How to define a Risk Based Approach for Supplier Management per ISO 13485:2016


Involved In Discussions
Guys Hello

I am in the process of revising my company processes and procedures to comply with the ISO13485:2016.
one requirement of the standard is to manage supplier in a risk based approach.

my intention is to perform a supplier base evaluation on a quarterly basis (in a risk based approach) if I should tighten the control on certain suppliers or add/remove performance evaluation activities for other supplier subjected to good/bad performance.

does any of you have suggestion or a tool/template for such assessment?

I want to emphasize that I have already segmented my supplier base to different classes according to risk associated with each supplier.

I want to perform the quarterly supplier base assessment to by comply with the new ISO13485:2016

Last edited by a moderator:


Forum Moderator
Staff member
Re: How do I define Risk Based Approach for Supplier Manangement per ISO 13485:2016?

Before completely overhauling your processes, what are the risks which would warrant increasing evaluations (from annually?) to quarterly? And is that risk applicable to each supplier?

I doubt that there would be any canned form that would be appropriate for your case / your suppliers. I would think that you could take what you're already doing and expand accordingly (commensurate with the risk and applicable to the supplier).