Medical Affairs just revised your IIS review protocols. Perhaps oncology studies now need a different review structure. Maybe compliance thresholds changed based on recent regulatory guidance. Budget approval tiers shifted to reflect current realities. These updates are documented, distributed, and active.
But when will your approval system actually enforce them?
If the timeline depends on IT's development queue, you're looking at weeks or months — not because technical teams lack skill or commitment, but because traditional software implementation creates structural delays between process decisions and system deployment.
For Medical Affairs teams stewarding investigator-initiated studies, these delays don't just slow work down. They force operational workarounds that introduce compliance risk and make the real process invisible to audit.
This article explores why no-code configuration matters in Medical Affairs teams, and what changes when process owners can shape their own IIS workflows without technical help.
IIS approval criteria change constantly, and for good reason. Medical Affairs teams adapt their processes based on experience, regulatory updates, and organizational learning. A gene therapy study requires different expertise than an observational study in diabetes management. A $50,000 budget might need different approval levels than a $500,000 multi-site investigation. These aren't arbitrary changes — they reflect the sophisticated judgment that Medical Affairs brings research oversight.
Yet in traditional systems, each process of adjustment triggers a cascade of technical work. Update the SOP. Document the requirements. Submit an IT ticket. Wait for prioritization. Review specifications. Test changes. Deploy updates. By the time the system reflects the new process, the team has often identified additional refinements, starting the cycle again.
This creates what I think of as "process debt" — the growing gap between how work should be done and how systems allow it to be done. Teams develop workarounds. They maintain shadow processes in spreadsheets. They add manual checkpoints that should be automated. Each workaround increases the risk of error and makes the true process harder to audit and improve.
The six-month IT project that delivers yesterday's requirements isn't IT's fault. It's a structural problem when process owners can't directly configure their own workflows. Medical Affairs owns the knowledge about IIS approvals, but they're dependent on technical translation to implement that knowledge in systems.
Approvia IIS was designed to break this cycle. When Medical Affairs needs to adjust reviewer assignments or update budget thresholds, they configure those changes directly — no tickets, no translation, no waiting.
Use our Process Debt Calculator to assess how much friction your current IIS approval system creates.
You'll get a personalized score showing where manual workarounds, IT dependencies, and system limitations are slowing your team down, plus specific recommendations for what to address first.
The traditional model treats Medical Affairs as requirements providers and IT as implementation experts. This division makes sense for infrastructure and security, but it breaks down for workflow configuration. When Medical Affairs has to explain IIS approval nuances to developers who've never worked in life sciences, critical details get lost in translation.
Consider the complexity of explaining reviewer assignment rules. "For oncology studies with budgets over $100,000, we need Dr. Smith from therapeutic area leadership, unless it involves CAR-T therapy, in which case we need Dr. Jones from the cell therapy committee, but if Dr. Jones has a conflict of interest, it escalates to Dr. Williams, unless the study is international, which requires..." The developer hears conditional logic. Medical Affairs sees patient safety and scientific integrity.
"The developer hears conditional logic. Medical Affairs sees patient safety and scientific integrity."
This game of telephone between process owners and developers creates more than delays. It introduces interpretation-related errors. A developer might code exactly what was specified but miss the intent behind the requirement. Medical Affairs might not realize the gap until an edge case reveals it months later.
Real configurability means Medical Affairs can implement their expertise directly. Not choosing from pre-built templates that almost fit. Not submitting change requests for every adjustment. But actually, building and modifying workflows reflect the full sophistication of IIS oversight.
No-code configuration in Approvia IIS means Medical Affairs can adjust processes in real-time. When the team identifies that rare disease studies need an additional patient advocacy review, they add that step themselves. When budget thresholds change, they update the routing rules immediately. When a new therapeutic area requires specialized expertise, they configure the reviewer pool without writing requirements documents.
This isn't about avoiding IT or eliminating governance. It's about putting control where knowledge lives. Medical Affairs understands when a protocol requires biostatistics review. They know which investigators have potential conflicts of interest. They recognize when a study design raises regulatory flags. No-code configuration lets them embed this knowledge directly into workflows.
The interface matters here. Dragging and dropping approval stages. Setting conditions through dropdown menus. Configuring notifications with simple rules. The sophistication lies not in the technical implementation but in the process design — exactly where Medical Affairs expertise shines.
No-code doesn't mean no controls. IT maintains critical oversight of security, integration, and compliance with system validation requirements. What changes is the boundary between infrastructure (IT's domain) and process (Medical Affairs' domain).
IT domain |
Medical Affairs domain |
| Security, system validation, integration architecture, compliance infrastructure | Reviewer routing logic, approval criteria, therapeutic area workflows, budget threshold rules |
Think of it as the difference between building codes and interior design. IT ensures the building is safe, secure, and compliant with regulations. Medical Affairs arranges the rooms to optimize their work. Both roles remain essential, but each focuses on their core expertise.
This model actually strengthens governance. When Medical Affairs can configure workflows directly, they document their decisions in the system itself. Every process change is tracked. Every configuration is versioned. The audit trail captures not just what changed but who made the change and when. IT gains visibility into process evolution without becoming a bottleneck.
Medical Affairs ownership with IT oversight creates accountability without dependency. Teams can respond to urgent process needs while maintaining compliance. Innovation happens at the speed of decision-making, not at the speed of development cycles.
When Medical Affairs teams can directly configure their approval workflows, they fundamentally change how they engage with continuous improvement. Process refinement becomes immediate rather than aspirational. Teams iterate based on what they learn, not what they can convince IT to prioritize. They own both the outcomes and the infrastructure that generates those outcomes.
The shift from process user to process owner changes everything. Medical Affairs stops accepting system constraints as permanent and starts treating them as configuration decisions they control. They stop building elaborate workarounds and start fixing the underlying friction. The workflows that emerge reflect the full depth of expertise that Medical Affairs brings to research oversight. It's not a simplified version filtered through technical translation.
That's what real ownership looks like. And it's why no-code configuration matters for IIS approvals.
Use our Process Debt Calculator to assess where IT dependencies, manual workarounds, and system limitations are creating friction in your IIS approval process. You'll get a personalized score and specific recommendations for what to address first.
Once you understand where the gaps are, request a demo to learn how Approvia IIS eliminates them.