Hi everyone,
As a person running my small company's regulatory and quality, one of my concerns is the loose usage of the term "critical suppliers" at my company and also elsewhere on the web. Thus, there was a confusion in my company of mainly engineers (with no experience in the medical device industry ) that all our suppliers are critical because the supplied components are deemed critical. So to avoid using "critical suppliers" with them, after consulting with a couple of industry insiders, I am using "criticality" of components as one consideration of the risk of the supplier (to be consistent with ISO 13485:2016's risk-based approach), and other considerations include supplier alternatives, history of the suppliers or all the soft factors. We have suppliers that deliver "critical" components but these suppliers also have many alternatives so they are considered "low-risk suppliers" who supply critical components. We also have suppliers that deliver "critical" components but then they may be the only suppliers on the market or where the components are difficult to make so I call them "high-risk suppliers of critical components" On the MDSAP, the auditor will ask you for critical suppliers, but in the context of my supplier classification, who are considered the critical suppliers? The high-risk critical suppliers or the low-risk critical suppliers? There are 4 levels we can categorize into: 2 levels of critical suppliers (high risk, low risk) and 2 levels of non-critical suppliers (high risk, low risk). I would appreciate any guidance on this.
As a person running my small company's regulatory and quality, one of my concerns is the loose usage of the term "critical suppliers" at my company and also elsewhere on the web. Thus, there was a confusion in my company of mainly engineers (with no experience in the medical device industry ) that all our suppliers are critical because the supplied components are deemed critical. So to avoid using "critical suppliers" with them, after consulting with a couple of industry insiders, I am using "criticality" of components as one consideration of the risk of the supplier (to be consistent with ISO 13485:2016's risk-based approach), and other considerations include supplier alternatives, history of the suppliers or all the soft factors. We have suppliers that deliver "critical" components but these suppliers also have many alternatives so they are considered "low-risk suppliers" who supply critical components. We also have suppliers that deliver "critical" components but then they may be the only suppliers on the market or where the components are difficult to make so I call them "high-risk suppliers of critical components" On the MDSAP, the auditor will ask you for critical suppliers, but in the context of my supplier classification, who are considered the critical suppliers? The high-risk critical suppliers or the low-risk critical suppliers? There are 4 levels we can categorize into: 2 levels of critical suppliers (high risk, low risk) and 2 levels of non-critical suppliers (high risk, low risk). I would appreciate any guidance on this.