ISO 13485 Supplier Question

[Manasa Boppana]

Hi Everyone,

Our company is a Class I Accessories like chargers, remote control etc for hearing aids. I would like to request for some opinions on supplier questions we have. As i am having tough time working on this question one of my friend referred me to this forum.

Is it okay for supplier who will be the ODM, not having ISO 13485 certified? They are responsible for design and manufacturing of the accessories. They are 9001 certified.

What will be the implications if we wanted to go with them?

Thank You!

 

[LUFAN]

It's up to you to define requirements for your suppliers. It should be inherently risk based such that a supplier providing sterilization services has far stricter requirements than a widget. There's no requirement for suppliers to have certifications to anything, but if its specialized, you would want to define that, for example, your calibration house accredited to ISO 17025, etc.

 

[Manasa Boppana]

Thank you Lufan-Here the supplier is the ODM - original device manufacturer who will be designing and manufacturing the device till the end. Our company only distributes those accessories. Technically, they will be the legal manufacturers.

 

[LUFAN]

Technically, they will be the legal manufacturers.

They are or they are not. That cannot be in a gray area.

Are you buying finished devices from the supplier to distribute yourself, or are they utilizing your company's services to distribute on their behalf?

I assume it's the first. As such, they likely should be a high risk supplier (also likely critical) to your organization as a single source. You're going to want to categorize that type of supplier requiring items like a quality agreement denoting who is responsible for what (Complaints/MDR, Etc.), onsite audit of their manufacturing process, change notification agreement, etc. In your quality agreement, you are going to want to specify they are responsible for adhering to XYZ Quality System requirements. If you want to bind them to certify to 13485, that's where to do it, but generally in the United States, QSR/QMSR is/will be sufficient.

 

[kys123]

I fully agree with LUFAN, but I guess we both are assuming that you are based in and selling to countries within the EU, is that correct?

 

[Manasa Boppana]

I fully agree with LUFAN, but I guess we both are assuming that you are based in and selling to countries within the EU, is that correct?

Hi, No our company is based in USA. But we are planning to sell the products in EU.

 

[Manasa Boppana]

They are or they are not. That cannot be in a gray area.

Are you buying finished devices from the supplier to distribute yourself, or are they utilizing your company's services to distribute on their behalf?

I assume it's the first. As such, they likely should be a high risk supplier (also likely critical) to your organization as a single source. You're going to want to categorize that type of supplier requiring items like a quality agreement denoting who is responsible for what (Complaints/MDR, Etc.), onsite audit of their manufacturing process, change notification agreement, etc. In your quality agreement, you are going to want to specify they are responsible for adhering to XYZ Quality System requirements. If you want to bind them to certify to 13485, that's where to do it, but generally in the United States, QSR/QMSR is/will be sufficient.

They are Legal manufacturers. We provide the product specification and requirements. They Design and manufacture for us and we distribute them finally.

 

[LUFAN]

They are Legal manufacturers. We provide the product specification and requirements. They Design and manufacture for us and we distribute them finally.

Is your supplier's name on the label or yours?

 

[Manasa Boppana]

Is your supplier's name on the label or yours?

Their name will be on the label as Legal manufacturers. Ours is listed as Distributed by.

 

[LUFAN]

Their name will be on the label as Legal manufacturers. Ours is listed as Distributed by.

Make sure you sign a quality agreement and you formally define them as the legal manufacturer on top of any addition certification requirements you want to hold them to. That said, seeing as they are the legal manufacturer, you're going to want to at minimum require 21CFR820 and probably ISO 13485/QMSR in next few years. That said, seems odd a hearing aid manufacturer would have picked 9001 over 13845 to begin with.

The arrangement you described is a bit odd but if they are willing to be the legal manufacturer and accept the liability, go for it.