Pharma IT Insights
GxP-Compliant DevOps: Accelerating Digital Transformation in Pharma
By Martin Asser Hansen & Peter Jensen Paluszewski
October 28, 2025
Pharma IT Insights
GxP-Compliant DevOps: Accelerating Digital Transformation in Pharma
By Martin Asser Hansen &Peter Jensen Paluszewski
October 28, 2025
DevOps in a Regulated Industry
Pharmaceutical companies are increasingly looking to DevOps to accelerate digital transformation. Microsoft defines DevOps as “the unified practice of people, processes, and technology to enable continuous delivery of value to end users”.
The promise is clear: faster releases, closer collaboration, and continuous delivery of value. However, in a GxP environment, DevOps cannot be adopted “out of the box.” Every process must ensure traceability, audit trails, and compliance at every step. This creates both a challenge, and an opportunity.
DevOps has generally been adopted by the pharmaceutical industry, however, main DevOps providers do not offer complete GxP compliant off-the-shelf solutions that support the integration of QMS, software development, and software testing. Fortunately, DevOps platforms support third-party modules and extensions that bridge these gaps, making it possible to implement compliant solutions either fully within, or tightly integrated with the DevOps platform.
Moving Beyond Ad -Hoc Solutions
Current processes in many pharmaceutical organizations are still ad-hoc, combining various “paper-on-glass” tools such as Word and SharePoint. These solutions create challenges in creating clear overviews, ensuring document traceability, maintaining cross-references, version control, audit trails, and achieving automation.There is growing recognition of the need for integrated IT systems that bring quality and development processes together in one environment.
DevOps platforms already provide much of the required foundation, all within a unified space. DevOps platforms, offer:
- Project management tools that provide clear task overviews, progress, and responsibility for different work item types.
- Collaborative editing and in-system communication that enable real-time teamwork and reduced errors and removing the need for external documents or lengthy email chains.
- Customizable workflows supporting GxP-compliant approval processes with full audit trails.
Beyond project and workflow management, DevOps can also be used to document all QMS phases through specific work item types such as Change Request, Risk Assessment, Requirement, Specification, Implementation Plan, and Test Plan.
Cross-references between these items can be easily established and maintained, ensuring complete traceability across the development lifecycle.
Workflows can be configured to reflect GxP-compliant approval paths, where execution and documentation are role-based, version-controlled, and audit-trailed. Work items progress through defined states from proposed to approved, ensuring transparency and control.
Electronic signatures can be implemented through integrated providers or captured directly in the system with timestamp, user ID, and intent. It is essential to define audit trail and signature requirements early in the concept phase, as these decisions influence both architecture and vendor selection.
DevOps can significantly reduce manual effort and improve consistency, but uncertainty about how to align QMS, software development, and testing within a compliant framework remains a key challenge.
Integrating QMS and DevOps
While DevOps provides a useful framework for QMS, it typically requires careful design and configuration of workflows.
Organizations can either integrate an external QMS platform or manage quality processes directly within DevOps tools such as Azure DevOps or Jiraby using third-party QMS or configuration management modules.
The effort required for such an integration depends on the existing setup and business needs.
Software development projects are rarely straightforward. Requirements evolve as understanding grows, and not everything can be defined upfront. Traditional models like Waterfall and V-Model provide structure but can slow innovation. While Agile methods supported by DevOps, encourage continuous improvement, they must be adapted for regulated environments.
Maintaining Agility in a Controlled Environment
In a GxP-compliant context, the development and deployment process must follow stricter controls. Development typically occurs in a dedicated development environment. Once a feature is developed, the related documentation must be locked and approved before the feature can be deployed to the validation environment.
Only after successful acceptance testing, and the locking and approval of test results and test reports, the feature can be released to the production environment.
This documentation control introduces a particular challenge in DevOps. If work items are locked too early, it conflicts with Agile’s principle of iterative improvement. Once locked, a work item can only be changed through a version-controlled update with full history, timestamps, and re-approval, or by creating a new version.
To maintain agility while ensuring compliance, it is often best to delay the locking and approval of work items until the related feature is ready for validation.
Until that point, work items can evolve freely, cycling between planning and development as understanding improves.
A delivery process built on this approach—– combining continuous delivery with controlled validation allows pharmaceutical organizations to gain the benefits of DevOps while maintaining full GxP compliance.
💡 Whether you’re just initiating a DevOps transformation or seeking to evolve an existing setup, Pharma IT can help you build a tailored solution that unlocks agility — without compromising on compliance.
About the author
Martin Asser Hansen, PhD, is a Principal Software Developer Consultant at Pharma IT with more than two decades of experience bridging software development, data management, and R&D in the biotech and pharmaceutical industries. He specializes in designing GxP-compliant software solutions, front-end development, and agile DevOps practices for regulated environments. Martin has led the development and validation of Pharma IT’s TestMan solution—an Azure DevOps extension for compliant test management—and is passionate about creating scalable, user-friendly tools that enable digital transformation in life science organizations.
Peter Jensen Paluszewski is a Senior Pharma Consultant at Pharma IT, where he designs and implements GxP-compliant software solutions for the pharmaceutical industry.He specializes in Azure DevOps configuration, automation, and validation, helping organizations accelerate digital transformation without compromising compliance.With a background in nanotechnology and experience across MedTech, data analytics, and software integration, Peter bridges the gap between science and technology. He has supported leading pharma companies in building compliant, scalable DevOps environments that enable continuous improvement and innovation.
