Written agreements (contracts, service level agreements) should define roles and responsibilities within a relationship between Test Facility management and a supplier (OECD Document No 17, paragraph 34). A documented risk-based approach should be used to assess suppliers providing a GLP-relevant computerised system infrastructure, platforms, or software to a test facility.
Vendor assessment is the responsibility of Test Facility management and may result in an audit of a supplier. Vendor assessment should be properly scaled, based upon a risk assessment and be performed by suitable personnel (input from the Test Facility management‘s quality assurance unit may be considered). The assessment should estimate risks to data integrity.
