Method
Step 1: Establishing an application inventory
Every migration project needs a clean database detailing the system infrastructure. My first step was to create an application inventory and establish it as a “single point of truth” throughout the company in order to track the status of all applications for the migration and day-to-day operations. This involved the classification of each application. Categories included client/server, desktop, Citrix and SaaS applications, and various evaluation criteria were used. Several important issues had to be clarified for the migration planning step, including dependencies on other applications and/or interfaces and planned life cycle changes (e.g. due to planned updates, functional expansions or compliance findings). In addition, the GAMP category and validation status of GxP-relevant applications had to be reassessed. In total, 400 applications were identified and classified; 150 of them were to be migrated within the scope of the project. Approximately half of the applications are GxP-relevant and needed to be revalidated.
Step 2: Making the program manageable
During a gargantuan undertaking such as this, it is important to keep an eye on the bigger picture rather than focusing excessively on details. I chose a two-step approach and first established a rough plan for the individual application categories. In order to get a better grasp on the complexity, priorities and scheduling requirements of the migration project, I developed a multi-level decision tree. Important criteria included external access, GxP relevance and whether or not the individual applications are core applications. During the second step, a planning project was initiated for each category to plan the migration process for each application in detail. A separate stream was set up for especially critical applications. Besides the structure, communication is a major success factor for programs with more than 100 participating parties. A “migration cookbook” was created to specify the entire program governance – communication, escalation, risk, issue and change management, tracking structures, reporting structures and meeting structures – and to establish platforms for the exchange.
Thanks to the intelligent planning process, the enormous endeavor gained structure. Its hundreds of individual components formed a manageable whole and a clear, comprehensible project path was revealed. This approach was convincing, to such an extent, that the management decided to expand my range of responsibilities. From then on, the program management also included the streams for servers, clients and networks. Ever since, I have been responsible for the entire financial controlling and upstream coordination of the GxP Compliance.
Step 3: Sequential migration, global roll-out
Approximately 150 applications have being migrated and rolled out at more than ten sites. Half of them were GxP-relevant and subject to revalidation. The most complex part of the project was the sequential transfer of the entire infrastructure to the new environment. Once all involved components were migrated, integration testing helped to ensure compliance. It involved user accounts and peripheral devices, such as printers, that interfere with the application. To ensure that no component or interface remained untested, the project team and I developed a watertight traceability matrix that traces all dependencies. During the next and last step of the program, applications that were orphaned or no longer needed had to be disabled.