builderall



Supplier approval and ongoing management of suppliers for medical device companies is another one of those critical processes which if done right can help you manufacture your medical device to the high quality you and your customers are expecting. Unfortunately there are companies, including some start-up?s, that don?t give supplier approval and management the priority it needs. 


This can cause lengthy delays in product production as the supplier works on corrections to rejected material and even more serious, product recalls due to failure of supplier material on distributed product.


I have also seen cases where a company has been focused on the R&D of a new product and believe that the development and initial production comes first, and supplier approval can wait until sometime in the future.


I do not recommend this, and it can, not only lead to quality issues with supplier materials and final product, which can lead to delays while corrections are made, but can also result in external audit findings anywhere from minor to major. During pure R&D and prototype development with resulting product not intended to be released to customers, fine, and can do. But any later development validation product that will eventually be released for distribution needs to go through documented supplier approval and required inspection of incoming materials. 


Supplier approval should also be a team effort with input from R&D, Purchasing, and Quality.

The diagram below shows the basic steps involved in the supplier approval process.



Before we go into more detail of each of these supplier approval process steps let?s take a look at regulatory compliance requirements in ISO 13485:2016 and the FDA regulations. 


The Purchasing requirements including those for Supplier Approval to meet ISO 13485:2016 and FDA


ISO 13485:2016: Section 7.4.1 states the following:


The organization shall document procedures (see 4.2.4) to ensure that purchased product conforms to specified purchasing information .

The organization shall establish criteria for the evaluation and selection of suppliers. The criteria shall be:


a)      based on the supplier?s ability to provide product that meets the organizations requirements.

b)      based on the performance of the supplier.

c)      based on the effect of the purchased product on the quality of the medical device.

d)      proportionate to the risk associated with the medical device.


The organization shall plan the monitoring and re-evaluation of suppliers. Supplier performance in meeting requirements for the purchased product shall be monitored. The results of the monitoring shall provide an input into the supplier re-evaluation process.


Non-fulfillment of purchasing requirements shall be addressed with the supplier proportionate to the risk associated with the purchased product and compliance with applicable regulatory requirements.


Records of the results of evaluation, selection, monitoring and re-evaluation of supplier capability or performance and any necessary actions arising from those activities shall be maintained. (see 4.2.5)

 

FDA CFR: Part 820.50. States the following:


Each manufacturer shall establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements. 


(a)  Evaluation of suppliers, contractors, and consultants. Each manufacturer shall establish and maintain the requirements, including quality requirements, that must be met by suppliers, contractors, and consultants. Each manufacturer shall:


(1) Evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality

requirements. The evaluation shall be documented.

(2)  Define the type and extent of control to be exercised over the product, services, contractors, and consultants, based on the evaluation results.

(3) Establish and maintain records of acceptable suppliers, contractors, and consultants.


So very clear requirements for ISO 13485 and FDA, and like many elements of the ISO standard there is a risk-based approach, which certainly makes sense for a medical device and the selection and control requirements for suppliers for a medical device company.


Just to show again the criteria from ISO 13485:2016 covering risk:


c)         based on the effect of the purchased product on the quality of the medical device.

d)       proportionate to the risk associated with the medical device.


The following are some examples of the definitions of different risk levels and the types of controls applicable to each of the defined risk levels. These can vary and will depend on the type of device and its risk level, and it is the responsibility of each manufacturer to determine the risk levels for its device and the effect purchased material can have on the quality and safety of that device.


Examples of controls over incoming supplier materials:



Supplier Risk:                 


Low Risk:

Suppliers who pose little or no risk to the quality of the products and no risk to the     customer/end user.


Medium Risk:

Suppliers who pose some risk to the quality of the products and low risk to the customers and also have a high probability of being detected by inspection or testing.


High Risk:

Suppliers with the potential to pose a high risk to the products and to the customer.


Critical Supplier:

Supplier who may also be in the High-Risk category but could also be a sole supplier of a key component that could seriously affect production if issues occur with their material or service.


Certified Supplier: 

A Low or Medium Risk supplier that over time has proven to meet all of the quality requirements and for a Low-Risk supplier can upon review have their products go directly from dock to stock without inspection or for Medium Risk suppliers can use minimum sampling inspection.




Overall supplier approval process:


The supplier approval procedure starts with identification for the need to source from a new supplier and based on the level of risk go through different steps to approval or not, then ongoing review to maintain the approval status. The flow chart below outlines the major steps in this approval process:



Supplier approval process and ongoing monitoring:




Approval process:


Once a risk assessment is completed the approval process can be carried out based on the degrees of risk. The basic steps in the approval process are shown in the diagram above and include a documented supplier survey, and depending on the risk level, also an audit of the supplier may be required. For high-risk suppliers it may be good practice to schedule an annual audit or more frequent depending on the findings.


After the supplier survey is completed by the supplier and returned, it is reviewed by Quality and Purchasing and if acceptable approved. An example of a Supplier Approval form is shown below.


Once approved the supplier is added to a documented Approved Supplier List, ( see example of template below).


Only suppliers that have gone through the approved supplier process and have been approved and added to the approved supplier list can Purchasing then proceed to use that supplier as a source for production raw materials.


This whole Supplier Approval process also applies to service suppliers and is a requirement of the FDA and also makes good sense for those services that can potentially effect quality of the product.


One more note on the supplier approval process and concerns the fact that some medical device businesses subcontract the manufacturing of their medical device either for the complete device or part of the processing. In either case the degree of involvement for supplier approval and monitoring takes on a much higher degree of activity and ongoing focus.




Monitoring:


Ongoing monitoring of supplier performance is also a requirement under ISO 13485:2016 along with re-evaluation on a regular basis. This should be part of the general ongoing quality system , monitoring, measurement and analysis procedure. Any issues can be addressed either through a separate Supplier Corrective Action Request (SCAR) or depending on frequency of quality issues you have with suppliers and if the approval process is effective this should be rare occurrence, then it can also be part of the regular CAPA process.

Although not a specific requirement of ISO 13485 I would also recommend that a summary of ongoing supplier quality is part of the Management Review process. 

??




Sample of supplier approval form:



Sample of template for approved supplier list:




To learn more about Fast-Track QMS Consulting and the products and consulting services we can provide, including a Supplier Approval procedure then just click here



????????