.” “If a simple change takes months, the system has already failed.” “We don’t need less regulation—we need better interpretation.” Who Should Listen CEOs and COOs in life sciences Heads of Regulatory, Quality, and Operations CIOs and Digital leaders Regulatory and policy stakeholders What This Episode Is Not Not a Veeva implementation guide Not a validation methodology tutorial Not a vendor perspective Not a “digital transformation” narrative This is a diagnosis of how operating models behave under scale and constraint. Closing Thought Regulatory operations don’t just execute the operating model. They expose it. Information Mentioned in this Episode: Frits Stulp Implement Consulting Group Veeva RIM System Unleash RIM Summaries and show notes created from transcript using ChatGPT w/ some light editing - let me know if you find anything crazy that needs to change. Operations Utopia - Where Regops, Innovation, Technology, and Execution Meet. Disclaimer: This podcast reflects only the opinion of the podcaster and guests and does not reflect those of their organizations, system vendors, or service provider Original show theme "Little Sammy" by Matt Neal

    25 min

About

In what may be one of the most niche topics for a podcast, Operations Utopia is a podcast about the desperate need to streamline Life Sciences Operations to get treatments to patients faster and explores how life sciences organizations should operate—by examining why they usually don’t. Disclaimer: The podcast content represents the opinion of the speakers, guests & host and does not reflect those of their organizations, system vendors, or service providers.