Just a sanity check here.
I know the term SOUP is really all about the "Unknown Provenance" bit (and I know within FDA scope they use OTS terminology instead and a more stringent set of info/activities needed to be provided/done)
but thirdparty software used e.g. to TEST your software and used to BUILD your software, that is not SOUP right? Aren't TOOLS separate from SOUP, I always though SOUP also meant "it's code that ends up INSIDE your software" and the stuff you use to test/build etc is a TOOL.
Tools should be risk assessed as appropriate with some kind of validation effort commensurate with their risk / criticality
but SOUP is handled according to 62304 including identifying, maintenance, updates, checking anomaly lists, fitting into your architecture etc etc.
Am I getting confused?
SOUP != TOOLS is how I've always understood it
I know the term SOUP is really all about the "Unknown Provenance" bit (and I know within FDA scope they use OTS terminology instead and a more stringent set of info/activities needed to be provided/done)
but thirdparty software used e.g. to TEST your software and used to BUILD your software, that is not SOUP right? Aren't TOOLS separate from SOUP, I always though SOUP also meant "it's code that ends up INSIDE your software" and the stuff you use to test/build etc is a TOOL.
Tools should be risk assessed as appropriate with some kind of validation effort commensurate with their risk / criticality
but SOUP is handled according to 62304 including identifying, maintenance, updates, checking anomaly lists, fitting into your architecture etc etc.
Am I getting confused?
SOUP != TOOLS is how I've always understood it
