Is a Domain Registrar a Critical Supplier?

QAMed26

Starting to get Involved
#1
Good afternoon,

Working through a bit of a mess of an AVL that I inherited from a former employee (I am the "replacement"). They listed our domain registrar as a critical supplier because customers interact with our stand alone software medical device through our website. So in theory, if the registrar up and disappeared customers wouldn't be able to have their raw data scored until we found a new registrar, however the medical device itself would be unaffected, yes?
#confusedinCanada ;)
 
Elsmar Forum Sponsor

Ron Rompen

Trusted Information Resource
#2
I would agree that the registrar would be a 'critical supplier' since the inability to interact with your software would result in the equipment being nonfunctional. Not sure how difficult it would be to have a backup supplier, or if it is even feasible.
 

RoxaneB

Super Moderator
Super Moderator
#3
Good afternoon,

Working through a bit of a mess of an AVL that I inherited from a former employee (I am the "replacement"). They listed our domain registrar as a critical supplier because customers interact with our stand alone software medical device through our website. So in theory, if the registrar up and disappeared customers wouldn't be able to have their raw data scored until we found a new registrar, however the medical device itself would be unaffected, yes?
#confusedinCanada ;)
If the scoring of the data is critical to what your organization provides to the clients? I ask because I'm uncertain what you mean by "raw data" - it could be data transmitted via the medical device regarding the ability to provide feedback on the client's health outcomes.

Is the website also how your organization communicates with clients (e.g., product upgrades, product recalls, etc.)?

What is the risk if the registrar is removed from the list? Or would be more a case of downgrading them from being a critical supplier to a "normal" one? How would that impact their evaluation?
 

QAMed26

Starting to get Involved
#4
Essentially our clients use our other device to gather data from a patient. They then take this data and submit it to a website that will do an autoscoring for them and give those results. A doctor will then make a diagnosis based on the autoscored results. If they cannot access the autoscoring website because our registrar is down there is a delay in diagnosis, but no risk for an improper diagnosis.

Does that help make it clearer?
 

RoxaneB

Super Moderator
Super Moderator
#5
Is the doctor supposed to do the scoring manually then if the registrar is down?

I'll be honest, it does sound as if the application of the site is one of the fundamental "selling points" of the device and its funcationality.

I also consider it "critical" because it seems like the application is managing Personal Health Information (PHI) or am I misinterpreting?
 

QAMed26

Starting to get Involved
#6
Thanks for engaging in this conversation. These are great questions for me to wrap my brain around :)

No - we do not communicate to the doctor that they should do that. The idea is that our domain registrar should never go down. Our Internet Service Provider is probably another situation that i need to look into, as I don't see them on our AVL.

The functionality is a definite selling point.

And no - we never see patient information. That is mandated in the IFU, I believe.

I think I'm just trying to look at risk. The probability of our domain registrar up and disappearing is minimal - we do not use some obscure one. However the severity is moderate to high.
 

RoxaneB

Super Moderator
Super Moderator
#7
I think you've nailed it on the head with:

QAMed26 said:
I think I'm just trying to look at risk. The probability of our domain registrar up and disappearing is minimal - we do not use some obscure one. However the severity is moderate to high.
The idea of having a contingency plan might be worth looking into, if one does not already exist.
 

Ninja

Looking for Reality
Trusted Information Resource
#8
FWIW, "Domain Registrar" and "Domain Host" are not required to be the same thing.

Not sure I would consider the Domain Registrar a risk...Domain Host, yes.
Most of the cases (99+%) they are the same company...but it is not necessary to be so.
 

Ronen E

Problem Solver
Staff member
Moderator
#10
we do not use some obscure one.
You have given the answer you're looking for, really. It conveys that that supplier's quality/reliability is of importance, and therefore you've evaluated it before engaging, albeit in an informal way. All you need to do is formalise it - put it through your formal vendors evaluation and selection process and capture the result (which you already know) on your AVL. If your policy is to have contingencies for high-risk suppliers, do that too; however, if the formalised and documented risk is acceptable as-is, maybe that's an overshoot.

BTW in medical devices quality management critical suppliers are usually considered those that provide an element that has a significant bearing on the finished device's safety or effectiveness.

Cheers,
Ronen.
 
Thread starter Similar threads Forum Replies Date
Le Chiffre Domain name registrar scam? After Work and Weekend Discussion Topics 7
A Domain of the component (EASA CM No.: CM-SWCEH-001 Issue 01 Revision 02) Point 9.3.3 (Usage domain aspects) EASA and JAA Aviation Standards and Requirements 0
F Seeking Internship/Co-op Opportunities in Regulatory Affairs/QA/Clinical Domain (USA) Career and Occupation Discussions 4
Wesley Richardson Domain Name Registrars and Hosting Services Solutions After Work and Weekend Discussion Topics 5
J Conflict of Interest Registrar/Notified Body/Testing House Quality Manager and Management Related Issues 4
R Change Notification - Registrar vs Notified body ISO 13485:2016 - Medical Device Quality Management Systems 1
Robert Stanley Which Registrar Should I Choose for ISO 9001:2015 registration? Registrars and Notified Bodies 10
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
L Audit boundaries - Is a Registrar permitted to audit a company's QMS by visiting their suppliers? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 26
Jen Kirley Is your registrar (CB) accredited? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 9
K Seeking ISO 13485 Registrar Recommendations Registrars and Notified Bodies 15
P Notify Registrar of Escalation letter IATF 16949 - Automotive Quality Systems Standard 1
M New AS9100 Registrar - Recommendations for Transfer Registrars and Notified Bodies 3
M Notifying Registrar of Significant QMS changes ISO 13485:2016 - Medical Device Quality Management Systems 2
A ISO 9001:2015 registrar Auditor requesting copies of procedure prior to audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
S Certification Body, Registrar, Notified Body - What is the difference? Registrars and Notified Bodies 3
1 ISO Registrar with waste water treatment experience Registrars and Notified Bodies 1
D How can a company transfer their AS certificate from a suspended AS91XX registrar? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
P Delay in IATF 16949 Certification from Registrar Registrars and Notified Bodies 10
MrPhish Should Potential Customer Complaint Outcome Define Registrar NC Rating? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
F Which Medical Device Standard Registrar would you recommend? CE Marking (Conformité Européene) / CB Scheme 5
WCHorn Transfering certificate from Registrar "A" to Registrar "B" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
W Registrar Practices - Audit Plan with Scope, Dates/Times, etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
D Breach of Contract from Registrar (Auditor Payment Issue) Registrars and Notified Bodies 18
V Under what circumstances will a Registrar Audit a Company? (ISO 13485 - Canada) Canada Medical Device Regulations 5
M Contacting a "Must Use" (aka Sole Source) Supplier's Registrar Supplier Quality Assurance and other Supplier Issues 6
C Registrar Charges Per CAR Written Registrars and Notified Bodies 18
Q Supplier evaluation for registrar? Registrars and Notified Bodies 2
A AS9100 Registrar Expense Report Practices Registrars and Notified Bodies 3
M Answered; Registrar Dropped ISO 14971 Certification Program; What Now? ISO 14971 - Medical Device Risk Management 4
R Registrar Annual Management Fee Registrars and Notified Bodies 4
L Registrar Audit Report Length General Auditing Discussions 6
A AATT Aerospace Auditor Requirements for an AS9100 Registrar AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
E Consultant Person who implemented ALSO the Registrar Auditor? Consultants and Consulting 17
L Registrar Audit Scope and Limits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
B TS 16949 Auditor Availability and Registrar Scheduling Delays Registrars and Notified Bodies 4
S QSB+ revoked - Notify registrar, what's next? Customer and Company Specific Requirements 3
P Which TS 16949 registrar do you use? Registrars and Notified Bodies 4
V Our Registrar has been Suspended AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
A Looking for an ISO 9001 Registrar in Bucks County, PA, USA Registrars and Notified Bodies 2
N Second Registrar Visit to Confirm Major Nonconformances Fixed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
T Registrar Gap Assessments AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M How to find a Good Registrar (Certification Body) for ISO TS 16949 certification Registrars and Notified Bodies 3
S Which is the "Best" Registrar Accreditation Body? Registrars and Notified Bodies 3
R "Use of Registrar's Logo" question ISO 13485:2016 - Medical Device Quality Management Systems 5
R Registrar Finding - Hair Nets and Beard Covers ISO 13485:2016 - Medical Device Quality Management Systems 9
S ISO 9001 Documents for Submission to the Registrar ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 78
MarilynJ6354 American Global Standards Virtual Registrar ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
C ISO 14001 and OHSAS 18001 Registrar Auditor Credentials Career and Occupation Discussions 8

Similar threads

Top Bottom