Sponsors and other regulated entities often perform audits of the vendor’s electronic
systems and products to assess the vendor’s design and development methodologies used
in the construction of the electronic system or the product, as well as the vendor’s
validation documentation. To reduce the time and cost burden, sponsors and other
regulated entities should consider periodic, but shared audits conducted by trusted third
parties.
Sponsors and other regulated entities should base their decision to perform vendor audits
on a risk-based approach as described in this guidance (see section IV.A.Q1). For
example, vendor audits may be important when using customized electronic systems or
when integrating COTS systems with other systems.