Standards describing the different processes for software QA on software that you buy/obtain
We as an organisation need to provide our regulator with a description of the processes describing how we "handle" software (usually computational software) that we buy or obtain from others. These processes are typically getting the right software, installation on our systems, installation testing and verification, validation, how to handle updates from the supplier (bug fixes vs upgrades in functionality and whether or not to upgrade), retirement, ... Can someone point me to relevant ISO/IEEE/... standards or guidelines where such processes are described? I have been looking at some IEEE standards (1074-2006, 1058-1998, 730-2002,...) but the focus there always lies on software that the organisation itself develops. I need some internationally recognized standard from which I can derive a kind of software configuration plan (I hope that's the right terminology) for our software in which the general processes I mentioned are specialized for our organisation. Thanks.
I think you should research about CMMI for Acquisition: http://cmmiinstitute.com/cmmi-solutions/cmmi-for-acquisition/