TopicsStartup FundamentalsFundraisingThe Nordic Edge

Why I Built Cohera: The Problem with Disconnected Quality Systems

3 days ago · 1,200 words · 6 min read

coheraregulated-industriespharmaceuticalstartup-journeyenterprise-software

Why I Built Cohera: The Problem with Disconnected Quality Systems

After Realm was acquired by MongoDB in 2019, I spent time advising companies and exploring what to build next. I kept being drawn to problems in regulated industries—healthcare, pharmaceuticals, medical devices. These are sectors where software can have enormous impact, but where building is genuinely hard.

The more I learned about pharmaceutical operations, the more I saw a problem hiding in plain sight.

The Hidden Cost of Disconnection

Here's a typical scenario at a pharmaceutical company:

A quality manager receives a Certificate of Analysis from a supplier. To verify the certificate, link it to the right materials, and update all affected systems, they need to:

  1. Log into the supplier portal
  2. Download the certificate PDF
  3. Manually extract key data points
  4. Log into Veeva Vault to upload the document
  5. Log into SAP QM to update material records
  6. Log into TrackWise if there are any deviations
  7. Update a spreadsheet that tracks certificate expiry dates
  8. Email relevant stakeholders

This process takes 30-45 minutes per certificate. A large pharmaceutical company might process thousands of certificates per year. The math is depressing: we're talking about full-time employees whose entire job is copying data between systems.

But it gets worse. When something changes—a supplier updates their certification, a specification changes, a new regulation comes into effect—answering the question "what's affected?" requires pulling data from multiple systems and reconciling it manually. This can take days.

Why Does This Happen?

Pharmaceutical companies don't choose to run disconnected systems. They end up this way for good reasons:

Regulatory requirements are specific. Different regulations require different capabilities. A document management system optimized for FDA submissions (like Veeva Vault) isn't the same as a quality management system optimized for CAPA tracking (like TrackWise).

Validation is expensive. Validating software for GxP use under 21 CFR Part 11 or EU GMP Annex 11 is costly and time-consuming. Once a system is validated, there's strong pressure to keep using it rather than switch.

Best-of-breed wins. For each domain—document management, quality management, supplier management, manufacturing execution—there's typically a market-leading solution. Companies rationally choose best-of-breed over integrated but inferior alternatives.

Acquisitions compound the problem. Pharma companies grow through M&A. Each acquisition brings its own systems, creating layers of technical debt.

The result is that even well-run pharmaceutical companies often have 8+ quality systems that don't share data effectively.

The Integration Layer Thesis

At Realm, we learned that the best products don't ask users to change their behavior—they work with existing patterns. We didn't ask developers to abandon their existing databases; we gave them a better experience within their existing workflows.

I saw the same opportunity in pharmaceutical operations.

What if we didn't try to replace Veeva, SAP, or TrackWise? What if we built a layer that made them work together?

This became the founding thesis of Cohera: create an intelligent orchestration layer that connects existing systems, enforces relationships between data, and enables automation—all while maintaining the audit trails and compliance requirements that regulated industries demand.

Building for Compliance First

The hardest part of building for pharmaceutical companies isn't the technology—it's the compliance.

Every feature we designed had to answer: "How does this maintain audit trails? How do we prove data integrity? What happens during an audit?"

We built compliance in from day one:

ALCOA+ principles are foundational. Every piece of data is Attributable (who), Legible (readable), Contemporaneous (when), Original (source), Accurate (correct), and Complete, Consistent, Enduring, and Available. This isn't a feature; it's the architecture.

21 CFR Part 11 compliance by design. Electronic signatures, audit trails, access controls—these aren't checkboxes we added later. They're core to how the system works.

Zero-trust security model. Pharmaceutical companies work with suppliers, contract manufacturers, auditors. Each party needs appropriate access without exposing data they shouldn't see.

What We Built

The core of Cohera is an ontology layer—a semantic data model that unifies disparate systems into a coherent object model. A supplier in Cohera isn't just a record; it's an object with defined relationships to products, certificates, materials, and documents across all connected systems.

On top of this, we built:

AI agents for automation. Certificate intake, change impact analysis, expiry monitoring—these are tasks that can be automated while maintaining human oversight and audit trails. Our agents handle the routine work while quality professionals focus on decisions that matter.

Connectors for legacy systems. Pre-built integrations for Veeva Vault, SAP QM, TrackWise, LIMS, and more. Bi-directional sync that keeps systems in alignment.

Natural language queries. "Which products use materials from this supplier?" shouldn't take days to answer. With Cohera, it takes seconds.

BioWise: Our First Product

We launched BioWise as our first product specifically for pharmaceutical compliance. It's now in use by pharmaceutical companies for:

  • Certificate management: Receive, validate, and link supplier certificates automatically
  • Supplier qualification: Track qualification status, monitor expiries, manage documentation
  • Change impact analysis: When something changes, instantly see all affected products and documents
  • Audit readiness: Generate compliance reports that pull data from multiple systems

What I've Learned

Building for regulated industries is different from building consumer or typical B2B software:

Sales cycles are long. Enterprise pharma deals take 6-12 months. You need capital and patience.

Trust is earned slowly. Pharmaceutical companies have been burned by technology vendors. Every claim needs proof. Case studies, compliance documentation, and reference calls matter enormously.

The buyer isn't the user. The VP of Quality who signs the contract isn't the quality specialist who uses the system daily. You need to satisfy both.

Compliance is a moat. Once you've done the work to achieve SOC 2 Type II, ISO 27001, and demonstrate 21 CFR Part 11 compliance, competitors can't easily follow. The work to get there is significant.

Where We Are Now

Cohera raised a Series A to expand our product portfolio and grow across Europe and the United States. We have offices in Copenhagen and San Francisco. BioWise is live with customers, and we're building MediWise for medical device companies.

Looking back, the problems I saw in pharmaceutical operations were real—and they're not unique to pharma. Anywhere regulated industries rely on disconnected legacy systems, there's an opportunity to build intelligent orchestration that makes them work together.

That's the work we're doing at Cohera.

For Founders Considering Regulated Industries

If you're considering building for regulated industries, here's my advice:

  1. Start with compliance. Don't treat it as something you'll figure out later. Build it into your architecture from day one.

  2. Find customers early. The sales cycle is long, but you need customer input to build the right product. Start conversations before you have a product to sell.

  3. Invest in trust signals. SOC 2, ISO 27001, compliance documentation—these aren't nice-to-haves. They're table stakes for enterprise sales.

  4. Hire domain experts. You need people who understand quality operations, regulatory requirements, and how pharmaceutical companies actually work.

  5. Be patient. Enterprise software for regulated industries isn't a get-rich-quick opportunity. But the moats are real, the problems are significant, and the impact can be enormous.

I'm always happy to talk with founders building in this space. If you want to go deeper on why the current generation of compliance tools is inadequate and what comes next, I wrote more about that in Why Compliance Technology Is About to Get Interesting.

Reach me at bjarne@christiansen.co.

Related Posts