Monday, August 31, 2009

Four technologies offering best investment profile in 2009

Over at Computer Economics, we've released our new study, Technology Trends and IT Management Best Practices 2009/2010. It's based on our annual survey, which also produces our IT spending and staffing benchmarks.

For the first time this year, we not only analyzed each technology in isolation but also in comparison with each other, looking at adoption vs. current investment levels as well as risk versus reward (cost versus payback). In doing this we found four technologies that stand out as having the strongest investment characteristics: server virtualization, storage virtualization, unified communications, and cloud computing.

You can read a summary of these findings on our website.

You can also download the first nine pages of the full report, free.

The full report also analyzes adoption trends for 10 selected IT management best practices.

Wednesday, August 26, 2009

Optimizing ERP support staffing in smaller companies

I had an interesting analyst request today. An IT manager for a midsize company recently purchased our Computer Economics ERP Support Staffing Ratios report and wonders how the ratios would apply to a smaller business.

He writes:
We purchased the study "ERP Support Staffing Ratios". It was very helpful. Question - We are implementing an new ERP system, and bringing it up a little at a time. We are trying to get a benchmark for the minimum ERP IT support staff that would be required; regardless of the size of the user base.

Alternatively stated, if a company implemented a comprehensive ERP system, but only had 50-100 users, there is probably a minimum core staff the would be required to support it.
If you could take a look at the information underlying the study and try to shed some light on this for us, it would be very helpful. For example, what seems to be the typical (median) staffing ratio for the smaller user population groups?
Smaller firms are at a disadvantage
I responded that the report itself gives the answer, as the number of users per support staff member in small companies (under 200 users) is less than half of the number for organizations with 200 to 500 users. (Actually when you go to over 500 users, the number almost doubles again). In other words, there are tremendous economies of scale in ERP support staffing. In small companies, you need twice the number of support staff per 100 users as you do in midsize companies. (Buy the full report if you want the actual stats.)

Now, having said that, I would say, based on my experience, that when you get into the smaller companies, it all depends on what system you are implementing. I have seen or heard of MS Axapta or QAD sites of 50-100 users that are effectively managed by one full time IT person. But you rarely see that with Oracle or SAP, for example. Our report shows that Tier I systems simply have a bigger footprint, requiring more ERP support staff.

Think outside the FTE box
At the same time, smaller organizations should be thinking about outsourcing much of their ERP support. They simply do not have the scale to have a full-time apps programmer, plus a fulltime DBA, and a full-time help desk person. And these roles are not really suitable for a single person. A better approach would be to go ahead and staff the help desk but contract out the DBA work and apps work (e.g. applying patches or upgrades). Many small companies are too reliant on one or two IT staff members, and when they leave or become disgruntled it can be a real problem. If you get the right contractors, this also provides for better coverage and may actually provide for longer continuity of support personnel than relying on full-time employees.

The full report on ERP Support Staffing Ratios is on our website. A free executive summary is also available.

Related posts
ERP support costs: the offshore model

Monday, August 10, 2009

2009 IT spending and staffing benchmarks

Over at Computer Economics, we've released our new IT Spending and Staffing Benchmarks 2009/2010 study, in this, its 20th year of publication.

The current economic recession has had significant impact on typical IT budget and headcount ratios. Our new study, based on our 2009 survey provides updated metrics for planning and benchmarking IT spending and staffing levels.

Some of the key findings:
  • Sectors showing the sharpest decline in median IT operational spending include discrete manufacturing, process manufacturing, and retail. Median IT budgets are down 5.5%, 2.5%, and 1%, respectively in those sectors.

  • Certain sectors, however, are continuing to show positive growth in their 2009/2010 IT operational budgets. These sectors include banking and finance at 4.9%, healthcare providers at 4.7%, professional and technical service firms at 4.0%, and utilities and energy at 1.3%.

  • 46% of all IT organizations plan to reduce headcount this year, compared to 27% that are increasing headcount. Another 27% of IT organizations report their staffing levels will remain the same as last year.

  • However, some sectors are showing continuing growth in IT staffing. For example, nearly 63% of survey respondents in the healthcare provider sector reported they were increasing IT staff this year.
The annual study is based on an in-depth survey of more than 200 IT executives who provide detailed breakdowns of their budgets, staffing, and technology adoption plans for the 2009-2010 period. The survey sample includes a roughly equal number of small, medium, and large enterprises. The respondents are stratified according to 12 industry sectors to provide a representative sample of IT organizations across all industries.

A free executive summary is available on the Computer Economics website.

Wednesday, August 05, 2009

FDA still enforcing regulations for validation of enterprise software

IT organizations in the medical device industry take note. A business associate calls my attention to a recent U.S. Food and Drug Administration (FDA) warning letter to a medical device firm for "failure to validate computer software for its intended use" under 21 CFR § 820.70(i). The systems in question are based on packaged enterprise software. The letter is reminder that when such systems are implemented in regulated industries, it is incumbent on the user organization to ensure that such use is validated.

This is all in the public record, so I have no problem providing the specifics.

The letter, dated May 29, 2009, is addressed to UltraRad Corporation, a provider of picture archiving and communication systems (PACS). PACS are regulated by FDA as medical devices, because they are "intended for use in the diagnosis of disease or other conditions or in the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or function of the body." As a medical device, UtraRad's products must comply with the Quality System Regulation (21 CFR Part 820) or QSR for short.

The Violation
FDA's warning letter, based on an inspection carried out in February and March of this year, points to a number of violations of the QSR. From the perspective of enterprise software, however, the most interesting citation is the one concerning software validation:
4. Failure to validate computer software for its intended use according to an established protocol when computers or automated data processing systems are used as part of production or the quality system as required by 21 CFR § 820.70(i). This was a repeat violation from a previous FDA-483 that was issued to your firm. For example:
A) Your firm uses off-the-shelf software (HEAT Help Desk) to manage customer support service calls and to maintain customer site configuration information; however, your firm failed to adequately validate this software in order to ensure that it will perform as intended in its chosen application. Specifically. your firm's validation did not ensure that the details screen was functioning properly as intended. The details screen is used to capture complaint details and complaint follow-up information which would include corrective and preventative actions performed by your firm when service calls are determined to be CAPA issues.

B) Off-the-shelf software (Microsoft SharePoint) is being used by your firm to manage your quality system documents for document control and approval. However, your firm has failed to adequately validate this software to ensure that it meets your needs and intended uses. Specifically. at the time of this inspection there were two different versions of your CAPA & Customer Complaint procedure, SOP-200-104; however, no revision history was provided on the SharePoint document history. Your firm has failed to validate the SharePoint software to meet your needs for maintaining document control and versioning.
Implications for IT
Note that the two software packages--HEAT and Sharepoint--are widely implemented across various industries. HEAT, from Front Range Solutions, is a commonly-used system for help desk support. Sharepoint, of course, is Microsoft's collaboration and content management server. Neither of these systems are specific to the medical device industry. As such, IT professionals--especially those without a background in regulatory affairs--may not recognize the risk they incur when implementing these systems in a regulated environment. In fact, the software vendors themselves may be unfamiliar with the compliance needs of their customers in regulated industries.

One common misunderstanding is that the customer's responsibility for compliance can be met by the vendor somehow "validating" its software. Vendor claims notwithstanding, vendors cannot sell you "compliant software" or "FDA validated software." Terms like this in vendor marketing literature should be a red flag that the vendor does not have a clue.

Technically, it is not the software itself that is validated, it is the software in its intended use that should be validated. One customer may be using the software in a way that is altogether inappropriate in a regulated environment, while another customer may be using the software in a way that fits its intended use. Although a software vendor can support its customers' compliance--by providing evidence of software quality, for example--ultimately it is the responsibility of the user of the system to ensure that the system itself, and how it is implemented and used, are appropriate. UltraRad, according to the FDA warning letter, failed to do so.

FDA warning letters citing failure to validate commercial off-the-shelf software (COTS) are not an everyday occurrence. This one, which so clearly cites this violation is a good reminder of the responsibility of regulated organizations that implement such systems.

For more guidance on this subject, see Validation of Software for Regulated Processes (TIR-36) from the Association for the Advancement of Medical Instrumentation (AAMI). I served on the AAMI committee that wrote this report in 2007, and it provides a good overview and recommendations to industry on an approach to comply with FDA regulations for these types of systems.

Related posts
Turning software validation into a meaningful exercise
A quality systems view of 21 CFR Part 11
Oracle unveils new electronic signature functionality for FDA regulated manufacturers
FDA finalizes guidance for 21 CFR Part 11
FDA drops the other shoe on Part 11
FDA signals change in approach to Part 11
Possible solution for FDA electronic record audit trail compliance
Business success is more than regulatory compliance
Buzzword alert: "Part 11 compliance"