ABSTRACT
INTRODUCTION Once the computer system has been designed, it can be built. The supplier generally bears all the responsibility for the activities associated with this phase; these cover software programming, source code review, and system assembly. These activities may not involve the pharmaceutical or healthcare company at all, depending on the nature of the relationship with the supplier. In such circumstances, supplier audits may be used to verify that the supplier has the required capability maturity for the task through having suitable controls in place. This, however, will not be possible for commercial off-the-shelf (COTS) software and hardware of unknown pedigree. The acceptability of such products should have been determined as part of the design review.
