Hello,
We have a supplier we classified as category I (critical) that was our electronics board manufacturer. We have specific audit requirements for our categories I, II and III.
From the single first time buy we overbought. We changed our firmware and used this company to reflash the boards. I no longer use this supplier for the original use of board manufacturing and now we use them mostly for reflashing firmware. The reflashing of boards we do not consider the same risk as manufacturing the boards from scratch.
Question:
Can a single supplier fit two or more categories for risk? I want to argue we dont require an onsite audit of them since we are not using them to make boards and only reflash already made boards.OTOH I want to keep them as class I in case we do eventually order more boards. Should I break the company in half? 1) makes new boards 2) reflashes boards?
What should I do?
We have a supplier we classified as category I (critical) that was our electronics board manufacturer. We have specific audit requirements for our categories I, II and III.
From the single first time buy we overbought. We changed our firmware and used this company to reflash the boards. I no longer use this supplier for the original use of board manufacturing and now we use them mostly for reflashing firmware. The reflashing of boards we do not consider the same risk as manufacturing the boards from scratch.
Question:
Can a single supplier fit two or more categories for risk? I want to argue we dont require an onsite audit of them since we are not using them to make boards and only reflash already made boards.OTOH I want to keep them as class I in case we do eventually order more boards. Should I break the company in half? 1) makes new boards 2) reflashes boards?
What should I do?