Software Vendor Assessments Part 1: Why Do We Audit Software Vendors?

January 10, 2014 by

Out of all potential vendors, the audit for software vendors has the most value, for one  clear-cut reason – to determine the level of quality they will produce.

When it comes to raw materials, packaging materials, tools, equipment, etc., there is a level of measurable quality because you can physically interact with those products, and sensibly evaluate them. With software that is not the case. What is being provided to us is really an interface, with a large body of coding behind it, making the real work intangible.   After we get the software from the vendor, there is no other option but to use it, so at this point you have to add quality to software. This is done by employing the proper SDLC (Software Development Life Cycle) methodologies and quality processes during development. By conducting a vendor assessment this is exactly what we are able to determine –  that they are in fact using good processes and building quality products.


Surprising a vendor with an impromptu inspection of their facility and/or processes may yield true results and give you a look into how things are done on a daily basis when you are not watching, but they are seldom received well. The pharmaceutical industry is still a professional environment and we need to give due courtesies, especially to vendors that we plan on fostering successful long-term relationships with. When you are looking to audit a vendor, submitting a letter of intent (LOI) to audit is essential. It is the staging ground to let your vendor know that you are seriously considering them as an option. Not only are you putting in the hours to inspect them, but you are also making it clear that you expect to see that they have the proper processes in place to ensure the production of quality products.  Sending the letter of intent establishes a clear timeline of when you plan to audit them.  Generally vendors are given two weeks to allow them to properly prepare for the audit, and the LOI also gives them an understanding of what you will be looking to inspect  so they can have everything prepared for you ahead of time. This will save you a great deal of time on the day of the audit and avoid any unnecessary waiting as they scramble to compile documentation from archives, or offsite storage.

Check back next week for the next post in the blog series, which will cover the critical role that checking documentation and operating procedures play in the quality assessment of a vendor.

Leave a Reply

Your email address will not be published. Required fields are marked *