1

DISCLAIMER: I work for a medical device manufacturer that has its own internal engineering, quality, and regulatory departments. The company is subject to FDA regulation.

This thread is not about software validation in the generic form of validating licensing, or usability. It is about meeting the requirements set forth by the FDA and other governing bodies.

Now onto the original post:

I am the IT Manager where I work, managing a staff of 0. This means that I handle all IT related tasks. I do this for my main office location in WI, as well as our office in IL, TN, and soon to be NJ as well. This is most certainly a full time job, as can be expected.

Anyways, I am being told that I my job description is having an additional item added to it of “Software Validation”. When did that begin to fall into the responsibility of IT? I don’t know how to use (let alone validate) 90% of the software that we have in house (SolidWorks products, AutoDesk Products, quality management software, etc.). I know how to use our ERP, but that is because I actually use it. I do not use PowerMill or PowerShape (AutoDesk), I don’t design things (Solidworks). How am I supposed to validate it?

Am I wrong for thinking this is not something that is handled by the IT manager? Or am I privileged by never having to undertake these responsibilities in the past?

What can I say/do to help emphasize that this is not something that should be thrown onto my plate. It is going to be part of my 2021 ‘goals’ (EDIT: CORRECTION…2022 GOALS) , meaning that if I don’t figure something out, I am going to have to find time to learn what software validation all entails, and how to use all of this software so I can validate it, while at the same time continuing to keep the 4 locations I have up and running.

I am afraid that this is going to be the nail in my coffin and am at a loss as to how to handle it.

Thoughts?

70 Spice ups
2

You’re a one-man show and unfortunately, as many of us who have lived that life or continue to live that life can tell you: you wear more hats than the rest of what we’d consider “normal IT.”

Software validation though… at least in MY personal opinion judging off what I believe “software validation” actually is, definitely falls under the IT scope of responsibility. If you are to utilize or leverage some software at your workplace should it not be routinely validated for adequacy or efficacy?

34 Spice ups
3

I should clarify - in my scenario I’m imagining the non-IT folks who penned the term are viewing “Software Validation” as a means for you to verify that the software:

  1. works
  2. does what it is supposed to do
  3. is being used to the best of our ability

I don’t think they’re asking you to tear apart code, become a QA tester, debug everything, etc… I think they just found a fancy term for “does it work???” and threw it rightfully into your scope of responsibility.

27 Spice ups
4

On one hand, I sympathize with you. On the other hand, earlier this year, I paused virtualizing all of our physical servers while simultaneous moving from Windows 2008 R2 and Exchange 2010 to Windows & Exchange 2019 so that I could change batteries in the urinal auto flushers. At least I had finished preparing the W2 upload file for the SSA.

So…

40 Spice ups
5

hah - at least yours is still computer related …

I manage the same number of staff as you and get everything that has a plug on it - or somewhere near - programming heaters - my job. the odd bit of plumbing - my job! Testing emergency lighting and fire alarm testing - yup - all mine.

TBH, I don’t worry too much - I’ll kick back if it goes beyond where I’m comfortable or the task is too much to accomplish in the given timeframe.

Software Validation - If they’re wanting you to check a product is fit for it’s intended use - it’s a bit tricky if you don’t know how to do the task - when it came to ERP evaluation, I did the bulk, and sat in on the specialist areas, but left the department heads to evaluate their areas although for some bits, I had to rely on my accounting knowledge to fall back on - as the “department head” didn’t know the computing basics!

If it’s going to be added to your measurables - they should provide you with the method of measuring they’re going to use - it may be you just need to manage the process and can leave the actual task to the dept concerned.

14 Spice ups
6

(3rd post because I clearly suck at collecting my thoughts into one post like a normie)

Every one-man-show gig I’ve worked has always involved a handful of what I’d consider to be non-IT tasks. Typically if IT is one person, then there is a probability that other departments are also lower on staff count. So in all likelihood, you aren’t the only guy/gal dealing with additional tasks.

Hell, I have an actual team here and I still also take care of a large portion of our facilities, billing, and maintenance. Lights not working in NJ? That’s on me to resolve. Servers down in MN? Also me. Flags need to be at half-mast in CA today? Also me.

I think it’s more normal to have “non-normal IT” tasks than it is to not, honestly.

15 Spice ups
7

For me, it would depend what they actually expect from you in relation to that.

I do agree with @dimforest in that validating the software being used still meets the needed functionality would be an IT scope. I would say, though, that you should also lean on the people who use the software every day for feedback on whether it meets all their needs.

One other thing I can think of that may come across for “software validation” is more of an auditing system to make sure software is up to date, licenses, etc. Maybe also find out if there’s software that is no longer needed and can be removed.

Best bet is to find out exactly what they mean by “software validation” and then go from there.

16 Spice ups
8

Ahh the wonderful world of one man show in IT. Software Validation do they mean does it do the job? Is it safe for the company of spyware / malware? I would ask for clarification.

5 Spice ups
9

I drew the line when my added duties were “plunge the toilets”. Nope.

14 Spice ups
10

It should be noted that in the past we had an individual who handled software validation. It was a large portion of his job (not his only job duty, though).

I am not against non-IT tasks. That is normal, and I am happy to do them. But in this case, what they are looking for is completely out of scope for this type of role. It is not simply a “does it install, and does it work”. It is more of an in-depth analysis of the software, and if it produces the results that are expected from it with the processes that we have in place."

I was also just told by someone else that works w/me that I cannot do this role as there needs to be a separation of duties. (IE: the person that manages the software cannot be the one to validate the software). I guess that counts for something with this argument.

6 Spice ups
11

Half the time, ‘Software Validation’ just involves you talking to the people that use the software, and their managers… “Does it still do everything you need it to do? Are there any features a newer version might have that would make your work easier or faster?” Etc…

The running joke I have with our CAD operators is that I’m like a mechanic that doesn’t have a driver’s license. I can troubleshoot and fix it, but I’m not the best at making it go… :wink:

13 Spice ups
12

One thing I failed to mention is that we are a medical device manufacturer and must abide by the rules set forth and governed by various regulatory agencies such as the FDA here in the states [Title 21 Code of Federal Regulations (CFR) Part 820, and 61 Federal Register (FR) 52602] and whatever agency it is in the EU that has similar requirements (I am failing to remember that acronym right now).

To me, this screams “out of my area of expertise”…but if I am wrong with that, and this something that should be in my wheelhouse…well, yeah, then I am in for one hell of a rough ride.

6 Spice ups
13

That’s how I am with our main business application, Dynamics AX. I can modify it, troubleshoot it, and fix it, but don’t ask me how to correctly process a purchase order from start to finish.

5 Spice ups
14

That is what I have been being told is what the Software Validation process for us is. Beginning to end, making sure it what goes in produces what is expected on the other end. But if I can’t make a PO (to use your example) how can I verify that the PO is correct, and in turn, validate the process that was used to create it?

1 Spice up
15

Basically it really refers to software licensing verification, to avoid users installing pirated software. Always an IT related task.

By the way, SpiceWorks can help with that.

1 Spice up
16

That is not the case here. I already handle licensing, that is a non-issue. It is the software itself, and validating that it does what it is supposed to do, and produces the results that we are expecting it to.

2 Spice ups
17

sounds like you get to do some training and take on a +1. So you can manage some one as well as the bits with plugs on :slight_smile:

If it was a large proportion of someone elses job - I guess they’re no longer with the company - I’d be asking 2 things - what on earth where they doing in the software validation that took so long and secondly - if I’m meant to fit this in with my normal day job - what can I delegate and two whom?

I dunno what level of manufacturing you’re up to - but if the company is designing circuits &/or software to run on those - then validating the software that creates that sounds rather specialist …

2 Spice ups
18

OK, that’s different, is there an engineering department manager? That will be the right person to do that task. IT install and maintains software, the functionality is a different animal.

On real IT world, when there is the consideration of acquiring software, because upper management already approved the acquisition, IT gets involved to ensure the software is compatible with the operating system, the computers are going to be capable to run the application, and the installation is done properly, leaving the application installed and ready for the user.

During the above transition, if IT discovers issues with the software, the IT engineers will work with the tech support of the provider until the implementation is completed.

In some shops there is a testing period that starts in the moment the company have decided to purchase an application. This work eventually decides if the application is or not acquired.

2 Spice ups
19

@jcalexandres ​ - Yes, we have an Engineering Manager. And you have the same thought process as I do on that. The Engineering Manager (or whatever manager oversees the dept that the software would be used in) is the person for these types of tasks. Quality Manager would do this for our QMS software, Engineering for their software, etc. I would come into play to make sure that our infrastructure can support whatever they are looking to do with that software.
When I tried explaining that to my supervisor (who is the CFO and knows nothing about IT), I get a response that basically says that I am being argumentative/difficult/etc.
@andrewfrogley ​ - I’ve been trying to get a “+1” here for 5 years now, and have had absolutely no luck. They keep piling more and more crap onto my plate, without any assistance to help clear it.

2 Spice ups
20

Sounds like you need to get together with the other managers and see how it would work from their perspective - if they’re on your side then go together with a plan for the CFO - if they’re not on your side - then well … CV time?

To get an +1 you need to be able to show that it’s not possible for the 1 person to meet the ongoing requirements of the business due to time available - and that doesn’t necessarily mean you’re unable, it means that nobody would be able.

3 Spice ups