OPENREGULATORY
Sign in Get started

Documenting Software of Unknown Provenance (SOUP) for IEC 62304

Dr. Oliver Eidel · Clinical Evaluation · Published May 08, 2021
Ready for some pain? We need to document our libraries because they're SOUP.

SOUP stands for Software of Unknown Provenance. In human language, those are your libraries. Nowadays, these are open-source libraries which you include in your package.json or Gemfile.

But how do you document it?

It depends on your IEC 62304 software safety class again. For class A, it's pretty uncomplicated.

For class B and C, it gets more tricky, so we'll see what needs to be done.

First, we'll do it for the backend Ruby code by going through our Gemfile and documenting Rails as SOUP. After that, we'll look into the package.json of the JavaScript code and document a library from there.

We'll cover:
- What to document for each library.
- What to use as "anomaly list" and how to evaluate it.
- How to introduce a risk classification of SOUP
- How to specify SOUP requirements
- How to verify SOUP without doing tests (i.e. writing code) yourself

Finally, I'll explain the point of SOUP documentation while reducing my ranting to a local minimum.

Check out the SOUP list template on our website:
https://openregulatory.com/soup-list-template/

Keep watching

All videos
SOUP List (Software of Unknown Provenance)

SOUP List (Software of Unknown Provenance)

Dr. Oliver Eidel

updated about 2 years ago
A

How to document SOUP for IEC 62304 compliance?

Anonymous
about 2 years ago
Our python backend contains lots of dependencies, for example flask and the requests library. According to the IEC 62304, third-party dependencies are “SOUP” and must be documented. We have no idea ho
Accepted 1 answer

You need to create a list of your dependencies. That list can be a spreadsheet, a markdown file, or pretty much anything else which you can save as do

Technical Documentation

Software Verification For Medical Device Software (IEC 62304)

Updated over 1 year ago

Dr. Oliver Eidel

Dr. Oliver Eidel

Dr. Oliver Eidel

I’m a medical doctor, software engineer and regulatory dude. I’m also the founder of OpenRegulatory.

Through OpenRegulatory, I’ve helped 100+ companies with their medical device compliance. While it’s also my job that we stay profitable, I try to dedicate a lot of my time towards writing free content like our articles and templates. Maybe that will make consulting unnecessary some day? :)

If you’re still lost and have further questions, reach out any time!
More about me

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.