Electronic Documents and Confidentiality

Hi all. Not totally a 21 CFR question, but somehow closely related.

Is it normal for an electronic document management software provider to
ask for a copy of our database (which means all our official QMS and
validation documents) in order to upgrade us to a newer version of
their product?

As QA my first answer is “not a chance”, those documents are
proprietary. I would rather have such consultants over to our place
and analyse the database at our premises, or even remotely. The
copying is a little hard to justify IMO. I wanted to have other
opinions on this, if possible. Any comments are appreciated.

Thanks a lot!

As a software vendor, I/my company have asked for this type of information
before. We normally request a backup copy and we are normally covered by a
non-disclosure agreement. It is relevant information for smaller software
vendors in order to test code fixes which have affected the database
structure or database calls within the software. They often do not have the
resources to create the depth and breadth of a test database which would
closely match a typical user environment. An alternative is that we ask our
customers to create a test environment that we can safely apply our new code
to within their environment. For some customer organizations, even this
simple task is layered in bureaucracy making the data request more

As a user, I used to create a skinny version of our production database that
contained typical documents or data but none of it was proprietary.

It comes down to trust in the end.