Putting OMS to the test: an account of the data management services that comply with the IDMP ISO standards

by Jared Kimble

As planning for the Identification of Medicinal Products (IDMP) standards continues to make headway, the European Medicines Agency (EMA) has recognized just how large the job would be — both for itself and for industry. In response, it decided to break activities down into bite-size chunks, or iterations.

On its side, the EMA began by focusing on preparing the data for the “referentials” and the “organisations”. An integral part of this preparation was the development of services for this data — the Organisation Management Services (OMS) and the Referentials Management Services (RMS). OMS is part of a larger master data management (MDM) effort by the EMA to support IDMP standards. Both OMS and RMS are now available and represent the first phase of the Substance, Product, Organisation, and Referentials (SPOR) implementation, which is the vehicle for implementing IDMP. The next step was to test the system before making it available to industry.

Initially, there was user acceptance testing (UAT) of the system in March 2017. Its goal was to check the functionality of the web user interface and API to ensure that information was properly maintained. The test environment contained several dummy data records, but the live system was created from the list of organisations that used to be maintained in controlled vocabulary documents. OMS and RMS effectively replace this method of managing data.

On June 19, the first version of IDMP-compliant OMS and RMS was deployed, and the system is now live. To ensure that the system would work effectively, EMA ran a week-long UAT, bringing in volunteers to test it against real-world scenarios. To test whether OMS meets all intended requirements, I volunteered for the UAT. The following is an account of my experience.

Five-day account

Day 1. The first activity as a tester was to request and create an account in the UAT environment, after which I received an automated confirmation with a one-time token, and completed the user registration process. So far so good. However, to have access to the area I needed for testing, I had to have an organisation associated with the newly created user account, which—as a first-time user—didn’t exist.  That required me to go back to the registration portal and request to be an “unaffiliated user”; then I had to go to the “Organisation” section of the SPOR portal and create a new organisation. Although I received an automated confirmation, I was not able to create the organisation until the next day.

Day 2. On Day 2, I was able to log in to the SPOR portal and submit a change request to create a new organisation, but the request had to be approved by a super-user and then granted an ID. After the ID was created, I then had to return to the registration portal and change my identity so I would now be associated with the new organization. Then I could request a SPOR role that would allow access to the SPOR portal Organisations section.  But before testing could begin, I had to obtain approval for this identity change, which meant I had to wait until the next day to begin testing.

Day 3. Finally, I was ready to begin testing. However, since my goal was to test the API, I needed to request special access using the service desk. Since the service desk portal was the production environment, I did not have access to it because I had created only a user account for the test environment. So, I had to create another account in the production environment, then send a request to the service desk to be granted access to the API. I received confirmation of the fulfilment of my request on the following day.  I downloaded and installed the certificate, and now I could begin testing.

Day 4. Despite all the issues in getting started, testing of the OMS API was intuitive and straightforward. Using the Google Advanced REST Client (ARC) application, I could send requests to receive organization and location details. I began testing several scenarios that should be supported by the API, such as using wildcard search filters, ordering by name or location details, and retrieving records by ID. Overall, the API was responsive, and the results were as expected. After the end of Day 4, I was ready to submit some change requests and test some of the more complex methods of the API.

Day 5. As the UAT time began to wind down, the time I could dedicate to the testing effort became more limited. However, for the relatively short time I spent testing the system, I was quite impressed with it. If the Product and Substance management services are as good as the OMS, I see no reason why compliance could not be achieved or why any legacy system could not be integrated and fully capable of using the SPOR MDM service to its maximum potential.

It will undoubtedly be in your company’s interests to be well-prepared for IDMP, not just because it will be mandatory, but also because data harmonisation and reuse will improve efficiency and enhance decision making, thanks to better data quality and simplified data management practices. You can also take advantage of data interoperability when various systems can access a single view of the data. Furthermore, harmonization means it will be necessary to supply regulatory data only once for use across different procedures and by various regulators. This will result in greater efficiencies and cost savings.


Jared Kimble head shotJared Kimble is IDMP Offering Lead at DXC Technology.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.