To facilitate the assessment and mitigation of compliance risks associated with a third-party service organization, its services, and the systems used to provide the services, this article proposes adopting an approach from the financial sector that, with a little modification, could be used to assess suppliers of GxP-regulated IT services.

FDA's Regulatory Procedures Manual Provides information on internal procedures to be used in processing domestic and import regulatory and enforcement activities. While the RPM is intended mainly to provide guidance to...