Modernizing GxP compliance: A case study

Life sciences manufacturers operate in environments where innovation and compliance must coexist. But how is that possible in practice, and what use cases are emerging across the industry?

In the IIoT-hosted webinar “Adapting GxP Operations for Modern Compliance with Regeneron,” industry leaders explored how regulated manufacturers can modernize operations, adopt new technologies, and maintain auditability while still meeting the expectations of 21 CFR Part 11. The session—with insights from Ron Sherrod from Regeneron, Joseph Iuliucci from Interloopal, and John Harrington from HighByte—highlighted a broader trend: You can have both innovation and compliance if you focus on the right approach.

This blog examines what “modern compliance” really means for GxP manufacturers today—from the requirements of 21 CFR Part 11 to enabling technologies, like Industrial DataOps, that improve auditability, data contextualization, and operational efficiency.

CSV to CSA: A shift in approach, not in regulation

Title 21 provides the FDA authority over products that affect public health and defines the records manufacturers must maintain. Part 11 specifically establishes how electronic records and signatures can be used in place of paper.

What tends to be overlooked is that Part 11 only applies to systems used to create, maintain, or control required records, rather than every digital system on the plant floor. Understanding this differentiation is an important starting point for modernizing GxP operations.

The transition from Computer System Validation (CSV) to Computer Software Assurance (CSA) signals a more modern, risk-based approach. Instead of validating every possible function of a system, CSA encourages teams to:

• Focus on intended use and apply critical thinking
• Prioritize patient safety and product quality
• Reduce documentation that doesn’t affect compliance outcomes

This shift allows manufacturers to adopt modern platforms, explore cloud and AI capabilities, and improve speed—without compromising their quality systems.

Why Industrial DataOps is emerging as a compliance enabler

As more manufacturers adopt a CSA approach, Industrial DataOps has become a core technology and approach for enabling risk-based validation at scale. Industrial DataOps software like HighByte Intelligence Hub provides the capabilities needed to support modern, risk-based validation, including:

• Transparency: Pipelines, transformations, and data flows are configured with step-by-step observability—not buried in custom code.
• Governance: Audit logs, system configuration files, and access controls provide visibility into how data pipelines evolve over time.
• Consistency: Centralized data contracts through standard models ensure downstream systems receive relevant, high-quality data.
• Scalability: A reusable data layer eliminates one-off integrations and makes it easier to scale across assets and sites.

Modern compliance at Regeneron

Regeneron offers a good example of how modern GxP compliant organizations are evolving validation and data architectures to align with CSA principles. At the center of this shift is an Industrial DataOps approach—one that prioritizes reusable data infrastructure, real-time visibility, and clear governance.

Before this shift, Regeneron relied on custom-coded, point-to-point integrations that created a brittle, hard-to-scale architecture. These connections were fragile and especially challenging to validate under CSV.

Regeneron’s modern compliance strategy is reflected in four key areas:

1. Refocusing validation on what matters
Using a CSA approach, Regeneron narrowed the scope of validation to the functions that directly affect patient safety and product quality. This reduces unnecessary effort on peripheral systems and ensures validation resources focus where they have real impact.

2. A unified, event-driven data architecture
With HighByte Intelligence Hub, Regeneron can move from custom integrations toward a more standardized, event-driven architecture that delivers consistent, real-time data across the enterprise. This unified approach ensures that systems involved in patient safety and batch release decisions receive the same accurate data at the same time.

3. Configurable pipelines over custom code
Regeneron is shifting away from custom coded integrations to configurable, reusable data pipelines built in the Intelligence Hub, that are easier to validate and maintain. As Regeneron adopts this approach for more use cases, each pipeline serves as a testable unit with clear inputs, transformation logic, versioning, and audit visibility. 

4. Improved collaboration between IT, OT, and Quality
A shared data layer provides IT, OT, and QA with a common data foundation. This enables earlier alignment, clearer expectations, and more consistent compliance outcomes.

Continued innovation & better compliance

The shift toward a CSA approach gives regulated manufacturers a more practical approach to validate software and adopt new digital capabilities. But that requires an architecture that supports transparency, auditability, and governed data movement across IT, OT, and Quality.

By standardizing how data is collected, contextualized, transformed, and shared—using an Industrial DataOps approach—organizations reduce integration complexity, improve data integrity, and develop clear, testable units that align with a modern, risk-based approach.

If you’re looking to modernize your data architecture, simplify validation, or improve the flow of industrial data across your enterprise systems, an Industrial DataOps approach can help strengthen your GxP strategy.