All terms

Software of Unknown Provenance

Software not developed for the purpose of being incorporated into a medical device.

Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

Definition

Per IEC 62304, SOUP is software that is already developed and generally available and that has not been developed for the purpose of being incorporated into the medical device - or software previously developed for which adequate records of development processes are not available.

What this means in practice

SOUP components must be documented, risk-assessed, and tracked. SBOM and vulnerability monitoring obligations make SOUP management essential.

Cross-references

Used by

Things that build on this term.

IEC 62304

Primary references

3 sources

Link health: 3 verified· last checked 2026-05-09

ISO·1MDCG·1FDA·1

Inline markers like [1] jump to the matching reference above.

On this term

Category: Software & AI
Acronym: SOUP
Sources: 3
Updated: 5/5/2026

Compare with another term

Learn in 60 seconds

Software not developed for the purpose of being incorporated into a medical device.

·SOUP components must be documented, risk-assessed, and tracked.
·SBOM and vulnerability monitoring obligations make SOUP management essential.

Remember this

Software not developed for the purpose of being incorporated into a medical device.

Related terms

You may also need

Auto-suggested from Software & AI and shared keywords.

All Software & AI terms

From the Blue Goat network

Related resources and services on this topic.