Date of Original Version

5-2003

Type

Technical Report

Abstract or Description

This case study describes the development of a method for evaluating computer and software suppliers for the pharmaceutical industry. The study describes the role of government regulation within the industry and the need for standardized audits of computer and software suppliers.

The audit method consists of six steps: initiation, pre-work, auditing, observations and reporting, decision, and follow-up. Each of these steps is described in detail, as are several features of the method: a data collection tool, an audit repository, and extensive auditor training supervised by an industry-regulated oversight agency.

Finally, the report describes the benefits of this audit method, together with a set of lessons learned about the audit of computer and software suppliers.

Comments

CMU/SEI-2003-TR-011

Share

COinS