I’ve been responsible for maintaining a Class II product’s QMS during one of the messiest migrations I’ve seen: an 18‑month parallel run where the old eQMS and the new one lived side-by-side. We survived audits and kept product moving, but we paid for every month with duplicated work, missed automations, and an enormous reconciliation backlog. Writing this down because the pain felt avoidable in places — and maybe my scars will help someone else planning a migration.
Why we ended up with 18 months of parallel systems
There isn’t a single reason. It was the slow creep of risk-aversive decisions plus integration and validation realities:
- Validation scope kept expanding. The new vendor’s module set changed; our validation plan ballooned to cover integrations, webhooks, and vendor-supplied scripts. Each change meant more IQ/OQ/PQ cycles.
- Integrations took longer than expected. We relied on the new system’s APIs to push non-regulated events (build notifications, CI statuses) and to trigger CAPAs and change controls from our issue tracker. The API endpoints existed but had rate limits, schema mismatches, and edge cases that needed custom middleware.
- Third‑party dependencies. Supplier portals and manufacturing systems couldn’t be changed on our schedule; their timelines forced interim workarounds.
- Audit and regulatory caution. With ISO 13485 and 21 CFR Part 820 on the line, QA leadership refused a big-bang cutover until we could demonstrate traceability, preserved audit trails, and validated CAPA triggering across systems.
Those combined into a practical requirement: keep the old QMS writable until we were absolutely sure nothing would fall through the cracks.
The actual day-to-day pain points
If you’ve not lived inside a long parallel period, here’s what to expect:
- Duplicate record entry. Engineers entered design changes in two places. Document owners managed revisions twice. That doubles review cycles and increases risk of version drift.
- CAPA and complaint duplication. Without a single source of truth for incoming complaints, both systems spawned CAPAs for the same root cause.
- Traceability gaps. Links between design inputs, risk assessments, verification evidence, and changes were split across systems. Auditors ask for “single-thread” traceability; you’ll spend days stitching it.
- Training chaos. Two sets of SOPs, two UAT environments, and users who default to the path of least resistance (usually the old system).
- Reconciliation backlog. The migration export wasn’t 1:1; mapping statuses, approver signatures, and revision histories required manual reconciliation and exception handling.
Practical fixes that actually helped us
We learned some mitigation patterns that reduced the bleeding — none were magic, but together they made cutover possible.
- Freeze non-critical config changes in both systems during reconciliation windows. Treat migration as a controlled change: document it, justify the freeze, and enforce it.
- Define canonical record owners. For a period, pick one system per record type as the “source of truth” (e.g., complaints and CAPAs in old QMS; engineering changes in new QMS) and enforce through SOPs.
- Automate reconciliation reports daily. Build scripts that pull key fields from both systems (ID, status, assignee, timestamps). Reconcile programmatically and surface exceptions to human reviewers.
- Export with metadata, not just PDFs. When you export controlled docs, capture approval history, signatures, and change logs in a machine-readable sidecar (JSON or CSV). If your vendor only gives PDFs, script a metadata layer and link it to PDFs.
- Keep a read-only archive of the legacy system right after cutover. You need it for late-discovered audit trails; don’t delete or decommission the system until regulators and your RA/QA team sign off.
- Validate integrations early with smoke tests. Create a CI pipeline (GitHub Actions or your preferred runner) that runs end-to-end smoke tests against sandbox APIs whenever vendor updates occur.
- Keep CAPA triggering deterministic. If you use webhooks to create CAPAs from an issue tracker, add idempotency keys and an external reconciliation table so duplicates aren’t created when retries happen.
- Train in waves and force a UAT window where “real” events are exercised in the new system, including CAPA, change control, and complaint handling. Everything looks fine until someone files a complaint in production; those are the scenarios auditors love.
Things I’d change if I had the project to run again
- Scope integrations as part of the minimum viable QMS. If CAPA and change control can’t be reliably integrated, don’t assume you can migrate those modules early.
- Budget more for middleware. Off-the-shelf API adapters rarely map perfectly to your status models and audit-track needs. A small integration layer saved us weeks.
- Start migration validation earlier and in parallel with vendor configuration. We waited for completed configs; instead, work validation scripts against partial deployments.
- Define the cutover decision criteria up front — not whimsically, but measurable gates: reconciliation rate under X exceptions/day, all smoke tests green for Y days, and signoffs from QA/RA/business owners.
A reality check: document-management-only systems are not a QMS
One lesson that bit teams repeatedly: a system that manages documents but lacks native workflows for CAPA, change control, and traceability is a document-management system — not an eQMS. If your new vendor lacks connected workflows or controlled automation for CAPAs, you’ll keep the old QMS just for those features.
Final thought
Long parallel runs are sometimes unavoidable, but they don’t have to become a permanent tax on productivity. Decide the minimum canonical sources, automate reconciliation, and treat the migration itself as a controlled, validated process with its own SOPs and acceptance criteria.
How long did your last eQMS parallel run last, and what single mitigation saved you the most pain?
Top comments (0)