Re: NB Audits of Sub-Contractors and Critical Suppliers
This holds true as long as only identity is concerned. However identity verification doesn't necessarily guarantee that quality requirements have been met.
NB intervention, when warranted, is not another layer of QC. It is intended as a measure to ensure that the QMS (as a whole, including the supplier's quality practices) is effective in guaranteeing the required quality level (as such, it can be seen as a QA measure).
This is a good practice in terms of device design, but it doesn't address process control in the broader sense (which includes purchasing control) and doesn't guarantee consistent production.
In a way, when you say "from manufacturer 'C'... all the relevant safety criteria will be met", you are implying that that manufacturer has been assessed and qualified as a reliable and consistent supplier (regardless of whether they supply directly or through a distributor). If indeed that is the case, you have "just" a documentation gap, in the sense that that manufacturer didn't necessarily go through your documented process of supplier selection and approval. However, if such a process didn't occur (e.g. the manufacturer was selected merely on the basis of component adequacy, without considering the more general quality management aspects of that manufacturer), you might have a weak link in your argument.
This relates directly to what I wrote in previous posts. The (excessive?) use of the term "critical" hinders clarity in this case, in my opinion. What the MEDDEV essentially says is that the NB should consider the various suppliers based on the role the components the supply play. That doesn't say anything deterministic about auditing. the NB can and should review evidence regarding the quality performance of certain suppliers, and based on that evidence make the call regarding auditing those suppliers on site. In my understanding, in this process there is room for considering the bigger picture regarding such components (such as 100% verification), so a rational decision on auditing can be made. However, a rationalised decision not to audit in a given context doesn't take away the significance of the component or the need to monitor the quality record of the supplier (or the actual manufacturer). In a way, auditing your 100% verification records is monitoring the evidence on the supplier's quality performance.
That apparently settled the case for you, I just wonder how many other NBs operate along the same lines (I also wonder if yours and Pads38's is not by chance the same NB ). To me a statement that no suppliers require on-site auditing is not exactly the same as a statement that there are no critical suppliers.
We fully specify the component to our supplier (the distributor) who is on our approved supplier list, they supply and we check at goods-in that the correct parts have been supplied. Through this very simple process we have full and demonstrable control of the supply of critical components without the need for any NB intervention. The specification of the parts has to be precise.
This holds true as long as only identity is concerned. However identity verification doesn't necessarily guarantee that quality requirements have been met.
NB intervention, when warranted, is not another layer of QC. It is intended as a measure to ensure that the QMS (as a whole, including the supplier's quality practices) is effective in guaranteeing the required quality level (as such, it can be seen as a QA measure).
During the design process hazards are identified and, where appropriate, are mitigated by employing components which can be considered as safety critical. The efficacy of those components is verified and validated through in-house bench testing and type testing to the 60601 series of standards by an independent, accredited test house. Through that process the specifications of all components, including safety critical, are determined and detailed on the BoM. We can clearly demonstrate that if component part number 'A' with specification 'B' from manufacturer 'C' is fitted in position 'D' all the relevant safety criteria will be met irrespective of who the actual supplier is.
This is a good practice in terms of device design, but it doesn't address process control in the broader sense (which includes purchasing control) and doesn't guarantee consistent production.
In a way, when you say "from manufacturer 'C'... all the relevant safety criteria will be met", you are implying that that manufacturer has been assessed and qualified as a reliable and consistent supplier (regardless of whether they supply directly or through a distributor). If indeed that is the case, you have "just" a documentation gap, in the sense that that manufacturer didn't necessarily go through your documented process of supplier selection and approval. However, if such a process didn't occur (e.g. the manufacturer was selected merely on the basis of component adequacy, without considering the more general quality management aspects of that manufacturer), you might have a weak link in your argument.
We also sub-contract out the assembly of our surface mount PCBs. Contrary to some of the comments made earlier in this thread, our PCB sub-contractors are not classed as critical suppliers by our NB and are not in line for an unannounced audit. This is because of the way we manage them. They have been through our supplier approval process, so we are happy with the way they translate and transfer our BoM into their production control system, we are happy with their processes for managing engineering changes, we are happy with their manufacturing process controls and they supply us with a full traceability report for all of the components used in a manufacturing batch. We have a supply agreement in place with them which describes the regulatory requirements associated with the manufacture of the PCBs and assigns each one to either or both of our companies as appropriate. The crucial part of the process is that when the PCBs arrive we carry out 100% testing. This effectively transfers all of the risks away from the sub-contractor and onto us and for that reason our NB regards the sub-contractor as a significant supplier, but not a critical one.
This relates directly to what I wrote in previous posts. The (excessive?) use of the term "critical" hinders clarity in this case, in my opinion. What the MEDDEV essentially says is that the NB should consider the various suppliers based on the role the components the supply play. That doesn't say anything deterministic about auditing. the NB can and should review evidence regarding the quality performance of certain suppliers, and based on that evidence make the call regarding auditing those suppliers on site. In my understanding, in this process there is room for considering the bigger picture regarding such components (such as 100% verification), so a rational decision on auditing can be made. However, a rationalised decision not to audit in a given context doesn't take away the significance of the component or the need to monitor the quality record of the supplier (or the actual manufacturer). In a way, auditing your 100% verification records is monitoring the evidence on the supplier's quality performance.
We have consulted with our NB along the way and have no critical suppliers as a result.
That apparently settled the case for you, I just wonder how many other NBs operate along the same lines (I also wonder if yours and Pads38's is not by chance the same NB ). To me a statement that no suppliers require on-site auditing is not exactly the same as a statement that there are no critical suppliers.
Last edited: