Critical suppliers (Definition of) and MDSAP (Medical Device Single Audit Program)

racglobal

Involved In Discussions
#1
Hi everyone,

As a person running my small company's regulatory and quality, one of my concerns is the loose usage of the term "critical suppliers" at my company and also elsewhere on the web. Thus, there was a confusion in my company of mainly engineers (with no experience in the medical device industry ) that all our suppliers are critical because the supplied components are deemed critical. So to avoid using "critical suppliers" with them, after consulting with a couple of industry insiders, I am using "criticality" of components as one consideration of the risk of the supplier (to be consistent with ISO 13485:2016's risk-based approach), and other considerations include supplier alternatives, history of the suppliers or all the soft factors. We have suppliers that deliver "critical" components but these suppliers also have many alternatives so they are considered "low-risk suppliers" who supply critical components. We also have suppliers that deliver "critical" components but then they may be the only suppliers on the market or where the components are difficult to make so I call them "high-risk suppliers of critical components" On the MDSAP, the auditor will ask you for critical suppliers, but in the context of my supplier classification, who are considered the critical suppliers? The high-risk critical suppliers or the low-risk critical suppliers? There are 4 levels we can categorize into: 2 levels of critical suppliers (high risk, low risk) and 2 levels of non-critical suppliers (high risk, low risk). I would appreciate any guidance on this.
 
Elsmar Forum Sponsor

Ronen E

Problem Solver
Staff member
Moderator
#2
The confusion starts with the term "critical", not only critical suppliers. Sadly, there isn't too much consistency in defining and applying this term. Ask yourself honestly how methodical and unambiguous is your usage of "Critical Components". If you search Elsmar, you might find posts where I've written about this topic in more detail.

"ISO 13485:2016's risk-based approach" is another widely misunderstood/misused/abused concept. A careful reading of the standard's text may reveal that it doesn't apply to "everything" but rather to a pretty limited aspect of the QMS. But why would auditors bother sticking to the standard's language or original intent?... It's much more fun to just generalise and terrorise.
 

DannyK

Trusted Information Resource
#3
This is a grey area. Usually sterilization suppliers and outsourced suppliers ( if they perform all the work for a medical device) are considered critical. I have seen that EU authorized representatives are considered critical and are included on CE Mark certificates.
 

yodon

Staff member
Super Moderator
#4
Generally agree with the previous posts. I'd suggest that critical component suppliers may not necessarily be critical suppliers. I'm not completely in agreement that any activity outsourced to a supplier would pull them into the critical supplier category. I will say that it's been my experience that outsourced software development suppliers are considered critical suppliers.
 

Ronen E

Problem Solver
Staff member
Moderator
#6
I have seen that EU authorized representatives are considered critical
Now why the heck would an EC Rep be considered "critical"? What is it that they are required to do (under the MDD, which is still current) that has such a massive effect on anything?... EC Reps essentially exist so that CAs have someone to lay their hands on if something goes terribly wrong. Mostly a legal aspect, if you ask me. It's not like they'd be able to save the day, right?
 

mpfizer

Involved In Discussions
#7
The confusion starts with the term "critical", not only critical suppliers. Sadly, there isn't too much consistency in defining and applying this term. Ask yourself honestly how methodical and unambiguous is your usage of "Critical Components". If you search Elsmar, you might find posts where I've written about this topic in more detail.

"ISO 13485:2016's risk-based approach" is another widely misunderstood/misused/abused concept. A careful reading of the standard's text may reveal that it doesn't apply to "everything" but rather to a pretty limited aspect of the QMS. But why would auditors bother sticking to the standard's language or original intent?... It's much more fun to just generalise and terrorise.

Hi
could you please let me know to which limited aspects of the QMS does the risk based approach apply to.
Thanks
Michelle
 

myusoffice

First Time Right...
#9
It is the responsibility of the manufacturer to define a critical supplier. This should tie back to your supplier evaluation and control. The extent of both ISO 13485:2016 and MDSAP requirements is really the involvement of a supplier may be through an outsourced process such as sterilization, software development, or design and development activities, subassembly subcontracting, OEM, etc. Again, it is you who defines what is critical and what is not. One can always challenge your thought process behind the decision you made but then there is always a term called "Continuous Improvement". Hope this helps.
 

JoshuaFroud

Involved In Discussions
#10
Having recently completed a Stage 2 MDSAP audit, I can relate to your paint. I can however share the definitaion of critical supplier we used which got us successfully through the audit;

Critical Supplier:
A supplier delivering materials, components or services, which may influence the safety and performance of the product.
Note: In the context of the audit of medical device manufacturers, a critical supplier is a supplier of a product or service, the failure of which to meet specified requirements could cause unreasonable risk to the patient, clinician or others, or could cause a significant degradation in performance. This can include suppliers of services which are needed for compliance with QMS or regulatory requirements.
 
Thread starter Similar threads Forum Replies Date
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
C Critical Suppliers for EU medical device approvals May 2020 EU Medical Device Regulations 1
C Suppliers re-classification from Critical to Significant or from Significant to Non-critical Supply Chain Security Management Systems 0
M Notified Body (NB) Audits of Sub-Contractors and Critical Suppliers EU Medical Device Regulations 35
A Critical Suppliers which will not allow us to audit them Oil and Gas Industry Standards and Regulations 11
M Defining Critical Vs. Non-Critical Suppliers/Service Providers (API Q1, 9th. Ed.) Oil and Gas Industry Standards and Regulations 2
S Is it acceptable to have an ASL for Critical suppliers alone? Supplier Quality Assurance and other Supplier Issues 4
U Must We Audit Critical Suppliers? How often? Supplier Quality Assurance and other Supplier Issues 7
G Changing Non-Critical Component Suppliers - Convenience kits (FDA) Procedure packs Other Medical Device and Orthopedic Related Topics 2
D External Auditing of Critical Suppliers - ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Suppliers - Classifying Critical and Major suppliers & how to define them? Supplier Quality Assurance and other Supplier Issues 2
B FCA US Customer Specific IATF 16949- Critical Characteristics 8.6.2 Customer and Company Specific Requirements 0
B ISO 11607-2 "Critical Parameter" vs. "Process Parameter" Other Medical Device Related Standards 3
Jane's Like-for-like critical raw material change qualification - type of testing/ number of lots required ISO 13485:2016 - Medical Device Quality Management Systems 4
F Is there such a thing as 'Critical supplier' status under the Dept. of Health (UK)? Medical Device and FDA Regulations and Standards News 2
D Definition of "Critical Laboratory Equipment"? General Measurement Device and Calibration Topics 1
M Changing supplier of critical raw material (III class device) Other Medical Device and Orthopedic Related Topics 1
M Informational Critical Thinking and the Process of Evidence-Based Practice Medical Device and FDA Regulations and Standards News 0
J How to measure a Critical Characteristic that is a Basic Dimension Misc. Quality Assurance and Business Systems Related Topics 6
O Examples of Critical process parameter (CPP) and Critical quality attribute (CQA) Manufacturing and Related Processes 2
H Critical Supplier Agreement acc. to NBOG 2010-1 Annex II EU Medical Device Regulations 5
andika_untoro What are a good Critical to Quality (CTQ) metrics for a biotech manufacturing production? Lean in Manufacturing and Service Industries 0
A API Q1 9th ed Addendum 2 - Vendor Assessment for critical products Oil and Gas Industry Standards and Regulations 18
M Does a CDR (Critical Design Review) have to have a moderator that is unconnected to the team? Design and Development of Products and Processes 4
S Critical supplier - Obligated to have an ISO-certified QMS? ISO 13485:2016 - Medical Device Quality Management Systems 8
A Critical Supplier/Quality Agreement Procedure ISO 13485:2016 - Medical Device Quality Management Systems 8
C AS9100 8.3.5.e Design and Development Outputs - Key Characteristics / Critical Items AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
J What level PPAP for 5 critical parts? APQP and PPAP 8
C Partial Design Validation and changes to a critical supplier 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
D Determining Critical Components for conformity with IEC 60601-1 IEC 60601 - Medical Electrical Equipment Safety Standards Series 21
S Financial status of critical vendor IEC 27001 - Information Security Management Systems (ISMS) 7
Ajit Basrur CDRH Premarket Approval Application Critical to Quality Pilot Program US Food and Drug Administration (FDA) 0
M IATF 16949 - Capability study on non critical dimensions? Statistical Analysis Tools, Techniques and SPC 4
Q Is a Domain Registrar a Critical Supplier? ISO 13485:2016 - Medical Device Quality Management Systems 11
S Who compiles the Critical Component List, Insulation Diagram etc.? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
T Validation Plan for a new Class II Medical Device (Critical Care Medical Ventilator) IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
R How to Train Staff for Critical Thinking Misc. Quality Assurance and Business Systems Related Topics 3
M Are Critical Business Processes Assets that need to be included in Asset Inventory? IEC 27001 - Information Security Management Systems (ISMS) 1
C The difference between a Critical Dimension vs. Critical Characteristic Misc. Quality Assurance and Business Systems Related Topics 2
MDD_QNA What is the function of the Critical Component List? ISO 14971 - Medical Device Risk Management 2
C What is considered a "Critical" Raw Material? (Re: DNA Synthesis) Misc. Quality Assurance and Business Systems Related Topics 3
H Definition of a Critical Process EU Medical Device Regulations 9
Q Critical Supplier's Senior Management Changes Supplier Quality Assurance and other Supplier Issues 4
M Justification for Not Having a Validation Plan for a Critical Process ISO 13485:2016 - Medical Device Quality Management Systems 4
P TSO Parts and Critical Components EASA and JAA Aviation Standards and Requirements 2
N VDA 1 Critical Characteristics Requirements Help needed VDA Standards - Germany's Automotive Standards 6
T AS9003 7.4.3 Critical Raw Material Verification Advice AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M GD&T - Specific Tolerance Requirement vs. Critical Item vs. Key Characteristic Manufacturing and Related Processes 3
P The correct way to do a Linearity and Stability Study on a Critical Dimension Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 8

Similar threads

Top Bottom