Software service provider as critical supplier

#1
Hello everyone.
We have a problem within our team and we want to hear a 3rd opinion. ;)
Our company uses an eQMS solution, we accepted their Terms and conditions. In our system, they are deemed as a critical supplier.
Now, to place the adequate controls, one part of our team wants to send the eQMS provider a typical supplier quality agreement.
Is it really necessary or can we just stick with the accepted Terms and conditions?
Thanks a lot for any input.
 
Elsmar Forum Sponsor

planB

Super Moderator
#2
Bill,

in case _their_ Terms & Conditions adequately cover the supplier control requirements _your_ QMS defines for critical (software) suppliers, you might be fine without a supplier quality agreement issued by you. Otherwise, a dedicated supplier agreement issued by your organisation might be warranted.

Hope this helps,
 

yodon

Staff member
Super Moderator
#3
Why are they deemed a critical supplier? Do you really have any control over them? I would assume this is a commercial supplier. One of the typical things seen in a quality agreement is that they don't change their processes without informing you first. A commercial supplier isn't going to agree to that. You likely don't have any control over what changes they make to the software, when they make them, or when they release updates.

If my assumption about them being a commercial supplier is wrong, then, um, ignore all that. :)
 

William55401

Quite Involved in Discussions
#4
Yodon is spot on. I have been in this space before for a s/w based FAI tool. The org I was supporting had to actively monitor the supplier for updates and determine when re-validation would occur. Through central password / account control we could positively prevent the user community from accessing s/w when re-validation was triggered. HTH
 

Jim Ivey

Grand Avenue Software
#5
Our company uses an eQMS solution, we accepted their Terms and conditions. In our system, they are deemed as a critical supplier. Now, to place the adequate controls, one part of our team wants to send the eQMS provider a typical supplier quality agreement. Is it really necessary or can we just stick with the accepted Terms and conditions?
Ditto what planB said earlier. Speaking from the perspective of a commercial eQMS supplier, the overwhelming majority of our customers have all of their requirements addressed by our Master License Agreement, and don't have a separate SQA. Occasionally a new customer will have additional requirements outside that scope, and if they make sense we work out an addendum to cover those specifically.

Separately, to another commenter's point about software changes: Just one supplier's perspective, but we'd never change the software out from underneath a customer. Each hosted customer has separate environments for Production vs. Upgrade Testing, and when a new version of the software is released (3-4 times/year), we refresh the customer's Upgrade Testing environment with a new copy of their Production data, and then update that environment to the new version. We provide a detailed list of all changes, so they can use that environment to review whether they want to update to that version and perform any validation, before requesting that we update their Production environment with the new version. Some customers may even skip a couple versions of the software before catching up later when some new features or modules drive their interest.

Anyway, just one datapoint. I'm sure other suppliers have different approaches/policies.

Jim Ivey
Grand Avenue Software
 

LUFAN

Involved In Discussions
#6
Separately, to another commenter's point about software changes: Just one supplier's perspective, but we'd never change the software out from underneath a customer.
This is obviously the right method for eQMS solutions to MedDev and Pharma, however I have personal experience with company's marketing their software to those industry that publish change sometimes multiple times per quarter without advanced communication. That was a nightmare and never ending battle. System existed before I got there unfortunately otherwise I would have convinced management to find something else.

I certainly think there is a major difference in company's which start by designing software for the regulated industries vs ones that adapt to it. My example above is most definitely the later. Great software and functionality, but they were not thinking about "us" when they decided that was their software upgrade approach.
 
Thread starter Similar threads Forum Replies Date
S We're certified AS9100 / AS9006!!! Software and Service Provider for Aerospace AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
F 21 CFR Part 11 - Implicit requirements - Validation plan for a Software as a Service Other US Medical Device Regulations 1
sagai Is service related software a non medical device? IEC 62304 - Medical Device Software Life Cycle Processes 4
J Interpreting clause 7.5.2.1 (validation of software used in production & service) ISO 13485:2016 - Medical Device Quality Management Systems 2
M ISO 9001 Requirements for associated service - Design and develop software Design and Development of Products and Processes 7
M Service Level Agreement between Software Vendors and Client - Need help Urgently Software Quality Assurance 5
J Nonconformance Elimination as a business - Service - Software Service Industry Specific Topics 3
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
Watchcat New Draft Guidance on Content of Premarket Submissions for Software Device "Functions" Other US Medical Device Regulations 2
Watchcat Software validation vs design V&V? Other US Medical Device Regulations 27
M Initial Importer/Distributor and Software Validation IEC 62304 - Medical Device Software Life Cycle Processes 1
F Configurator for a power unit - Software or other solution? Manufacturing and Related Processes 0
D Test Management Software Software Quality Assurance 1
E ISO 13485 software validation ISO 13485:2016 - Medical Device Quality Management Systems 7
D Tracking software versions used with instruments ISO 13485:2016 - Medical Device Quality Management Systems 0
dgrainger Informational MHRA's Software and AI as a Medical Device Change Programme UK Medical Device Regulations 0
S Do you follow your QMS for non-device software features? Medical Information Technology, Medical Software and Health Informatics 4
J Can we register non-device clinical decision support software under draft guidance? Other US Medical Device Regulations 5
I Software (SaMD) mobile application verification testing: objective evidence Medical Information Technology, Medical Software and Health Informatics 2
J EU equivalent to Clinical Decision Support Software EU Medical Device Regulations 3
Y ISO 13485:2015 Software Validation IQ/OQ/PQ ISO 13485:2016 - Medical Device Quality Management Systems 13
S Recommended software to send Quality scorecards to suppliers (external providers) Supplier Quality Assurance and other Supplier Issues 3
J Software as a Medical Device - SaMD IEC 62304 - Medical Device Software Life Cycle Processes 3
BeaBea QMS/ Training Management Software Service Industry Specific Topics 4
shimonv Working with a software developer who is not setup for IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 9
R Debug mode in software/device validation IEC 62304 - Medical Device Software Life Cycle Processes 2
Q Gage calibration / tracking software General Measurement Device and Calibration Topics 5
M Software verification and validation AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
Y RT-qPCR Software result EU Medical Device Regulations 0
B A.I. diagnostic software is considered as medical device in FDA? US Food and Drug Administration (FDA) 6
F WANTED Senior Software engineer Career and Occupation Discussions 2
P Blood establishment computer software EU classification EU Medical Device Regulations 0
S Examples of FDA acceptable Software Design Specification (SDS) Medical Device and FDA Regulations and Standards News 6
D Integrated Management System Software Quality Manager and Management Related Issues 2
B Sampling strategies/techniques for software QA Software Quality Assurance 3
K MDCG-2020-3 (about the software of UI) EU Medical Device Regulations 3
D PFMEA Software search IATF 16949 - Automotive Quality Systems Standard 7
C MDR software classification EU Medical Device Regulations 12
H Class II a vs "software safety class A" IEC 62304 - Medical Device Software Life Cycle Processes 4
Z Software for design control ISO 13485:2016 - Medical Device Quality Management Systems 5
V Medical Device Literature Translation Software ISO 13485:2016 - Medical Device Quality Management Systems 1
D FDA Guidance on Computer Software Assurance versus 21 CFR Part 11 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
P Software verification and validation procedure IEC 62304 - Medical Device Software Life Cycle Processes 6
Aymaneh UDI-PI Software CE Marking (Conformité Européene) / CB Scheme 0
Q Software as a medical device vs software not sold as medical device: local regulations for sale? EU Medical Device Regulations 4
Y Software updates considered servicing (7.5.4) ISO 13485:2016 - Medical Device Quality Management Systems 4
S How to perform verification of the Statistical Analysis Software? Qualification and Validation (including 21 CFR Part 11) 7
I Document Control Software Document Control Systems, Procedures, Forms and Templates 2
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
L Micro-Vu InSpec Software Program Qualification and Validation (including 21 CFR Part 11) 6

Similar threads

Top Bottom