ISO 13485 certification for components

[SGquality]

I have a question regarding the ISO 13485:2016 certification.

We are currently conducting clinical trials for a combination product involving biologics-device. To facilitate the production of this product, we have selected a CDMO and requested them to obtain ISO 13485 certification.

The CDMO currently manufactures a component for another customer. We suggested them to use this component to demonstrate the compliance to their processes for certification by the notified body. However, the CDMO informed us that they cannot use use this component and insist on using our product instead., which could cause a delay in our project timelines.

Is the CDMO's stand on certification accurate?

 

[EmiliaBedelia]

There could be a lot of reasons why that component is not appropriate to use as evidence for certification. There isn't enough detail here to comment on what the specific concerns might be, but here's some brainstorming (let's call this other customer Company X and Product Y):

If the CDMO doesn't already have ISO 13485 certification then it may be that the documentation they have for Product Y would not be sufficient to support it. If Company X is not requiring them to be certified, they may not want to use the same processes and create the same documentation for that product, because it could increase their overhead. They may have different inspection procedures, etc that meet the requirements for Company X's product but would not meet your needs.

ISO 13485 certification will include a specific scope so if Product Y is different enough from your intended product such that the scope would be different, it wouldn't help you for them to be certified for that. If they are doing everything (design, manufacture, packaging, etc) for you, and they only do manufacture for the other company, the documentation for Product Y will not support all of the activities they will do for you.

The biggest reason to me is business related. The CDMO wants to keep their other customer happy. If they get an audit finding related to Product Y, that could impact Company X - who presumably has no interest in addressing a CAPA for another company's audit that they didn't request! They would effectively be forced to inform their customer that they have a deficiency, which is a can of worms that no one wants to open. Why would they agree to that risk? Moreover, why would you want to depend on this other company supporting the CDMO in closing out any findings that result?
Finally, if the other customer does not require certification and does not have a contract in place that allows the CDMO to share documentation with a 3rd party auditor, they may not be able to show that documentation anyway. See above re: keeping other company happy - why would they renegotiate to support another company's product?

To me this is a reasonable statement from them. It's YOUR product, and YOU are requesting them to become certified. If this is so critical to your timelines, you should have engaged with them earlier to understand how long that would take.