Skip Ribbon Commands
Skip to main content

ISO IDMP: Another Compliance Project or a new way of Conducting Business?

​By Rune Bergendorff

This article discusses Identification of Medicinal Products (IDMP) as a new way of conducting business, the benefits gained by adopting the IDMP model and how IDMP can be implemented to help businesses run more efficiently.

To support the continuous improvement of pharmacovigilance oversight within the EU, the European Commission (2012) has mandated pharmaceutical companies to submit product information according to ISO IDMP standards. The standards are global and other health authorities are to follow suit.

ISO IDMP has many of the characteristics of a regulatory affairs compliance project. There are legislative aspects and external requirements and a need for submitting information according to a certain standard based on existing structured and unstructured data. However, ISO IDMP is much more than a compliance project. It is an opportunity for developing a new way of conducting business as well as a new way for designing the processes in, and defining the culture of, a pharmaceutical company. ISO IDMP also may be a catalyst for tearing down traditional silos within the company and integrating various business units. 

Historically, pharmaceutical companies have struggled to integrate their processes throughout the product lifecycle and across divisions, making it difficult to track the his- tory of a given product at any given point in the lifecycle. Master Data Management (MDM) has emerged as one way to tackle this challenge, but has  traditionally sparked battles between the various silos in the company and led to numerous fights with companies, while trying to define what master data really is and exactly which values, e.g., product names, country codes, dosage forms, etc., are the right ones. To date, no genuine winner has been declared with the manufacturing domain as a runner-up. As a result, MDM has acquired a “rusty” reputation and has only been taken to the level of “domain data management.”

Figure 1. Data Domains

Achieving limited success in integrating processes and application landscapes supported by a strong data management concept is partly due to the traditional silos within the company, coupled with a lack of a sense of urgency and a business case that is difficult to explain – Figure 1.

IDMP - The First Step Toward an Integrated Company

IDMP may be the first step toward establishing an integrated company. In many ways, IDMP is one piece of a much bigger legislation puzzle requiring companies to connect data and processes. Several colliding initiatives, including the EU clinical trial regulation, ISO ICSR, 520/2012, Art 57, are meant to reveal a pharmaceutical company’s data to the authorities, which requires connecting that data. 

To consider IDMP as just another compliance project is a very short-sighted strategy that could result in a process and IT setup that will soon need changing in order to adapt to future requirements.

What benefit does IDMP offer? It offers a set of information models consisting of fields, conformances and relationships that have been defined. This effort could be seen as a blueprint for storing and managing data. Although IDMP does not support all data points throughout the company, it is still a good starting point and a model for building other data domains. 

Agreeing on scope and content is the largest challenge with MDM.  However, with IDMP, this challenge has been met and is now controlled externally by the standardization organizations (SDO). Pharmaceutical companies no longer need to debate proper values. The SDOs will maintain the agreed upon vocabularies to which the company must adhere.

The IDMP information model contains data from different company domains, such as safety, regulatory affairs; manufacturing clinical; Chemistry, Manufacturing and Controls (CMC); regulatory affairs CMC, etc. This requires companies to work across these various silos and provides an opportunity to integrate processes defining the sequence, roles and responsibilities, overlaps, missing links etc. It is, of course, possible to become IDMP-compliant without integrating the processes, but companies may not want to do this after considering the many benefits of integration.

The Starting Point and Solution 

Companies typically face several scenarios when encountering IDMP challenges. 

One scenario is represented by a company primarily paper based (including PDFs). 

Another scenario arises when a company has good IT support, a well-used Regulatory Information Management (RIM) application, one or perhaps multiple ERP instances and a CTA application.

Meeting the IDMP challenge depends on which scenario fits a given company’s profile. The common denominator between the scenarios will be your IDMP solution must be flexible. Supporting the journey toward an integrated company, one should not develop the path as yet another siloed application. 

If the company is primarily paper-based, that is not necessarily a deficit with respect to IDMP implementation. This type of company will have some advantages as there are no legacy systems to factor in when designing the technical setup. This company should consider splitting the set-up into at least two parts. One should be for entering and maintaining your information; a system which ultimately could act as your RIM system as well.

This solution must support an interface divided by roles to let the various parts of the organization enter their specific data without having to look through multiple pages of content before finding five fields to maintain. Furthermore, the users should not be able to see all the data as some data will be confidential and restricted to only the areas maintaining the data. 

A second part of the setup based on IDMP should be a data hub for storing your blue- print data model. The hub must be made available and separate from the application in order to ensure that data is accessible from other internal applications and processes. Furthermore, the data hub will be a starting point for integration. The information model must not depend on an application, but should support the organization’s need to inte- grate new data domains. The blueprint data model should initially focus on IDMP, but must be able to evolve as requirements change.

Figure 2. Data Hub Concept


For companies already supported by applications, the challenge is slightly different. They will still need an IDMP application, as described above, and a data hub. However, the requirements for the data hub will be more extensive. These companies will have to decide if and when to comply with the data standards in the source systems. Furthermore, they will have to decide where to include the additional data elements required by IDMP. It would useful to include it in the source application if the strategy is to remain with the application. This means adding information to the labeling system and expanding the use of the RIM system. In the short run, this is the more difficult way of doing things, but in the long run having data in the applications designed to contain information regarding a specific area through an existing process is preferable. The alternative is having employ- ees maintaining the same information in two different systems, supported by different processes. This is not only time consuming and increases the risk of error; it also will impact employee satisfaction and prevent the company from gaining the benefit of having data readily available. 

Regardless of whether the company fits scenario one or two, the following are key points to address to have IDMP enable a new way of conducting business and help the company meet future requirements in an easier and less costly manner:

  • Understanding IDMP is the first stepping stone toward MDM, driven by the authorities
  • Using controlled vocabularies (do not adopt them blindly) making sure they are integrated as widely as possible
  • Putting a solution in place enabling evolution with the external requirements, building on one pool of data to be used for different reporting purposes. The EU clinical trial regulation, ISO ICSR and ISO IDMP, should be used as the starting point when building the regulatory data hub.
  • Identifying processes supporting IDMP as a starting point and making sure every contributor is aware of at least the step prior to and after his part of the process. The person filling in the electronic application form in Europe should be aware of the consequences of his/her choice of values regarding the full IDMP submission.
  • Understanding the data. Make sure the pool of data generated from IDMP and other requirements are understood and used internally for safety purposes, trend- ing purposes and for controlling the pipeline.

If IDMP is not perceived as a new way of conducting business, there is risk the authorities will know more about the company than you do. They will connect the dots at their end as well as conduct trending and analysis. They will be able to pinpoint gaps in company processes by pointing out data inconsistencies in the company’s data submissions through the lifecycle of products. The company would have built yet another silo, with its own governance and processes, putting more tasks on staff, requiring them to run faster. Further, IDMP would have been a pure cost for your company without harvesting any benefits. Worse, the next time a regulatory requirement emerges, tying into IDMP and ICSR will require performing the same tasks again.

Looking Back 20 Years from the Future

Standing at the foot of the IDMP “mountain,” what looms before you may seem impos- sible to climb. But, looking 20 years ahead and reflecting back, IDMP may be seen in a different light. Looking back before IDMP, the questions we might ask ourselves could be:

  • How could we not have a full overview of the products on the market?
  • How were we able to accept that we were not able to globally connect safety find- ings to improve patient safety?
  • How could we accept not having an understanding of our internal lifecycle processes?
  • How could we claim that having data in documents is enough, with no possibility of searching across products, companies or countries in an efficient manner?
  • Why did we keep building new silos dividing the company instead of integrating and developing the company as a whole?

These are just a few of the questions to consider before looking back at the time before IDMP. The urgent question is whether you can afford not to treat IDMP as a new way of conducting business.


  1. Commission Implementing Regulation (EU) No 520/2012 of 19 June 2012 on the Performance of Pharmacovigilance Activities Provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council. Official Journal of the European Union. http://eur-lex.europa. eu/LexUriServ/ Accessed 24 March 2016.
  2. FDA Data Standards Program Action Plan. 14 October 2015. FDA website. DevelopmentApprovalProcess/FormsSubmissionRequirements/ElectronicSubmissions/UCM467939.pdf. Accessed 24 March 2016.
  3. Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on Clinical Trials on Medicinal Products for Human use, and repealing Directive 2001/20/EC. TXT/?uri=CELEX%3A32014R0536. Accessed 24 March 2016. 
  4. Op cit 1.
  5. Op cit 1.
  6. Data Submission of Authorized Medicines in the European Union Outlines on Article 57(2) of Regulation (EC) No 726/2004. EMA website. Accessed 24 March 2016.
  7. ISO 11615 Health informatics—Identification of Medicinal Products—Data Elements and Structures for the Unique Identification and Exchange of regulated Medicinal Product Information, page 79. ISO website. ui/#iso:std:55034:en. Accessed 24 March 2016.

About the Author

Rune Bergendorff is responsible for NNIT’s ISO IDMP services. He has conducted numerous ISO IDMP assessments, is a mem- ber of the EU IDMP Task Force and ISO/TC215 WG6 and participates in this group’s ballots and reviews of ISO IDMP standards and implementation guidelines. Bergendorff has worked with xEVMPD since 2011, advising on issues from requirements to the submission of data. He has written several articles and heads an ISO IDMP networking group for Danish pharma companies. He can be contacted at

Cite as: Bergendorff, R. “ISO IDMP: Another Compliance Project or a new way of Conducting Business?” Regulatory Focus. April 2016. Regulatory Affairs Professionals Society.

© 2016 by the Regulatory Affairs Professionals Society. All rights reserved.







Rune Bergendorff+45 3075 1747 rrb@nnit.comManaging Consultant - Life Sciences Advisory Bergendorff



ISO IDMP – Five phases towards compliance IDMP – Five phases towards compliance
Reflections on a dramatic month for IDMP on a dramatic month for IDMP
IDMP: A dramatic June followed by a prosperous July A dramatic June followed by a prosperous July
IDMP Accelerators Accelerators
The Total IDMP Effort – an insight into the data volume of an ISO IDMP submission Total IDMP Effort – an insight into the data volume of an ISO IDMP submission
ISO IDMP business case IDMP business case
NNIT – your preferred implementation partner for IDMP – your preferred implementation partner for IDMP
ISO IDMP in Brief IDMP in Brief
Organizational Change Management for ISO IDMP leveraging the mutual industry challenges Change Management for ISO IDMP leveraging the mutual industry challenges