Critical suppliers (Definition of) and MDSAP (Medical Device Single Audit Program)

Ronen E

Problem Solver
Moderator
Having recently completed a Stage 2 MDSAP audit, I can relate to your paint. I can however share the definitaion of critical supplier we used which got us successfully through the audit;

Critical Supplier:
A supplier delivering materials, components or services, which may influence the safety and performance of the product.
Note: In the context of the audit of medical device manufacturers, a critical supplier is a supplier of a product or service, the failure of which to meet specified requirements could cause unreasonable risk to the patient, clinician or others, or could cause a significant degradation in performance. This can include suppliers of services which are needed for compliance with QMS or regulatory requirements.
I see 2 different definitions here (the second one beginning after "Note").
According to the first, almost all suppliers should be considered "critical".
According to the second, no suppliers should be considered "critical" if risk management is completed properly.
Both make little sense to me, because I see the purpose of the "critical supplier" designation as focusing one's attention where it matters most (in fancy words - risk-based management). It's disheartening to see that we've come to a point where the ultimate measure is what lets us pass audit, rather than what is rational, coherent and consistent (@JoshuaFroud this is not directed at you but at the general prevailing atmosphere).
 

Tagin

Trusted Information Resource
I see 2 different definitions here (the second one beginning after "Note").
According to the first, almost all suppliers should be considered "critical".
According to the second, no suppliers should be considered "critical" if risk management is completed properly.
Both make little sense to me, because I see the purpose of the "critical supplier" designation as focusing one's attention where it matters most (in fancy words - risk-based management). It's disheartening to see that we've come to a point where the ultimate measure is what lets us pass audit, rather than what is rational, coherent and consistent (@JoshuaFroud this is not directed at you but at the general prevailing atmosphere).

Interestingly, in searching for some definition of "critical supplier", I found Joshua's definition on Canada's 13485 guidance website (under 1.5 Definitions, and later referenced in 2.3f):
Guidance Document GD211: Guidance on the Content of Quality Management System audit reports - Canada.ca

Edit: My guess is that the intent is that for medical devices, the definition following "Note:" supersedes the preceding one-line definition.
 

Ronen E

Problem Solver
Moderator
I found Joshua's definition on Canada's 13485 guidance website
I am not necessarily impressed by the coherence or effectiveness of guidance issued by regulators.
We should be able (and have the right) to think for ourselves.
 

Tagin

Trusted Information Resource
I am not necessarily impressed by the coherence or effectiveness of guidance issued by regulators.
We should be able (and have the right) to think for ourselves.

Agreed, to the extent that we are free to use our own terms. However, if an auditor is making a request for information on a very specific term like 'critical supplier', then it seems to me that the onus is on the auditing body (or the applicable standard) to clearly define that term. If they can't do so, and can't give clear guidance, then the audited company should push back and require the auditor to cite some authoritative reference. If they can't then the term is vacuous with respect to the audit.
 

Ronen E

Problem Solver
Moderator
Agreed, to the extent that we are free to use our own terms. However, if an auditor is making a request for information on a very specific term like 'critical supplier', then it seems to me that the onus is on the auditing body (or the applicable standard) to clearly define that term. If they can't do so, and can't give clear guidance, then the audited company should push back and require the auditor to cite some authoritative reference. If they can't then the term is vacuous with respect to the audit.
I fully agree.
I think that the best way forward is documenting and exposing the lack of coherence / sense / usefulness of those poorly defined terms (reductio ad absurdum), then documenting a suggested solid alternative definition and following it ruthlessly throughout.
 

racglobal

Involved In Discussions
I see 2 different definitions here (the second one beginning after "Note").
According to the first, almost all suppliers should be considered "critical".
According to the second, no suppliers should be considered "critical" if risk management is completed properly.
Both make little sense to me, because I see the purpose of the "critical supplier" designation as focusing one's attention where it matters most (in fancy words - risk-based management). It's disheartening to see that we've come to a point where the ultimate measure is what lets us pass audit, rather than what is rational, coherent and consistent (@JoshuaFroud this is not directed at you but at the general prevailing atmosphere).


I absolutely concur with you. I've been at a company where almost supplier is deemed critical or medium-critical (one of those grey terms again), but there is't a good rationale. I think it'd make sense to have some guidance to help the device industry work through supplier selection.
 

coezbek

Starting to get Involved
I was always under the impression that a "critical supplier" only needs to be designated if there is both a serious ("critical") impact on product safety (thus you need to define those as critical quality attributes CQA) by the supplier and that this impact must be something that is not possible to be tested as part of incoming inspection but requires you to trust the supplier's processes.

For instance:
- Suppliers for sterilization are often deemed critical, because it is hard to test for sterility of packaged goods.
- Manufacturing suppliers are often not deemed critical if the critical quality attribute is something that is easy to test for (for instance by measuring tolerances with a caliper).
 

wooddragon

Registered
Given the definition you posted, it appears that both ARs and NBs (or ABs if you prefer) could be critical suppliers. Is that true?

Having recently completed a Stage 2 MDSAP audit, I can relate to your paint. I can however share the definitaion of critical supplier we used which got us successfully through the audit;

Critical Supplier:
A supplier delivering materials, components or services, which may influence the safety and performance of the product.
Note: In the context of the audit of medical device manufacturers, a critical supplier is a supplier of a product or service, the failure of which to meet specified requirements could cause unreasonable risk to the patient, clinician or others, or could cause a significant degradation in performance. This can include suppliers of services which are needed for compliance with QMS or regulatory requirements.
 

LUFAN

Quite Involved in Discussions
So, we purchase spare parts from the parent. So, do we need to do audit as a part of supplier control .
Awaiting your response.

The classification of any supplier shall be based on your procedures, which should dictate whether or not an audit is required or optional. Certainly the risk(s) associated with what the parts are should be considered in your determination and how you proceed. Do they directly or indirectly affect the device? Can you detect a failure before delivery? Etc. Buying cosmetic widgets vs parts that directly affect the finished device and hurt someone are inherently different.
 
Top Bottom