Good Points.....
i must have asked for clarifications on the area-scope-scale etc on the vendor/product selection criteria, but have responded with a broad scope of audit checklist.....
Infact, audit checklist is one of the key-criteria for vendor selection..,
and going by the OPs query, vendor does not have ISO certifications,I would enquire more about related aspects such as...history on customers, upgrade/support, complaints, etc.,
Now, lets try to turn your points into action(able) items....
I have a bit of concern with the checklists that V9991 provided. They generally touch on good SWE practices but some of the questions were, IMO, a bit over-reaching.
Definitely some good ideas from the links / checklists but you want to be sure you understand what's required of them, ask no more than that of them, and understand the results..
actually the OP's query is about S/W audit checklist, and hence the responses. and also note that, the recommendation is to prepare an inhouse-ase-specific checklist
the references provided are only the (detailed) outlines which can be used for summarizing any internal checklist.
generally, the customer does not always has the in-house competencies or capabilities to perform the audit. That is the time where we reach out for experts / outsource the activities.
I don't mean to sound brusk but even if you get a checklist filled in by the vendor and signed by their QA folks, would you know what it meant?
Whatever be the implementation plan, customer, still have to have the idea of the details, because, final decision is of the customer ; That is where the above reference checklists come into play... of providing the platform for same. (understanding of depth of details can always leave something to be desired, but customer is the one who accepts or takes alternative steps of audit observations/CAPAs )