Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, redesign and development
      • Templates
        • T-012-019 SOUP
        • T-012-021 Product Design Phase 1 Checklist
        • T-012-022 Software Design Phase 2 Checklist
        • T-012-023 Software Development Plan
        • T-012-024 Software Candidate Release Phase 3 Checklist
        • T-012-025 Software Verification Phase 4 Checklist
        • T-012-026 Product Validation Phase 5 Checklist
        • T-012-028 Software Requirement Specification
        • T-012-029 Software Architecture Description
        • T-012-030 Software Configuration Management Plan
        • T-012-031 Product Requirements Specification
        • T-012-033 Software Tests Plan
        • T-012-034 Software Test Description
        • T-012-035 Software Test Run
        • T-012-037 Labeling and IFU Requirements
        • T-012-038 Verified Version Release
        • T-012-039 Validated Version Transfer
        • T-012-040 Documentation level FDA
        • T-012-041 Software Classification 62304
        • T-012-043 Traceability Matrix
        • T-012-044 SOUP Request and Approval Form
        • obsolete
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Predetermined Change Control Plan
    • GP-025 Usability and Human Factors Engineering
    • GP-027 Corporate Governance
    • GP-028 AI Development
    • GP-029 Software Delivery and Commissioning
    • GP-030 Cyber Security Management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-026 Market-specific product requirements
    • GP-110 Esquema Nacional de Seguridad
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Procedures
  • GP-012 Design, redesign and development
  • Templates
  • T-012-044 SOUP Request and Approval Form

T-012-044 SOUP Request and Approval Form

Request Information​

FieldValue
Request DateYYYY-MM-DD
Requester Name
Requester Role
Project/Device

SOUP Identification​

FieldValue
SOUP Name
Version
Vendor/Maintainer
Repository/Website
License Type
Programming Language

Intended Use​

Purpose within the device​

Instructions

Describe how this SOUP will be used within the medical device software. Include which software items/microservices will integrate this SOUP.

Justification for selection​

Instructions

Explain why this SOUP was selected over alternatives. Consider factors such as functionality, community support, documentation quality, and maintenance status.

Alternatives considered​

AlternativeReason for rejection

Preliminary Risk Assessment​

Patient data impact​

  • SOUP will process or have access to patient data
  • SOUP will NOT process or have access to patient data

If yes, describe the data involved:

Safety criticality​

  • SOUP is involved in clinical decision support or diagnostic output
  • SOUP is involved in safety-critical functionality
  • SOUP is NOT involved in safety-critical functionality

If safety-critical, describe the impact:

Security considerations​

  • SOUP handles authentication, encryption, or security-sensitive operations
  • SOUP has network/internet access capabilities
  • Known vulnerabilities have been checked (CVE databases)

CVE check date: YYYY-MM-DD
Known vulnerabilities: ☐ None found ☐ Found (describe below)

Risk classification​

Based on the assessment above:

  • High-risk SOUP - Requires full validation per GP-019
  • Medium-risk SOUP - Requires verification through software testing
  • Low-risk SOUP - Standard integration with functional verification

License Compliance​

QuestionResponse
Is the license compatible with commercial medical device use?☐ Yes ☐ No
Are there any attribution requirements?☐ Yes ☐ No
Are there copyleft/viral license concerns?☐ Yes ☐ No

License review notes:

Approval​

Technical Review (JD-007)​

FieldValue
Reviewer
DateYYYY-MM-DD
Decision☐ Approved ☐ Rejected ☐ Requires modifications

Technical comments:

Quality/Risk Review (JD-004)​

FieldValue
Reviewer
DateYYYY-MM-DD
Decision☐ Approved ☐ Rejected ☐ Requires modifications

Quality/Risk comments:

Final Decision​

  • APPROVED - Proceed with SOUP integration and create T-012-019 SOUP documentation
  • REJECTED - Do not integrate this SOUP (see rejection rationale below)
  • CONDITIONAL - Approved with conditions (see conditions below)

Rationale/Conditions:

Record signature meaning​

  • Author: JD-007 Requester name
  • Review: JD-007 Technical reviewer name + JD-004 Quality reviewer name
  • Approval: JD-004 Approver name

Template signature meaning​

Delete this

Delete this section when you create a new record from this template.

  • Author: JD-004 María Diez
  • Review: JD-007 Alfonso Medela
  • Approval: JD-001 Andy Aguilar
Previous
T-012-043 Traceability Matrix
Next
T-012-042 Regulatory Requirement
  • Request Information
  • SOUP Identification
  • Intended Use
    • Purpose within the device
    • Justification for selection
    • Alternatives considered
  • Preliminary Risk Assessment
    • Patient data impact
    • Safety criticality
    • Security considerations
    • Risk classification
  • License Compliance
  • Approval
    • Technical Review (JD-007)
    • Quality/Risk Review (JD-004)
  • Final Decision
  • Record signature meaning
  • Template signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)