Software Validation?

On and off for about 35 years as “citizen developer”, I have been writing software for use on my various jobs… but that has always been in an R&D setting or for companies which were not “ISO” or regulated.

My current employer fell into that category. Until recently we were a pure R&D company… Now we are transitioning to primarily a manufacturing company (doing fermentations) … and we need to get ISO 9000 certified…

Although we are not manufacturing drugs, some significant potential customers also want to hold us to cGMP standards to order from us…

I think all that means if I write any software that is used in any aspect of material handling, manufacturing or testing, it would need to be “validated”.

I know what validated means in terms of laboratory testing, but what does it entail for software produced for in-house use? Can anybody give me a good idea of what it means, and the scope of work required?

If it is not practical for me to do (or outside of my ability) , my days of developing software for in-house use could be over, or the opportunities EXTREMELY limited…

I would rather that not be the case!

For me creating software solutions to problems at work or for making the work easier and more efficient, is a creative outlet I enjoy. I really don’t want to have to give it up!

  • Karen

Talk to a lawyer or an ISOwhatever specialist.

Surely your firm will have advisors going through this transition. Just raise your item as another to be considered.


The thing is I was going to try to write a significant piece of software over the next 3 weeks (while I am on vacation so I have block of time) and we don’t yet have someone I can ask at work.


So what? How do you think that the validation is going to affect your work? Is your work superfluous? Do you think that your bosses will let you go?

And vacation is not for working.

1 Like


No. I just don’t want to spend most of the next 3 weeks writing something that can’t be used.


1 Like

You count unlaid eggs. Talk to your boss. Either your software is needed and then a place in that certification will be found for you. Or your software is not needed. Those certifications aren’t that hard. They don’t do much anyways.

Many years ago, a tool retailer I worked for went through this, because bigger organisations that wanted quotes for supply of tools started demanding ISO9000 certififcation before they would look at the prices.
Completely pointless- if they wanted to buy a Stanley Screwdriver, the quality control should have applied at the Stanley end, rather than the company that carried it from warehouse to factory.
Nonetheless, the process was followed.
As I understand things…
In essence, it is an expensive process of defining processes fro all parts of the business, documenting how things are done, and the methods used to ensure compliance.
In the case of your software, I would be surprised if your employer considers the development as part of its core business.
But if it does, the part that covers you may say:

  • Software developed in house
  • Code copy kept offsite for safety
  • Change control achieved via GIT or similar
  • Perhaps regular code reviews by peers
  • Testing and rework process

I imagine your employers will ask you for these details in the first place.

1 Like

about QM that came into my mind
failure safety / backup / restore concept
strict software update process / communication
test enviroment / test team
extra development enviroment with own database
bus factor / team work at your projects! / human resources manager
knowledge transfer / knowledgebase

Not sure if it applies to your situation, but here is a blog article about compliance from a software company that I used to work for. They are geared mostly towards the pharmaceutical industry, but the information may still be helpful.