On and off for about 35 years as “citizen developer”, I have been writing software for use on my various jobs… but that has always been in an R&D setting or for companies which were not “ISO” or regulated.
My current employer fell into that category. Until recently we were a pure R&D company… Now we are transitioning to primarily a manufacturing company (doing fermentations) … and we need to get ISO 9000 certified…
Although we are not manufacturing drugs, some significant potential customers also want to hold us to cGMP standards to order from us…
I think all that means if I write any software that is used in any aspect of material handling, manufacturing or testing, it would need to be “validated”.
I know what validated means in terms of laboratory testing, but what does it entail for software produced for in-house use? Can anybody give me a good idea of what it means, and the scope of work required?
If it is not practical for me to do (or outside of my ability) , my days of developing software for in-house use could be over, or the opportunities EXTREMELY limited…
I would rather that not be the case!
For me creating software solutions to problems at work or for making the work easier and more efficient, is a creative outlet I enjoy. I really don’t want to have to give it up!
The thing is I was going to try to write a significant piece of software over the next 3 weeks (while I am on vacation so I have block of time) and we don’t yet have someone I can ask at work.
You count unlaid eggs. Talk to your boss. Either your software is needed and then a place in that certification will be found for you. Or your software is not needed. Those certifications aren’t that hard. They don’t do much anyways.
Many years ago, a tool retailer I worked for went through this, because bigger organisations that wanted quotes for supply of tools started demanding ISO9000 certififcation before they would look at the prices.
Completely pointless- if they wanted to buy a Stanley Screwdriver, the quality control should have applied at the Stanley end, rather than the company that carried it from warehouse to factory.
Nonetheless, the process was followed. As I understand things…
In essence, it is an expensive process of defining processes fro all parts of the business, documenting how things are done, and the methods used to ensure compliance.
In the case of your software, I would be surprised if your employer considers the development as part of its core business.
But if it does, the part that covers you may say:
Software developed in house
Code copy kept offsite for safety
Change control achieved via GIT or similar
Perhaps regular code reviews by peers
Testing and rework process
I imagine your employers will ask you for these details in the first place.
about QM that came into my mind
failure safety / backup / restore concept
strict software update process / communication
test enviroment / test team
extra development enviroment with own database
bus factor / team work at your projects! / human resources manager
documentation
knowledge transfer / knowledgebase
Not sure if it applies to your situation, but here is a blog article about compliance from a software company that I used to work for. They are geared mostly towards the pharmaceutical industry, but the information may still be helpful.