Integrating Third-Party Software into Software we Provide

F

FrameReader

#1
Hello,

I work for a company that monitors our clients' computer networks with a view to information security. We have developed a software application for this purpose. We integrate third-party software into our software, which has a considerable effect on our final product (& therefore ability to meet requirements). I am wondering if this third-party software should be viewed as:

1) an outsourced process OR
2) a purchased product

:read:

If it is most appropriate to deem the third-party software as an outsourced process, then I think that I need to focus on 'validating' the third-party software as per clause 7.5.2 (Validation of processes for production and service provision).

If it is more appropriate to deem the third-party software as a 'purchased product', then I think that I need to focus on evaluating the supplier of the third-party software, as per clause 7.4.1 (Purchasing process).

Any thoughts/opinions would be appreciated.

Thank you.
 
Elsmar Forum Sponsor
#2
Hello,

I work for a company that monitors our clients' computer networks with a view to information security. We have developed a software application for this purpose. We integrate third-party software into our software, which has a considerable effect on our final product (& therefore ability to meet requirements). I am wondering if this third-party software should be viewed as:

1) an outsourced process OR
2) a purchased product

:read:

If it is most appropriate to deem the third-party software as an outsourced process, then I think that I need to focus on 'validating' the third-party software as per clause 7.5.2 (Validation of processes for production and service provision).

If it is more appropriate to deem the third-party software as a 'purchased product', then I think that I need to focus on evaluating the supplier of the third-party software, as per clause 7.4.1 (Purchasing process).

Any thoughts/opinions would be appreciated.

Thank you.
An outsourced process is one which, traditionally, is performed on your product (because you don't do that process). In my experience, since you are buying someone elses software product, that would be a purchased product. It's not a process you are buying...
 
Thread starter Similar threads Forum Replies Date
M Informational Draft ANSM’S GUIDELINE Cybersecurity of medical devices integrating software during their life cycle Medical Device and FDA Regulations and Standards News 0
B Integrating ISO 9001/27001 External Audits - Audit Time Reduced? Discounts? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S Integrating a Contract Manufacturer's documentation into our Quality System ISO 13485:2016 - Medical Device Quality Management Systems 3
A Integrating API Spec Q1 with ISO 9001:2015 Oil and Gas Industry Standards and Regulations 18
S Integrating ISO 20000 and ISO 31000 with ISO 9001 IT (Information Technology) Service Management 2
P Experience / advice for integrating API Q1 9th with a WCM program Oil and Gas Industry Standards and Regulations 5
C Integrating ISO 9001, 14001 & OSHAS 18001 - Do you need a Manual & Procedures? Document Control Systems, Procedures, Forms and Templates 5
K Integrating acquired existing product into Quality Management System Records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Integrating Multiple HSEQ Systems into a Single Harmonised Global System ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Integrating a Multi-Management System - What documents & records must we have? Various Other Specifications, Standards, and related Requirements 6
B Integrating other standards into ISO9001 QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
GStough Integrating 3 System Standards - ISO 9001, ISO 14001, OHSAS 18001 Other ISO and International Standards and European Regulations 20
V Integrating ISO 14001 and EPA Responsible Recycling (R2) ISO 14001:2015 Specific Discussions 4
M Integrating ISO 22000 and ISO 9001 - Food Safety Presentation for ISO Conference Food Safety - ISO 22000, HACCP (21 CFR 120) 1
P Integrating ISO 9001, TS16949, ISO 14001 & NOSA ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J Integrating a Project Model in a Process Based Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Integrating Multiple Company Policies such Quality and an Environmental Policy ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Integrating Quality, Environment and Safety documents - Risk Assessment Misc. Quality Assurance and Business Systems Related Topics 4
V Pros and Cons of integrating ISO 14001 and ISO 9001? ISO 14001:2015 Specific Discussions 4
V Integrating the FMEA process with problem investigation/RCA process and PFMEA FMEA and Control Plans 4
M Integrating a Distributive Control System (DCS) into an existing 9001:2000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Integrating ISO 14001 & 9001 into OHSAS 18001 Occupational Health & Safety Management Standards 65
J A First Course in Quality Engineering: Integrating Statistical and Management Methods Book, Video, Blog and Web Site Reviews and Recommendations 1
I Integrating EN ISO 9001 with JAA Regulations, QS, CAMO & MRO (Aviation Regulations). AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
S Integrating both ISO 13485 and TS 16949 into the same quality manual Quality Management System (QMS) Manuals 7
B Integrating corporate's quality SOPs into our facility ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
J Integrating EFQM (European Foundation for Quality Management) Concepts within TS16949 IATF 16949 - Automotive Quality Systems Standard 9
A Integrating Continuous Improvement and Standardization - "The Toyota Way" Philosophy, Gurus, Innovation and Evolution 28
Sidney Vianna Integrating Q, E & S Management Systems - who is doing it? Various Other Specifications, Standards, and related Requirements 28
G Integrating MBNQA to the Quality Manual Quality Management System (QMS) Manuals 1
C Integrating offshore development into our QMS? Software Development Software Quality Assurance 1
R Integrating Customs-Trade Partnership Against Terrorism into ISO 9001 Various Other Specifications, Standards, and related Requirements 6
M Integrating ISO 13485:1996 with ISO 9001:1994 ISO 13485:2016 - Medical Device Quality Management Systems 6
D Integrating the FMEA Process to address identification of Aspects and Impacts Miscellaneous Environmental Standards and EMS Related Discussions 5
B Integrating Environment / H&S / Quality / Energy Miscellaneous Environmental Standards and EMS Related Discussions 12
xfngrs Integrating ISO 14001 with QS-9000 for a 'single' system Miscellaneous Environmental Standards and EMS Related Discussions 4
L Integrating ISO 14001 into QS-9000 w T/E or ISO 9001 ISO 14001:2015 Specific Discussions 15
B Integrating EMS and QMS Audits - Is it worth it? Miscellaneous Environmental Standards and EMS Related Discussions 2
B Integrating Audits - Is it worth it? General Auditing Discussions 1
C Importer shell game - Using a third party logistics provider (3PL) in the EU EU Medical Device Regulations 5
A Looking for a third party to calibrate our measure equipment - South Carolina General Measurement Device and Calibration Topics 6
F Firmware as SOUP - Sensor with third party produced firmware IEC 62304 - Medical Device Software Life Cycle Processes 2
Marc Medical device vulnerability highlights problem of third-party code in IoT devices Other Medical Device and Orthopedic Related Topics 1
R UDI for US - Third Party device Repackager Other US Medical Device Regulations 9
S QUALITY OBJECTIVEs for third party garments factory inspection ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Looking for third party reviewers for FDA submissions US Food and Drug Administration (FDA) 2
S Regulatory strategy for Third party plugin in a PACS EU Medical Device Regulations 1
M Informational US FDA – URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Dev Medical Device and FDA Regulations and Standards News 0
G Third party auditor mentions no grace period for calibration Calibration Frequency (Interval) 22
M Informational EU – DEKRA Certification GmbH is the third Notified Body designated under the MDR Medical Device and FDA Regulations and Standards News 0

Similar threads

Top Bottom