TABLE OF CONTENTS A vendor is responsible for the majority of the system development life cycle. Therefore, the purpose of the vendor audit is to confirm that the system has been developed according to a quality management system (QMS) and is supported correctly.
This withdrawn guidance document notes23:
end users should infer the adequacy of software structural integrity by evaluating the supplier s software development activities to determine its conformance to contemporary standards. The evaluation should preferably be derived from a reliable audit of the software developer, performed by the end user s organization or a trusted and competent third party.
We do not consider commercial marketing alone to be sufficient proof of a program s performance suitability.17
Section 1131: However, an assessment of the supplier s QMS and recognised certification alone is unlikely to be the final arbiter for critical systems. The certification may very well be inadequate, or inappropriate.
In such cases, the regulated user may wish to consider additional means of assessing fitness for purpose against predetermined requirements, specifications and anticipated risks. Techniques such as supplier questionnaires, (shared) supplier audits and interaction with user and sector focus groups can be helpful. This may also include the specific conformity assessment of existing, as well as bespoke software and hardware products. GAMP and FDA guideline documents identify a need to audit suppliers for systems carrying a...
