Control Over Outsourced Processes - Share some experiences and methods

[somashekar]

My interest is in gathering the best practices of control over outsourced processes, more so if the outsourcing is from an other city or country. Just an ISO 9001 tag of the supplier does no good as its not a direct control. The point is control of every batch that is outsourced. Processes like PCB assembly, Moulding, Metal finishing, and such. Can we share some experiences and methods in getting the desired results from the control methods adopted ..... and further, do IS0 13485 certified companies drive the suppliers who provide such outsourced processes to be certified to same quality system standard ??

 

[Ajit Basrur]

Any takers ?

 

[Trackerii]

The requirement is to show control over the outsorced processes. To show control you should have a written agreement/specification and a metric to prove that you are indeed in control. Lately FDA has been very interested on this subject see below:

Of particular interest is the last paragraph that clearly recognizes the existance of "internal suppliers."

FDA is stressing the importance of complying with supplier controls in an effort to stem the rising number of recalls associated with vendor-provided products.
“We as an industry have to start focusing in on this,” Kim Trautman, FDA GMP/quality systems expert, told “The Silver Sheet.” As industry has “become more globalized,” she says, “it has started to outsource a lot more things. In doing so, it has now started to stretch its controls of those suppliers thinner and thinner.”
Trautman and other FDA officials are speaking at industry conferences and workshops to highlight vendor issues and remind companies of their responsibility to abide by the purchasing controls section of the Quality System Regulation.
The agency’s interest in boosting manufacturers’ understanding of this issue was sparked in part by an observation it made when analyzing recall information provided by firms, Trautman says. The data often indicates that companies are reporting supplier troubles as the root cause of failure in their devices.
“When the recalls come in and they’re identifying some of the causes for the recall, it seems to be more prevalent within the past five or so years that they are supplier issues,” she says.
Although Trautman admits that there has not been a formal FDA analysis to determine whether poor supplier controls are leading to more recalls, she notes that “when we looked at ... some of the very specific examples we’ve had on the device side recently, there have been a lot of supplier issues.”
One of the more high-profile examples Trautman points to is the supplier trouble that plagued Guidant and forced the company to conduct numerous recalls of implantable cardioverter defibrillators (ICDs) and pacemakers. In a 2005 recall, the firm blamed a faulty supplied magnetic switch as the reason why some Contak Renewal devices were malfunctioning.
More recently, Boston Scientific – which purchased Guidant last year – initiated a recall April 5, warning users that batteries in 73,000 Contak Renewal and Vitality ICDs could run out faster than indicated on their label. In a letter to physicians, Boston Scientific said it identified low-voltage capacitors from a former supplier that may be subject to degradation and cause accelerated battery depletion.
The action was reminiscent of three Class II recalls carried out by the company last year in which devices also were malfunctioning due to the failure of capacitors from a component supplier.
When a company encounters supplier problems such as those faced by Boston Scientific, “what they’re not doing well is one of two things. Either they’re not controlling internal ... suppliers between different divisions or parts of the company, or they’re not controlling their external suppliers to the degree that may be necessary for the risk of that product or service,” Trautman says.

 

[freelovefest]

Having worked as an SQE, and with Boston as an SQE, I would say that the citing the supplier as the cause of recalls is almost always a poor excuse. I was brought in to work on some of the above mentioned recalls and from what I have seen the issues are typically design related; the product was not designed to be mass produced or there was a poor transition from R&D to design and subsequently from Design to manufacturing. There is an understandable rush to get to market to recoup R&D expense

Supplier Quality is tricky and relies a lot of risk management and data analysis. It also relies on the supposition that the component as designed is reproducible and can be consistently made. Most of the issues I have seen stem from poor designs often resulting from a lack of ME or EE experience. Often the designer is an ME, but not an EE and does not understand how the software should interface, etc....

The best way I have seen people control suppliers is by going back to the risk assessment and identifying the hazards which can result from the failure of each compenent. The critical components are the ones to focus on. Once you know who are your most critical suppliers, like a battery supplier, you focus your efforts on them. One mistake I see people do is performing a QMS audit and seeing that as sufficient. If you identify anything as high risk, you should perform a technical audit as well. This generally requires someone with experience specifc to the component.

The other side of the coin is receiving inspection. You want to show due dilligence in evaluating your suppliers, but in reality all your efforts on evaluating a supplier don't always mean a whole lot. It is like hiring a new employee; you can take all the precautions you want, but in the end you won't know if they are going to show up late, drink on the job, etc, until they start work. If you make sure your RI group is looking at critical dimensions and adequately inspecting things based off of the criticality determined by the risk management plan, you will prevent a lot of recall issues. Even though all these firms had recalls related to supplier issues, they should have caught the issue prior to distribution, and there is no excuse for not doing so. you either did a poor risk management, have a poor design, or have a poor RI process.

This is all a bit of a soap box, but I don't think audits or surveys constitute effective supplier control; there are simply too many other more effective methods that allow you to have better control over the output of your suppliers.

 

[freelovefest]

I forgot to add this in the last post. Here is an article I have found useful in dealing with risk and Suppliers and talks a little about some of the concerns in the industry and how they are being addressed by some people.

Hope this is helpful!

 

[treesei]

We seem to have forgotted the original poster's last question:

and further, do IS0 13485 certified companies drive the suppliers who provide such outsourced processes to be certified to same quality system standard ??

I would say: If the supplier is your contract manufacturer, i.e., if they make the same products as you do, then if your products require 13485, the supplier must have 13485. But if the supplier is a service or component/part supplier, then it depends.

 

[Marcelo]

MDDI (Medical device and diagnostic industry) has an annual issue dedicated to outsourcing. In fact the curret issue (march 2008) has a guide to outsourcing that can provide some experiences. The link: http://www.devicelink.com/mddi/08/03.html

Also look for past issues.

And, again, this seems to me a quality systems parity issue. As always, take a look at this link and this link (The Empirical Value of Risk Management) for a view on quality and other systems parity.