Supplier management is a key aspect for any type of organizations, including medical device companies that often have to outsource manufacturing operations or other type of activities. From regulatory standpoint, ISO 13485:2016 as well as country related QMS regulations gave a very importance to vendor management topics. 

Supplier and purchase management is linked with other key processes of the companies: for sure in primis manufacturing operations, but also audit management, KPI and data analysis for the evaluation of the supplier performances, design and development, validation activities.

In this post we will go through the main requirements associated to supplier management, taking in consideration two main different regulations: 

ISO 13485 Requirements for Supplier Management 

In the  framework of ISO 13486:2016, the requirements related to purchase control and supplier management are in general within the section 7.4 of the standard. 

More specifically, there are three chapters of interests: 

• 7.4.1 – Purchasing Process
• 7.4.2 – Purchasing Information 
• 7.4.3 – Verification of Purchased Products 

Purchasing Process

Regarding the Purchasing Process, the requirements of this section are mainly related to the so-called supplier selection and supplier evaluation. The standards properly defined the criteria that shall be used for supplier; specifically the criteria shall be decided by the organization according to : 

• the supplier’s ability to provide product that meets the organization’s requirements
• the performance of the supplier;
• the effect of the purchased product on the quality of the medical device
• the risk associated with the medical device.

Two other very important processes in the framework of supplier managements are supplier monitoring and supplier re-evaluation. The monitoring of the supplier is the evaluation of the performance on a continuous and proactive basis to ensure to take actions immediately if any issue occurs. Supplier monitoring may include 2nd party audits for the most critical suppliers. The supplier re-evaluation is typically performed on an yearly base and it is related to the overall performance of the supplier. 

Purchasing Information

The section 7.4.2 of the standard describes the requirements related to purchase information, in other words the what are the necessary information to be handled in the framework of a compliant purchasing process.  The standard identifies four different type of information, as reported in the scheme below: 

Information on purchased products very often include a specific quality agreement that defines quality/regulatory related conditions that regulate the relationship with the vendor. It is essential that the quality agreement contains reference to the specifications of the purchased products and that these specifications are updated every time there is a change. Moreover, the reference of the specification of the purchased products shall be clearly mentioned in the purchase order.

Verification of Purchased Products

For the verification of purchased products in the framework of Supplier Management, most of the requirements have already beed discussed in the contest of AQL sampling methodology and related topics. Once again, without entering too much in details, the standard requires verification of purchased products using on a risk based approach, meaning that purchase products for which failures could impart high risky situations shall be verified at higher extent.

Implementation of a Risk-Based Approach for Supplier Management

One of the key requirements associated to Supplier Management according to ISO 13485:2016 is the risk-based approach for supplier evaluation and selection. Obviously there are a lot of different methodologies for the implementation of this requirements. One of the most simple one is to give a score to each supplier based on different parameters and then identified the risk profile associated to the supplier based on the given score. As a consequence, different actions shall be performed according to the risk profile associated to the vendor.

For example, it is possible to identify three different regions:

For the definition of the criticality regions, different aspects may be taken in consideration, for example:

• specific quality-related certification owned by the supplier, for example ISO 9001:2015, ISO 13485:2016 and other, as applicable;
• the presence of an established quality management system
• the results of vendor assessment questionnaire
• the presence of business continuity plan and, if applicable, the related certification
• the reputation of the organization
• other requirements, as applicable.

Supplier Managenent and FDA Quality System Regulation

FDA Quality System Regulation 21 CFR part 820 defines as well the requirements related to purchase and supplier control. Specifically, the section 21 CFR part 820.50 requires organizations to establish and maintain procedures with the goal to ensure that purchased products and services are conform to specifications. Specifically, the FDA QSR requires:

(a) Evaluation of suppliers, contractors, and consultants. Each manufacturer shall establish and maintain the requirements, including quality requirements, that must be met by suppliers, contractors, and consultants. Each manufacturer shall: 

• Evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements. The evaluation shall be documented. 

• Define the type and extent of control to be exercised over the product, services, suppliers, contractors, and consultants, based on the evaluation results. 

(3) Establish and maintain records of acceptable suppliers, contractors, and consultants.

As it can be seen, there are no new specific requirements than the ones already identified in the ISO 13485:2016 and discussed in the section above.

Moreover, also in the FDA QSR there is the requirements related to obligation to maintain documentation of the specifications of the purchased products or services. As mentioned afore, this includes the necessity to have written quality agreements.

Conclusions

In conclusions, we have been though the main requirements associated to the supplier management process and related topics. Specifically, we went through the requirements associated to ISO 13485:2016 and FDA Quality System Regulation. Control of suppliers is one the pillar of the quality management system of a company and it is essential to have a solid process in place implemented through a risk-based approach.

QualityMedDev Newsletter

QualityMedDev is an online platform that provides extensive support to medical device manufacturers and consultancy companies in the field of regulatory compliance. We publish blog posts on quality management system and regulatory-related topics and provide extensive documentation ready to be downloaded to support the implementation and maintenance quality system or product-related certifications. QualityMedDev provides consulting service for quality and regulatory affairs topic for medical device manufacturers, do not hesitate to find out more on our services in the dedicated page of the website. We support the construction of brand new quality system and/or preparation of SW related technical documentation.

We publish as well a periodic newsletter aimed at sharing information on the new articles or documents which have been made available through QualityMedDev website.

A discount of 10% is available for purchase value of minimum 50€ in our QualityMedDev DocShop by using the following Coupon Code FBT2WDX5.

If you would like to stay updated with the last news and analysis from the regulatory world for medical device sector, do subscribe to our newsletter by filling the form below.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.qualitymeddev.com/2021/06/07/supplier-management/