The Annex 15 Revision Is Coming: What It Means for Validation, Control Strategy, and Industry Maturity

On January 19, 2026, the EMA GMP/GDP Inspectors Working Group and PIC/S published a concept paper proposing a targeted revision of EU GMP Annex 15—Qualification and Validation. The public consultation opened on February 9 and runs through April 9, 2026. If you work in active substance manufacturing, or if your drug product quality depends on active substance quality—which is to say, if you work in this industry at all—this document deserves your attention.

The headline is straightforward: Annex 15 will become mandatory for active substance manufacturers. But what makes this revision significant isn’t just the shift from optional to mandatory. It’s what the shift reveals about where the regulatory landscape is heading, and how many of the themes I’ve been writing about on this blog—living risk management, control strategy as connective tissue, the validation lifecycle as a knowledge system—are now being codified into explicit regulatory expectations for a sector that has, frankly, lagged behind.

The Nitrosamine Wake-Up Call

The revision traces its origin directly to the N-nitrosamine crisis in sartan medicines. The EMA’s June 2020 lessons-learnt report was unsparing: one root cause of nitrosamine contamination was “the lack of sufficient process and product knowledge during the development stage and GMP deficiencies by active substance manufacturers, including inadequate investigation of quality issues and insufficient contamination control measures”. This wasn’t a novel finding at the time, but the sartans case gave regulators the political and scientific impetus to act.

Paragraph 4.2.2 of that lessons-learnt report specifically recommended making Annex 15 mandatory for active substance manufacturers to address the shortcomings identified during inspections. It took several years of deliberation—the GMP/GDP IWG formally agreed to proceed at its 115th meeting in September 2024—but the wheels are now turning.

The lesson here is one I’ve returned to repeatedly: knowledge gaps don’t stay dormant. They surface as deviations, contamination events, and regulatory actions. The sartans crisis was, at its core, a failure of process understanding and control strategy—areas where Annex 15 is now being strengthened precisely because too many active substance manufacturers treated validation as peripheral rather than foundational.

What the Concept Paper Actually Proposes

Let me walk through the key elements of the proposed revision, because the specifics matter more than the headline.

Scope Extension

The revised Annex 15 will apply to manufacturers of both chemical and biological active substances. EU and PIC/S inspectorates will enforce compliance during regulatory inspections. This is a paradigm shift for API manufacturers who have historically operated under Part II of the EU GMP Guide with Annex 15 as optional supplementary guidance. The concept paper is clear: “Although annex 15 is not currently mandatory for AS manufacturers, the applicability of its principles in this sector is generally recognised”. In other words, the expectation already existed—now it will have enforcement teeth.

Validation Master File, Policy, and Change Control

The concept paper proposes extending the Validation Master File, the Qualification and Validation Policy, and formal change control requirements to active substance manufacturers. These aren’t new concepts for drug product manufacturers, but their extension to AS manufacturers signals a regulatory expectation of structured, documented validation programs rather than ad hoc approaches.

Change control, in particular, is described as “an important part of knowledge management”. This language is deliberate and echoes what I’ve been writing about in the context of control strategies and the feedback-feedforward controls hub: change control isn’t bureaucratic overhead—it’s the mechanism through which accumulated process knowledge is preserved, evaluated, and applied.

Validation Discrepancies

The revision will extend the requirement to investigate results that fail to meet pre-defined acceptance criteria during validation activities. This extension, the concept paper notes, “will promote AS manufacturers to have a more in-depth knowledge of their processes.” This is one of the most quietly important provisions. In my experience, the gap between drug product and active substance manufacturers is often widest in investigation rigor. Robust investigation of validation failures isn’t just about compliance—it’s about generating the process knowledge that underpins meaningful control strategies.

Qualification Stages: URS, FAT/SAT, DQ/IQ/OQ/PQ

The concept paper extends the formal qualification lifecycle—User Requirements Specifications, Factory Acceptance Testing, Site Acceptance Testing, and the traditional DQ/IQ/OQ/PQ sequence—to active substance manufacturing. For those of us who have worked in the ASTM E2500 and ISPE commissioning and qualification frameworks, this is a natural evolution. As I discussed in my posts on CQV and engineering runs, these qualification stages aren’t separate activities—they form a continuum where each stage builds on the knowledge generated in the previous one. Extending this structured approach to API manufacturing strengthens the design-validation continuum that is essential for robust control strategies.

Process Validation: Development, Concurrent Validation, CPV, and Recovery

Several process validation enhancements are proposed:

Emphasis on robust process development: Clarifying that validation begins with development, not with the first PPQ batch.
Clarification of concurrent validation: Tightening expectations on when and how concurrent validation may be used.
Continuous process verification and hybrid approaches: Extending Stage 3/CPV thinking to active substance manufacturing.
Recovery of materials and solvents: Extending validation requirements to solvent and material recovery processes.
Supplier qualification: Emphasizing the role of supplier qualification in the validation ecosystem.
Periodic review: Reinforcing the expectation that validation is a lifecycle activity, not a one-time event.

This aligns directly with what I wrote about in Continuous Process Verification (CPV) Methodology and Tool Selection: CPV is “not an isolated activity but a continuation of the knowledge gained in earlier stages”. The lifecycle approach—Process Design (Stage 1), Process Qualification (Stage 2), Continued Process Verification (Stage 3)—is being explicitly extended to a sector that has too often treated validation as a discrete project rather than an ongoing program.

Transport Verification

The revision extends expectations for transport verification, linking GMP with Good Distribution Practices (GDP) for active substances. This addresses a gap that has been hiding in plain sight: product knowledge must include understanding of how transportation affects quality. For biologically-derived active substances in particular, this provision acknowledges that the supply chain is part of the process, not external to it.

ICH Q9 (R1) Integration

The concept paper mandates incorporation of ICH Q9 (R1) quality risk management principles throughout validation and qualification activities. Specifically:

QRM in the design and validation/qualification of monitoring systems
Risk review activities to support ongoing validation and qualification
Emphasis on QRM in the context of traditional processes

This integration is overdue. As I discussed in Living Risk in the Validation Lifecycle and Risk Management is a Living Process, effective risk management isn’t a one-time exercise performed during design—it’s a living system that evolves throughout the product lifecycle. ICH Q9 (R1) itself emphasizes that “the level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk.” It introduces the importance-complexity-uncertainty framework for calibrating risk assessment rigor. The Annex 15 revision will make these principles explicitly applicable to qualification and validation decisions in active substance manufacturing.

Why This Matters: The Industry-Wide Implications

Closing the Knowledge Gap

The fundamental driver of this revision is a knowledge deficit. The nitrosamine crisis exposed what many of us already suspected: a significant number of active substance manufacturers lacked the process understanding necessary to predict, prevent, and detect quality problems. Making Annex 15 mandatory doesn’t automatically create knowledge, but it creates the structural requirements—validation master plans, formal qualification stages, investigation requirements, CPV programs—that force organizations to build and maintain it.

As I explored in Control Strategies, control strategies represent “the central mechanism through which pharmaceutical companies ensure quality, manage risk, and leverage knowledge”. Without the foundational process knowledge that structured validation generates, control strategies are hollow documents. The Annex 15 revision, by mandating the validation activities that generate this knowledge for active substance manufacturers, strengthens the entire control strategy ecosystem from the ground up.

From Compliance Burden to Audit Readiness

In my analysis of the 2025 State of Validation data, I noted a striking reversal: audit readiness has overtaken compliance burden as the industry’s primary validation challenge. This shift reflects a maturation of validation programs—organizations are moving from the scramble to implement validation to the discipline of sustaining it. The Annex 15 revision will push active substance manufacturers through a similar maturation arc. The initial impact will feel like compliance burden. But the long-term trajectory, if organizations approach it with the right mindset, is toward sustained audit readiness grounded in genuine process knowledge.

Risk Management as the Connective Thread

The integration of ICH Q9 (R1) throughout the revised Annex 15 reinforces a theme I’ve been tracking across multiple regulatory developments: risk management is no longer a supporting tool—it’s the connective thread that runs through every quality decision. The parallel revision of EudraLex Chapter 1, the new Annex 11 requirements for computerized systems, and the forthcoming Annex 22 for artificial intelligence all place quality risk management at their center. The Annex 15 revision ensures that qualification and validation are no exception.

This convergence means that organizations need integrated risk management capabilities—not siloed risk assessments performed by different teams for different purposes, but a coherent QRM framework that connects design risk, process risk, facility risk, and supply chain risk into a unified picture. As I wrote in my piece on risk management and change management: “Risk management leads to change management. Change management contains risk management”. The revised Annex 15 makes this cycle explicit for active substance manufacturers.

The Control Strategy Connection

Perhaps the most significant implication is how this revision strengthens the link between validation and control strategy. In Control Strategies, I described how control strategies occupy “that critical program-level space between overarching quality policies and detailed operational procedures” and serve as “the blueprint for how quality will be achieved, maintained, and improved throughout a product’s lifecycle”.

The Annex 15 revision reinforces every dimension of this blueprint for active substance manufacturing:

Validation Master File → documents the overall validation approach and connects it to the control strategy
Formal qualification stages → ensure that facility and equipment design supports the intended control strategy
Process validation with CPV → generates the ongoing data that validates and refines the control strategy
Investigation of failures → feeds new knowledge back into the control strategy through the feedback loop
Change control as knowledge management → ensures that the control strategy evolves based on accumulated understanding
Transport verification → extends the control strategy to encompass the supply chain

This is the feedback-feedforward controls hub in action. Each element of the revised Annex 15 either generates knowledge that feeds into the control strategy or applies knowledge from the control strategy to operational decisions.

The PLCM Document and Established Conditions

Looking forward, this revision also has implications for how active substance manufacturers engage with ICH Q12 concepts. As I discussed in my recent post on the Product Lifecycle Management (PLCM) document, the distinction between comprehensive control strategy elements and Established Conditions is critical for enabling continuous improvement. Active substance manufacturers who build robust validation and knowledge management programs now—in response to the Annex 15 revision—will be better positioned to participate in lifecycle management frameworks that reward process understanding with regulatory flexibility.

The concept paper’s emphasis on “change control as an important part of knowledge management” directly supports this trajectory. Organizations that treat change control as a bureaucratic hurdle will miss the point. Those that treat it as a knowledge capture mechanism will find themselves building the foundation for more sophisticated lifecycle management.

The Timeline and What to Do Now

The proposed timetable is aggressive:

Milestone	Date
Concept paper public consultation	February – April 2026
Draft guideline consultation	April – June 2026
EMA GMP/GDP IWG endorsement	July 2026
Publication by European Commission	December 2026
PIC/S adoption	December 2026

The concept paper includes four stakeholder questions that are worth engaging with seriously:

What is the current level of use of Annex 15 principles in active substance manufacturing?
What would be the impact of making Annex 15 mandatory?
What is the current understanding and use of ICH Q9 (R1) in active substance manufacturing?
What would be the impact of incorporating Q9 (R1)?

If you manufacture active substances—or if you’re a drug product manufacturer who depends on active substance suppliers—now is the time to:

Perform a gap assessment against the current Annex 15 requirements, assuming mandatory application
Evaluate your Validation Master Plan or equivalent program documentation for active substance operations
Review your qualification lifecycle to ensure URS, FAT/SAT, and formal qualification stages are documented and traceable
Assess your CPV program for active substance processes—does it exist? Is it generating actionable knowledge?
Examine your investigation process for validation failures against pre-defined acceptance criteria
Review your QRM integration into qualification and validation activities against ICH Q9 (R1) expectations
Engage with the public consultation by the April 9, 2026 deadline

The Bigger Picture

The concept paper notes that the GMP/GDP IWG also agreed that “a comprehensive review of Annex 15 should be initiated in the future, once the current targeted revision is finished”. This targeted revision is just the beginning. A full-scope revision will likely address the broader evolution of validation thinking—digital systems, advanced analytics, platform approaches—that I’ve been tracking in posts on the evolving validation landscape.

The world of validation is no longer controlled by periodic updates or leisurely transitions. Change is the new baseline. The Annex 15 revision is another data point in a pattern that includes the Annex 1 overhaul, the Annex 11 modernization, the introduction of Annex 22, the ICH Q9 (R1) revision, and the convergence of global regulators around lifecycle, risk-based, and knowledge-driven approaches to quality.

For active substance manufacturers, the message is clear: the era of treating validation as optional supplementary guidance is over. For the rest of us, the message is equally important: the quality of our medicines depends on the quality of knowledge throughout the supply chain, and regulators are now ensuring that the structural requirements to generate and maintain that knowledge extend to every link in the chain.

Dear Raz: Building Technical Depth from a Compliance Foundation — A Certification Roadmap for Pharma Professionals

A Reader Writes In

A long-time reader of this blog, Raz, recently left a comment that I think resonates with a lot of people in our industry:

“As a compliance lead with 10+ years of experience in pharma (API sites, greenfield) but lacking a technical background, what would you suggest to be the best courses / trainings for proper certificates?”

First, thank you for reading and for asking the question publicly. You’re not alone. This is one of the most common career inflection points in pharmaceutical quality and compliance — you’ve spent a decade building deep regulatory instincts, you understand what the rules require, and now you want to close the gap on the how and why behind the technical systems you oversee. That’s exactly the right impulse. Let’s talk about how to act on it.

Your Experience Is the Foundation, Not the Gap

Before diving into specific programs, a reframe is needed. Ten years navigating API manufacturing, greenfield startups, and automation compliance isn’t “lacking a technical background” — it is a technical background, just one built from the compliance and operational side rather than the engineering side. Greenfield experience in particular is rare and valuable; you’ve seen quality systems built from scratch rather than inherited. That perspective is something no certification can teach.

What certifications can do is give you a shared vocabulary with your engineering and validation counterparts, formalize knowledge you’ve likely already absorbed by osmosis, and — importantly — signal to future employers that you’ve made deliberate investments in your professional development. With that framing, here’s how to think about the landscape.

Tier 1: The Flagship Credentials

These are the certifications that carry the most weight on a resume and in hiring conversations across the pharmaceutical industry. They require significant preparation but deliver lasting career value.

ASQ Certified Pharmaceutical GMP Professional (CPGP)

This is the single most relevant certification for someone in Raz’s position. The CPGP is specifically designed for pharmaceutical professionals who work within GMP-regulated environments and covers the full lifecycle — from regulatory governance and quality systems to production operations, laboratory controls, and facility management. Unlike more general quality certifications, every question on the exam is rooted in pharmaceutical context.

The eligibility requirements are straightforward for someone with a decade of experience: five years of on-the-job experience in one or more areas of the CPGP Body of Knowledge, with at least three years in a decision-making position. No specific degree is required. The exam consists of 165 multiple-choice questions over roughly four hours and is open-book. Exam fees run approximately $450–$550 depending on ASQ membership status, and the certification is maintained with 30 continuing education units every three years.

For a compliance lead who wants to demonstrate comprehensive GMP knowledge — not just the regulatory text, but how it applies to actual manufacturing operations — this is the credential that most directly fills the gap.

ASQ Certified Quality Auditor (CQA)

The CQA is the gold standard for professionals whose work involves auditing, supplier qualification, and compliance assessment. If Raz’s role includes conducting or hosting audits (which most compliance leads at API sites do), the CQA formalizes and deepens that skill set. The exam covers auditing fundamentals, techniques, tools, and management of audit programs. It’s industry-agnostic, which is both a strength (portable across sectors) and a limitation (less pharma-specific than the CPGP).

Many professionals pursue the CPGP first for its pharmaceutical depth and then add the CQA to formalize their auditing capabilities. Together, they form a powerful combination for compliance leadership.

ASQ Certified Quality Engineer (CQE)

The CQE is the most broadly recognized ASQ certification and has been the flagship credential for quality professionals for decades. It covers statistical process control, design of experiments, quality management systems, reliability, and continuous improvement. For someone who self-identifies as lacking a technical background, this is the certification that most directly addresses that gap — it teaches the quantitative and analytical toolkit that underpins modern quality engineering.

The CQE body of knowledge directly correlates with statistical methods and tools used across pharmaceutical manufacturing. However, it’s a challenging exam. If statistics and data analysis feel like foreign territory, a preparation course (CQE Academy offers well-regarded ones) is a worthwhile investment before sitting for the exam.

Tier 2: Industry-Specific Technical Programs

These aren’t exam-based certifications in the traditional sense, but they’re recognized across the industry and deliver directly applicable technical knowledge.

ISPE Academy Certificate Programs

ISPE launched its Academy in 2025 with five certificate programs that are highly relevant to pharmaceutical compliance professionals:

Program	Focus Area	Best For
GAMP® Essentials	Computerized system validation, data integrity, risk-based approaches	Automation compliance roles (directly relevant to Raz)
GMP Refresher	Current GMP regulations, quality systems, QA vs. QC distinction	Staying current on evolving requirements
Biopharmaceutical Essentials	Drug substance manufacturing, facility design, aseptic processing	Broadening beyond API into biologics
Good Engineering Practices	Engineering project management, compliance in project delivery	Understanding the engineering lifecycle
Pharmaceutical Water Systems	Water generation, storage, delivery, regulatory compliance	Utility system knowledge

For someone in automation compliance at an API site, the GAMP® Essentials program should be the starting point — it covers risk-based validation, data integrity, and regulatory requirements aligned with the ISPE GAMP® 5 Guide (Second Edition). This is the technical language of computerized system validation, and mastering it transforms a compliance professional from someone who reviews validation documents into someone who can meaningfully challenge and improve them.

ISPE membership also provides access to Baseline Guides, technical articles, and local chapter events — resources that experienced practitioners consistently recommend as among the most valuable in the industry.

PDA Training and Research Institute

The Parenteral Drug Association’s Training and Research Institute (TRI) in Bethesda, Maryland is unique in the industry — it operates an independent manufacturing training facility with cleanrooms where professionals gain hands-on experience without patient or product risk. PDA trains over 1,000 professionals annually, including more than 300 health authority and regulator representatives.

PDA courses cover aseptic processing, process validation, environmental monitoring, quality risk management, and regulatory compliance. For building technical depth, the hands-on format is particularly valuable. Reading about aseptic technique in a guidance document is qualitatively different from gowning up and working in a simulated fill room. PDA is developing a formal TRI Certificate Program with verified digital badges, which will add credentialing to an already excellent training experience.

CfPIE Current Good Manufacturing Practices Certified Professional (GMPCP)

The Center for Professional Innovation and Education (CfPIE) holds an FDA contract to provide Quality System Regulation training to FDA professionals — which speaks to the program’s credibility. Their cGMP certification requires completion of four courses (three core, one elective) and a comprehensive examination. The curriculum covers the full spectrum of cGMP compliance from clinical development through post-approval manufacturing.

CfPIE courses tend to be taught by practitioners with deep industry experience, and they offer both on-site and public sessions. The certification is particularly well-suited for professionals who want structured, classroom-style learning delivered by people who’ve been on the manufacturing floor and in the inspection room.

ECA Academy GMP/GDP Certification Programme

For professionals with international scope or working at sites with European regulatory exposure, the ECA Academy’s certification program is the largest of its kind in Europe. It offers 15 modular certification tracks — including Certified Validation Manager, Certified Biotech Manager, and Certified Quality Assurance Manager — each requiring completion of three courses from a defined list. The modular structure allows professionals to select courses aligned with their specific responsibilities and interests.

Tier 3: Process Improvement and Methodology

Lean Six Sigma (Green Belt or Black Belt)

Lean Six Sigma is the process improvement methodology, and it’s increasingly expected for quality professionals targeting management and leadership roles. In pharmaceutical manufacturing, Green Belt projects commonly focus on cycle time reduction, deviation rate reduction, cleaning optimization, and yield improvement. More than half of Fortune 500 companies follow Lean Six Sigma frameworks, and certified professionals often see 20–25% salary increases at the Green Belt level.

That said, context matters. In GMP environments, the iterative experimentation that Lean Six Sigma encourages can run into regulatory friction — changes to validated processes require formal change control, and FDA doesn’t care about your DMAIC timeline. The real value of Six Sigma for a compliance professional isn’t the belt itself; it’s the statistical literacy and structured problem-solving mindset it develops. If your investigations and CAPAs already reflect that thinking, a certification formalizes what you’re doing. If they don’t, the training will genuinely change how you approach problems.

ASQ’s Green Belt certification is the most broadly recognized and credible option.

RAPS Regulatory Affairs Certification (RAC)

If Raz’s career trajectory points toward regulatory affairs rather than quality operations, the Regulatory Affairs Certification from RAPS is the leading credential in that space. The RAC-Drugs designation validates expertise across the regulatory lifecycle — from product development and registration to post-market compliance. The exam requires at least three years of regulatory experience (or equivalent) and covers U.S., EU, and global regulatory frameworks.

RAPS also offers certificate programs (distinct from the RAC credential) consisting of online course bundles in pharmaceutical or medical device regulatory affairs — nine courses for roughly $2,745–$3,490. These are educational certificates rather than professional credentials, but they provide structured learning paths for professionals building regulatory knowledge.

Building a Technical Vocabulary: Where to Start Without a Certification

Not everything needs a certificate attached to it. For a compliance lead wanting to build technical depth quickly, these resources deliver high impact at low cost:

ICH Q8–Q12 Guidelines: Reading and truly understanding these documents — pharmaceutical development (Q8), quality risk management (Q9), pharmaceutical quality system (Q10), development and manufacture of drug substances (Q11), and product lifecycle management (Q12) — provides the technical vocabulary of modern pharmaceutical quality. They’re free, they’re authoritative, and they’re the foundation everything else builds on.
FDA 483 Observation Database: Reviewing recent observations for your site type (API, biologics, sterile) is free continuing education in what goes wrong and why. Make it a weekly habit.
ISPE Baseline Guides: These are the technical reference documents that engineers and validation professionals use daily. Understanding them closes the gap between “what the regulation says” and “how we build it”.
GAMP® 5 Guide (Second Edition): For anyone in automation compliance, this is the foundational text. It covers risk-based validation of computerized systems and is the de facto standard for computer system validation in pharma. Understanding GAMP categories, the V-model, and risk-based testing strategies is essential.

A Recommended Path for Raz

Given 10+ years in pharma compliance at API sites with greenfield experience and a current role in automation compliance, a prioritized roadmap:

Immediate (next 3–6 months): ISPE GAMP® Essentials certificate program — directly applicable to automation compliance work, builds the technical validation vocabulary, and connects with the ISPE professional community.
Near-term (6–12 months): ASQ CPGP certification — the most relevant formal credential for pharmaceutical GMP professionals, formalizes a decade of accumulated knowledge, and signals comprehensive competence to employers.
Medium-term (12–18 months): Lean Six Sigma Green Belt — adds the statistical and process improvement toolkit, strengthens investigation and CAPA capabilities, and is increasingly expected for management-track roles.
Ongoing: ISPE or PDA membership for continuing education, access to technical resources, and professional networking. Consider PDA TRI hands-on courses for specific technical areas where deeper understanding is needed.
If auditing becomes a larger part of the role: Add the ASQ CQA to formalize and credential auditing expertise.

The Real Advice

Certifications open doors, but they don’t replace the hard work of actually learning the material. The best compliance professionals — the ones who earn the respect of their engineering and manufacturing colleagues — are the ones who can have a conversation about why a cleanroom HVAC system is designed a certain way, not just whether the qualification documentation is complete. They can look at a deviation trend and see a process capability problem, not just a paperwork problem.

Ten years of experience at API sites and greenfield facilities has built a foundation that many credentialed professionals lack. The certifications above will give that experience structure, vocabulary, and formal recognition. Pick the ones that match where you want to go next, not just where you’ve been.

Thanks for reading, Raz. Keep asking the good questions.

The Kafkaesque Quality System: Escaping the Bureaucratic Trap

On the morning of his thirtieth birthday, Josef K. is arrested. He doesn’t know what crime he’s accused of committing. The arresting officers can’t tell him. His neighbors assure him the authorities must have good reasons, though they don’t know what those reasons are. When he seeks answers, he’s directed to a court that meets in tenement attics, staffed by officials whose actions are never explained but always assumed to be justified. The bureaucracy processing his case is described as “flawless,” yet K. later witnesses a servant destroying paperwork because he can’t determine who the recipient should be.

Franz Kafka wrote The Trial in 1914, but he could have been describing a pharmaceutical deviation investigation in 2026.

Consider: A batch is placed on hold. The deviation report cites “failure to follow approved procedure.” Investigators interview operators, review batch records, and examine environmental monitoring data. The investigation concludes that training was inadequate, procedures were unclear, and the change control process should have flagged this risk. Corrective actions are assigned: retraining all operators, revising the SOP, and implementing a new review checkpoint in change control. The CAPA effectiveness check, conducted six months later, confirms that all actions have been completed. The quality system has functioned flawlessly.

Yet if you ask the operator what actually happened—what really happened, in the moment when the deviation occurred—you get a different story. The procedure said to verify equipment settings before starting, but the equipment interface doesn’t display the parameters the SOP references. It hasn’t for the past three software updates. So operators developed a workaround: check the parameters through a different screen, document in the batch record that verification occurred, and continue. Everyone knows this. Supervisors know it. The quality oversight person stationed on the manufacturing floor knows it. It’s been working fine for months.

Until this batch, when the workaround didn’t work, and suddenly everyone had to pretend they didn’t know about the workaround that everyone knew about.

This is what I call the Kafkaesque quality system. Not because it’s absurd—though it often is. But because it exhibits the same structural features Kafka identified in bureaucratic systems: officials whose actions are never explained, contradictory rationalizations praised as features rather than bugs, the claim of flawlessness maintained even as paperwork literally gets destroyed because nobody knows what to do with it, and above all, the systemic production of gaps between how things are supposed to work and how they actually work—gaps that everyone must pretend don’t exist.

Pharmaceutical quality systems are not designed to be Kafkaesque. They’re designed to ensure that medicines are safe, effective, and consistently manufactured to specification. They emerge from legitimate regulatory requirements grounded in decades of experience about what can go wrong when quality oversight is inadequate. ICH Q10, the FDA’s Quality Systems Guidance, EU GMP—these frameworks represent hard-won knowledge about the critical control points that prevent contamination, mix-ups, degradation, and the thousand other ways pharmaceutical manufacturing can fail.

But somewhere between the legitimate need for control and the actual functioning of quality systems, something goes wrong. The system designed to ensure quality becomes a system designed to ensure compliance. The compliance designed to demonstrate quality becomes compliance designed to satisfy inspections. The investigations designed to understand problems become investigations designed to document that all required investigation steps were completed. And gradually, imperceptibly, we build the Castle—an elaborate bureaucracy that everyone assumes is functioning properly, that generates enormous amounts of documentation proving it functions properly, and that may or may not actually be ensuring the quality it was built to ensure.

Legibility and Control

Regulatory authorities, corporate management, and any entity trying to govern complex systems—need legibility. They need to be able to “read” what’s happening in the systems they regulate. For pharmaceutical regulators, this means being able to understand, from batch records and validation documentation and investigation reports, whether a manufacturer is consistently producing medicines of acceptable quality.

Legibility requires simplification. The actual complexity of pharmaceutical manufacturing—with its tacit knowledge, operator expertise, equipment quirks, material variability, and environmental influences—cannot be fully captured in documents. So we create simplified representations. Batch records that reduce manufacturing to a series of checkboxes. Validation protocols that demonstrate method performance under controlled conditions. Investigation reports that fit problems into categories like “inadequate training” or “equipment malfunction”.

This simplification serves a legitimate purpose. Without it, regulatory oversight would be impossible. How could an inspector evaluate whether a manufacturer maintains adequate control if they had to understand every nuance of every process, every piece of tacit knowledge held by every operator, every local adaptation that makes the documented procedures actually work?

But we can often mistake the simplified, legible representation for the reality it represents. We fall prey to the fallacy that if we can fully document a system, we can fully control it. If we specify every step in SOPs, operators will perform those steps. If we validate analytical methods, those methods will continue performing as validated. If we investigate deviations and implement CAPAs, similar deviations won’t recur.

The assumption is seductive because it’s partly true. Documentation does facilitate control. Validation does improve analytical reliability. CAPA does prevent recurrence—sometimes. But the simplified, legible version of pharmaceutical manufacturing is always a reduction of the actual complexity. And our quality systems can forget that the map is not the territory.

What happens when the gap between the legible representation and the actual reality grows too large? Our Pharmaceutical quality systems fail quietly, in the gap between work-as-imagined and work-as-done. In procedures that nobody can actually follow. In validated methods that don’t work under routine conditions. In investigations that document everything except what actually happened. In quality metrics that measure compliance with quality processes rather than actual product quality.

Metis: The Knowledge Bureaucracies Cannot See

We can contrast this formal, systematic, documented knowledge with metis: practical wisdom gained through experience, local knowledge that adapts to specific contexts, the know-how that cannot be fully codified.

Greek mythology personified metis as cunning intelligence, adaptive resourcefulness, the ability to navigate complex situations where formal rules don’t apply. Scott uses the term to describe the local, practical knowledge that makes complex systems actually work despite their formal structures.

In pharmaceutical manufacturing, metis is the operator who knows that the tablet press runs better when you start it up slowly, even though the SOP doesn’t mention this. It’s the analytical chemist who can tell from the peak shape that something’s wrong with the HPLC column before it fails system suitability. It’s the quality reviewer who recognizes patterns in deviations that indicate an underlying equipment issue nobody has formally identified yet.

This knowledge is typically tacit—difficult to articulate, learned through experience rather than training, tied to specific contexts. Studies suggest tacit knowledge comprises 90% of organizational knowledge, yet it’s rarely documented because it can’t easily be reduced to procedural steps. When operators leave or transfer, their metis goes with them.

High-modernist quality systems struggle with metis because they can’t see it. It doesn’t appear in batch records. It can’t be validated. It doesn’t fit into investigation templates. From the regulator’s-eye view, or the quality management’s-eye view—it’s invisible.

So we try to eliminate it. We write more detailed SOPs that specify exactly how to operate equipment, leaving no room for operator discretion. We implement lockout systems that prevent deviation from prescribed parameters. We design quality oversight that verifies operators follow procedures exactly as written.

This creates a dilemma that Sidney Dekker identifies as central to bureaucratic safety systems: the gap between work-as-imagined and work-as-done.

Work-as-imagined is how quality management, procedure writers, and regulators believe manufacturing happens. It’s documented in SOPs, taught in training, and represented in batch records. Work-as-done is what actually happens on the manufacturing floor when real operators encounter real equipment under real conditions.

In ultra-adaptive environments—which pharmaceutical manufacturing surely is, with its material variability, equipment drift, environmental factors, and human elements—work cannot be fully prescribed in advance. Operators must adapt, improvise, apply judgment. They must use metis.

But adaptation and improvisation look like “deviation from approved procedures” in a high-modernist quality system. So operators learn to document work-as-imagined in batch records while performing work-as-done on the floor. The batch record says they “verified equipment settings per SOP section 7.3.2” when what they actually did was apply the metis they’ve learned through experience to determine whether the equipment is really ready to run.

This isn’t dishonesty—or rather, it’s the kind of necessary dishonesty that bureaucratic systems force on the people operating within them. Kafka understood this. The villagers in The Castle provide contradictory explanations for the officials’ actions, and everyone praises this ambiguity as a feature of the system rather than recognizing it as a dysfunction. Everyone knows the official story and the actual story don’t match, but admitting that would undermine the entire bureaucratic structure.

Metis, Expertise, and the Architecture of Knowledge

Understanding why pharmaceutical quality systems struggle to preserve and utilize operator knowledge requires examining how knowledge actually exists and develops in organizations. Three frameworks illuminate different facets of this challenge: James C. Scott’s concept of metis, W. Edwards Deming’s System of Profound Knowledge, and the research on expertise development and knowledge management pioneered by Ikujiro Nonaka and Anders Ericsson.

These frameworks aren’t merely academic concepts. They reveal why quality systems that look comprehensive on paper fail in practice, why experienced operators leave and take critical capability with them, and why organizations keep making the same mistakes despite extensive documentation of lessons learned.

The Architecture of Knowledge: Tacit and Explicit

Management scholar Ikujiro Nonaka distinguishes between two fundamental types of knowledge that coexist in all organizations. Explicit knowledge is codifiable—it can be expressed in words, numbers, formulas, documented procedures. It’s the content of SOPs, validation protocols, batch records, training materials. It’s what we can write down and transfer through formal documentation.

Tacit knowledge is subjective, experience-based, and context-specific. It includes cognitive skills like beliefs, mental models, and intuition, as well as technical skills like craft and know-how. Tacit knowledge is notoriously difficult to articulate. When an experienced analytical chemist looks at a chromatogram and says “something’s not right with that peak shape,” they’re drawing on tacit knowledge built through years of observing normal and abnormal results.

Nonaka’s insight is that these two types of knowledge exist in continuous interaction through what he calls the SECI model—four modes of knowledge conversion that form a spiral of organizational learning:

Socialization (tacit to tacit): Tacit knowledge transfers between individuals through shared experience and direct interaction. An operator training a new hire doesn’t just explain the procedure; they demonstrate the subtle adjustments, the feel of properly functioning equipment, the signs that something’s going wrong. This is experiential learning, the acquisition of skills and mental models through observation and practice.
Externalization (tacit to explicit): The difficult process of making tacit knowledge explicit through articulation. This happens through dialogue, metaphor, and reflection-on-action—stepping back from practice to describe what you’re doing and why. When investigation teams interview operators about what actually happened during a deviation, they’re attempting externalization. But externalization requires psychological safety; operators won’t articulate their tacit knowledge if doing so will reveal deviations from approved procedures.
Combination (explicit to explicit): Documented knowledge combined into new forms. This is what happens when validation teams synthesize development data, platform knowledge, and method-specific studies into validation strategies. It’s the easiest mode because it works entirely with already-codified knowledge.
Internalization (explicit to tacit): The process of embodying explicit knowledge through practice until it becomes “sticky” individual knowledge—operational capability. When operators internalize procedures through repeated execution, they’re converting the explicit knowledge in SOPs into tacit capability. Over time, with reflection and deliberate practice, they develop expertise that goes beyond what the SOP specifies.

Metis is the tacit knowledge that resists externalization. It’s context-specific, adaptive, often non-verbal. It’s what operators know about equipment quirks, material variability, and process subtleties—knowledge gained through direct engagement with complex, variable systems.

High-modernist quality systems, in their drive for legibility and control, attempt to externalize all tacit knowledge into explicit procedures. But some knowledge fundamentally resists codification. The operator’s ability to hear when equipment isn’t running properly, the analyst’s judgment about whether a result is credible despite passing specification, the quality reviewer’s pattern recognition that connects apparently unrelated deviations—this metis cannot be fully proceduralized.

Worse, the attempt to externalize all knowledge into procedures creates what Nonaka would recognize as a broken learning spiral. Organizations that demand perfect procedural compliance prevent socialization—operators can’t openly share their tacit knowledge because it would reveal that work-as-done doesn’t match work-as-imagined. Externalization becomes impossible because articulating tacit knowledge is seen as confession of deviation. The knowledge spiral collapses, and organizations lose their capacity for learning.

Deming’s Theory of Knowledge: Prediction and Learning

W. Edwards Deming’s System of Profound Knowledge provides a complementary lens on why quality systems struggle with knowledge. One of its four interrelated elements—Theory of Knowledge—addresses how we actually learn and improve systems.

Deming’s central insight: there is no knowledge without theory. Knowledge doesn’t come from merely accumulating experience or documenting procedures. It comes from making predictions based on theory and testing whether those predictions hold. This is what makes knowledge falsifiable—it can be proven wrong through empirical observation.

Consider analytical method validation through this lens. Traditional validation documents that a method performed acceptably under specified conditions; this is a description of past events, not theory. Lifecycle validation, properly understood, makes a theoretical prediction: “This method will continue generating results of acceptable quality when operated within the defined control strategy”. That prediction can be tested through Stage 3 ongoing verification. When the prediction fails—when the method doesn’t perform as validation claimed—we gain knowledge about the gap between our theory (the validation claim) and reality.

This connects directly to metis. Operators with metis have internalized theories about how systems behave. When an experienced operator says “We need to start the tablet press slowly today because it’s cold in here and the tooling needs to warm up gradually,” they’re articulating a theory based on their tacit understanding of equipment behavior. The theory makes a prediction: starting slowly will prevent the coating defects we see when we rush on cold days.

But hierarchical, procedure-driven quality systems don’t recognize operator theories as legitimate knowledge. They demand compliance with documented procedures regardless of operator predictions about outcomes. So the operator follows the SOP, the coating defects occur, a deviation is written, and the investigation concludes that “procedure was followed correctly” without capturing the operator’s theoretical knowledge that could have prevented the problem.

Deming’s other element—Knowledge of Variation—is equally crucial. He distinguished between common cause variation (inherent to the system, management’s responsibility to address through system redesign) and special cause variation (abnormalities requiring investigation). His research across multiple industries suggested that 94% of problems are common cause—they reflect system design issues, not individual failures.

Bureaucratic quality systems systematically misattribute variation. When operators struggle to follow procedures, the system treats this as special cause (operator error, inadequate training) rather than common cause (the procedures don’t match operational reality, the system design is flawed). This misattribution prevents system improvement and destroys operator metis by treating adaptive responses as deviations.

From Deming’s perspective, metis is how operators manage system variation when procedures don’t account for the full range of conditions they encounter. Eliminating metis through rigid procedural compliance doesn’t eliminate variation—it eliminates the adaptive capacity that was compensating for system design flaws.

Ericsson and the Development of Expertise

Psychologist Anders Ericsson’s research on expertise development reveals another dimension of how knowledge works in organizations. His studies across fields from chess to music to medicine dismantled the myth that expert performers have unusual innate talents. Instead, expertise is the result of what he calls deliberate practice—individualized training activities specifically designed to improve particular aspects of performance through repetition, feedback, and successive refinement.

Deliberate practice has specific characteristics:

It involves tasks initially outside the current realm of reliable performance but masterable within hours through focused concentration
It requires immediate feedback on performance
It includes reflection between practice sessions to guide subsequent improvement
It continues for extended periods—Ericsson found it takes a minimum of ten years of full-time deliberate practice to reach high levels of expertise even in well-structured domains

Critically, experience alone does not create expertise. Studies show only a weak correlation between years of professional experience and actual performance quality. Merely repeating activities leads to automaticity and arrested development—practice makes permanent, but only deliberate practice improves performance.

This has profound implications for pharmaceutical quality systems. When we document procedures and require operators to follow them exactly, we’re eliminating the deliberate practice conditions that develop expertise. Operators execute the same steps repeatedly without feedback on the quality of performance (only on compliance with procedure), without reflection on how to improve, and without tackling progressively more challenging aspects of the work.

Worse, the compliance focus actively prevents expertise development. Ericsson emphasizes that experts continually try to improve beyond their current level of performance. But quality systems that demand perfect procedural compliance punish the very experimentation and adaptation that characterizes deliberate practice. Operators who develop metis through deliberate engagement with operational challenges must conceal that knowledge because it reveals they adapted procedures rather than following them exactly.

The expertise literature also reveals how knowledge transfers—or fails to transfer—in organizations. Research identifies multiple knowledge transfer mechanisms: social networks, organizational routines, personnel mobility, organizational design, and active search. But effective transfer depends critically on the type of knowledge involved.

Tacit knowledge transfers primarily through mentoring, coaching, and peer-to-peer interaction—what Nonaka calls socialization. When experienced operators leave, this tacit knowledge vanishes if it hasn’t been transferred through direct working relationships. No amount of documentation captures it because tacit knowledge is experience-based and context-specific.

Explicit knowledge transfers through documentation, formal training, and digital platforms. This is what quality systems are designed for: capturing knowledge in SOPs, specifications, validation protocols. But organizations often mistake documentation for knowledge transfer. Creating comprehensive procedures doesn’t ensure that people learn from them. Without internalization—the conversion of explicit knowledge back into tacit operational capability through practice and reflection—documented knowledge remains inert.

Knowledge Management Failures in Pharmaceutical Quality

These three frameworks—Nonaka’s knowledge conversion spiral, Deming’s theory of knowledge and variation, Ericsson’s deliberate practice—reveal systematic failures in how pharmaceutical quality systems handle knowledge:

Broken socialization: Quality systems that punish deviation prevent operators from openly sharing tacit knowledge about work-as-done. New operators learn the documented procedures but not the metis that makes those procedures actually work.
Failed externalization: Investigation processes that focus on compliance rather than understanding don’t capture operator theories about causation. The tacit knowledge that could prevent recurrence remains tacit—and often punishable if revealed.
Meaningless combination: Organizations generate elaborate CAPA documentation by combining explicit knowledge about what should happen without incorporating tacit knowledge about what actually happens. The resulting “knowledge” doesn’t reflect operational reality.
Superficial internalization: Training programs that emphasize procedure memorization rather than capability development don’t convert explicit knowledge into genuine operational expertise. Operators learn to document compliance without developing the metis needed for quality work.
Misattribution of variation: Systems treat operator adaptation as special cause (individual failure) rather than recognizing it as response to common cause system design issues. This prevents learning because the organization never addresses the system flaws that necessitate adaptation.
Prevention of deliberate practice: Rigid procedural compliance eliminates the conditions for expertise development—challenging tasks, immediate feedback on quality (not just compliance), reflection, and progressive improvement. Organizations lose expertise development capacity.
Knowledge transfer theater: Extensive documentation of lessons learned and best practices without the mentoring relationships and communities of practice that enable actual tacit knowledge transfer. Knowledge “management” that manages documents rather than enabling organizational learning.

The consequence is what Nonaka would call organizational knowledge destruction rather than creation. Each layer of bureaucracy, each procedure demanding rigid compliance, each investigation that treats adaptation as deviation, breaks another link in the knowledge spiral. The organization becomes progressively more ignorant about its own operations even as it generates more and more documentation claiming to capture knowledge.

Building Systems That Preserve and Develop Metis

If metis is essential for quality, if expertise develops through deliberate practice, if knowledge exists in continuous interaction between tacit and explicit forms, how do we design quality systems that work with these realities rather than against them?

Enable genuine socialization: Create legitimate spaces for experienced operators to work directly with less experienced ones in conditions where tacit knowledge can be openly shared. This means job shadowing, mentoring relationships, and communities of practice where work-as-done can be discussed without fear of punishment for revealing that it differs from work-as-imagined.

Design for externalization: Investigation processes should aim to capture operator theories about causation, not just document procedural compliance. Use dialogue, ask operators for metaphors and analogies that help articulate tacit understanding, create reflection opportunities where people can step back from action to describe what they know. But this requires just culture—operators won’t externalize knowledge if doing so triggers blame.

Support deliberate practice: Instead of demanding perfect procedural compliance, create conditions for expertise development. This means progressively challenging work assignments, immediate feedback on quality of outcomes (not just compliance), reflection time between executions, and explicit permission to adapt within understood boundaries. Document decision rules rather than rigid procedures, so operators develop judgment rather than just following steps.

Apply Deming’s knowledge theory: Make quality system elements falsifiable by articulating explicit predictions that can be tested. Validated methods should predict ongoing performance, CAPAs should predict reduction in deviation frequency, training should predict capability improvement. Then test those predictions systematically and learn when they fail.

Correctly attribute variation: When operators struggle with procedures or adapt them, ask whether this is special cause (unusual circumstances) or common cause (system design doesn’t match operational reality). If it’s common cause—which Deming suggests is 94% of the time—management must redesign the system rather than demanding better compliance.

Build knowledge transfer mechanisms: Recognize that different knowledge types require different transfer approaches. Tacit knowledge needs mentoring and communities of practice, not just documentation. Explicit knowledge needs accessible documentation and effective training, not just comprehensive procedure libraries. Knowledge transfer is a property of organizational systems and culture, not just techniques.

Measure knowledge outcomes, not documentation volume: Success isn’t demonstrated by comprehensive procedures or extensive training records. It’s demonstrated by whether people can actually perform quality work, whether they have the tacit knowledge and expertise that come from deliberate practice and genuine organizational learning. Measure investigation quality by whether investigations capture knowledge that prevents recurrence, measure CAPA effectiveness by whether problems actually decrease, measure training effectiveness by whether capability improves.

The fundamental insight across all three frameworks is that knowledge is not documentation. Knowledge exists in the dynamic interaction between explicit and tacit forms, between theory and practice, between individual expertise and organizational capability. Quality systems designed around documentation—assuming that if we write comprehensive procedures and require people to follow them, quality will result—are systems designed in ignorance of how knowledge actually works.

Metis is not an obstacle to be eliminated through standardization. It is an essential organizational capability that develops through deliberate practice and transfers through socialization. Deming’s profound knowledge isn’t just theory—it’s the lens that reveals why bureaucratic systems systematically destroy the very knowledge they need to function effectively.

Building quality systems that preserve and develop metis means building systems for organizational learning, not organizational documentation. It means recognizing operator expertise as legitimate knowledge rather than deviation from procedures. It means creating conditions for deliberate practice rather than demanding perfect compliance. It means enabling knowledge conversion spirals rather than breaking them through blame and rigid control.

This is the escape from the Kafkaesque quality system. Not through more procedures, more documentation, more oversight—but through quality systems designed around how humans actually learn, how expertise actually develops, how knowledge actually exists in organizations.

The Pathologies of Bureaucracy

Sociologist Robert K. Merton studied how bureaucracies develop characteristic dysfunctions even when staffed by competent, well-intentioned people. He identified what he called “bureaucratic pathologies”—systematic problems that emerge from the structure of bureaucratic organizations rather than from individual failures.

The primary pathology is what Merton called “displacement of goals”. Bureaucracies establish rules and procedures as means to achieve organizational objectives. But over time, following the rules becomes an end in itself. Officials focus on “doing things by the book” rather than on whether the book is achieving its intended purpose.

Does this sound familiar to pharmaceutical quality professionals?

How many deviation investigations focus primarily on demonstrating that investigation procedures were followed—impact assessment completed, timeline met, all required signatures obtained—with less attention to whether the investigation actually understood what happened and why? How many CAPA effectiveness checks verify that corrective actions were implemented but don’t rigorously test whether they solved the underlying problem? How many validation studies are designed to satisfy validation protocol requirements rather than to genuinely establish method fitness for purpose?

Merton identified another pathology: bureaucratic officials are discouraged from showing initiative because they lack the authority to deviate from procedures. When problems arise that don’t fit prescribed categories, officials “pass the buck” to the next level of hierarchy. Meanwhile, the rigid adherence to rules and the impersonal attitude this generates are interpreted by those subject to the bureaucracy as arrogance or indifference.

Quality professionals will recognize this pattern. The quality oversight person on the manufacturing floor sees a problem but can’t address it without a deviation report. The deviation report triggers an investigation that can’t conclude without identifying root cause according to approved categories. The investigation assigns CAPA that requires multiple levels of approval before implementation. By the time the CAPA is implemented, the original problem may have been forgotten, or operators may have already developed their own workaround that will remain invisible to the formal system.

Dekker argues that bureaucratization creates “structural secrecy”—not active concealment, but systematic conditions under which information cannot flow. Bureaucratic accountability determines who owns data “up to where and from where on”. Once the quality staff member presents a deviation report to management, their bureaucratic accountability is complete. What happens to that information afterward is someone else’s problem.

Meanwhile, operators know things that quality staff don’t know, quality staff know things that management doesn’t know, and management knows things that regulators don’t know. Not because anyone is deliberately hiding information, but because the bureaucratic structure creates boundaries across which information doesn’t naturally flow.

This is structural secrecy, and it’s lethal to quality systems because quality depends on information about what’s actually happening. When the formal system cannot see work-as-done, cannot access operator metis, cannot flow information across bureaucratic boundaries, it’s managing an imaginary factory rather than the real one.

Compliance Theater: The Performance of Quality

If bureaucratic quality systems manage imaginary factories, they require imaginary proof that quality is maintained. Enter compliance theater—the systematic creation of documentation and monitoring that prioritizes visible adherence to requirements over substantive achievement of quality objectives.

Compliance theater has several characteristic features:

Surface-level implementation: Organizations develop extensive documentation, training programs, and monitoring systems that create the appearance of comprehensive quality control while lacking the depth necessary to actually ensure quality.
Metrics gaming: Success is measured through easily manipulable indicators—training completion rates, deviation closure timeliness, CAPA on-time implementation—rather than outcomes reflecting actual quality performance.
Resource misallocation: Significant resources devoted to compliance performance rather than substantive quality improvement, creating opportunity costs that impede genuine progress.
Temporal patterns: Activity spikes before inspections or audits rather than continuous vigilance.

Consider CAPA effectiveness checks. In principle, these verify that corrective actions actually solved the underlying problem. But how many CAPA effectiveness checks truly test this? The typical approach: verify that the planned actions were implemented (revised SOP distributed, training completed, new equipment qualified), wait for some period during which no similar deviation occurs, declare the CAPA effective.

This is ritualistic compliance, not genuine verification. If the deviation was caused by operator metis being inadequate for the actual demands of the task, and the corrective action was “revise SOP to clarify requirements and retrain operators,” the effectiveness check should test whether operators now have the knowledge and capability to handle the task. But we don’t typically test capability. We verify that training attendance was documented and that no deviations of the exact same type have been reported in the past six months.

No deviations reported is not the same as no deviations occurring. It might mean operators developed better workarounds that don’t trigger quality system alerts. It might mean supervisors are managing issues informally rather than generating deviation reports. It might mean we got lucky.

But the paperwork says “CAPA verified effective,” and the compliance theater continues.

Analytical method validation presents another arena for compliance theater. Traditional validation treats validation as an event: conduct studies demonstrating acceptable performance, generate a validation report, file with regulatory authorities, and consider the method “validated”. The implicit assumption is that a method that passed validation will continue performing acceptably forever, as long as we check system suitability.

But methods validated under controlled conditions with expert analysts and fresh materials often perform differently under routine conditions with typical analysts and aged reagents. The validation represented work-as-imagined. What happens during routine testing is work-as-done.

If we took lifecycle validation seriously, we would treat validation as predicting future performance and continuously test those predictions through Stage 3 ongoing verification. We would monitor not just system suitability pass/fail but trends suggesting performance drift. We would investigate anomalous results as potential signals of method inadequacy.

But Stage 3 verification is underdeveloped in regulatory guidance and practice. So validated methods continue being used until they fail spectacularly, at which point we investigate the failure, implement CAPA, revalidate, and resume the cycle.

The validation documentation proves the method is validated. Whether the method actually works is a separate question.

The Bureaucratic Trap: How Good Systems Go Bad

I need to emphasize: pharmaceutical quality systems did not become bureaucratic because quality professionals are incompetent or indifferent. The bureaucratization happens through the interaction of legitimate pressures that push systems toward forms that are legible, auditable, and defensible but increasingly disconnected from the complex reality they’re meant to govern.

Regulatory pressure: Inspectors need evidence that quality is controlled. The most auditable evidence is documentation showing compliance with established procedures. Over time, quality systems optimize for auditability rather than effectiveness.
Liability pressure: When quality failures occur, organizations face regulatory action, litigation, and reputational damage. The best defense is demonstrating that all required procedures were followed. This incentivizes comprehensive documentation even when that documentation doesn’t enhance actual quality.
Complexity: Pharmaceutical manufacturing is genuinely complex, with thousands of variables affecting product quality. Reducing this complexity to manageable procedures requires simplification. The simplification is necessary, but organizations forget that it’s a reduction rather than the full reality.
Scale: As organizations grow, quality systems must work across multiple sites, products, and regulatory jurisdictions. Standardization is necessary for consistency, but standardization requires abstracting away local context—precisely the domain where metis operates.
Knowledge loss: When experienced operators leave, their tacit knowledge goes with them. Organizations try to capture this knowledge in ever-more-detailed procedures, but metis cannot be fully proceduralized. The detailed procedures give the illusion of captured knowledge while the actual knowledge has vanished.
Management distance: Quality executives are increasingly distant from manufacturing operations. They manage through metrics, dashboards, and reports rather than direct observation. These tools require legibility—quantitative measures, standardized reports, formatted data. The gap between management’s understanding and operational reality grows.
Inspection trauma: After regulatory inspections that identify deficiencies, organizations often respond by adding more procedures, more documentation, more oversight. The response to bureaucratic dysfunction is more bureaucracy.

Each of these pressures is individually rational. Taken together, they create what the conditions for failure: administrative ordering of complex systems, confidence in formal procedures and documentation, authority willing to enforce compliance, and increasingly, a weakened operational environment that can’t effectively resist.

What we get is the Kafkaesque quality system: elaborate, well-documented, apparently flawless, generating enormous amounts of evidence that it’s functioning properly, and potentially failing to ensure the quality it was designed to ensure.

The Consequences: When Bureaucracy Defeats Quality

The most insidious aspect of bureaucratic quality systems is that they can fail quietly. Unlike catastrophic contamination events or major product recalls, bureaucratic dysfunction produces gradual degradation that may go unnoticed because all the quality metrics say everything is fine.

Investigation without learning: Investigations that focus on completing investigation procedures rather than understanding causal mechanisms don’t generate knowledge that prevents recurrence. Organizations keep investigating the same types of problems, implementing CAPAs that check compliance boxes without addressing underlying issues, and declaring investigations “closed” when the paperwork is complete.

Research on incident investigation culture reveals what investigators call “new blame”—a dysfunction where investigators avoid examining human factors for fear of seeming accusatory, instead quickly attributing problems to “unclear procedures” or “inadequate training” without probing what actually happened. This appears to be blame-free but actually prevents learning by refusing to engage with the complexity of how humans interact with systems.

Analytical unreliability: Methods that “passed validation” may be silently failing under routine conditions, generating subtly inaccurate results that don’t trigger obvious failures but gradually degrade understanding of product quality. Nobody knows because Stage 3 verification isn’t rigorous enough to detect drift.

Operator disengagement: When operators know that the formal procedures don’t match operational reality, when they’re required to document work-as-imagined while performing work-as-done, when they see problems but reporting them triggers bureaucratic responses that don’t fix anything, they disengage. They stop reporting. They develop workarounds. They focus on satisfying the visible compliance requirements rather than ensuring genuine quality.

This is exactly what Merton predicted: bureaucratic structures that punish initiative and reward procedural compliance create officials who follow rules rather than thinking about purpose.

Resource misallocation: Organizations spend enormous resources on compliance activities that satisfy audit requirements without enhancing quality. Documentation of training that doesn’t transfer knowledge. CAPA systems that process hundreds of actions of marginal effectiveness. Validation studies that prove compliance with validation requirements without establishing genuine fitness for purpose.

Structural secrecy: Critical information that front-line operators possess about equipment quirks, material variability, and process issues doesn’t flow to quality management because bureaucratic boundaries prevent information transfer. Management makes decisions based on formal reports that reflect work-as-imagined while work-as-done remains invisible.

Loss of resilience: Organizations that depend on rigid procedures and standardized responses become brittle. When unexpected situations arise—novel contamination sources, unusual material properties, equipment failures that don’t fit prescribed categories—the organization can’t adapt because it has systematically eliminated the metis that enables adaptive response.

This last point deserves emphasis. Quality systems should make organizations more resilient—better able to maintain quality despite disturbances and variability. But bureaucratic quality systems can do the opposite. By requiring that everything be prescribed in advance, they eliminate the adaptive capacity that enables resilience.

The Alternative: High Reliability Organizations

So how do we escape the bureaucratic trap? The answer emerges from studying what researchers Karl Weick and Kathleen Sutcliffe call “High Reliability Organizations”—organizations that operate in complex, hazardous environments yet maintain exceptional safety records.

Nuclear aircraft carriers. Air traffic control systems. Wildland firefighting teams. These organizations can’t afford the luxury of bureaucratic dysfunction because failure means catastrophic consequences. Yet they operate in environments at least as complex as pharmaceutical manufacturing.

Weick and Sutcliffe identified five principles that characterize HROs:

Preoccupation with failure: HROs treat any anomaly as a potential symptom of deeper problems. They don’t wait for catastrophic failures. They investigate near-misses rigorously. They encourage reporting of even minor issues.

This is the opposite of compliance-focused quality systems that measure success by absence of major deviations and treat minor issues as acceptable noise.

Reluctance to simplify: HROs resist the temptation to reduce complex situations to simple categories. They maintain multiple interpretations of what’s happening rather than prematurely converging on a single explanation.

This challenges the bureaucratic need for legibility. It’s harder to manage systems that resist simple categorization. But it’s more effective than managing simplified representations that don’t reflect reality.

Sensitivity to operations: HROs maintain ongoing awareness of what’s happening at the sharp end where work is actually done. Leaders stay connected to operational reality rather than managing through dashboards and metrics.

This requires bridging the gap between work-as-imagined and work-as-done. It requires seeing metis rather than trying to eliminate it.

Commitment to resilience: HROs invest in adaptive capacity—the ability to respond effectively when unexpected situations arise. They practice scenario-based training. They maintain reserves of expertise. They design systems that can accommodate surprises.

This is different from bureaucratic systems that try to prevent all surprises through comprehensive procedures.

Deference to expertise: In HROs, authority migrates to whoever has relevant expertise regardless of hierarchical rank. During anomalous situations, the person with the best understanding of what’s happening makes decisions, even if that’s a junior operator rather than a senior manager.

Weick describes this as valuing “greasy hands knowledge”—the practical, experiential understanding of people directly involved in operations. This is metis by another name.

These principles directly challenge bureaucratic pathologies. Where bureaucracies focus on following established procedures, HROs focus on constant vigilance for signs that procedures aren’t working. Where bureaucracies demand hierarchical approval, HROs defer to frontline expertise. Where bureaucracies simplify for legibility, HROs maintain complexity.

Can pharmaceutical quality systems adopt HRO principles? Not easily, because the regulatory environment demands legibility and auditability. But neither can pharmaceutical quality systems afford continued bureaucratic dysfunction as complexity increases and the gap between work-as-imagined and work-as-done widens.

Building Falsifiable Quality Systems

Throughout this blog I’ve advocated for what I call falsifiable quality systems—systems designed to make testable predictions that could be proven wrong through empirical observation.

Traditional quality systems make unfalsifiable claims: “This method was validated according to ICH Q2 requirements.” “Procedures are followed.” “CAPA prevents recurrence.” These are statements about activities that occurred in the past, not predictions about future performance.

Falsifiable quality systems make explicit predictions: “This analytical method will generate reportable results within ±5% of true value under normal operating conditions.” “When operated within the defined control strategy, this process will consistently produce product meeting specifications.” “The corrective action implemented will reduce this deviation type by at least 50% over the next six months”.

These predictions can be tested. If ongoing data shows the method isn’t achieving ±5% accuracy, the prediction is falsified—the method isn’t performing as validation claimed. If deviations haven’t decreased after CAPA implementation, the prediction is falsified—the corrective action didn’t work.

Falsifiable systems create accountability for effectiveness rather than compliance. They force honest engagement with whether quality systems are actually ensuring quality.

This connects directly to HRO principles. Preoccupation with failure means treating falsification seriously—when predictions fail, investigating why. Reluctance to simplify means acknowledging the complexity that makes some predictions uncertain. Sensitivity to operations means using operational data to test predictions continuously. Commitment to resilience means building systems that can recognize and respond when predictions fail.

It also requires what researchers call “just culture”—systems that distinguish between honest errors, at-risk behaviors, and reckless violations. Bureaucratic blame cultures punish all failures, driving problems underground. “No-blame” cultures avoid examining human factors, preventing learning. Just cultures examine what happened honestly, including human decisions and actions, while focusing on system improvement rather than individual punishment.

In just culture, when a prediction is falsified—when a validated method fails, when CAPA doesn’t prevent recurrence, when operators can’t follow procedures—the response isn’t to blame individuals or to paper over the gap with more documentation. The response is to examine why the prediction was wrong and redesign the system to make it correct.

This requires the intellectual honesty to acknowledge when quality systems aren’t working. It requires willingness to look at work-as-done rather than only work-as-imagined. It requires recognizing operator metis as legitimate knowledge rather than deviation from procedures. It requires valuing learning over legibility.

Practical Steps: Escaping the Castle

How do pharmaceutical quality organizations actually implement these principles? How do we escape Kafka’s Castle once we’ve built it?

I won’t pretend this is easy. The pressures toward bureaucratization are real and powerful. Regulatory requirements demand legibility. Corporate management requires standardization. Inspection findings trigger defensive responses. The path of least resistance is always more procedures, more documentation, more oversight.

But some concrete steps can bend the trajectory away from bureaucratic dysfunction toward genuine effectiveness:

Make quality systems falsifiable: For every major quality commitment—validated analytical methods, qualified processes, implemented CAPAs—articulate explicit, testable predictions about future performance. Then systematically test those predictions through ongoing monitoring. When predictions fail, investigate why and redesign systems rather than rationalizing the failure away.

Close the WAI/WAD gap: Create safe mechanisms for understanding work-as-done. Don’t punish operators for revealing that procedures don’t match reality. Instead, use this information to improve procedures or acknowledge that some adaptation is necessary and train operators in effective adaptation rather than pretending perfect procedural compliance is possible.

Value metis: Recognize that operator expertise, analytical judgment, and troubleshooting capability are not obstacles to standardization but essential elements of quality systems. Document not just procedures but decision rules for when to adapt. Create mechanisms for transferring tacit knowledge. Include experienced operators in investigation and CAPA design.

Practice just culture: Distinguish between system-induced errors, at-risk behaviors under production pressure, and genuinely reckless violations. Focus investigations on understanding causal factors rather than assigning blame or avoiding blame. Hold people accountable for reporting problems and learning from them, not for making the inevitable errors that complex systems generate.

Implement genuine Stage 3 verification: Treat validation as predicting ongoing performance rather than certifying past performance. Monitor analytical methods, processes, and quality system elements for signs that their performance is drifting from predictions. Detect and address degradation early rather than waiting for catastrophic failure.

Bridge bureaucratic boundaries: Create information flows that cross organizational boundaries so that what operators know reaches quality management, what quality management knows reaches site leadership, and what site leadership knows shapes corporate quality strategy. This requires fighting against structural secrecy, perhaps through regular gemba walks, operator inclusion in quality councils, and bottom-up reporting mechanisms that protect operators who surface uncomfortable truths.

Test CAPA effectiveness honestly: Don’t just verify that corrective actions were implemented. Test whether they solved the problem. If a deviation was caused by inadequate operator capability, test whether capability improved. If it was caused by equipment limitation, test whether the limitation was eliminated. If the problem hasn’t recurred but you haven’t tested whether your corrective action was responsible, you don’t know if the CAPA worked—you know you got lucky.

Question metrics that measure activity rather than outcomes: Training completion rates don’t tell you whether people learned anything. Deviation closure timeliness doesn’t tell you whether investigations found root causes. CAPA implementation rates don’t tell you whether CAPAs were effective. Replace these with metrics that test quality system predictions: analytical result accuracy, process capability indices, deviation recurrence rates after CAPA, investigation quality assessed by independent review.

Embrace productive failure: When quality system elements fail—when validated methods prove unreliable, when procedures can’t be followed, when CAPAs don’t prevent recurrence—treat these as opportunities to improve systems rather than problems to be concealed or rationalized. HRO preoccupation with failure means seeing small failures as gifts that reveal system weaknesses before they cause catastrophic problems.

Continuous improvement, genuinely practiced: Implement PDCA (Plan-Do-Check-Act) or PDSA (Plan-Do-Study-Act) cycles not as compliance requirements but as systematic methods for testing changes before full implementation. Use small-scale experiments to determine whether proposed improvements actually improve rather than deploying changes enterprise-wide based on assumption.

Reduce the burden of irrelevant documentation: Much compliance documentation serves no quality purpose—it exists to satisfy audit requirements or regulatory expectations that may themselves be bureaucratic artifacts. Distinguish between documentation that genuinely supports quality (specifications, test results, deviation investigations that find root causes) and documentation that exists to demonstrate compliance (training attendance rosters for content people already know, CAPA effectiveness checks that verify nothing). Fight to eliminate the latter, or at least prevent it from crowding out the former.

The Politics of De-Bureaucratization

Here’s the uncomfortable truth: escaping the Kafkaesque quality system requires political will at the highest levels of organizations.

Quality professionals can implement some improvements within their spheres of influence—better investigation practices, more rigorous CAPA effectiveness checks, enhanced Stage 3 verification. But truly escaping the bureaucratic trap requires challenging structures that powerful constituencies benefit from.

Regulatory authorities benefit from legibility—it makes inspection and oversight possible. Corporate management benefits from standardization and quantitative metrics—they enable governance at scale. Quality bureaucracies themselves benefit from complexity and documentation—they justify resources and headcount.

Operators and production management often bear the costs of bureaucratization—additional documentation burden, inability to adapt to reality, blame when gaps between procedures and practice are revealed. But they’re typically the least powerful constituencies in pharmaceutical organizations.

Changing this dynamic requires quality leaders who understand that their role is ensuring genuine quality rather than managing compliance theater. It requires site leaders who recognize that bureaucratic dysfunction threatens product quality even when all audit checkboxes are green. It requires regulatory relationships mature enough to discuss work-as-done openly rather than pretending work-as-imagined is reality.

Scott argues that successful resistance to high-modernist schemes depends on civil society’s capacity to push back. In pharmaceutical organizations, this means empowering operational voices—the people with metis, with greasy-hands knowledge, with direct experience of the gap between procedures and reality. It means creating forums where they can speak without fear of retaliation. It means quality leaders who listen to operational expertise even when it reveals uncomfortable truths about quality system dysfunction.

This is threatening to bureaucratic structures precisely because it challenges their premise—that quality can be ensured through comprehensive documented procedures enforced by hierarchical oversight. If we acknowledge that operator metis is essential, that adaptation is necessary, that work-as-done will never perfectly match work-as-imagined, we’re admitting that the Castle isn’t really flawless.

But the Castle never was flawless. Kafka knew that. The servant destroying paperwork because he couldn’t figure out the recipient wasn’t an aberration—it was a glimpse of reality. The question is whether we continue pretending the bureaucracy works perfectly while it fails quietly, or whether we build quality systems honest enough to acknowledge their limitations and resilient enough to function despite them.

The Quality System We Need

Pharmaceutical quality systems exist in genuine tension. They must be rigorous enough to prevent failures that harm patients. They must be documented well enough to satisfy regulatory scrutiny. They must be standardized enough to work across global operations. These are not trivial requirements, and they cannot be dismissed as mere bureaucratic impositions.

But they must also be realistic enough to accommodate the complexity of manufacturing, flexible enough to incorporate operator metis, honest enough to acknowledge the gap between procedures and practice, and resilient enough to detect and correct performance drift before catastrophic failures occur.

We will not achieve this by adding more procedures, more documentation, more oversight. We’ve been trying that approach for decades, and the result is the bureaucratic trap we’re in. Every new procedure adds another layer to the Castle, another barrier between quality management and operational reality, another opportunity for the gap between work-as-imagined and work-as-done to widen.

Instead, we need quality systems designed around falsifiable predictions tested through ongoing verification. Systems that value learning over legibility. Systems that bridge bureaucratic boundaries to incorporate greasy-hands knowledge. Systems that distinguish between productive compliance and compliance theater. Systems that acknowledge complexity rather than reducing it to manageable simplifications that don’t reflect reality.

We need, in short, to stop building the Castle and start building systems for humans doing real work under real conditions.

Kafka never finished The Castle. The manuscript breaks off mid-sentence. Whether K. ever reaches the Castle, whether the officials ever explain themselves, whether the flawless bureaucracy ever acknowledges its contradictions—we’ll never know.

But pharmaceutical quality professionals don’t have the luxury of leaving the story unfinished. We’re living in it. Every day we choose whether to add another procedure to the Castle or to build something different. Every deviation investigation either perpetuates compliance theater or pursues genuine learning. Every CAPA either checks boxes or solves problems. Every validation either creates falsifiable predictions or generates documentation that satisfies audits without ensuring quality.

The bureaucratic trap is powerful precisely because each individual choice seems reasonable. Each procedure addresses a real gap. Each documentation requirement responds to an audit finding. Each oversight layer prevents a potential problem. And gradually, imperceptibly, we build a system that looks comprehensive and rigorous and “flawless” but may or may not be ensuring the quality it exists to ensure.

Escaping the trap requires intellectual honesty about whether our quality systems are working. It requires organizational courage to acknowledge gaps between procedures and practice. It requires regulatory maturity to discuss work-as-done rather than pretending work-as-imagined is reality. It requires quality leadership that values effectiveness over auditability.

Most of all, it requires remembering why we built quality systems in the first place: not to satisfy inspections, not to generate documentation, not to create employment for quality professionals, but to ensure that medicines reaching patients are safe, effective, and consistently manufactured to specification.

That goal is not served by Kafkaesque bureaucracy. It’s not served by the Castle, with its mysterious officials and contradictory explanations and flawless procedures that somehow involve destroying paperwork when nobody knows what to do with it.

It’s served by systems designed for humans, systems that acknowledge complexity, systems that incorporate the metis of people who actually do the work, systems that make falsifiable predictions and honestly evaluate whether those predictions hold.

It’s served by escaping the bureaucratic trap.

The question is whether pharmaceutical quality leadership has the courage to leave the Castle.

An Apology

I am, by temperament, an intellectual magpie. I pick up ideas, frameworks, and images from papers, talks, conference slides, and conversations, and then carry them around in my head until they re-emerge—sometimes polished, sometimes altered, and, in this case, without the clear lineage they deserve. That tendency serves me well as a writer and quality professional, but it also comes with a responsibility to keep better track of where things come from.

In my recent article on USP <1220> and the analytical lifecycle, I included a figure that closely reflected a slide originally developed by Christopher Burgess and later incorporated into the ECA Foundation’s “Guide for an Integrated Lifecycle Approach to Analytical Instrument Qualification and System Validation,” Version 1.0, November 2023, Figure 13. While my version was redrawn, the structure and conceptual flow were clearly derived from that original work, and I did not provide proper attribution when I first published the post. That was my mistake, and I regret it.

I want to state clearly that the ECA guidance document, and the work of Christopher Burgess and Bob McDowall in particular, is excellent and deserves to be read in its original form by anyone serious about analytical lifecycle thinking. The “Guide for an Integrated Lifecycle Approach to Analytical Instrument Qualification and System Validation” is a rich, thoughtful piece of work that offers far more depth than any single blog figure can convey. If my article or the adapted graphic spoke to you, you should absolutely go to the source and read the ECA paper itself.

I am grateful to Dr. Markus Funk and the ECA Analytical Quality Control Group for reaching out in a collegial and constructive way, rather than assuming bad intent. Their note made it clear that they did not object to the use of the underlying concept, only to the lack of proper attribution. That distinction matters, because it reinforces a core principle in our community: ideas can and should circulate, but credit should travel with them.

In response, I have updated the original post to include an explicit reference to the ECA document and to identify the figure as an adaptation of their work, using the wording they suggested. That is a necessary corrective step, but it is not enough on its own. I also want to be transparent with you, my readers, about how this happened and what I plan to do differently going forward.

The honest explanation is not malice, but intellectual untidiness. I often sketch and rework ideas first for internal presentations or personal notes, then later re-use those visuals in blog posts when they seem generally useful. Over time, the original provenance can blur in my mind: what started as “inspired by X” slowly feels like “my standard way of explaining this,” and unless I am vigilant, the attribution falls away. That is still my responsibility, and “I forgot where I saw it” is not an acceptable standard for publication.

Intellectual humility, for me, means acknowledging that most of what I write sits on foundations laid by others. It means admitting, publicly, when I have failed to make those foundations visible. It also means tightening my own practices: keeping clearer notes on the origin of figures and concepts, double-checking sources before I hit “publish,” and erring on the side of over-attribution rather than under-attribution.

So to the authors of the ECA guidance document, to Dr. Funk and the ECA Foundation, and to you as readers: I apologize. I used a graphic that was substantively derived from their work without clearly crediting it, and that fell short of the standards I believe in and advocate for. I am committed to doing better, and I appreciate the chance to correct the record rather than quietly moving on.

If there is a positive takeaway here, I hope it is this: even in a niche world like analytical quality and validation, we are part of a living conversation. Being an “intellectual magpie” can be a strength when it helps us cross-pollinate ideas—but only if we are careful to honor the people and organizations who first did the hard work of thinking them through.

The Molecule That Changed Everything: How Insulin Rewired Drug Manufacturing and Regulatory Thinking

There’s a tendency in our industry to talk about “small molecules versus biologics” as if we woke up one morning and the world had simply divided itself into two neat categories. But the truth is more interesting—and more instructive—than that. The dividing line was drawn by one molecule in particular: insulin. And the story of how insulin moved from animal extraction to recombinant manufacturing didn’t just change how we make one drug. It fundamentally rewired how we think about manufacturing, quality, and regulation across the entire pharmaceutical landscape.

From Pancreases to Plasmids

For the first six decades of its therapeutic life, insulin was an extractive product. Since the 1920s, producing insulin required enormous quantities of animal pancreases—primarily from cows and pigs—sourced from slaughterhouses. Eli Lilly began full-scale animal insulin production in 1923 using isoelectric precipitation to separate and purify the hormone, and that basic approach held for decades. Chromatographic advancements in the 1970s improved purity and reduced the immunogenic reactions that had long plagued patients, but the fundamental dependency on animal tissue remained.

This was, in manufacturing terms, essentially a small-molecule mindset applied to a protein. You sourced your raw material, you extracted, you purified, you tested the final product against a specification, and you released it. The process was relatively well-characterized and reproducible. Quality lived primarily in the finished product testing.

But this model was fragile. Market forces and growing global demand revealed the unsustainable nature of dependency on animal sources. The fear of supply shortages was real. And it was into this gap that recombinant DNA technology arrived.

1982: The Paradigm Breaks Open

In 1978, scientists at City of Hope and Genentech developed a method for producing biosynthetic human insulin (BHI) using recombinant DNA technology, synthesizing the insulin A and B chains separately in E. coli. On October 28, 1982, after only five months of review, the FDA approved Humulin—the first biosynthetic human insulin and the first approved medical product of any kind derived from recombinant DNA technology.

Think about what happened here. Overnight, insulin manufacturing went from:

Animal tissue extraction → Living cell factory production
Sourcing variability tied to agricultural supply chains → Engineered biological systems with defined genetic constructs
Purification of a natural mixture → Directed expression of a specific gene product

The production systems themselves tell the story. Recombinant human insulin is produced predominantly in E. coli (where insulin precursors form inclusion bodies requiring solubilization and refolding) or in Saccharomyces cerevisiae (where soluble precursors are secreted into culture supernatant). Each system brings its own manufacturing challenges—post-translational modification limitations in bacteria, glycosylation considerations in yeast—that simply did not exist in the old extraction paradigm.

This wasn’t just a change in sourcing. It was a change in manufacturing identity.

“The Process Is the Product”

And here is where the real conceptual earthquake happened. With small-molecule drugs, you can fully characterize the molecule. You know every atom, every bond. If two manufacturers produce the same compound by different routes, you can prove equivalence through analytical testing of the finished product. The process matters, but it isn’t definitional.

Biologics are different. As the NIH Regulatory Knowledge Guide puts it directly: “the process is the product”—any changes in the manufacturing process can result in a fundamental change to the biological molecule, impacting the product and its performance, safety, or efficacy. The manufacturing process for biologics—from cell bank to fermentation to purification to formulation—determines the quality of the product in ways that cannot be fully captured by end-product testing alone.

Insulin was the first product to force the industry to confront this reality at commercial scale. When Lilly and Genentech brought Humulin to market, they weren’t just scaling up a chemical reaction. They were scaling up a living system, with all the inherent variability that implies—batch-to-batch differences in cell growth, protein folding, post-translational modifications, and impurity profiles.

This single insight—that for biologics, process control is product control—cascaded through the entire regulatory and quality framework over the next four decades.

The Regulatory Framework Catches Up

Insulin’s journey also exposed a peculiar regulatory gap. Despite being a biologic by any scientific definition, insulin was regulated as a drug under Section 505 of the Federal Food, Drug, and Cosmetic Act (FFDCA), not as a biologic under the Public Health Service Act (PHSA). This was largely a historical accident: when recombinant insulin arrived in 1982, the distinctions between FFDCA and PHSA weren’t particularly consequential, and the relevant FDA expertise happened to reside in the drug review division.

But this classification mismatch had real consequences. Because insulin was regulated as a “drug,” there was no pathway for biosimilar insulins—even after the Hatch-Waxman Act of 1984 created abbreviated pathways for generic small-molecule drugs. The “generic” framework simply doesn’t work for complex biological molecules where “identical” is the wrong standard.

It took decades to resolve this. The Biologics Price Competition and Innovation Act (BPCIA), enacted in 2010 as part of the Affordable Care Act, created an abbreviated regulatory pathway for biosimilars and mandated that insulin—along with certain other protein products—would transition from drug status to biologic status. On March 23, 2020, all insulin products were formally “deemed to be” biologics, licensed under Section 351 of the PHSA.

This wasn’t a relabeling exercise. It opened insulin to the biosimilar pathway for the first time, culminating in the July 2021 approval of Semglee (insulin glargine-yfgn) as the first interchangeable biosimilar insulin product. That approval—allowing pharmacy-level substitution of a biologic—was a moment the industry had been building toward for decades.

ICH Q5 and the Quality Architecture for Biologics

The regulatory thinking that insulin forced into existence didn’t stay confined to insulin. It spawned an entire framework of ICH guidelines specifically addressing the quality of biotechnological products:

ICH Q5A – Viral safety evaluation of biotech products derived from cell lines
ICH Q5B – Analysis of the expression construct in cell lines
ICH Q5C – Stability testing of biotechnological/biological products
ICH Q5D – Derivation and characterization of cell substrates
ICH Q5E – Comparability of biotechnological/biological products subject to changes in their manufacturing process

ICH Q5E deserves particular attention because it codifies the “process is the product” principle into an operational framework. It states that changes to manufacturing processes are “normal and expected” but insists that manufacturers demonstrate comparability—proving that post-change product has “highly similar quality attributes” and that no adverse impact on safety or efficacy has occurred. The guideline explicitly acknowledges that even “minor” changes can have unpredictable impacts on quality, safety, and efficacy.

This is fundamentally different from the small-molecule world, where a process change can often be managed through updated specifications and finished-product testing. For biologics, comparability exercises can involve extensive analytical characterization, in-process testing, stability studies, and potentially nonclinical or clinical assessments.

How This Changed Industry Thinking

The ripple effects of insulin’s transition from extraction to biologics manufacturing reshaped the entire pharmaceutical industry in several concrete ways:

1. Process Development Became a Core Competency, Not a Support Function.
When “the process is the product,” process development scientists aren’t just optimizing yield—they’re defining the drug. The extensive process characterization, design space definition, and control strategy work enshrined in ICH Q8 (Pharmaceutical Development) and ICH Q11 (Development and Manufacture of Drug Substances) grew directly from the recognition that biologics manufacturing demands a fundamentally deeper understanding of process-product relationships.

2. Cell Banks Became the Crown Jewels.
The master cell bank concept—maintaining a characterized, qualified starting point for all future production—became the foundational control strategy for biologics. Every batch traces back to a defined, banked cell line. This was a completely new paradigm compared to sourcing animal pancreases from slaughterhouses.

3. Comparability Became a Lifecycle Discipline.
In the small-molecule world, process changes are managed through supplements and updated batch records. In biologics, every significant process change triggers a comparability exercise that can take months and cost millions. This has made change control for biologics a far more rigorous discipline and has elevated the role of quality and regulatory functions in manufacturing decisions.

4. The Biosimilar Paradigm Created New Quality Standards.
Unlike generics, biosimilars cannot be “identical” to the reference product. The FDA requires a demonstration that the biosimilar is “highly similar” with “no clinically meaningful differences” in safety, purity, and potency. This “totality of evidence” approach, developed for the BPCIA pathway, requires sophisticated analytical, functional, and clinical comparisons that go well beyond the bioequivalence studies used for generic drugs.

5. Manufacturing Cost and Complexity Became Strategic Variables.
Biologics manufacturing requires living cell systems, specialized bioreactors, extensive purification trains (including viral clearance steps), and facility designs with stringent contamination controls. The average cost to develop an approved biologic is estimated at $2.6–2.8 billion, compared to significantly lower costs for small molecules. This manufacturing complexity has driven the growth of the CDMO industry and made facility design, tech transfer, and manufacturing strategy central to business planning.

The Broader Industry Shift

Insulin was the leading edge of a massive transformation. By 2023, the global pharmaceutical market was $1.34 trillion, with biologics representing 42% of sales (up from 31% in 2018) and growing three times faster than small molecules. Some analysts predict biologics will outstrip small molecule sales by 2027.

This growth has been enabled by the manufacturing and regulatory infrastructure that insulin’s transition helped build. The expression systems first commercialized for insulin—E. coli and yeast—remain workhorses, while mammalian cell lines (especially CHO cells) now dominate monoclonal antibody production. The quality frameworks (ICH Q5 series, Q6B specifications, Q8–Q11 development and manufacturing guidelines) provide the regulatory architecture that makes all of this possible.

Even the regulatory structure itself—the distinction between 21 CFR Parts 210/211 (drug CGMP) and 21 CFR Parts 600–680 (biologics)—reflects this historical evolution. Biologics manufacturers must often comply with both frameworks simultaneously, maintaining drug CGMP baselines while layering on biologics-specific controls for establishment licensing, lot release, and biological product deviation reporting.

Where We Are Now

Today, insulin sits at a fascinating intersection. It’s a relatively small, well-characterized protein—analytically simpler than a monoclonal antibody—but it carries the full regulatory weight of a biologic. The USP maintains five drug substance monographs and thirteen drug product monographs for insulin. Manufacturers must hold Biologics License Applications, comply with CGMP for both drugs and biologics, and submit to pre-approval inspections.

Meanwhile, the manufacturing technology continues to evolve. Animal-free recombinant insulin is now a critical component of cell culture media used in the production of other biologics, supporting CHO cell growth in monoclonal antibody manufacturing—a kind of recursive loop where the first recombinant biologic enables the manufacture of subsequent generations.

And the biosimilar pathway that insulin’s reclassification finally opened is beginning to deliver on its promise. Multiple biosimilar and interchangeable insulin products are now reaching patients at lower costs. The framework developed for insulin biosimilars is being applied across the biologics landscape—from adalimumab to trastuzumab to bevacizumab.

The Lesson for Quality Professionals

If there’s a single takeaway from insulin’s manufacturing evolution, it’s this: the way we make a drug is inseparable from what the drug is. This was always true for biologics, but it took insulin—the first recombinant product to reach commercial scale—to force the industry and regulators to internalize that principle.

Every comparability study you run, every cell bank qualification you perform, every process validation protocol you execute for a biologic product exists because of the conceptual framework that insulin’s journey established. The ICH Q5E comparability exercise, the Q5D cell substrate characterization, the Q5A viral safety evaluation—these aren’t bureaucratic requirements imposed from outside. They’re the rational response to a fundamental truth about biological manufacturing that insulin made impossible to ignore.

The molecule that changed everything didn’t just save millions of lives. It rewired how an entire industry thinks about the relationship between process and product. And in doing so, it set the stage for every biologic that followed.