Professional Documents
Culture Documents
Supplier Approval Based On Risk For MedTech Companies
Supplier Approval Based On Risk For MedTech Companies
knacknewbery@icloud.com
Written by: Brian Newbery
Founder of Fast-Track QMS
Consultants
https://fasttrackiso13485.com 1 of 6 P027.1
Supplier Approval Based on Risk for
Medical Device Companies
Supplier approval and ongoing management of suppliers for medical device companies, is
another one of those critical processes which if done right can help you manufacture your
medical device to the high quality you and your customers are expecting.
It’s also one of the elements of ISO 13485:2016 that requires medical device companies to use
a risk based approach for supplier selection, as well as ongoing supplier management.
Many North American and European based device companies will outsource their
manufacturing to other countries where the labor costs will be a lot less. This can lead to a
higher degree of appropriate due diligence while selecting and managing these suppliers.
The manufacturing costs may be significantly reduced by using overseas suppliers, but without
the required level of attention and monitoring it can lead to unforeseen new costs that will
reduce or eliminate any benefits from the outsourcing. Other issues could be dealing with audit
concerns, more time and effort on quality control, or even in some cases a change in product
design, and possibility of a field recall. So outsourcing is another risk factor to consider.
ISO 13485:2016 includes risk management throughout the standard including supplier
management. FDA also have emphasis on risk and expect this to increase as they head
towards incorporating the ISO 13485:2016 requirements.
https://fasttrackiso13485.com 2 of 6 P027.1
Let’s take a look at the compliance requirements in ISO 13485:2016 and the FDA
regulations. The requirements dealing with risk are highlighted with bold blue font.
The organization shall document procedures (see 4.2.4) to ensure that purchased product
conforms to specified purchasing information .
The organization shall establish criteria for the evaluation and selection of suppliers. The
criteria shall be:
a) based on the supplier’s ability to provide product that meets the organizations
requirements.
b) based on the performance of the supplier.
c) based on the effect of the purchased product on the quality of the medical device.
d) proportionate to the risk associated with the medical device.
The organization shall plan the monitoring and re-evaluation of suppliers. Supplier performance
in meeting requirements for the purchased product shall be monitored. The results of the
monitoring shall provide an input into the supplier re-evaluation process.
https://fasttrackiso13485.com 3 of 6 P027.1
Examples of controls over incoming supplier materials:
Increasing controls.
Risk Level Dock to C of C only C of A only Random lot All lot 100% Certified
stock inspection inspection inspection
Low Risk X X X X X X X
Medium Risk X X X
High Risk X X
X = optional acceptance methods
Low Risk:
Suppliers who pose little or no risk to the quality of the products and no risk to the
customer/end user.
Medium Risk:
Suppliers who pose some risk to the quality of the products and low risk to the customers and
also have a high probability of being detected by inspection or testing.
High Risk:
Suppliers with the potential to pose a high risk to the products and to the customer.
Critical Supplier:
Supplier who may also be in the High-Risk category but could also be a sole supplier of a key
component that could seriously affect production if issues occur with their material or service.
Certified Supplier:
A Low or Medium Risk supplier that over time has proven to meet all of the quality
requirements and for a Low-Risk supplier can upon review have their products go directly from
dock to stock without inspection or for Medium Risk suppliers can use minimum sampling
inspection.
https://fasttrackiso13485.com 4 of 6 P027.1
OVERALL SUPPLIER APPROVAL PROCESS
https://fasttrackiso13485.com 5 of 6 P027.1
SUPPLIER APPROVAL PROCESS AND ONGOING MONITORING
Approval process:
Once a risk assessment is completed the approval process can be carried out based on the
degrees of risk involved for the material that you will be sourcing from this supplier. The basic
steps in the approval process are shown in the diagram above and include a documented
supplier survey.
Depending on the risk level an audit of the supplier may be required. For high-risk suppliers it
may be good practice to schedule an annual audit or more frequent depending on the findings.
After the supplier survey is completed by the supplier and returned, it is reviewed by Quality
and Purchasing and if acceptable approved. Any concerns or questions should be resolved
before approval is completed.
Once approved the supplier is added to a documented Approved Supplier List and should
include the specific material the supplier is approved for. Later if any additional products are to
be purchased from the same supplier they will need to go through a review and approval
process, including a risk assessment, before those new materials are added to the approved
supplier list.
Only suppliers that have gone through the supplier approval process and have been approved
and added to the approved supplier list, can Purchasing then proceed to use that supplier as a
source for production materials.
This complete Supplier Approval process also applies to service suppliers, and is a requirement
of the FDA, and also makes good sense for those services that can potentially effect quality of
the product.
One more note on the supplier approval process, and it concerns the fact that some medical
device businesses subcontract the manufacturing of their medical device, either for the
complete device or part of the processing. In either case the degree of involvement for supplier
approval and monitoring takes on a much higher level of required activity, including in depth
risk evaluation, and ongoing monitoring.
https://fasttrackiso13485.com 6 of 6 P027.1
Monitoring:
Ongoing monitoring of supplier performance is also a requirement under ISO 13485:2016 along
with supplier re-evaluation on a regular basis. This should be part of the general ongoing
quality system monitoring, measurement and analysis process.
Incoming inspection for materials from that supplier should be considered for a tighter
inspection plan until evidence of the suppliers corrective action is received and verified for
effectiveness. Although not a specific requirement of ISO 13485 I would also recommend that a
summary of ongoing supplier quality is part of the Management Review process.
We can also provide procedures for all elements of the ISO 13485:2016 Quality System. Our
complete Turnkey Document Bundle includes 41 procedures and 36 supporting forms that also
cover FDA 21 CFR 820 requirements.
https://fasttrackiso13485.com/
https://fasttrackiso13485.com 7 of 6 P027.1