Share this
by QT9 Software on December 30, 2026
Few moments strike fear into the hearts of quality professionals like an unexpected inspection. Christian Reyes, host of QT9’s podcast, QT9 Q-Cast, sets the scene in our latest episode examining software validation.
“An FDA investigator walks in and asks for your validation evidence. Could you produce it? Or would you have a panic attack on the spot?” he asks.
Software validation is often misunderstood, overcomplicated or approached far too late. Yet for organizations in life sciences, medical devices and other tightly regulated industries, it’s a compliance expectation often tied directly to product approval, data integrity and patient safety.
In this episode, Reyes sits down with Max Austin, Vice President of QT9 Software, to break down what software validation means, why so many companies struggle with it, and how modern SaaS solutions can dramatically reduce risk and effort.
Contents
Why software validation causes so much confusion
Risk and the "fit for intended use" question
What happens when validation is missing?
How QT9 reduces the validation burden for QMS and ERP users
What customers still need to do
Why software validation causes so much confusion for regulated companies
One of the most persistent misconceptions around validation stems from how regulatory standards are interpreted. Many businesses focus only on fragments of standards without understanding their full context.
Austin uses a sandwich analogy to explain. “If you put five pounds of meat in between two little slices of bread, everyone approaches it like they just want the delicious meat. But the bread is what holds it all together,” he said. “So many people just skip over [the bread] and they get right to the middle and they … don't understand it because they haven't taken the context of the entire document.”
Adding to the confusion is the fact that the FDA’s foundational software validation guidance was written decades ago, in a very different technology landscape.
“This document that we're all trying to be obedient to and honor and give justice to was written in 1997,” notes Austin. “Cloud-based SaaS platforms, modern browsers, single sign-on and real-time dashboards simply didn’t exist at the time.” Yet organizations are still expected to interpret and apply the 1997-era requirements today.
Risk and the "fit for intended use" question
At its core, says Austin, validation comes down to one critical concept: intended use.
“That should be the number one question you're asking whenever you're looking at a validated system,” he says. “Validation applies to any software system that is going to somehow impact a product that will eventually potentially affect the health and safety of a human being. So the scope and intended use, that should be the first question you ask because that is going to set the path forward for how much validation is required.”
Regulators expect companies to validate any software that could impact product quality, patient safety or data integrity. “The depth of that validation should be based on risk-based analysis,” adds Reyes, “which to me kind of sounds like code for don't overdo it if you don't have to.”
Austin agrees, noting that the U.S. FDA specifically states to use the least burdensome approach, understanding that not all products pose the same risk and therefore may use different validation methods based on the amount of risk.
This risk-based mindset applies equally to QMS platforms, ERP systems, equipment software and even spreadsheets with macros if they influence regulated outcomes.
“Equipment, software, data processing, it doesn’t matter what [the software] is doing,” says Austin. “We just want to always make sure that the outputs are matching the inputs so that we have expected results. … And what’s the risk if it fails or gets it wrong? Are there other safety nets downstream that could potentially catch it.”
What happens when validation is missing?
When validation is skipped or poorly documented, inspections can quickly spiral. Auditors may request evidence that simply doesn’t exist or discover that testing was informal, incomplete or undocumented.
Austin emphasizes that validation isn’t about perfection; it’s about demonstrating diligence. Without that effort, organizations risk observations, warning letters, delayed approvals and significant remediation work.
Watch the QT9 Q-Cast podcast with QT9 VP Max Austin, on how to tackle software validation in 2026.
How QT9 reduces the validation burden for QMS and ERP users
For life sciences and regulated customers, QT9 provides developer-level software validation as part of its platform.
QT9 takes on the burden of validation for its customers, including extensive testing across real-world use cases, complete with screenshots and documented results. “Our validation document is “about 1,400 pages… It takes about six weeks to complete an entire validation.”
This work covers installation qualification (IQ), operational qualification (OQ) and performance qualification (PQ), eliminating a massive amount of effort that customers would otherwise need to perform themselves.
What customers still need to do
While QT9 handles the heavy lifting, end users still play an important role. Each organization must validate how they use the system within their own environment, including risk assessments and limited user acceptance testing.
Austin explains why this matters in a SaaS world. “There are still a lot of things that we don't control… and that's why you have to do end-user testing.”
The key difference is that customers aren’t starting from scratch. With QT9, 80-90% of the validation work is already done, allowing teams to focus on their specific processes instead of rebuilding validation from the ground up.
Inspection-ready by design
QT9’s validation approach has been tested repeatedly in real inspections.
Auditors recognize thorough testing when they see it, says Austin, and when validation is solid, they move on quickly.
“That's clearly tested… They have other things they want to look at.”
Software validation doesn’t need to be a panic-inducing, resource-draining exercise. With the right SaaS partner, it becomes a structured, manageable part of your quality system — one that supports compliance instead of slowing innovation.
QT9’s pre-validated QMS and ERP software allows organizations to stay focused on what matters most: building safe, effective products.