Time and resources will play a role in deciding how
to approach audits. One approach is to organize software
suppliers based on a risk assessment—risks to patient safety,
product quality, and data integrity for a particular system, based
on the results of prior audits. If vendors have gone through
audits and produced positive results in the past, then that can
be factored into the risk assessment for that particular vendor.
In that way, a determination based on risk can define the audit
cycle for many suppliers.
