Looking for second opinions on the requirements for approval and record requirements for purchased data that arose in an internal audit.
We have approved suppliers, documentation controlled part specifications and drawings for raw materials, contracts for routine contracted services etc. so am happy with the level of control of specifications and suppliers.
I have always considered that the clause of ISO 13485 7.3.2 "The organization shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier." as approval of the purchase order (in addition to the approval of documented specifications etc).
Particularly as in some cases the purchased data is only documented in the PO form as there is no part specification; e.g. calibration or a service. My interpretation was that the approval of the PO was ensuring the adequacy of specified purchase requirements.
We have been challenged by purchasing dept that
a) approval of the PO is not required by ISO 13485 and
b) if we must approve POs; only 2 people have access to create a PO and these individuals review the PO as part of the process so no signature is required.
Similarly I have reviewed the 21 CFR part 820:50 requirements which state "purchasing data shall be approved in accordance with 820.40" 820.40 in turn relates to documentation control and review/approval of documents prior to issuance. So we meet that requirement for specifications, drawings etc but not for POs which do not have a specification, drawing or contract.
I suppose my interpretation was always approve the PO; to ensure control over purchased goods, correct part #, quantity etc.
Would be interested to know if this is in fact over the top and approval (printed & signed) is not required.
Thanks all!
We have approved suppliers, documentation controlled part specifications and drawings for raw materials, contracts for routine contracted services etc. so am happy with the level of control of specifications and suppliers.
I have always considered that the clause of ISO 13485 7.3.2 "The organization shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier." as approval of the purchase order (in addition to the approval of documented specifications etc).
Particularly as in some cases the purchased data is only documented in the PO form as there is no part specification; e.g. calibration or a service. My interpretation was that the approval of the PO was ensuring the adequacy of specified purchase requirements.
We have been challenged by purchasing dept that
a) approval of the PO is not required by ISO 13485 and
b) if we must approve POs; only 2 people have access to create a PO and these individuals review the PO as part of the process so no signature is required.
Similarly I have reviewed the 21 CFR part 820:50 requirements which state "purchasing data shall be approved in accordance with 820.40" 820.40 in turn relates to documentation control and review/approval of documents prior to issuance. So we meet that requirement for specifications, drawings etc but not for POs which do not have a specification, drawing or contract.
I suppose my interpretation was always approve the PO; to ensure control over purchased goods, correct part #, quantity etc.
Would be interested to know if this is in fact over the top and approval (printed & signed) is not required.
Thanks all!