Business Case: Quality in Mergers & Acquisition (M&A) Projects

Marco Polisena

Life Science Consultant


Mergers & Acquisition is a term that refers to two similar although different topics.  

Mergers are when two entities, comparable in size, combine (“merge”) together, resulting in a new entity. On the other hand, Acquisition is when one larger entity purchases a smaller one, “absorbing” its business.  

M&A’s have different types of possible transactions: 

  • Horizontal: Between two companies with similar operating models or operating in analogous environments. The businesses may be in direct competition with one another.  
  • Vertical: A company acquires its supplier. 
  • Conglomerate: A company operating in a different environment is acquired for business diversification. 

Although M&A projects include several different activities that are not strictly related to each other, e.g., financial, company re-organization, etc., this case study focuses on the aspect of Quality and Computer Systems Validation (CSV). 

 M&A projects delivered for industry-leading pharma clients have been focused on acquisitions of smaller companies with a very well defined and attractive asset, and, as such, this is the main subject of this article. 

Project Scope 

Figure 1: M&A Diagram Showing Accountable Entities. Copyright KVALITO Consulting Group, 2022.

There has been an evolution in the acquisition in the domain of new technological companies, gene therapies and nuclear medicine technologies. Therefore, the acquiring companies needed to assess each application from several points of view (Architecture, Security, Compliance and CSV, etc.), highlighting gaps that needed to be either accepted, mitigated or solved as part of the integration activities. 

An overview of the typical steps involved in an M&A project can be resumed as follows: 

  • definition of an overall Project Quality Plan, describing approach to onboarding activities 
  • Assessment and evaluation of applications to be onboarded 
  • Definition of a remediation action plan 
  • Tracking of identified gaps through deviations and CAPAs 
  • Technical and compliance activities related to applications onboarding 
  • Generation of the application report to highlight the status of the application post-implementation 

All the activities mentioned above had required close coordination between both entities. 

In parallel, the acquired companies had been requested to fully onboard the new quality management system (QMS). This onboarding was a significant undertaking. It required an evaluation of all the policies and procedures from the purchased entity to highlight any gaps compared to the acquiring company’s processes and vice versa. Even the new entity’s procedures were required to be assessed to ensure that the critical aspects of the newly acquired business were incorporated to avoid any unexpected business disruption in the day-to-day operations. As part of the QMS onboarding, all employees were required to be trained on the new procedures and provided with access to different tools, while some activity was still ongoing using the legacy QMS as these were initiated before the acquisition.   



Some of the main challenges which arise during the M&As project can be resumed as follows: 

  • Two different entities can have different standards (i.e., policies and procedures), business, and quality approaches. Therefore, it may be difficult to change the mindset of employees who are used to working in a certain way. This is especially true in the case of acquisitions where, usually, a larger company – with potentially more structured and stricter standards – incorporates another entity. In this case, the acquired entity is often required to improve their quality standards to fit the new organization – for which this activity is seldom “painless” for both sides. 
  • The two entities need to collaborate closely to set up the project and coordinate the project activities and follow up accordingly, i.e., ensuring that the project plan, resources deliverables, activities and timelines are agreed during the whole project. 
  • A major effort is being put in assessing the current status (‘as is’) of systems to be integrated, procedures and standards. This typically involves performing the following activities; 
    • Gap Assessment (including application’s validation status) 
    • Risk evaluation 
    • Remediation activities, according to deviations and CAPAs raised
  • Both parties may be using different technologies. Often the larger company may be using more technologically advanced solutions than a smaller enterprise which, on the contrary, may still have many paper-based or hybrid activities. Adopting technical solutions would lead to a simplified and more controlled way of working in the medium/long term, although it requires significantly more effort from the users’ perspective to be onboarded to such (Trainings, Validations, and Quality System Tools, e.g., EDMS (electronic document management systems) etc. 
  • There is a transition period where ongoing activities from the acquired company side can proceed with the original QMS (whilst satisfying the minimum acceptable quality standard requirements industry’s) until the new QMS is fully onboarded. 
    • The main challenge with onboarding the new QMS is that every employee from the purchased company requires training in the new procedures/systems/tools, often changing the approach to their way of working. Sometimes this has a mid to long term benefit of employees learning to use those new technologies and developing new skills. 
  • Acquiring procedures may require roles and responsibilities which didn’t exist within the legacy entity. This means that a re-organization or alternatives must be found to fulfill the requirements.  
    • As a temporary solution, a Role Matrix could be put in place to cover new required responsibilities with existing roles. 
  • There should be coordination between the two parties – which requires strict collaboration – to align timelines of activities to be performed from both sides, e.g.:  
    • Once a Software application is being deployed and released for production in the new infrastructure, in parallel, the previous entity should already have retired it from its environment, segregating/freezing/archiving old data. This means a “liaison” figure should coordinate parallel activities. E.g., Change Controls from both sides to be cross-referenced 
    • When lifecycle documentation is being migrated into a new repository, it should be done in a controlled manner as well, aligning the migration date with the archiving/retirement activity within the legacy document management system (DMS) 
  • Not all the assets (business) belonging to a purchased company may be bought (and integrated with the new infrastructure), while some applications might be used for several assets. This means there could be a need to split the business scope of a specific system keeping it from both entities with restricted usage. 
  • In a nutshell, the Quality and CSV approach in M&A projects is almost never smooth and straightforward. It needs to be pragmatic in finding a solution to challenges that otherwise would restrict the continuation of business activities due to different procedures and standards. 

What KVALITO did 

Quality & eCompliance support for global client-sides during the mergers & acquisition of major companies, with the aim to support the business’ teams and production sites spread over several countries (e.g., Italy, Spain, France, Switzerland, Netherland, US) assessing and remediating their systems to comply with new company’s standards.


  • Definition of an overall Project Quality Plan, designing the approach to the integration project. 
  • Assessing gaps of current validation status for all applications in scope for the migration into accepting infrastructure 
  • Cooperation to the draft of a Remediation Action Plan, which drove remediation activities following deviation and CAPAs 
  • Oversight of onboarding activities from an eCompliance standpoint 
  • Designing the approach and coordinated activities related to lifecycle documentation migration process, from legacy to destination DMS 
  • Overviewing remediation activities to the closure 
  • Assessing and reviewing SOPs, highlighting any gaps against acquiring company standards. 
  • Cooperating to the definition of a strategy for QMS onboarding 
  • Change Management supervision from an eCompliance standpoint 
  • Acting as a liaison between the two entities of the acquisition 
  • Data Migration activities overview and follow-up 


People, Processes and Tools 

People Roles: 

  • QA & eCompliance responsible 
  • CSV and Data Integrity SME 



  • GxP & Data Integrity – 21 CFR Part 11/Annex 11 
  • Change Control  
  • Risk assessment 
  • Deviation, CAPA & Quality Event using different tools like  
    • Trackwise for GxP records and CAPAs management 
    • IT360 for non GxP gaps and vulnerabilities 
  • ServiceNow used for several processes like
    • Change Management 
    • Classification 
    • IT Operational Handbook creation 
  • GAP Assessments 
  • Remediation Plan/report 


Value Delivered 

  • Adopting a flexible and pragmatic approach made it possible to address GxP gaps, due to different QMS processes and mindsets, in the most efficient way possible, with minimum business activities disruptions. 
  • Making businesses aware of why some activities are needed, providing guidance on how to accomplish that in the best way possible with minimum time effort or business disruption. 
  • QA and eCompliance expertise in reviewing or drafting GxP required deliverables 
  • Guidance on planning required activities, drafting Project Quality Plan and designing the End-to-End (E2E) process 
  • Coordination and alignment with acquired company eCompliance counterpart for all those activities that occur in parallel.  

Clients /References: 

  • Novartis 
  • Johnson & Johnson 
  • Advanced Accelerator Application 
  • Avexis – Novartis Gene Therapies) 
  • Actelion 


Pin It on Pinterest

Share This