Python in highly regulated companies?

Hi all, On mobile, excuse formatting. I work in a pretty highly regulated industry, where closed source software (e.g SAS as the prime example) is the norm. Our company is evaluating moving to Python or R, and some of the senior leaders are very hesitant for a few reasons. I’d be interested in your thoughts on them below. I have my own opinions about all, but don’t want to muddy the water; interested in what others think.

  1. No paid support. With SAS, if you have a problem or can’t figure out how a module works, you can open a ticket and SAS tech support will help you sort it out. Doesn’t work for a small package produced by a stranger on Github.
  2. version management- how to ensure you get the same results when running on two different machines which could possibly be running different versions of the same package (or even base Python code).
  3. License compliance/package management - how to ensure users only download approved packages, and ensure the licenses fit our guidelines. Don’t want users downloading a bunch of different packages and have everyone solve the same problem in different ways.
1 Like

Hi,

Some answers off the top of my head (for Python only). I don’t work in a highly regulated industry (perhaps the opposite), but I do try to get my Python code to run identically across many machines, OS’s and Python versions.

In order:

  1. There are paid support options in many cases, e.g. the enterprise version of the Anaconda Python distribution, or CellProfiler custom support. In my experience though, for most packages (except the very tiny), support via GitHub and the community is often as good as paid support. Of course developers/maintainers may abandon a project, but equally a commercial company may fold. At least with open-source software, someone could carry on where the original developers left off. Non-commercial support may also recommend other, more appropriate software - something the SAS tech support would never do.

  2. Version management could be complex (potentially thousands of combinations of just Python/numpy/scipy/matplotlib etc.). However (in my experience), this is taken care of by using virtual environments such as conda. Using DeepLabCut as an example, they provide conda environment files (example) to exactly replicate the exact versions of packages needed for proper function of the software. Your company could do the same.

  3. This is where I don’t have much experience. However most python packages should have a license file on GitHub (if they don’t, my understanding is that you can’t use them anyway). The majority of packages have one of a small number of standard licenses. Depending on your company policy, I would have thought a quick meeting with IP attorneys could allow you decide as a company which licenses were compatible with your work, and create a company policy to state which licenses were ok, and which weren’t.

Hope this helps.

4 Likes

For having consistent environments you can also look into container platforms such as docker: https://www.docker.com/

I think anaconda should enable you to restrict who can change environments: https://docs.conda.io/projects/conda/en/latest/user-guide/configuration/admin-multi-user-install.html