Guiding Philosophy
Compliance isn't a checklist; it's a consequence. It is the natural result when systems are built with clarity, foresight, and an unwavering commitment to first-principles thinking. True compliance is achieved not by layering controls onto a finished product, but by embedding quality and logic into every stage of its lifecycle.
This perspective is forged from a dual background: nearly two decades as a hands-on software engineer architecting complex systems, and a decade dedicated to IT compliance. This synthesis of engineering discipline and regulatory mastery allows for a pragmatic, risk-based approach that is both robustly defensible and refreshingly efficient.
Professional Journey & Engagements
Actively engaged in addressing the next frontier of regulatory challenges: applying time-tested validation principles to non-deterministic systems. The focus is on creating frameworks to ensure that AI and Machine Learning models used in GxP environments are robust, transparent, and demonstrably fit for their intended use.
- Developing novel AI Validation Strategies that account for the unique nature of algorithmic systems.
- Conducting Algorithmic Risk Assessments to identify and mitigate potential biases or failures.
- Establishing best practices for ensuring Data Integrity for ML Models throughout their training and deployment lifecycle.
Engaged as a sole proprietor (Lionize) and via leading consulting firms to deliver high-stakes validation and compliance projects.
Key Project: GSK, Dresden (Nov 2022 – Aug 2024, via auceris GmbH)
- Role: IT Consultant MES for a GMP-critical vaccine manufacturing facility.
- Focus: Full-cycle Computer System Validation (CSV) for Siemens Opcenter MES, including Electronic Batch Recording (eBR) functionalities.
- Deliverables: Authored and executed IQ/OQ/PQ protocols, managed Change Control and Deviation processes, and served as a key SME liaison between technical and QA teams.
General Consulting Engagements (auceris GmbH)
- Provided SME support during audits of IT/CSV suppliers and service providers.
- Reviewed and released business-critical, CSV-relevant GMP documents (URS, test protocols, etc.).
- Conducted source code reviews to assess software quality and maintainability.
While studying Civil Engineering, served in the Institute of Construction Informatics. Responsibilities included leading Java Programming tutorials for engineers, contributing to the "Virtual Engineer" e-learning platform, and engaging in robotics projects for 3D concrete printing.
Architected and developed a complete Point-of-Sale (POS) system, encompassing both embedded hardware (Raspberry Pi) and application software. This venture required navigating complex German fiscal law, leading to direct engagement on the implementation of the national Technical Security Equipment (TSE) standard. The business and brand (formerly Lionize UG) were formally merged with the natural person Daniel Bernard in 2024.
Studies in Business Informatics (Wirtschaftsinformatik) established the foundational knowledge in software engineering, database management, and the crucial interface between business processes and information technology.
This formative period was dedicated to building a deep, practical understanding of software from first principles. It involved a wide range of project-based work that established the core technical skill set.
- Full-Stack Development: Architected and built custom websites, APIs, and business logic plugins from scratch.
- Business Applications: Developed bespoke software for logistics tracking and association accounting, translating complex operational needs into reliable code.
- Legacy System Analysis: Gained crucial experience in modernizing and extracting value from older enterprise systems, including those built on dBASE.
Holistic Compliance & Validation Services
⚙️ Phase 1: Strategy & Process Engineering
A successful validation starts with a clear understanding of reality. We build an audit-ready foundation before the first line of code is written or tested.
- Stakeholder & Operator Workshops to capture the critical tacit knowledge of end-users—the true system experts.
- Business Process Modeling (BPMN 2.0) using tools like ARIS to create a shared, unambiguous understanding of workflows.
- Authoring precise User Requirement Specifications (URS) that de-risk the entire project lifecycle.
🧭 Phase 2: Validation & Qualification
Executing a GAMP 5-aligned validation plan with the precision of an engineer, managing the entire lifecycle to ensure systems are demonstrably fit for purpose.
- Formal Risk Assessments (FMEA) to focus validation efforts where they matter most.
- Authoring and execution of rigorous IQ, OQ, and PQ protocols.
- Lifecycle management in modern platforms like KNEAT Gx.
- Creation of final, defensible Validation Reports within QMS ecosystems like Veeva Vault.
🧠 Phase 3: Specialized Technical Services
Leveraging deep development experience to solve complex technical challenges that fall outside the scope of traditional QA and compliance.
- Legacy System Remediation to restore compliance and functionality to business-critical software.
- Compliant Custom Development for specialized logistics, finance, or scientific applications.
- Secure System Implementation, including expertise from hardware integration up to national standards like the German TSE.
🧩 The Developer's Edge in Validation
A validation process can be viewed from two perspectives: that of a building inspector or that of the original architect. The inspector verifies adherence to code—a critical but external check. The architect understands the foundational principles, the systemic loads, and the critical points of failure *before* they manifest.
A background in software architecture brings this deeper perspective to validation. It provides an innate understanding of how systems are built, which transforms the entire validation approach.
- Systemic Vulnerabilities are Exposed: Instead of just testing user inputs, this perspective probes the data models, interfaces, and logic for inherent weaknesses, leading to a far more robust risk analysis.
- Testing Becomes More Efficient: Knowing where a system is most likely to break allows for the creation of smarter, more targeted test cases that deliver maximum assurance with minimum redundancy.
- Holistic Integrity is Assured: It ensures that the system is not just compliant on the surface, but that its underlying structure is sound, secure, and built for long-term data integrity, a principle proven in projects for industry leaders like GSK.
Initiate a Consultation
For strategic guidance on Computer System Validation, audit preparation, or compliant software development, contact me to schedule an initial consultation.
Contact via Email