Build vs. Buy: The Software Decision Most Facilities Get Wrong | Blog No. 127

A practical framework for deciding what to build yourself and what to just go buy, and why that spreadsheet you put together isn't nearly as free as it looks.

Most facilities don't decide to build their own PSM software. They drift into it.

It usually starts with one person. A coordinator who's good with spreadsheets builds a tracker to keep tabs on action items. It works. So it grows. Now it's tracking PHA recommendations, MOCs, inspection due dates, and training records, all stitched together with color-coding and a few formulas only they understand.

Then that person leaves. And suddenly nobody can tell you which tab is current, why half the cells are red, or whether the audit list is actually complete.

That's not a staffing problem. That's a build-vs-buy decision that got made by accident. And it's the same decision every operation faces the moment a process gets too important to run out of someone's head.

The principle: buy the plumbing, build the knowledge

A software founder I came across recently put the whole debate into one line: buy your infrastructure, build your intelligence.

It's a useful way to think about it. Some things are plumbing; they need to be reliable, they're the same for everyone, and there's no glory in owning them. Other things are the actual value you bring, the stuff that makes you good at what you do. You buy the first kind. You keep and build the second kind.

The mistake most facilities make is getting these backwards. They'll spend months building and babysitting the plumbing, a compliance tracker that any platform does better while treating their real intelligence, the hard-won knowledge of how their specific system behaves, as an afterthought scattered across email threads and a retiring operator's memory.

Five questions to ask before you build anything

Before you decide to build a tool in-house, a tracker, a database, or a custom workflow, run it through these five questions. They're blunt on purpose.

1. Does it need to be reliable? If it goes down for a day, do people panic? Is anyone making safety or compliance decisions off of it? Critical, can't-fail systems are usually a buy. You don't want your audit readiness to depend on a spreadsheet that one person knows how to fix.

2. How custom does it really need to be? Be honest. Your PSM program tracks the same elements as every other facility's. If something off the shelf gets you 90% of the way there, the last 10% is rarely worth building from scratch. Buy. If your need is genuinely unique to your operation, that's a point toward building.

3. What's the real cost to build and maintain? Standing up a basic tool is easy. Keeping it working for five years through staff turnover, format changes, and a regulator looking over your shoulder is the expensive part. If the build is hard and the payoff is small, walk away.

4. Are you locking your knowledge in a black box? This one cuts the other way. If a tool hides your critical information behind something only a vendor controls, be careful. Your operating knowledge and your decisions should stay yours.

5. Does building it give you a real edge? A slightly nicer in-house tracker doesn't make you safer, faster, or more competitive. If building something won't actually move the needle, that's your answer.

A worked example: the compliance tracker

Run a homegrown PSM tracking system through those five questions, and the answer gets obvious fast.

• Reliability? Critical. Your action items and audit trail can't live somewhere fragile. → Buy.

• Custom? Not really. Recommendation tracking, MOC workflows, and inspection schedules are standardized. → Buy.

• Cost to build and maintain? High, and it never ends. → Buy.

• Black box risk? Low, as long as you can get your own data out. → Buy.

• Competitive edge? None. A better spreadsheet doesn't make you a better operator. → Buy.

  
  

Five for five. Building your own compliance management system is the software equivalent of deciding to manufacture your own bolts. It can be done. It is rarely worth it.

The same founder made this point with a dialer: nobody in their right mind tries to rebuild a phone system from scratch when a company has already spent years and millions making one that just works. Compliance plumbing is the same. Somebody already built it. Use it, and spend your energy elsewhere.

So what should you build?

Here's the flip side, and it's the part that matters.

Your intelligence, the stuff worth keeping in-house, isn't the software. It's the knowledge. How your specific refrigeration system actually behaves under load. Why a particular MOC was approved the way it was. The judgment calls your operators and engineers make that no platform can make for you.

That's your real asset. That's what you protect, document, and pass down. The tool is just where it lives.

When you buy good infrastructure, you're not giving up that knowledge; you're giving it a reliable home so it survives the next retirement, the next turnover, the next audit. The goal isn't to own the software. It's to make sure your program doesn't walk out the door when one person does.

The trap nobody warns you about

The reason homegrown systems are so tempting is that building the first version is genuinely easy. Anyone can throw together a tracking spreadsheet in an afternoon. It feels productive. It feels like progress.

But the first version is never the hard part. The grind is everything after: keeping it accurate, keeping it consistent, fixing it when it breaks, and getting it audit-ready when an inspector shows up. That's the work that quietly eats hundreds of hours and never shows up on anyone's job description.

The Slack founder, Stewart Butterfield, has a phrase for this kind of effort: "hyper-realistic work-like activities." Things that feel exactly like doing your job but aren't actually your job. Maintaining a custom spreadsheet system is a perfect example. Your job is to run a safe, compliant facility. It is not to become an unpaid software company on the side.

The bottom line

The build-vs-buy question isn't really about software. It's about where your time and attention should go.

Buy the parts that need to be reliable, that everyone needs, and that give you no real advantage to own your compliance plumbing belongs in that bucket. Build and protect the parts that are genuinely yours: the knowledge, the judgment, and the institutional memory that make your operation safe.

If you're spending more time keeping your tracking system alive than you spend acting on what it's telling you, the decision has already been made for you. It's just time to make it on purpose.

At Macha PSM, this is exactly the line we try to help facilities draw, keeping your team focused on running safely while Samwise handles the compliance infrastructure that used to live in a stack of disconnected spreadsheets. If you're rethinking how your program is managed, reach out and let's talk through it.

Previous Blog: Process Safety Ethics | Blog No. 126

For a comprehensive training on Anhydrous Ammonia, click here for our PSM Academy Ammonia Awareness training, to learn and earn a certificate of completion. Training is in English and Spanish. Use code SDS20 for a 20% discount on the entire purchase. For more information, email us at academy@machapsm.com.For a comprehensive training on Anhydrous Ammonia, click here for our PSM Academy Ammonia Awareness training, to learn and earn a certificate of completion. Training is in English and Spanish. Use code SDS20 for a 20% discount on the entire purchase. For more information, email us at academy@machapsm.com.